VARIoT IoT vulnerabilities database
| VAR-201501-0434 | CVE-2014-3570 | OpenSSL of BN_sqr Vulnerability that breaks cryptographic protection mechanisms |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c. OpenSSL is prone to an unspecified security weakness.
Little is known about this issue or its effects at this time. We will update this BID as more information emerges. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004
OS X Yosemite 10.10.3 and Security Update 2015-004 are now available
and address the following:
Admin Framework
Available for: OS X Yosemite v10.10 to v10.10.2
Impact: A process may gain admin privileges without properly
authenticating
Description: An issue existed when checking XPC entitlements. This
issue was addressed with improved entitlement checking.
CVE-ID
CVE-2015-1130 : Emil Kvarnhammar at TrueSec
apache
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.2
Impact: Multiple vulnerabilities in Apache
Description: Multiple vulnerabilities existed in Apache versions
prior to 2.4.10 and 2.2.29, including one that may allow a remote
attacker to execute arbitrary code. These issues were addressed by
updating Apache to versions 2.4.10 and 2.2.29
CVE-ID
CVE-2013-0118
CVE-2013-5704
CVE-2013-6438
CVE-2014-0098
CVE-2014-0117
CVE-2014-0118
CVE-2014-0226
CVE-2014-0231
CVE-2014-3523
ATS
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.2
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: Multiple input validation issues existed in fontd.
These issues were addressed through improved input validation.
CVE-ID
CVE-2015-1131 : Ian Beer of Google Project Zero
CVE-2015-1132 : Ian Beer of Google Project Zero
CVE-2015-1133 : Ian Beer of Google Project Zero
CVE-2015-1134 : Ian Beer of Google Project Zero
CVE-2015-1135 : Ian Beer of Google Project Zero
Certificate Trust Policy
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at https://support.apple.com/en-
us/HT202858.
CFNetwork HTTPProtocol
Available for: OS X Yosemite v10.10 to v10.10.2
Impact: Cookies belonging to one origin may be sent to another
origin
Description: A cross-domain cookie issue existed in redirect
handling. Cookies set in a redirect response could be passed on to a
redirect target belonging to another origin. The issue was address
through improved handling of redirects.
CVE-ID
CVE-2015-1089 : Niklas Keller
CFNetwork Session
Available for: OS X Yosemite v10.10 to v10.10.2
Impact: Authentication credentials may be sent to a server on
another origin
Description: A cross-domain HTTP request headers issue existed in
redirect handling. HTTP request headers sent in a redirect response
could be passed on to another origin. The issue was addressed through
improved handling of redirects.
CVE-ID
CVE-2015-1091 : Diego Torres (http://dtorres.me)
CFURL
Available for: OS X Yosemite v10.10 to v10.10.2
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: An input validation issue existed within URL
processing. This issue was addressed through improved URL validation.
CVE-ID
CVE-2015-1088 : Luigi Galli
CoreAnimation
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.2
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: A use-after-free issue existed in CoreAnimation. This
issue was addressed through improved mutex management.
CVE-ID
CVE-2015-1136 : Apple
FontParser
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.2
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: Multiple memory corruption issues existed in the
processing of font files. These issues were addressed through
improved bounds checking.
CVE-ID
CVE-2015-1093 : Marc Schoenefeld
Graphics Driver
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.2
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A NULL pointer dereference existed in NVIDIA graphics
driver's handling of certain IOService userclient types. This issue
was addressed through additional context validation.
CVE-ID
CVE-2015-1137 :
Frank Graziano and John Villamil of the Yahoo Pentest Team
Hypervisor
Available for: OS X Yosemite v10.10 to v10.10.2
Impact: A local application may be able to cause a denial of service
Description: An input validation issue existed in the hypervisor
framework. This issue was addressed through improved input
validation.
CVE-ID
CVE-2015-1138 : Izik Eidus and Alex Fishman
ImageIO
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.2
Impact: Processing a maliciously crafted .sgi file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the handling of
.sgi files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2015-1139 : Apple
IOHIDFamily
Available for: OS X Yosemite v10.10 to v10.10.2
Impact: A malicious HID device may be able to cause arbitrary code
execution
Description: A memory corruption issue existed in an IOHIDFamily
API. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-1095 : Andrew Church
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.2
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A buffer overflow issue existed in IOHIDFamily. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-1140 : lokihardt@ASRT working with HP's Zero Day Initiative,
Luca Todesco
IOHIDFamily
Available for: OS X Yosemite v10.10 to v10.10.2
Impact: A local user may be able to determine kernel memory layout
Description: An issue existed in IOHIDFamily that led to the
disclosure of kernel memory content. This issue was addressed through
improved bounds checking.
CVE-ID
CVE-2015-1096 : Ilja van Sprundel of IOActive
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A heap buffer overflow existed in IOHIDFamily's
handling of key-mapping properties. This issue was addressed through
improved bounds checking.
CVE-ID
CVE-2014-4404 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in IOHIDFamily's
handling of key-mapping properties. This issue was addressed through
improved validation of IOHIDFamily key-mapping properties.
CVE-ID
CVE-2014-4405 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A user may be able to execute arbitrary code with system
privileges
Description: An out-of-bounds write issue exited in the IOHIDFamily
driver. The issue was addressed through improved input validation.
CVE-ID
CVE-2014-4380 : cunzhang from Adlab of Venustech
Kernel
Available for: OS X Yosemite v10.10 to v10.10.2
Impact: A local user may be able to cause unexpected system shutdown
Description: An issue existed in the handling of virtual memory
operations within the kernel. The issue is fixed through improved
handling of the mach_vm_read operation.
CVE-ID
CVE-2015-1141 : Ole Andre Vadla Ravnas of www.frida.re
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.2
Impact: A local user may be able to cause a system denial of service
Description: A race condition existed in the kernel's setreuid
system call. This issue was addressed through improved state
management.
CVE-ID
CVE-2015-1099 : Mark Mentovai of Google Inc.
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.2
Impact: A local application may escalate privileges using a
compromised service intended to run with reduced privileges
Description: setreuid and setregid system calls failed to drop
privileges permanently. This issue was addressed by correctly
dropping privileges.
CVE-ID
CVE-2015-1117 : Mark Mentovai of Google Inc.
Kernel
Available for: OS X Yosemite v10.10 to v10.10.2
Impact: An attacker with a privileged network position may be able
to redirect user traffic to arbitrary hosts
Description: ICMP redirects were enabled by default on OS X. This
issue was addressed by disabling ICMP redirects.
CVE-ID
CVE-2015-1103 : Zimperium Mobile Security Labs
Kernel
Available for: OS X Yosemite v10.10 to v10.10.2
Impact: An attacker with a privileged network position may be able
to cause a denial of service
Description: A state inconsistency existed in the processing of TCP
headers. This issue was addressed through improved state handling.
CVE-ID
CVE-2015-1102 : Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.2
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: A out of bounds memory access issue existed in the
kernel. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-1100 : Maxime Villard of m00nbsd
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.2
Impact: A remote attacker may be able to bypass network filters
Description: The system would treat some IPv6 packets from remote
network interfaces as local packets. The issue was addressed by
rejecting these packets.
CVE-ID
CVE-2015-1104 : Stephen Roettger of the Google Security Team
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.2
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the kernel. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-1101 : lokihardt@ASRT working with HP's Zero Day Initiative
Kernel
Available for: OS X Yosemite v10.10 to v10.10.2
Impact: A remote attacker may be able to cause a denial of service
Description: A state inconsistency issue existed in the handling of
TCP out of band data. This issue was addressed through improved state
management.
CVE-ID
CVE-2015-1105 : Kenton Varda of Sandstorm.io
LaunchServices
Available for: OS X Yosemite v10.10 to v10.10.2
Impact: A local user may be able to cause the Finder to crash
Description: An input validation issue existed in LaunchServices's
handling of application localization data. This issue was addressed
through improved validation of localization data.
CVE-ID
CVE-2015-1142
LaunchServices
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.2
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A type confusion issue existed in LaunchServices's
handling of localized strings. This issue was addressed through
additional bounds checking.
CVE-ID
CVE-2015-1143 : Apple
libnetcore
Available for: OS X Yosemite v10.10 to v10.10.2
Impact: Processing a maliciously crafted configuration profile may
lead to unexpected application termination
Description: A memory corruption issue existed in the handling of
configuration profiles. This issue was addressed through improved
bounds checking.
CVE-ID
CVE-2015-1118 : Zhaofeng Chen, Hui Xue, Yulong Zhang, and Tao Wei of
FireEye, Inc.
ntp
Available for: OS X Yosemite v10.10 to v10.10.2
Impact: A remote attacker may brute force ntpd authentication keys
Description: The config_auth function in ntpd generated a weak key
when an authentication key was not configured. This issue was
addressed by improved key generation.
CVE-ID
CVE-2014-9298
OpenLDAP
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.2
Impact: A remote unauthenticated client may be able to cause a
denial of service
Description: Multiple input validation issues existed in OpenLDAP.
These issues were addressed by improved input validation.
CVE-ID
CVE-2015-1545 : Ryan Tandy
CVE-2015-1546 : Ryan Tandy
OpenSSL
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.2
Impact: Multiple vulnerabilities in OpenSSL
Description: Multiple vulnerabilities existed in OpenSSL 0.9.8zc,
including one that may allow an attacker to intercept connections to
a server that supports export-grade ciphers. These issues were
addressed by updating OpenSSL to version 0.9.8zd.
CVE-ID
CVE-2014-3569
CVE-2014-3570
CVE-2014-3571
CVE-2014-3572
CVE-2014-8275
CVE-2015-0204
Open Directory Client
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.2
Impact: A password might be sent unencrypted over the network when
using Open Directory from OS X Server
Description: If an Open Directory client was bound to an OS X Server
but did not install the certificates of the OS X Server, and then a
user on that client changed their password, the password change
request was sent over the network without encryption. This issue was
addressed by having the client require encryption for this case.
CVE-ID
CVE-2015-1147 : Apple
PHP
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.2
Impact: Multiple vulnerabilities in PHP
Description: Multiple vulnerabilities existed in PHP versions prior
to 5.3.29, 5.4.38, and 5.5.20, including one which may have led to
arbitrary code execution. This update addresses the issues by
updating PHP to versions 5.3.29, 5.4.38, and 5.5.20.
CVE-ID
CVE-2013-6712
CVE-2014-0207
CVE-2014-0237
CVE-2014-0238
CVE-2014-2497
CVE-2014-3478
CVE-2014-3479
CVE-2014-3480
CVE-2014-3487
CVE-2014-3538
CVE-2014-3587
CVE-2014-3597
CVE-2014-3668
CVE-2014-3669
CVE-2014-3670
CVE-2014-3710
CVE-2014-3981
CVE-2014-4049
CVE-2014-4670
CVE-2014-4698
CVE-2014-5120
QuickLook
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.2
Impact: Opening a maliciously crafted iWork file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the handling of
iWork files. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-1098 : Christopher Hickstein
SceneKit
Available for: OS X Mountain Lion v10.8.5
Impact: Viewing a maliciously crafted Collada file may lead to
arbitrary code execution
Description: A heap buffer overflow existed in SceneKit's handling
of Collada files. Viewing a maliciously crafted Collada file may have
led to arbitrary code execution. This issue was addressed through
improved validation of accessor elements.
CVE-ID
CVE-2014-8830 : Jose Duart of Google Security Team
Screen Sharing
Available for: OS X Yosemite v10.10 to v10.10.2
Impact: A user's password may be logged to a local file
Description: In some circumstances, Screen Sharing may log a user's
password that is not readable by other users on the system. This
issue was addressed by removing logging of credential.
CVE-ID
CVE-2015-1148 : Apple
Security - Code Signing
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.2
Impact: Tampered applications may not be prevented from launching
Description: Applications containing specially crafted bundles may
have been able to launch without a completely valid signature. This
issue was addressed by adding additional checks.
CVE-ID
CVE-2015-1145
CVE-2015-1146
UniformTypeIdentifiers
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.2
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A buffer overflow existed in the way Uniform Type
Identifiers were handled. This issue was addressed with improved
bounds checking.
CVE-ID
CVE-2015-1144 : Apple
WebKit
Available for: OS X Yosemite v10.10 to v10.10.2
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: A memory corruption issue existed in WebKit. This
issues was addressed through improved memory handling.
CVE-ID
CVE-2015-1069 : lokihardt@ASRT working with HP's Zero Day Initiative
Security Update 2015-004 (available for OS X Mountain Lion v10.8.5
and OS X Mavericks v10.9.5) also addresses an issue caused by the fix
for CVE-2015-1067 in Security Update 2015-002. This issue prevented
Remote Apple Events clients on any version from connecting to the
Remote Apple Events server. In default configurations, Remote Apple
Events is not enabled.
OS X Yosemite 10.10.3 includes the security content of Safari 8.0.5.
https://support.apple.com/en-us/HT204658
OS X Yosemite 10.10.3 and Security Update 2015-004 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJVJKj2AAoJEBcWfLTuOo7tDh4QAK0LxfwMRKcdOXOKpXsRz6lg
lhZ+CLVcSepq8qBkFQ74f3B5CuhxD0IGQPaAuSXl51tWYdfN+92tkbmyZ9k8901l
+I0vw6upeE+oqRnGtSRzq68UhcARbdV8V1+C0Xl3IIuuHc+xlEgvklDhF9Pc8XM6
DudGiVNqt6MOqd5Oc4s4FFF0nnpnyG9+UJem3mi4Ee88PwI4x1Hev7utPPmaPDzj
cjkVeislko3QArNJxtBpkYudErA4eR5OX8Tdf12jAmPTtjrXUb3VigEf78Nna0RW
kHTOGdB5EZ+YFZ8KlyIQlENBjTtI8CGdCF4/S/2xDN83NTRsimd5Y7LSjdd0uANo
pqxAc3Gzn5xngWF1Qbb6V+XZBfz5NoeTq5BXBB5OHz4PSGaQuMsBA2RYFMzNLqWv
D/T5U1JtzRLALt0lYAz63B0OhW7KXeLI9oer1Vo4wWF9O9cUFyuSI4JU5uYLQpJX
kEpSFt4YPFFxMnlzCLzLkmVGax4w9M/tRHYeSKAnRlnsoPBtIGFItlNZE2RduD/R
5n2APoJa3banQ8miycGORYP3WsktDRZzBy+2QPWuz8sE3AvAkO9xWp8PrQBkqf/b
6CIG5UkCYITG2uzBXqnGbfDiEDvBLNN1Yq0ZZI23iYRxrdW0I0pv1CHio354q12G
vVE37tYUU4PnLfwlcazq
=MOsT
-----END PGP SIGNATURE-----
. Description:
Red Hat JBoss Enterprise Application Platform 6 is a platform for Java
applications based on JBoss Application Server 7.
It was found that a prior countermeasure in Apache WSS4J for
Bleichenbacher's attack on XML Encryption (CVE-2011-2487) threw an
exception that permitted an attacker to determine the failure of the
attempted attack, thereby leaving WSS4J vulnerable to the attack.
The original flaw allowed a remote attacker to recover the entire plain
text form of a symmetric key. A remote attacker could use this flaw to
log to a victim's account via PicketLink. (CVE-2015-0277)
It was discovered that a JkUnmount rule for a subtree of a previous JkMount
rule could be ignored. This could allow a remote attacker to potentially
access a private artifact in a tree that would otherwise not be accessible
to them. (CVE-2015-0204)
It was found that Apache WSS4J permitted bypass of the
requireSignedEncryptedDataElements configuration property via XML Signature
wrapping attacks. A remote attacker could use this flaw to modify the
contents of a signed request. (CVE-2014-3570)
It was found that the Command Line Interface, as provided by Red Hat
Enterprise Application Platform, created a history file named
.jboss-cli-history in the user's home directory with insecure default file
permissions. This could allow a malicious local user to gain information
otherwise not accessible to them.
This release of JBoss Enterprise Application Platform also includes bug
fixes and enhancements. Documentation for these changes will be available
shortly from the JBoss Enterprise Application Platform 6.4.0 Release Notes,
linked to in the References. Solution:
The References section of this erratum contains a download link (you must
log in to download the update).
Softpaq:
http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe
Easy Update Via ThinPro / EasyUpdate (x86):
http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-
4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-
4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-
4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-
4.4-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-
5.0-5.1-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-
5.0-5.1-x86.xar
Via ThinPro / EasyUpdate (ARM):
http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-
4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-
4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-
4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-
4.4-armel.xar
Note: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch
applied, VMware cannot connect if security level is set to "Refuse insecure
connections". Updating VMware to the latest package on ftp.hp.com will solve
the problem.
References:
CVE-2014-8275 Cryptographic Issues (CWE-310)
CVE-2014-3569 Remote Denial of Service (DoS)
CVE-2014-3570 Cryptographic Issues (CWE-310)
CVE-2014-3571 Remote Denial of Service (DoS)
CVE-2014-3572 Cryptographic Issues (CWE-310)
CVE-2015-0204 Cryptographic Issues (CWE-310)
SSRT101934
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP SSL for OpenVMS: All versions prior to 1.4-502.
HP SSL 1.4-502 for OpenVMS (based on OpenSSL 0.9.8ze) is available from the
following locations:
- HP SSL for OpenVMS website:
http://h71000.www7.hp.com/openvms/products/ssl/ssl.html
- HP Support Center website:
https://h20566.www2.hp.com/portal/site/hpsc/patch/home
Note: Login using your HP Passport account. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04774019
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04774019
Version: 1
HPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
Release Date: 2015-08-24
Last Updated: 2015-08-24
Potential Security Impact: Remote unauthorized modification, unauthorized
access, or unauthorized disclosure of information.
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP Matrix
Operating Environment. The vulnerabilities could be exploited remotely
resulting in unauthorized modification, unauthorized access, or unauthorized
disclosure of information.
References:
CVE-2010-5107
CVE-2013-0248
CVE-2014-0118
CVE-2014-0226
CVE-2014-0231
CVE-2014-1692
CVE-2014-3523
CVE-2014-3569
CVE-2014-3570
CVE-2014-3571
CVE-2014-3572
CVE-2014-8142
CVE-2014-8275
CVE-2014-9427
CVE-2014-9652
CVE-2014-9653
CVE-2014-9705
CVE-2015-0204
CVE-2015-0205
CVE-2015-0206
CVE-2015-0207
CVE-2015-0208
CVE-2015-0209
CVE-2015-0231
CVE-2015-0232
CVE-2015-0273
CVE-2015-0285
CVE-2015-0286
CVE-2015-0287
CVE-2015-0288
CVE-2015-0289
CVE-2015-0290
CVE-2015-0291
CVE-2015-0292
CVE-2015-0293
CVE-2015-1787
CVE-2015-1788
CVE-2015-1789
CVE-2015-1790
CVE-2015-1791
CVE-2015-1792
CVE-2015-2134
CVE-2015-2139
CVE-2015-2140
CVE-2015-2301
CVE-2015-2331
CVE-2015-2348
CVE-2015-2787
CVE-2015-3113
CVE-2015-5122
CVE-2015-5123
CVE-2015-5402
CVE-2015-5403
CVE-2015-5404
CVE-2015-5405
CVE-2015-5427
CVE-2015-5428
CVE-2015-5429
CVE-2015-5430
CVE-2015-5431
CVE-2015-5432
CVE-2015-5433
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Matrix Operating Environment impacted software components and versions:
HP Systems Insight Manager (SIM) prior to version 7.5.0
HP System Management Homepage (SMH) prior to version 7.5.0
HP Version Control Agent (VCA) prior to version 7.5.0
HP Version Control Repository Manager (VCRM) prior to version 7.5.0
HP Insight Orchestration prior to version 7.5.0
HP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2010-5107 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2013-0248 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3
CVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3
CVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8
CVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2014-1692 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0
CVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0
CVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0
CVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0
CVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3
CVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8
CVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8
CVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3
CVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6
CVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3
CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3
CVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8
CVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0
CVE-2015-2139 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5
CVE-2015-2140 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9
CVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0
CVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2015-3113 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2015-5122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2015-5123 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2015-5402 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9
CVE-2015-5403 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5
CVE-2015-5404 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4
CVE-2015-5405 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0
CVE-2015-5427 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4
CVE-2015-5428 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4
CVE-2015-5429 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4
CVE-2015-5430 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0
CVE-2015-5431 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9
CVE-2015-5432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4
CVE-2015-5433 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following software updates available to resolve the
vulnerabilities in the impacted versions of HP Matrix Operating Environment
HP Matrix Operating Environment 7.5.0 is only available on DVD. Please order
the latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO
from the following location:
http://www.hp.com/go/insightupdates
Choose the orange Select button. This presents the HP Insight Management
Media order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from
the Software specification list. Fill out the rest of the form and submit it.
HP has addressed these vulnerabilities for the affected software components
bundled with the HP Matrix Operating Environment in the following HP Security
Bulletins.
HP Matrix Operating Environment component
HP Security Bulletin Number
Security Bulletin Location
HP Systems Insight Manager (SIM)
HPSBMU03394
HPSBMU03394
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744
HP System Management Homepage (SMH)
HPSBMU03380
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490&la
ng=en-us&cc=
HP Version Control Agent (VCA)
HPSBMU03397
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169
HP Version Control Repository Manager (VCRM)
HPSBMU03396
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr
_na-c04765115
HP Virtual Connect Enterprise Manager (VCEM) SDK
HPSBMU03413
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr
_na-c04774021
HISTORY
Version:1 (rev.1) - 24 August 2015 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: openssl security update
Advisory ID: RHSA-2015:0066-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0066.html
Issue date: 2015-01-20
Updated on: 2015-01-21
CVE Names: CVE-2014-3570 CVE-2014-3571 CVE-2014-3572
CVE-2014-8275 CVE-2015-0204 CVE-2015-0205
CVE-2015-0206
=====================================================================
1. Summary:
Updated openssl packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
3. Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),
Transport Layer Security (TLS), and Datagram Transport Layer Security
(DTLS) protocols, as well as a full-strength, general purpose cryptography
library.
A NULL pointer dereference flaw was found in the DTLS implementation of
OpenSSL. A remote attacker could send a specially crafted DTLS message,
which would cause an OpenSSL server to crash. (CVE-2014-3571)
A memory leak flaw was found in the way the dtls1_buffer_record() function
of OpenSSL parsed certain DTLS messages. A remote attacker could send
multiple specially crafted DTLS messages to exhaust all available memory of
a DTLS server. (CVE-2015-0206)
It was found that OpenSSL's BigNumber Squaring implementation could produce
incorrect results under certain special conditions. This flaw could
possibly affect certain OpenSSL library functionality, such as RSA
blinding. Note that this issue occurred rarely and with a low probability,
and there is currently no known way of exploiting it. (CVE-2014-3570)
It was discovered that OpenSSL would perform an ECDH key exchange with a
non-ephemeral key even when the ephemeral ECDH cipher suite was selected.
A malicious server could make a TLS/SSL client using OpenSSL use a weaker
key exchange method than the one requested by the user. (CVE-2014-3572)
It was discovered that OpenSSL would accept ephemeral RSA keys when using
non-export RSA cipher suites. A malicious server could make a TLS/SSL
client using OpenSSL use a weaker key exchange method. (CVE-2015-0204)
Multiple flaws were found in the way OpenSSL parsed X.509 certificates.
An attacker could use these flaws to modify an X.509 certificate to produce
a certificate with a different fingerprint without invalidating its
signature, and possibly bypass fingerprint-based blacklisting in
applications. (CVE-2014-8275)
It was found that an OpenSSL server would, under certain conditions, accept
Diffie-Hellman client certificates without the use of a private key.
An attacker could use a user's client certificate to authenticate as that
user, without needing the private key. (CVE-2015-0205)
All OpenSSL users are advised to upgrade to these updated packages, which
contain a backported patch to mitigate the above issues. For the update to
take effect, all services linked to the OpenSSL library (such as httpd and
other SSL-enabled services) must be restarted or the system rebooted.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1180184 - CVE-2015-0204 openssl: Only allow ephemeral RSA keys in export ciphersuites
1180185 - CVE-2014-3572 openssl: ECDH downgrade bug fix
1180187 - CVE-2014-8275 openssl: Fix various certificate fingerprint issues
1180234 - CVE-2014-3571 openssl: DTLS segmentation fault in dtls1_get_record
1180235 - CVE-2015-0206 openssl: DTLS memory leak in dtls1_buffer_record
1180239 - CVE-2015-0205 openssl: DH client certificates accepted without verification
1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results
6. Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source:
openssl-1.0.1e-30.el6_6.5.src.rpm
i386:
openssl-1.0.1e-30.el6_6.5.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
x86_64:
openssl-1.0.1e-30.el6_6.5.i686.rpm
openssl-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386:
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
openssl-perl-1.0.1e-30.el6_6.5.i686.rpm
openssl-static-1.0.1e-30.el6_6.5.i686.rpm
x86_64:
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
openssl-1.0.1e-30.el6_6.5.src.rpm
x86_64:
openssl-1.0.1e-30.el6_6.5.i686.rpm
openssl-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64:
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
openssl-1.0.1e-30.el6_6.5.src.rpm
i386:
openssl-1.0.1e-30.el6_6.5.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
ppc64:
openssl-1.0.1e-30.el6_6.5.ppc.rpm
openssl-1.0.1e-30.el6_6.5.ppc64.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.ppc.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm
openssl-devel-1.0.1e-30.el6_6.5.ppc.rpm
openssl-devel-1.0.1e-30.el6_6.5.ppc64.rpm
s390x:
openssl-1.0.1e-30.el6_6.5.s390.rpm
openssl-1.0.1e-30.el6_6.5.s390x.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.s390.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm
openssl-devel-1.0.1e-30.el6_6.5.s390.rpm
openssl-devel-1.0.1e-30.el6_6.5.s390x.rpm
x86_64:
openssl-1.0.1e-30.el6_6.5.i686.rpm
openssl-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386:
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-perl-1.0.1e-30.el6_6.5.i686.rpm
openssl-static-1.0.1e-30.el6_6.5.i686.rpm
ppc64:
openssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm
openssl-perl-1.0.1e-30.el6_6.5.ppc64.rpm
openssl-static-1.0.1e-30.el6_6.5.ppc64.rpm
s390x:
openssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm
openssl-perl-1.0.1e-30.el6_6.5.s390x.rpm
openssl-static-1.0.1e-30.el6_6.5.s390x.rpm
x86_64:
openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
openssl-1.0.1e-30.el6_6.5.src.rpm
i386:
openssl-1.0.1e-30.el6_6.5.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
x86_64:
openssl-1.0.1e-30.el6_6.5.i686.rpm
openssl-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386:
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-perl-1.0.1e-30.el6_6.5.i686.rpm
openssl-static-1.0.1e-30.el6_6.5.i686.rpm
x86_64:
openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source:
openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64:
openssl-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-libs-1.0.1e-34.el7_0.7.i686.rpm
openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64:
openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-devel-1.0.1e-34.el7_0.7.i686.rpm
openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-static-1.0.1e-34.el7_0.7.i686.rpm
openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64:
openssl-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-libs-1.0.1e-34.el7_0.7.i686.rpm
openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64:
openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-devel-1.0.1e-34.el7_0.7.i686.rpm
openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-static-1.0.1e-34.el7_0.7.i686.rpm
openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
openssl-1.0.1e-34.el7_0.7.src.rpm
ppc64:
openssl-1.0.1e-34.el7_0.7.ppc64.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm
openssl-devel-1.0.1e-34.el7_0.7.ppc.rpm
openssl-devel-1.0.1e-34.el7_0.7.ppc64.rpm
openssl-libs-1.0.1e-34.el7_0.7.ppc.rpm
openssl-libs-1.0.1e-34.el7_0.7.ppc64.rpm
s390x:
openssl-1.0.1e-34.el7_0.7.s390x.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm
openssl-devel-1.0.1e-34.el7_0.7.s390.rpm
openssl-devel-1.0.1e-34.el7_0.7.s390x.rpm
openssl-libs-1.0.1e-34.el7_0.7.s390.rpm
openssl-libs-1.0.1e-34.el7_0.7.s390x.rpm
x86_64:
openssl-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-devel-1.0.1e-34.el7_0.7.i686.rpm
openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-libs-1.0.1e-34.el7_0.7.i686.rpm
openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64:
openssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm
openssl-perl-1.0.1e-34.el7_0.7.ppc64.rpm
openssl-static-1.0.1e-34.el7_0.7.ppc.rpm
openssl-static-1.0.1e-34.el7_0.7.ppc64.rpm
s390x:
openssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm
openssl-perl-1.0.1e-34.el7_0.7.s390x.rpm
openssl-static-1.0.1e-34.el7_0.7.s390.rpm
openssl-static-1.0.1e-34.el7_0.7.s390x.rpm
x86_64:
openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-static-1.0.1e-34.el7_0.7.i686.rpm
openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64:
openssl-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-devel-1.0.1e-34.el7_0.7.i686.rpm
openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-libs-1.0.1e-34.el7_0.7.i686.rpm
openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-static-1.0.1e-34.el7_0.7.i686.rpm
openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2014-3570
https://access.redhat.com/security/cve/CVE-2014-3571
https://access.redhat.com/security/cve/CVE-2014-3572
https://access.redhat.com/security/cve/CVE-2014-8275
https://access.redhat.com/security/cve/CVE-2015-0204
https://access.redhat.com/security/cve/CVE-2015-0205
https://access.redhat.com/security/cve/CVE-2015-0206
https://access.redhat.com/security/updates/classification/#moderate
https://www.openssl.org/news/secadv_20150108.txt
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFUwCWMXlSAg2UNWIIRAioBAJ4/RjG4OGXzCwg+PJJWNqyvahe3rQCeNE+X
ENFobdxQdJ+gVAiRe8Qf54A=
=wyAg
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201501-0398 | CVE-2014-9190 | Schneider Electric Wonderware InTouch Access Anywhere Server Buffer Overflow Vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Stack-based buffer overflow in Schneider Electric Wonderware InTouch Access Anywhere Server 10.6 and 11.0 allows remote attackers to execute arbitrary code via a request for a filename that does not exist. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries.
Attackers can exploit this issue to execute arbitrary code in the context of the affected system. Failed exploit attempts will likely result in denial-of-service conditions.
Wonderware InTouch Access Anywhere Server 10.6 and 11.0 are vulnerable; other versions may also be affected. Schneider Electric Wonderware InTouch is an open, scalable HMI and SCADA monitoring solution from Schneider Electric, France, that creates standardized, reusable visualization applications
| VAR-201501-0448 | CVE-2014-8153 | OpenStack Neutron of L3 Service disruption in agents (DoS) Vulnerabilities |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using radvd 2.0+, allows remote authenticated users to cause a denial of service (blocked router update processing) by creating eight routers and assigning an ipv6 non-provider subnet to each. OpenStack Neutron is prone to a local denial-of-service vulnerability.
Attackers can exploit this issue to cause denial-of-service conditions. OpenStack is a cloud platform management project jointly developed by the National Aeronautics and Space Administration (National Aeronautics and Space Administration) and Rackspace Corporation of the United States. Neutron is one of the network components that provides Network as a Service (NaaS), which can create a network between OpenStack services, connect network devices to the grid, and more. A security vulnerability exists in the L3 agent of OpenStack Neutron version 2014.2 and 2014.2.1
| VAR-201501-0329 | CVE-2014-8028 | Cisco Secure Access Control System of Web Cross-site scripting vulnerability in the framework |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Secure Access Control System (ACS) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq79019.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
These issues are being tracked by Cisco Bug ID CSCuq79019. The system can respectively control network access and network device access through RADIUS and TACACS protocols
| VAR-201501-0330 | CVE-2014-8029 | Cisco Secure Access Control System of Web Open redirect vulnerability in interface |
CVSS V2: 5.8 CVSS V3: - Severity: MEDIUM |
Open redirect vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, aka Bug ID CSCuq74150. Vendors have confirmed this vulnerability Bug CSCuq74150 It is released as. Supplementary information : CWE Vulnerability type by CWE-601: URL Redirection to Untrusted Site ( Open redirect ) Has been identified. http://cwe.mitre.org/data/definitions/601.htmlBy any third party through any unspecified parameters Web You may be redirected to a site and run a phishing attack.
An attacker can leverage this issue to conduct phishing attacks; other attacks are possible.
This issue is being tracked by Cisco Bug ID CSCuq74150. The system can respectively control network access and network device access through RADIUS and TACACS protocols
| VAR-201501-0331 | CVE-2014-8030 | Cisco WebEx Meetings Server of sendPwMail.do Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in sendPwMail.do in Cisco WebEx Meetings Server allows remote attackers to inject arbitrary web script or HTML via the email parameter, aka Bug ID CSCuj40381.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
This issue is being tracked by Cisco Bug ID CSCuj40381. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution
| VAR-201501-0332 | CVE-2014-8031 | Cisco WebEx Meetings Server Vulnerable to cross-site request forgery |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj40456.
An attacker can exploit this issue to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.
This issue is being tracked by Cisco Bug ID CSCuj40456. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution
| VAR-201501-0333 | CVE-2014-8032 | Cisco WebEx Meetings Server of OutlookAction LI Vulnerable to obtaining important encrypted password information |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
The OutlookAction LI in Cisco WebEx Meetings Server allows remote authenticated users to obtain sensitive encrypted-password information via unspecified vectors, aka Bug IDs CSCuj40453 and CSCuj40449.
An attacker can leverage this issue to obtain sensitive information that may aid in further attacks.
This issue is being tracked by Cisco bug IDs CSCuj40453 and CSCuj40449. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution. A security vulnerability exists in CWMS's OutlookAction LI
| VAR-201501-0334 | CVE-2014-8033 | Cisco WebEx Meetings Server of play/modules Vulnerability in components gaining administrator access |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The play/modules component in Cisco WebEx Meetings Server allows remote attackers to obtain administrator access via crafted API requests, aka Bug ID CSCuj40421.
An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks.
This issue is tracked by Cisco Bug ID CSCuj40421. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution. A security vulnerability exists in the play/modules component of CWMS
| VAR-201501-0399 | CVE-2014-9191 | CodeWrights 'HART DTM' Library Local Denial of Service Vulnerability |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
The CodeWrights HART Device Type Manager (DTM) library in Emerson HART DTM before 1.4.181 allows physically proximate attackers to cause a denial of service (DTM outage and FDT Frame application hang) by transmitting crafted response packets on the 4-20 mA current loop. HART Device Type Manager is a device type manager. CodeWrights 'HART DTM' Library has a local denial of service vulnerability that can be exploited by local attackers to initiate a denial of service attack. CodeWrights 'HART DTM' library is prone to a denial-of-service vulnerability.
An attacker may exploit this issue to cause denial-of-service conditions
| VAR-201501-0328 | CVE-2014-8027 | Cisco Secure Access Control System of RBAC Vulnerability of obtaining network device administrator privileges in components |
CVSS V2: 6.5 CVSS V3: - Severity: MEDIUM |
The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034. Cisco Secure Access Control Server is prone to a privilege-escalation vulnerability.
A remote attacker can exploit this issue to gain elevated privileges on an affected device.
This issue is being tracked by Cisco Bug ID CSCuq79034. RBAC is one of the role-based access control components
| VAR-201501-0436 | CVE-2014-3572 | OpenSSL ‘ ssl3_get_key_exchange 'Function Encryption Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message. OpenSSL is prone to a security-bypass vulnerability.
Successfully exploiting these issues may allow attackers to perform unauthorized actions. This may lead to other attacks. The Common Vulnerabilities and Exposures project
identifies the following issues:
CVE-2014-3569
Frank Schmirler reported that the ssl23_get_client_hello function in
OpenSSL does not properly handle attempts to use unsupported
protocols.
CVE-2014-3571
Markus Stenberg of Cisco Systems, Inc.
CVE-2014-8275
Antti Karjalainen and Tuomo Untinen of the Codenomicon CROSS project
and Konrad Kraszewski of Google reported various certificate
fingerprint issues, which allow remote attackers to defeat a
fingerprint-based certificate-blacklist protection mechanism.
For the upcoming stable distribution (jessie), these problems will be
fixed soon.
We recommend that you upgrade your openssl packages. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004
OS X Yosemite 10.10.3 and Security Update 2015-004 are now available
and address the following:
Admin Framework
Available for: OS X Yosemite v10.10 to v10.10.2
Impact: A process may gain admin privileges without properly
authenticating
Description: An issue existed when checking XPC entitlements. This
issue was addressed with improved entitlement checking.
CVE-ID
CVE-2015-1130 : Emil Kvarnhammar at TrueSec
apache
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.2
Impact: Multiple vulnerabilities in Apache
Description: Multiple vulnerabilities existed in Apache versions
prior to 2.4.10 and 2.2.29, including one that may allow a remote
attacker to execute arbitrary code. These issues were addressed by
updating Apache to versions 2.4.10 and 2.2.29
CVE-ID
CVE-2013-0118
CVE-2013-5704
CVE-2013-6438
CVE-2014-0098
CVE-2014-0117
CVE-2014-0118
CVE-2014-0226
CVE-2014-0231
CVE-2014-3523
ATS
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.2
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: Multiple input validation issues existed in fontd.
These issues were addressed through improved input validation.
CVE-ID
CVE-2015-1131 : Ian Beer of Google Project Zero
CVE-2015-1132 : Ian Beer of Google Project Zero
CVE-2015-1133 : Ian Beer of Google Project Zero
CVE-2015-1134 : Ian Beer of Google Project Zero
CVE-2015-1135 : Ian Beer of Google Project Zero
Certificate Trust Policy
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at https://support.apple.com/en-
us/HT202858.
CFNetwork HTTPProtocol
Available for: OS X Yosemite v10.10 to v10.10.2
Impact: Cookies belonging to one origin may be sent to another
origin
Description: A cross-domain cookie issue existed in redirect
handling. Cookies set in a redirect response could be passed on to a
redirect target belonging to another origin. The issue was address
through improved handling of redirects.
CVE-ID
CVE-2015-1089 : Niklas Keller
CFNetwork Session
Available for: OS X Yosemite v10.10 to v10.10.2
Impact: Authentication credentials may be sent to a server on
another origin
Description: A cross-domain HTTP request headers issue existed in
redirect handling. HTTP request headers sent in a redirect response
could be passed on to another origin. The issue was addressed through
improved handling of redirects.
CVE-ID
CVE-2015-1091 : Diego Torres (http://dtorres.me)
CFURL
Available for: OS X Yosemite v10.10 to v10.10.2
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: An input validation issue existed within URL
processing. This issue was addressed through improved URL validation.
CVE-ID
CVE-2015-1088 : Luigi Galli
CoreAnimation
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.2
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: A use-after-free issue existed in CoreAnimation. This
issue was addressed through improved mutex management.
CVE-ID
CVE-2015-1136 : Apple
FontParser
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.2
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: Multiple memory corruption issues existed in the
processing of font files. These issues were addressed through
improved bounds checking.
CVE-ID
CVE-2015-1093 : Marc Schoenefeld
Graphics Driver
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.2
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A NULL pointer dereference existed in NVIDIA graphics
driver's handling of certain IOService userclient types. This issue
was addressed through additional context validation.
CVE-ID
CVE-2015-1137 :
Frank Graziano and John Villamil of the Yahoo Pentest Team
Hypervisor
Available for: OS X Yosemite v10.10 to v10.10.2
Impact: A local application may be able to cause a denial of service
Description: An input validation issue existed in the hypervisor
framework. This issue was addressed through improved input
validation.
CVE-ID
CVE-2015-1138 : Izik Eidus and Alex Fishman
ImageIO
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.2
Impact: Processing a maliciously crafted .sgi file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the handling of
.sgi files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2015-1139 : Apple
IOHIDFamily
Available for: OS X Yosemite v10.10 to v10.10.2
Impact: A malicious HID device may be able to cause arbitrary code
execution
Description: A memory corruption issue existed in an IOHIDFamily
API. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-1095 : Andrew Church
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.2
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A buffer overflow issue existed in IOHIDFamily. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-1140 : lokihardt@ASRT working with HP's Zero Day Initiative,
Luca Todesco
IOHIDFamily
Available for: OS X Yosemite v10.10 to v10.10.2
Impact: A local user may be able to determine kernel memory layout
Description: An issue existed in IOHIDFamily that led to the
disclosure of kernel memory content. This issue was addressed through
improved bounds checking.
CVE-ID
CVE-2015-1096 : Ilja van Sprundel of IOActive
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A heap buffer overflow existed in IOHIDFamily's
handling of key-mapping properties. This issue was addressed through
improved bounds checking.
CVE-ID
CVE-2014-4404 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A null pointer dereference existed in IOHIDFamily's
handling of key-mapping properties. This issue was addressed through
improved validation of IOHIDFamily key-mapping properties.
CVE-ID
CVE-2014-4405 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact: A user may be able to execute arbitrary code with system
privileges
Description: An out-of-bounds write issue exited in the IOHIDFamily
driver. The issue was addressed through improved input validation.
CVE-ID
CVE-2014-4380 : cunzhang from Adlab of Venustech
Kernel
Available for: OS X Yosemite v10.10 to v10.10.2
Impact: A local user may be able to cause unexpected system shutdown
Description: An issue existed in the handling of virtual memory
operations within the kernel. The issue is fixed through improved
handling of the mach_vm_read operation.
CVE-ID
CVE-2015-1141 : Ole Andre Vadla Ravnas of www.frida.re
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.2
Impact: A local user may be able to cause a system denial of service
Description: A race condition existed in the kernel's setreuid
system call. This issue was addressed through improved state
management.
CVE-ID
CVE-2015-1099 : Mark Mentovai of Google Inc.
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.2
Impact: A local application may escalate privileges using a
compromised service intended to run with reduced privileges
Description: setreuid and setregid system calls failed to drop
privileges permanently. This issue was addressed by correctly
dropping privileges.
CVE-ID
CVE-2015-1117 : Mark Mentovai of Google Inc.
Kernel
Available for: OS X Yosemite v10.10 to v10.10.2
Impact: An attacker with a privileged network position may be able
to redirect user traffic to arbitrary hosts
Description: ICMP redirects were enabled by default on OS X. This
issue was addressed by disabling ICMP redirects.
CVE-ID
CVE-2015-1103 : Zimperium Mobile Security Labs
Kernel
Available for: OS X Yosemite v10.10 to v10.10.2
Impact: An attacker with a privileged network position may be able
to cause a denial of service
Description: A state inconsistency existed in the processing of TCP
headers. This issue was addressed through improved state handling.
CVE-ID
CVE-2015-1102 : Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.2
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: A out of bounds memory access issue existed in the
kernel. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-1100 : Maxime Villard of m00nbsd
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.2
Impact: A remote attacker may be able to bypass network filters
Description: The system would treat some IPv6 packets from remote
network interfaces as local packets. The issue was addressed by
rejecting these packets.
CVE-ID
CVE-2015-1104 : Stephen Roettger of the Google Security Team
Kernel
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.2
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the kernel. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-1101 : lokihardt@ASRT working with HP's Zero Day Initiative
Kernel
Available for: OS X Yosemite v10.10 to v10.10.2
Impact: A remote attacker may be able to cause a denial of service
Description: A state inconsistency issue existed in the handling of
TCP out of band data. This issue was addressed through improved state
management.
CVE-ID
CVE-2015-1105 : Kenton Varda of Sandstorm.io
LaunchServices
Available for: OS X Yosemite v10.10 to v10.10.2
Impact: A local user may be able to cause the Finder to crash
Description: An input validation issue existed in LaunchServices's
handling of application localization data. This issue was addressed
through improved validation of localization data.
CVE-ID
CVE-2015-1142
LaunchServices
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.2
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A type confusion issue existed in LaunchServices's
handling of localized strings. This issue was addressed through
additional bounds checking.
CVE-ID
CVE-2015-1143 : Apple
libnetcore
Available for: OS X Yosemite v10.10 to v10.10.2
Impact: Processing a maliciously crafted configuration profile may
lead to unexpected application termination
Description: A memory corruption issue existed in the handling of
configuration profiles. This issue was addressed through improved
bounds checking.
CVE-ID
CVE-2015-1118 : Zhaofeng Chen, Hui Xue, Yulong Zhang, and Tao Wei of
FireEye, Inc.
ntp
Available for: OS X Yosemite v10.10 to v10.10.2
Impact: A remote attacker may brute force ntpd authentication keys
Description: The config_auth function in ntpd generated a weak key
when an authentication key was not configured. This issue was
addressed by improved key generation.
CVE-ID
CVE-2014-9298
OpenLDAP
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.2
Impact: A remote unauthenticated client may be able to cause a
denial of service
Description: Multiple input validation issues existed in OpenLDAP.
These issues were addressed by improved input validation.
CVE-ID
CVE-2015-1545 : Ryan Tandy
CVE-2015-1546 : Ryan Tandy
OpenSSL
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.2
Impact: Multiple vulnerabilities in OpenSSL
Description: Multiple vulnerabilities existed in OpenSSL 0.9.8zc,
including one that may allow an attacker to intercept connections to
a server that supports export-grade ciphers. These issues were
addressed by updating OpenSSL to version 0.9.8zd.
CVE-ID
CVE-2014-3569
CVE-2014-3570
CVE-2014-3571
CVE-2014-3572
CVE-2014-8275
CVE-2015-0204
Open Directory Client
Available for: OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.2
Impact: A password might be sent unencrypted over the network when
using Open Directory from OS X Server
Description: If an Open Directory client was bound to an OS X Server
but did not install the certificates of the OS X Server, and then a
user on that client changed their password, the password change
request was sent over the network without encryption. This issue was
addressed by having the client require encryption for this case.
CVE-ID
CVE-2015-1147 : Apple
PHP
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.2
Impact: Multiple vulnerabilities in PHP
Description: Multiple vulnerabilities existed in PHP versions prior
to 5.3.29, 5.4.38, and 5.5.20, including one which may have led to
arbitrary code execution. This update addresses the issues by
updating PHP to versions 5.3.29, 5.4.38, and 5.5.20.
CVE-ID
CVE-2013-6712
CVE-2014-0207
CVE-2014-0237
CVE-2014-0238
CVE-2014-2497
CVE-2014-3478
CVE-2014-3479
CVE-2014-3480
CVE-2014-3487
CVE-2014-3538
CVE-2014-3587
CVE-2014-3597
CVE-2014-3668
CVE-2014-3669
CVE-2014-3670
CVE-2014-3710
CVE-2014-3981
CVE-2014-4049
CVE-2014-4670
CVE-2014-4698
CVE-2014-5120
QuickLook
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.2
Impact: Opening a maliciously crafted iWork file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the handling of
iWork files. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-1098 : Christopher Hickstein
SceneKit
Available for: OS X Mountain Lion v10.8.5
Impact: Viewing a maliciously crafted Collada file may lead to
arbitrary code execution
Description: A heap buffer overflow existed in SceneKit's handling
of Collada files. Viewing a maliciously crafted Collada file may have
led to arbitrary code execution. This issue was addressed through
improved validation of accessor elements.
CVE-ID
CVE-2014-8830 : Jose Duart of Google Security Team
Screen Sharing
Available for: OS X Yosemite v10.10 to v10.10.2
Impact: A user's password may be logged to a local file
Description: In some circumstances, Screen Sharing may log a user's
password that is not readable by other users on the system. This
issue was addressed by removing logging of credential.
CVE-ID
CVE-2015-1148 : Apple
Security - Code Signing
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.2
Impact: Tampered applications may not be prevented from launching
Description: Applications containing specially crafted bundles may
have been able to launch without a completely valid signature. This
issue was addressed by adding additional checks.
CVE-ID
CVE-2015-1145
CVE-2015-1146
UniformTypeIdentifiers
Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,
OS X Yosemite v10.10 to v10.10.2
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A buffer overflow existed in the way Uniform Type
Identifiers were handled. This issue was addressed with improved
bounds checking.
CVE-ID
CVE-2015-1144 : Apple
WebKit
Available for: OS X Yosemite v10.10 to v10.10.2
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: A memory corruption issue existed in WebKit. This
issues was addressed through improved memory handling.
CVE-ID
CVE-2015-1069 : lokihardt@ASRT working with HP's Zero Day Initiative
Security Update 2015-004 (available for OS X Mountain Lion v10.8.5
and OS X Mavericks v10.9.5) also addresses an issue caused by the fix
for CVE-2015-1067 in Security Update 2015-002. This issue prevented
Remote Apple Events clients on any version from connecting to the
Remote Apple Events server. In default configurations, Remote Apple
Events is not enabled.
OS X Yosemite 10.10.3 includes the security content of Safari 8.0.5.
https://support.apple.com/en-us/HT204658
OS X Yosemite 10.10.3 and Security Update 2015-004 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJVJKj2AAoJEBcWfLTuOo7tDh4QAK0LxfwMRKcdOXOKpXsRz6lg
lhZ+CLVcSepq8qBkFQ74f3B5CuhxD0IGQPaAuSXl51tWYdfN+92tkbmyZ9k8901l
+I0vw6upeE+oqRnGtSRzq68UhcARbdV8V1+C0Xl3IIuuHc+xlEgvklDhF9Pc8XM6
DudGiVNqt6MOqd5Oc4s4FFF0nnpnyG9+UJem3mi4Ee88PwI4x1Hev7utPPmaPDzj
cjkVeislko3QArNJxtBpkYudErA4eR5OX8Tdf12jAmPTtjrXUb3VigEf78Nna0RW
kHTOGdB5EZ+YFZ8KlyIQlENBjTtI8CGdCF4/S/2xDN83NTRsimd5Y7LSjdd0uANo
pqxAc3Gzn5xngWF1Qbb6V+XZBfz5NoeTq5BXBB5OHz4PSGaQuMsBA2RYFMzNLqWv
D/T5U1JtzRLALt0lYAz63B0OhW7KXeLI9oer1Vo4wWF9O9cUFyuSI4JU5uYLQpJX
kEpSFt4YPFFxMnlzCLzLkmVGax4w9M/tRHYeSKAnRlnsoPBtIGFItlNZE2RduD/R
5n2APoJa3banQ8miycGORYP3WsktDRZzBy+2QPWuz8sE3AvAkO9xWp8PrQBkqf/b
6CIG5UkCYITG2uzBXqnGbfDiEDvBLNN1Yq0ZZI23iYRxrdW0I0pv1CHio354q12G
vVE37tYUU4PnLfwlcazq
=MOsT
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-15:01.openssl Security Advisory
The FreeBSD Project
Topic: OpenSSL multiple vulnerabilities
Category: contrib
Module: openssl
Announced: 2015-01-14
Affects: All supported versions of FreeBSD.
Corrected: 2015-01-09 00:58:20 UTC (stable/10, 10.1-STABLE)
2015-01-14 21:27:46 UTC (releng/10.1, 10.1-RELEASE-p4)
2015-01-14 21:27:46 UTC (releng/10.0, 10.0-RELEASE-p16)
2015-01-09 01:11:43 UTC (stable/9, 9.3-STABLE)
2015-01-14 21:27:46 UTC (releng/9.3, 9.3-RELEASE-p8)
2015-01-09 01:11:43 UTC (stable/8, 8.4-STABLE)
2015-01-14 21:27:46 UTC (releng/8.4, 8.4-RELEASE-p22)
CVE Name: CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572
CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is
a collaborative effort to develop a robust, commercial-grade, full-featured
Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols as well as a full-strength
general purpose cryptography library.
II. Problem Description
A carefully crafted DTLS message can cause a segmentation fault in OpenSSL
due to a NULL pointer dereference. [CVE-2014-3571]
A memory leak can occur in the dtls1_buffer_record function under certain
conditions. [CVE-2015-0206]
When OpenSSL is built with the no-ssl3 option and a SSL v3 ClientHello is
received the ssl method would be set to NULL which could later result in
a NULL pointer dereference. [CVE-2014-3569] This does not affect
FreeBSD's default build.
An OpenSSL client will accept a handshake using an ephemeral ECDH
ciphersuite using an ECDSA certificate if the server key exchange message
is omitted. [CVE-2014-3572]
An OpenSSL client will accept the use of an RSA temporary key in a non-export
RSA key exchange ciphersuite. [CVE-2015-0204]
An OpenSSL server will accept a DH certificate for client authentication
without the certificate verify message. [CVE-2015-0205]
OpenSSL accepts several non-DER-variations of certificate signature
algorithm and signature encodings. OpenSSL also does not enforce a
match between the signature algorithm between the signed and unsigned
portions of the certificate. [CVE-2014-8275]
Bignum squaring (BN_sqr) may produce incorrect results on some
platforms, including x86_64. [CVE-2014-3570]
III. Impact
An attacker who can send a carefully crafted DTLS message can cause server
daemons that uses OpenSSL to crash, resulting a Denial of Service.
[CVE-2014-3571]
An attacker who can send repeated DTLS records with the same sequence number
but for the next epoch can exhaust the server's memory and result in a Denial of
Service. [CVE-2015-0206]
A server can remove forward secrecy from the ciphersuite. [CVE-2014-3572]
A server could present a weak temporary key and downgrade the security of
the session. [CVE-2015-0204]
A client could authenticate without the use of a private key. This only
affects servers which trust a client certificate authority which issues
certificates containing DH keys, which is extremely rare. [CVE-2015-0205]
By modifying the contents of the signature algorithm or the encoding of
the signature, it is possible to change the certificate's fingerprint.
This does not allow an attacker to forge certificates, and does not
affect certificate verification or OpenSSL servers/clients in any
other way. It also does not affect common revocation mechanisms. Only
custom applications that rely on the uniqueness of the fingerprint
(e.g. certificate blacklists) may be affected. [CVE-2014-8275]
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 8.4 and FreeBSD 9.3]
# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch
# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch.asc
# gpg --verify openssl-9.3.patch.asc
[FreeBSD 10.0]
# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch
# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch.asc
# gpg --verify openssl-10.0.patch.asc
[FreeBSD 10.1]
# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch
# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch.asc
# gpg --verify openssl-10.1.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
Restart all deamons using the library, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/8/ r276865
releng/8.4/ r277195
stable/9/ r276865
releng/9.3/ r277195
stable/10/ r276864
releng/10.0/ r277195
releng/10.1/ r277195
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://www.openssl.org/news/secadv_20150108.txt>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:01.openssl.asc>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.1 (FreeBSD)
iQIcBAEBCgAGBQJUtuEaAAoJEO1n7NZdz2rnQCcP/A19v5HUUhjz5nMbUumRwAmB
QCxNKEy6SbAuxtIwGNYJyyxKIK3R9vTHwlgyQZVb4q8FgMHcu4yABeRfov10mO5Q
U7RkLOJyca6eqEngkrh+AFfbhqfxtccIMUQkDdegsQcqZd2Ya0VeNfjA8H0XIDoL
JSEoCifmxjv6v8ZcpugahsUOBmEWx+vyHJUSPVSv/AsLubzV3hqi4iLpzLky3/dR
4LHGzPny07NkGPVqOBU7mjTs76SzCTS2c4NIVfvbphx8UojMvREbZ8ogCMEVGBXY
fIWesi7Y6lhqbSgWj1EXyZF9NTo/Z4nr7Oh1ER5VSAfmhZAdyhEEEGQrg4Jq0VL3
DJ1Y35Up79xXmVjB14COxodI5UO+55wWnXb8r/zy/eh+wv0sHwlTz56wxo7SxAOa
xOrQj0VJ7zghLhBO7azacbVYIKpfQkJafb7XRUOqu4wt2y3/jeL+0UkWJnNMROrq
aQUB6SdGUVDwQsmodgF0rsGcQYXhaQBPu4KQo8yG8+rpqc2zewi537BJr/PWJvH0
sJ6yYcD7VGyIleVRDpxsg7uBWelnGn+AqHignbyUcic4j/N9lYlF00AVgka2TdOp
i5eZtp7m95v53S4fEX2HGwWpOv+AfCrSKQZGpvdNx+9JyD3LyOvFBxs4k0oZWa6J
6FLFZ38YkLcUIzW6I6Kc
=ztFk
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04604357
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04604357
Version: 1
HPSBGN03299 rev.1 - HP IceWall SSO Dfw, SSO Certd, MCRP, and Federation Agent
running OpenSSL, Remote Disclosure of Information, Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
Release Date: 2015-03-19
Last Updated: 2015-03-19
Potential Security Impact: Remote disclosure of information, unauthorized
access
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP IceWall SSO
Dfw, SSO Certd, MCRP, and Federation Agent running OpenSSL including:
The SSL vulnerability known as "FREAK", which could be exploited remotely to
allow disclosure of information.
Other vulnerabilities which could be exploited remotely resulting in
unauthorized access.
References:
CVE-2014-3570
CVE-2014-3572
CVE-2014-8275
CVE-2015-0204
SSRT101987
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
CVE-2014-3572 and CVE-2015-0204
HP IceWall MCRP Version 2.1 and 3.0
HP IceWall SSO Dfw Version 8.0, 8.0 R1, 8.0 R2, 8.0 R3, and Version 10.0
HP IceWall SSO Certd Version 8.0R3 with DB plugin patch 2 and Version
10.0
HP IceWall Federation Agent Version 3.0
CVE-2014-3570 and CVE-2014-8275
HP IceWall MCRP v2.1, v3.0
HP IceWall SSO Dfw v8.0, v8.0 R1, v8.0 R2, v8.0 R3, and v10.0
HP IceWall SSO Agent v8.0 and v8.0 2007 Update Release 2
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0
CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0
CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0
CVE-2015-0204 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP recommends the following software updates and workaround instructions to
resolve the vulnerabilities for HP IceWall SSO Dfw, SSO Certd, MCRP, and
Federation Agent. IceWall SSO Dfw 10.0 and Certd 10.0, which are running on RHEL, could
be using either the OS bundled OpenSSL library or the OpenSSL bundled with HP
IceWall. If still using the OpenSSL bundled with HP IceWall, please switch to
the OpenSSL library bundled with the OS, and then follow the instructions in
step 3.
Documents are available at the following location with instructions to
switch to the OS bundled OpenSSL library:
http://www.hp.com/jp/icewall_patchaccess
2. For IceWall SSO Dfw and Certd for SSO Dfw 8.0, 8.0 R1, 8.0 R2, 8.0 R3,
and SSO Certd 8.0 R3 with DB plugin patch 2, which bundle OpenSSL, please
download the updated OpenSSL at the following location:
http://www.hp.com/jp/icewall_patchaccess
3. For HP IceWall products running on RHEL and are using the OS bundled
OpenSSL, RHEL has provided patch or mitigation instructions at the following
location:
https://access.redhat.com/articles/1369543
Note: For RHEL6 (only) and CVE-2014-8275, please apply the RHEL6 patch
for OpenSSL from the following location:
https://access.redhat.com/security/cve/CVE-2014-8275
4. For IceWall products running on HP-UX which are using the OS bundled
OpenSSL, please apply the HP-UX OpenSSL update from the following location:
https://h20392.www2.hp.com/portal/swdepot/displayInstallInfo.do?produ
ctNumber=OPENSSL11I
WORKAROUND INSTRUCTIONS
HP recommends the following information to protect against potential risk
from CVE-2014-3572 and CVE-2015-0204 for the following HP IceWall products.
HP IceWall SSO Dfw and MCRP
- If possible, do not use the SHOST setting which allows IceWall SSO
Dfw or MCRP to use SSL/TLS protocol to back-end web servers.
- If possible, do not use EXPORT-grade ciphers on the back-end web
servers.
HP IceWall SSO Certd (version 10.0 and 8.0R3 applied DB plugin patch
release 2)
- If possible, do not use the LDAPSSL setting which allows IceWall SSO
Certd to connect to the LDAP server using SSL/TLS protocol.
- If possible, do not use EXPORT-grade ciphers on the LDAP server.
IceWall Federation Agent
- If possible, use "bindings:HTTP-POST" instead of
"bindings:HTTP-Artifact" setting in the service provider meta file. The
"bindings:HTTP-POST" setting would disable IWFA to use SSL for communicating
with IdP server.
Note: The HP IceWall product is only available in Japan.
HISTORY
Version:1 (rev.1) - 19 March 2014 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners. This update also addresses
other vulnerabilities in SSL that would remotely allow denial of service,
disclosure of information and other vulnerabilities.
Softpaq:
http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe
Easy Update Via ThinPro / EasyUpdate (x86):
http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-
4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-
4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-
4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-
4.4-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-
5.0-5.1-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-
5.0-5.1-x86.xar
Via ThinPro / EasyUpdate (ARM):
http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-
4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-
4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-
4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-
4.4-armel.xar
Note: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch
applied, VMware cannot connect if security level is set to "Refuse insecure
connections". Updating VMware to the latest package on ftp.hp.com will solve
the problem. ============================================================================
Ubuntu Security Notice USN-2459-1
January 12, 2015
openssl vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in OpenSSL.
Software Description:
- openssl: Secure Socket Layer (SSL) cryptographic library and tools
Details:
Pieter Wuille discovered that OpenSSL incorrectly handled Bignum squaring.
(CVE-2014-3570)
Markus Stenberg discovered that OpenSSL incorrectly handled certain crafted
DTLS messages. (CVE-2014-3571)
Karthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain
handshakes. (CVE-2014-3572)
Antti Karjalainen, Tuomo Untinen and Konrad Kraszewski discovered that
OpenSSL incorrectly handled certain certificate fingerprints. (CVE-2014-8275)
Karthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain
key exchanges. (CVE-2015-0204)
Karthikeyan Bhargavan discovered that OpenSSL incorrectly handled client
authentication.
This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. This issue
only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 14.10.
(CVE-2015-0206)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.10:
libssl1.0.0 1.0.1f-1ubuntu9.1
Ubuntu 14.04 LTS:
libssl1.0.0 1.0.1f-1ubuntu2.8
Ubuntu 12.04 LTS:
libssl1.0.0 1.0.1-4ubuntu5.21
Ubuntu 10.04 LTS:
libssl0.9.8 0.9.8k-7ubuntu8.23
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2459-1
CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275,
CVE-2015-0204, CVE-2015-0205, CVE-2015-0206
Package Information:
https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu9.1
https://launchpad.net/ubuntu/+source/openssl/1.0.1f-1ubuntu2.8
https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.21
https://launchpad.net/ubuntu/+source/openssl/0.9.8k-7ubuntu8.23
. This bug occurs at random with a very
low probability, and is not known to be exploitable in any way,
though its exact impact is difficult to determine (CVE-2014-3570).
The updated packages have been upgraded to the 1.0.0p version where
these security flaws has been fixed.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570
https://www.openssl.org/news/secadv_20150108.txt
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
08baba1b5ee61bdd0bfbcf81d465f154 mbs1/x86_64/lib64openssl1.0.0-1.0.0p-1.mbs1.x86_64.rpm
51198a2b577e182d10ad72d28b67288e mbs1/x86_64/lib64openssl-devel-1.0.0p-1.mbs1.x86_64.rpm
aa34fd335001d83bc71810d6c0b14e85 mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0p-1.mbs1.x86_64.rpm
c8b6fdaba18364b315e78761a5aa0c1c mbs1/x86_64/lib64openssl-static-devel-1.0.0p-1.mbs1.x86_64.rpm
fc67f3da9fcd1077128845ce85be93e2 mbs1/x86_64/openssl-1.0.0p-1.mbs1.x86_64.rpm
ab8f672de2bf2f0f412034f89624aa32 mbs1/SRPMS/openssl-1.0.0p-1.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security.
References:
CVE-2014-8275 Cryptographic Issues (CWE-310)
CVE-2014-3569 Remote Denial of Service (DoS)
CVE-2014-3570 Cryptographic Issues (CWE-310)
CVE-2014-3571 Remote Denial of Service (DoS)
CVE-2014-3572 Cryptographic Issues (CWE-310)
CVE-2015-0204 Cryptographic Issues (CWE-310)
SSRT101934
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP SSL for OpenVMS: All versions prior to 1.4-502.
HP SSL 1.4-502 for OpenVMS (based on OpenSSL 0.9.8ze) is available from the
following locations:
- HP SSL for OpenVMS website:
http://h71000.www7.hp.com/openvms/products/ssl/ssl.html
- HP Support Center website:
https://h20566.www2.hp.com/portal/site/hpsc/patch/home
Note: Login using your HP Passport account
| VAR-201501-0442 | CVE-2014-8275 | OpenSSL Certificate Fingerprints CVE-2014-8275 Local Security Bypass Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c. OpenSSL is prone to a local security-bypass vulnerability.
Local attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks.
Corrected: 2015-01-09 00:58:20 UTC (stable/10, 10.1-STABLE)
2015-01-14 21:27:46 UTC (releng/10.1, 10.1-RELEASE-p4)
2015-01-14 21:27:46 UTC (releng/10.0, 10.0-RELEASE-p16)
2015-01-09 01:11:43 UTC (stable/9, 9.3-STABLE)
2015-01-14 21:27:46 UTC (releng/9.3, 9.3-RELEASE-p8)
2015-01-09 01:11:43 UTC (stable/8, 8.4-STABLE)
2015-01-14 21:27:46 UTC (releng/8.4, 8.4-RELEASE-p22)
CVE Name: CVE-2014-3571, CVE-2015-0206, CVE-2014-3569, CVE-2014-3572
CVE-2015-0204, CVE-2015-0205, CVE-2014-8275, CVE-2014-3570
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>. Background
FreeBSD includes software from the OpenSSL Project.
II. [CVE-2014-3569] This does not affect
FreeBSD's default build. [CVE-2015-0205]
OpenSSL accepts several non-DER-variations of certificate signature
algorithm and signature encodings. OpenSSL also does not enforce a
match between the signature algorithm between the signed and unsigned
portions of the certificate. [CVE-2014-3570]
III. [CVE-2015-0206]
A server can remove forward secrecy from the ciphersuite. [CVE-2014-3572]
A server could present a weak temporary key and downgrade the security of
the session. This only
affects servers which trust a client certificate authority which issues
certificates containing DH keys, which is extremely rare. [CVE-2015-0205]
By modifying the contents of the signature algorithm or the encoding of
the signature, it is possible to change the certificate's fingerprint. It also does not affect common revocation mechanisms. Only
custom applications that rely on the uniqueness of the fingerprint
(e.g. certificate blacklists) may be affected. [CVE-2014-8275]
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 8.4 and FreeBSD 9.3]
# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch
# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-9.3.patch.asc
# gpg --verify openssl-9.3.patch.asc
[FreeBSD 10.0]
# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch
# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.0.patch.asc
# gpg --verify openssl-10.0.patch.asc
[FreeBSD 10.1]
# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch
# fetch https://security.FreeBSD.org/patches/SA-15:01/openssl-10.1.patch.asc
# gpg --verify openssl-10.1.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
Restart all deamons using the library, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/8/ r276865
releng/8.4/ r277195
stable/9/ r276865
releng/9.3/ r277195
stable/10/ r276864
releng/10.0/ r277195
releng/10.1/ r277195
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. 5 client) - i386, x86_64
3. Note: this flaw is not exploitable via the TLS/SSL protocol because
the data being transferred is not Base64-encoded. TLS/SSL clients and servers using OpenSSL were not
affected by this flaw. (CVE-2015-0289)
Red Hat would like to thank the OpenSSL project for reporting
CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, and
CVE-2015-0293. Upstream acknowledges Emilia Käsper of the OpenSSL
development team as the original reporter of CVE-2015-0287, Brian Carpenter
as the original reporter of CVE-2015-0288, Michal Zalewski of Google as the
original reporter of CVE-2015-0289, Robert Dugal and David Ramos as the
original reporters of CVE-2015-0292, and Sean Burford of Google and Emilia
Käsper of the OpenSSL development team as the original reporters of
CVE-2015-0293. This could lead to a Denial
Of Service attack (CVE-2014-3571).
The updated packages have been upgraded to the 1.0.0p version where
these security flaws has been fixed.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3570
https://www.openssl.org/news/secadv_20150108.txt
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
08baba1b5ee61bdd0bfbcf81d465f154 mbs1/x86_64/lib64openssl1.0.0-1.0.0p-1.mbs1.x86_64.rpm
51198a2b577e182d10ad72d28b67288e mbs1/x86_64/lib64openssl-devel-1.0.0p-1.mbs1.x86_64.rpm
aa34fd335001d83bc71810d6c0b14e85 mbs1/x86_64/lib64openssl-engines1.0.0-1.0.0p-1.mbs1.x86_64.rpm
c8b6fdaba18364b315e78761a5aa0c1c mbs1/x86_64/lib64openssl-static-devel-1.0.0p-1.mbs1.x86_64.rpm
fc67f3da9fcd1077128845ce85be93e2 mbs1/x86_64/openssl-1.0.0p-1.mbs1.x86_64.rpm
ab8f672de2bf2f0f412034f89624aa32 mbs1/SRPMS/openssl-1.0.0p-1.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFUr+PRmqjQ0CJFipgRAtFXAJ46+q0aetnJkb6I9RuYmX5xFeGx9wCgt1rb
LHbCdAkBpYHYSuaUwpiAu1w=
=ePa9
-----END PGP SIGNATURE-----
.
HP SSL for OpenVMS: All versions prior to 1.4-502.
HP SSL 1.4-502 for OpenVMS (based on OpenSSL 0.9.8ze) is available from the
following locations:
- HP SSL for OpenVMS website:
http://h71000.www7.hp.com/openvms/products/ssl/ssl.html
- HP Support Center website:
https://h20566.www2.hp.com/portal/site/hpsc/patch/home
Note: Login using your HP Passport account.
Release Date: 2015-08-24
Last Updated: 2015-08-24
Potential Security Impact: Remote unauthorized modification, unauthorized
access, or unauthorized disclosure of information.
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP Matrix
Operating Environment. The vulnerabilities could be exploited remotely
resulting in unauthorized modification, unauthorized access, or unauthorized
disclosure of information.
References:
CVE-2010-5107
CVE-2013-0248
CVE-2014-0118
CVE-2014-0226
CVE-2014-0231
CVE-2014-1692
CVE-2014-3523
CVE-2014-3569
CVE-2014-3570
CVE-2014-3571
CVE-2014-3572
CVE-2014-8142
CVE-2014-8275
CVE-2014-9427
CVE-2014-9652
CVE-2014-9653
CVE-2014-9705
CVE-2015-0204
CVE-2015-0205
CVE-2015-0206
CVE-2015-0207
CVE-2015-0208
CVE-2015-0209
CVE-2015-0231
CVE-2015-0232
CVE-2015-0273
CVE-2015-0285
CVE-2015-0286
CVE-2015-0287
CVE-2015-0288
CVE-2015-0289
CVE-2015-0290
CVE-2015-0291
CVE-2015-0292
CVE-2015-0293
CVE-2015-1787
CVE-2015-1788
CVE-2015-1789
CVE-2015-1790
CVE-2015-1791
CVE-2015-1792
CVE-2015-2134
CVE-2015-2139
CVE-2015-2140
CVE-2015-2301
CVE-2015-2331
CVE-2015-2348
CVE-2015-2787
CVE-2015-3113
CVE-2015-5122
CVE-2015-5123
CVE-2015-5402
CVE-2015-5403
CVE-2015-5404
CVE-2015-5405
CVE-2015-5427
CVE-2015-5428
CVE-2015-5429
CVE-2015-5430
CVE-2015-5431
CVE-2015-5432
CVE-2015-5433
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Matrix Operating Environment impacted software components and versions:
HP Systems Insight Manager (SIM) prior to version 7.5.0
HP System Management Homepage (SMH) prior to version 7.5.0
HP Version Control Agent (VCA) prior to version 7.5.0
HP Version Control Repository Manager (VCRM) prior to version 7.5.0
HP Insight Orchestration prior to version 7.5.0
HP Virtual Connect Enterprise Manager (VCEM) prior to version 7.5.0
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2010-5107 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2013-0248 (AV:L/AC:M/Au:N/C:N/I:P/A:P) 3.3
CVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3
CVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8
CVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2014-1692 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2014-3523 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0
CVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0
CVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0
CVE-2014-9427 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2014-9652 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2014-9653 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2014-9705 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0
CVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2015-0207 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2015-0208 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3
CVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8
CVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2015-0232 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8
CVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2015-0285 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3
CVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2015-0290 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2015-0291 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2015-1787 (AV:N/AC:H/Au:N/C:N/I:N/A:P) 2.6
CVE-2015-1788 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3
CVE-2015-1789 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3
CVE-2015-1790 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2015-1791 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8
CVE-2015-1792 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2015-2134 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0
CVE-2015-2139 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5
CVE-2015-2140 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9
CVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2015-2348 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0
CVE-2015-2787 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2015-3113 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2015-5122 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2015-5123 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2015-5402 (AV:L/AC:M/Au:N/C:C/I:C/A:C) 6.9
CVE-2015-5403 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5
CVE-2015-5404 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4
CVE-2015-5405 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0
CVE-2015-5427 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4
CVE-2015-5428 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4
CVE-2015-5429 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4
CVE-2015-5430 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0
CVE-2015-5431 (AV:N/AC:M/Au:S/C:P/I:P/A:N) 4.9
CVE-2015-5432 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4
CVE-2015-5433 (AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following software updates available to resolve the
vulnerabilities in the impacted versions of HP Matrix Operating Environment
HP Matrix Operating Environment 7.5.0 is only available on DVD. Please order
the latest version of the HP Matrix Operating Environment 7.5.0 DVD #2 ISO
from the following location:
http://www.hp.com/go/insightupdates
Choose the orange Select button. This presents the HP Insight Management
Media order page. Choose Insight Management 7.5 DVD-2-ZIP August 2015 from
the Software specification list. Fill out the rest of the form and submit it.
HP has addressed these vulnerabilities for the affected software components
bundled with the HP Matrix Operating Environment in the following HP Security
Bulletins.
HP Matrix Operating Environment component
HP Security Bulletin Number
Security Bulletin Location
HP Systems Insight Manager (SIM)
HPSBMU03394
HPSBMU03394
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04762744
HP System Management Homepage (SMH)
HPSBMU03380
http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04746490&la
ng=en-us&cc=
HP Version Control Agent (VCA)
HPSBMU03397
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04765169
HP Version Control Repository Manager (VCRM)
HPSBMU03396
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr
_na-c04765115
HP Virtual Connect Enterprise Manager (VCEM) SDK
HPSBMU03413
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr
_na-c04774021
HISTORY
Version:1 (rev.1) - 24 August 2015 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: openssl security update
Advisory ID: RHSA-2015:0066-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0066.html
Issue date: 2015-01-20
Updated on: 2015-01-21
CVE Names: CVE-2014-3570 CVE-2014-3571 CVE-2014-3572
CVE-2014-8275 CVE-2015-0204 CVE-2015-0205
CVE-2015-0206
=====================================================================
1. Summary:
Updated openssl packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
3. Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),
Transport Layer Security (TLS), and Datagram Transport Layer Security
(DTLS) protocols, as well as a full-strength, general purpose cryptography
library.
A NULL pointer dereference flaw was found in the DTLS implementation of
OpenSSL. A remote attacker could send a specially crafted DTLS message,
which would cause an OpenSSL server to crash. (CVE-2014-3571)
A memory leak flaw was found in the way the dtls1_buffer_record() function
of OpenSSL parsed certain DTLS messages. A remote attacker could send
multiple specially crafted DTLS messages to exhaust all available memory of
a DTLS server. (CVE-2015-0206)
It was found that OpenSSL's BigNumber Squaring implementation could produce
incorrect results under certain special conditions. This flaw could
possibly affect certain OpenSSL library functionality, such as RSA
blinding. Note that this issue occurred rarely and with a low probability,
and there is currently no known way of exploiting it. (CVE-2014-3570)
It was discovered that OpenSSL would perform an ECDH key exchange with a
non-ephemeral key even when the ephemeral ECDH cipher suite was selected.
A malicious server could make a TLS/SSL client using OpenSSL use a weaker
key exchange method than the one requested by the user. (CVE-2014-3572)
It was discovered that OpenSSL would accept ephemeral RSA keys when using
non-export RSA cipher suites. A malicious server could make a TLS/SSL
client using OpenSSL use a weaker key exchange method. (CVE-2015-0204)
Multiple flaws were found in the way OpenSSL parsed X.509 certificates.
An attacker could use these flaws to modify an X.509 certificate to produce
a certificate with a different fingerprint without invalidating its
signature, and possibly bypass fingerprint-based blacklisting in
applications. (CVE-2014-8275)
It was found that an OpenSSL server would, under certain conditions, accept
Diffie-Hellman client certificates without the use of a private key.
An attacker could use a user's client certificate to authenticate as that
user, without needing the private key. (CVE-2015-0205)
All OpenSSL users are advised to upgrade to these updated packages, which
contain a backported patch to mitigate the above issues. For the update to
take effect, all services linked to the OpenSSL library (such as httpd and
other SSL-enabled services) must be restarted or the system rebooted.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1180184 - CVE-2015-0204 openssl: Only allow ephemeral RSA keys in export ciphersuites
1180185 - CVE-2014-3572 openssl: ECDH downgrade bug fix
1180187 - CVE-2014-8275 openssl: Fix various certificate fingerprint issues
1180234 - CVE-2014-3571 openssl: DTLS segmentation fault in dtls1_get_record
1180235 - CVE-2015-0206 openssl: DTLS memory leak in dtls1_buffer_record
1180239 - CVE-2015-0205 openssl: DH client certificates accepted without verification
1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results
6. Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source:
openssl-1.0.1e-30.el6_6.5.src.rpm
i386:
openssl-1.0.1e-30.el6_6.5.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
x86_64:
openssl-1.0.1e-30.el6_6.5.i686.rpm
openssl-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386:
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
openssl-perl-1.0.1e-30.el6_6.5.i686.rpm
openssl-static-1.0.1e-30.el6_6.5.i686.rpm
x86_64:
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
openssl-1.0.1e-30.el6_6.5.src.rpm
x86_64:
openssl-1.0.1e-30.el6_6.5.i686.rpm
openssl-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64:
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
openssl-1.0.1e-30.el6_6.5.src.rpm
i386:
openssl-1.0.1e-30.el6_6.5.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
ppc64:
openssl-1.0.1e-30.el6_6.5.ppc.rpm
openssl-1.0.1e-30.el6_6.5.ppc64.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.ppc.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm
openssl-devel-1.0.1e-30.el6_6.5.ppc.rpm
openssl-devel-1.0.1e-30.el6_6.5.ppc64.rpm
s390x:
openssl-1.0.1e-30.el6_6.5.s390.rpm
openssl-1.0.1e-30.el6_6.5.s390x.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.s390.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm
openssl-devel-1.0.1e-30.el6_6.5.s390.rpm
openssl-devel-1.0.1e-30.el6_6.5.s390x.rpm
x86_64:
openssl-1.0.1e-30.el6_6.5.i686.rpm
openssl-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386:
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-perl-1.0.1e-30.el6_6.5.i686.rpm
openssl-static-1.0.1e-30.el6_6.5.i686.rpm
ppc64:
openssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm
openssl-perl-1.0.1e-30.el6_6.5.ppc64.rpm
openssl-static-1.0.1e-30.el6_6.5.ppc64.rpm
s390x:
openssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm
openssl-perl-1.0.1e-30.el6_6.5.s390x.rpm
openssl-static-1.0.1e-30.el6_6.5.s390x.rpm
x86_64:
openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
openssl-1.0.1e-30.el6_6.5.src.rpm
i386:
openssl-1.0.1e-30.el6_6.5.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
x86_64:
openssl-1.0.1e-30.el6_6.5.i686.rpm
openssl-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386:
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-perl-1.0.1e-30.el6_6.5.i686.rpm
openssl-static-1.0.1e-30.el6_6.5.i686.rpm
x86_64:
openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source:
openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64:
openssl-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-libs-1.0.1e-34.el7_0.7.i686.rpm
openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64:
openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-devel-1.0.1e-34.el7_0.7.i686.rpm
openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-static-1.0.1e-34.el7_0.7.i686.rpm
openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64:
openssl-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-libs-1.0.1e-34.el7_0.7.i686.rpm
openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64:
openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-devel-1.0.1e-34.el7_0.7.i686.rpm
openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-static-1.0.1e-34.el7_0.7.i686.rpm
openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
openssl-1.0.1e-34.el7_0.7.src.rpm
ppc64:
openssl-1.0.1e-34.el7_0.7.ppc64.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm
openssl-devel-1.0.1e-34.el7_0.7.ppc.rpm
openssl-devel-1.0.1e-34.el7_0.7.ppc64.rpm
openssl-libs-1.0.1e-34.el7_0.7.ppc.rpm
openssl-libs-1.0.1e-34.el7_0.7.ppc64.rpm
s390x:
openssl-1.0.1e-34.el7_0.7.s390x.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm
openssl-devel-1.0.1e-34.el7_0.7.s390.rpm
openssl-devel-1.0.1e-34.el7_0.7.s390x.rpm
openssl-libs-1.0.1e-34.el7_0.7.s390.rpm
openssl-libs-1.0.1e-34.el7_0.7.s390x.rpm
x86_64:
openssl-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-devel-1.0.1e-34.el7_0.7.i686.rpm
openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-libs-1.0.1e-34.el7_0.7.i686.rpm
openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64:
openssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm
openssl-perl-1.0.1e-34.el7_0.7.ppc64.rpm
openssl-static-1.0.1e-34.el7_0.7.ppc.rpm
openssl-static-1.0.1e-34.el7_0.7.ppc64.rpm
s390x:
openssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm
openssl-perl-1.0.1e-34.el7_0.7.s390x.rpm
openssl-static-1.0.1e-34.el7_0.7.s390.rpm
openssl-static-1.0.1e-34.el7_0.7.s390x.rpm
x86_64:
openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-static-1.0.1e-34.el7_0.7.i686.rpm
openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64:
openssl-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-devel-1.0.1e-34.el7_0.7.i686.rpm
openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-libs-1.0.1e-34.el7_0.7.i686.rpm
openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-static-1.0.1e-34.el7_0.7.i686.rpm
openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2014-3570
https://access.redhat.com/security/cve/CVE-2014-3571
https://access.redhat.com/security/cve/CVE-2014-3572
https://access.redhat.com/security/cve/CVE-2014-8275
https://access.redhat.com/security/cve/CVE-2015-0204
https://access.redhat.com/security/cve/CVE-2015-0205
https://access.redhat.com/security/cve/CVE-2015-0206
https://access.redhat.com/security/updates/classification/#moderate
https://www.openssl.org/news/secadv_20150108.txt
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFUwCWMXlSAg2UNWIIRAioBAJ4/RjG4OGXzCwg+PJJWNqyvahe3rQCeNE+X
ENFobdxQdJ+gVAiRe8Qf54A=
=wyAg
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. These vulnerabilities could be exploited remotely to create a remote
Denial of Service (DoS) and other vulnerabilites.
References:
CVE-2014-8275 Cryptographic Issues (CWE-310)
CVE-2014-3569 Remote Denial of Service (DoS)
CVE-2014-3570 Cryptographic Issues (CWE-310)
CVE-2014-3571 Remote Denial of Service (DoS)
CVE-2014-3572 Cryptographic Issues (CWE-310)
CVE-2015-0204 Cryptographic Issues (CWE-310)
SSRT101885
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. The
updates are available from either of the following sites:
ftp://sl098ze:Secure12@h2.usa.hp.com
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber
=OPENSSL11I
HP-UX Release
HP-UX OpenSSL depot name
B.11.11 (11i v1)
OpenSSL_A.00.09.08ze.001_HP-UX_B.11.11_32_64.depot
B.11.23 (11i v2)
OpenSSL_A.00.09.08ze.002_HP-UX_B.11.23_IA-PA.depot
B.11.31 (11i v3)
OpenSSL_A.00.09.08ze.003_HP-UX_B.11.31_IA-PA.depot
MANUAL ACTIONS: Yes - Update
Install OpenSSL A.00.09.08ze or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application
that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins
issued by HP and lists recommended actions that may apply to a specific HP-UX
system. It can also download patches and create a depot automatically. For
more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant
| VAR-201501-0338 | CVE-2015-0204 | OpenSSL of s3_clnt.c of ssl3_get_key_exchange In function RSA-to-EXPORT_RSA Vulnerabilities that are subject to downgrade attacks |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations. OpenSSL is prone to security-bypass vulnerability.
Successfully exploiting these issues may allow attackers to perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks.
The TLS vulnerability using US export-grade 512-bit keys in Diffie-Hellman
key exchange known as "Logjam" could be exploited remotely to allow
unauthorized modification.
The SSLv3 vulnerability using US export-grade RSA encryption known as FREAK
could be exploited remotely to allow unauthorized
References:
CVE-2015-4000 (aka LogJam, SSRT102095)
CVE-2015-2808 (aka Bar Mitzvah)
CVE-2015-0204 (aka Freak)
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Network Node Manager i version v9.0x. v9.1x, v9.2x, v10.0x
HP Network Node Manager iSPI Performance for QA v9.0x, v9.1x, v9.2x, v10.0x
HP Network Node Manager iSPI for IP Multicast QA v9.0x, v9.1x, v9.2x, v10.0x
HP Network Node Manager iSPI for MPLS VPN v9.0x, v9.1x, v9.2x, v10.0x
HP Network Node Manager iSPI for IP Telephony v9.0x, v9.1x, v9.2x, v10.0x
HP Network Node Manager iSPI for NET v9.0x, v9.1x, v9.2x, v10.0x
HP Network Node Manager iSPI Performance for Metrics v9.0x, v9.1x, v9.2x,
v10.0x
HP Network Node Manager iSPI Performance for Traffic v9.0x, v9.1x, v9.2x,
v10.0x
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2015-4000 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3
CVE-2015-2808 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3
CVE-2015-0204 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following updates for HP Network Node Manager i and Smart
Plugins (iSPIs)
HP Network Node Manager i and Smart Plugins (iSPIs) Version
Link to update for CVE-2015-4000 (LogJam)
HP Network Node Manager i version v9.1x, v9.2x
iSPI Performance for QA
iSPI for IP Multicast
iSPI for MPLS VPN
iSPI for IP Telephony
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse
arch/document/KM01704653
HP Network Node Manager iSPI for Metrics v9.1x, v9.2x
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse
arch/document/KM01740484
HP Network Node Manager iSPI for Traffic v9.1x, v9.2x
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse
arch/document/KM01740489
Note: v10.x is not affected by LogJam
HP Network Node Manager i and Smart Plugins (iSPIs) Version
Link to update for CVE-2015-2808 (Bar Mitzvah)
HP Network Node Manager i version v9.1x, v9.2x, v10.x
iSPI Performance for QA
iSPI for IP Multicast
iSPI for MPLS VPN
iSPI for IP Telephony
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse
arch/document/KM01704651
HP Network Node Manager iSPI for Metrics v9.1x, v9.2x, v10.0x
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse
arch/document/KM01740486
HP Network Node Manager iSPI for Traffic v9.1x, v9.2x, v10.0x
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse
arch/document/KM01740487
HP Network Node Manager i and Smart Plugins (iSPIs) Version
Link to update for CVE-2015-0204 (Freak)
HP Network Node Manager i version v9.x, v10.x
iSPI Performance for QA
iSPI for IP Multicast
iSPI for MPLS VPN
iSPI for IP Telephony
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse
arch/document/KM01704633https://softwaresupport.hp.com/group/softwaresupport/
search-result/-/facetsearch/document/KM01704633
HP Network Node Manager iSPI for Metrics v9.1x, v9.2x
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse
arch/document/KM01740481
HP Network Node Manager iSPI for Traffic v9.1x, v9.2x
https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetse
arch/document/KM01740488
Note: v10.x is not affected by FREAK
HISTORY
Version:1 (rev.1) - 20 August 2015 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Release Date: 2015-05-19
Last Updated: 2015-05-19
Potential Security Impact: Remote Denial of Service (DoS) and other
vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP-UX running
OpenSSL. These vulnerabilities could be exploited remotely to create a remote
Denial of Service (DoS) and other vulnerabilities.
References:
CVE-2015-0204
CVE-2015-0286
CVE-2015-0287
CVE-2015-0289
CVE-2015-0292
CVE-2015-0293
CVE-2015-0209
CVE-2015-0288
SSRT102000
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11, B.11.23, B.11.31 running OpenSSL versions before v0.9.8zf
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2015-0204 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3
CVE-2015-0286 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2015-0287 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2015-0289 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2015-0292 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2015-0293 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2015-0209 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8
CVE-2015-0288 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following updates to resolve these vulnerabilities. The
updates are available from the following URL:
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber
=OPENSSL11I
HP-UX Release
HP-UX OpenSSL depot name
B.11.11 (11i v1)
OpenSSL_A.00.09.08zf.001_HP-UX_B.11.11_32_64.depot
B.11.23 (11i v2)
OpenSSL_A.00.09.08zf.002_HP-UX_B.11.23_IA-PA.depot
B.11.31 (11i v3)
OpenSSL_A.00.09.08zf.003_HP-UX_B.11.31_IA-PA.depot
MANUAL ACTIONS: Yes - Update
Install HP-UX OpenSSL A.00.09.08zf or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application
that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins
issued by HP and lists recommended actions that may apply to a specific HP-UX
system. It can also download patches and create a depot automatically. For
more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
==================
openssl.OPENSSL-CER
openssl.OPENSSL-CONF
openssl.OPENSSL-DOC
openssl.OPENSSL-INC
openssl.OPENSSL-LIB
openssl.OPENSSL-MAN
openssl.OPENSSL-MIS
openssl.OPENSSL-PRNG
openssl.OPENSSL-PVT
openssl.OPENSSL-RUN
openssl.OPENSSL-SRC
action: install revision A.00.09.08zf.001 or subsequent
HP-UX B.11.23
==================
openssl.OPENSSL-CER
openssl.OPENSSL-CONF
openssl.OPENSSL-DOC
openssl.OPENSSL-INC
openssl.OPENSSL-LIB
openssl.OPENSSL-MAN
openssl.OPENSSL-MIS
openssl.OPENSSL-PRNG
openssl.OPENSSL-PVT
openssl.OPENSSL-RUN
openssl.OPENSSL-SRC
action: install revision A.00.09.08zf.002 or subsequent
HP-UX B.11.31
==================
openssl.OPENSSL-CER
openssl.OPENSSL-CONF
openssl.OPENSSL-DOC
openssl.OPENSSL-INC
openssl.OPENSSL-LIB
openssl.OPENSSL-MAN
openssl.OPENSSL-MIS
openssl.OPENSSL-PRNG
openssl.OPENSSL-PVT
openssl.OPENSSL-RUN
openssl.OPENSSL-SRC
action: install revision A.00.09.08zf.003 or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) - 20 May 2015 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners. Description:
Red Hat JBoss Enterprise Application Platform 6 is a platform for Java
applications based on JBoss Application Server 7.
It was found that a prior countermeasure in Apache WSS4J for
Bleichenbacher's attack on XML Encryption (CVE-2011-2487) threw an
exception that permitted an attacker to determine the failure of the
attempted attack, thereby leaving WSS4J vulnerable to the attack.
The original flaw allowed a remote attacker to recover the entire plain
text form of a symmetric key. A remote attacker could use this flaw to
log to a victim's account via PicketLink. (CVE-2015-0277)
It was discovered that a JkUnmount rule for a subtree of a previous JkMount
rule could be ignored. This could allow a remote attacker to potentially
access a private artifact in a tree that would otherwise not be accessible
to them. (CVE-2015-0204)
It was found that Apache WSS4J permitted bypass of the
requireSignedEncryptedDataElements configuration property via XML Signature
wrapping attacks. A remote attacker could use this flaw to modify the
contents of a signed request. (CVE-2014-3570)
It was found that the Command Line Interface, as provided by Red Hat
Enterprise Application Platform, created a history file named
.jboss-cli-history in the user's home directory with insecure default file
permissions. This could allow a malicious local user to gain information
otherwise not accessible to them.
This release of JBoss Enterprise Application Platform also includes bug
fixes and enhancements. Documentation for these changes will be available
shortly from the JBoss Enterprise Application Platform 6.4.0 Release Notes,
linked to in the References. Solution:
The References section of this erratum contains a download link (you must
log in to download the update).
HP ThinPro Linux (x86) v5.1
HP ThinPro Linux (x86) v5.0
HP ThinPro Linux (x86) v4.4
HP ThinPro Linux (x86) v4.3
HP ThinPro Linux (x86) v4.2
HP ThinPro Linux (x86) v4.1
HP ThinPro Linux (ARM) v4.4
HP ThinPro Linux (ARM) v4.3
HP ThinPro Linux (ARM) v4.2
HP ThinPro Linux (ARM) v4.1
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0
CVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0
CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0
CVE-2015-0204 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0
CVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0
CVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2015-0235 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has released the following software updates to resolve the vulnerability
for HP ThinPro Linux.
Softpaq:
http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe
Easy Update Via ThinPro / EasyUpdate (x86):
http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-
4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-
4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-
4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-
4.4-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-
5.0-5.1-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-
5.0-5.1-x86.xar
Via ThinPro / EasyUpdate (ARM):
http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-
4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-
4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-
4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-
4.4-armel.xar
Note: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch
applied, VMware cannot connect if security level is set to "Refuse insecure
connections". Updating VMware to the latest package on ftp.hp.com will solve
the problem. 5 client) - i386, x86_64
3. Note: this flaw is not exploitable via the TLS/SSL protocol because
the data being transferred is not Base64-encoded. TLS/SSL clients and servers using OpenSSL were not
affected by this flaw. (CVE-2015-0289)
Red Hat would like to thank the OpenSSL project for reporting
CVE-2015-0287, CVE-2015-0288, CVE-2015-0289, CVE-2015-0292, and
CVE-2015-0293. Upstream acknowledges Emilia Käsper of the OpenSSL
development team as the original reporter of CVE-2015-0287, Brian Carpenter
as the original reporter of CVE-2015-0288, Michal Zalewski of Google as the
original reporter of CVE-2015-0289, Robert Dugal and David Ramos as the
original reporters of CVE-2015-0292, and Sean Burford of Google and Emilia
Käsper of the OpenSSL development team as the original reporters of
CVE-2015-0293. SAP <http://www.sap.com/>has released the monthly critical patch update
for June 2015. This patch update closes a lot of vulnerabilities in SAP
products. The most popular vulnerability is Missing Authorization Check.
This month, three critical vulnerabilities found by ERPScan researchers
Vahagn Vardanyan, Rustem Gazizov, and Diana Grigorieva were closed.
*Issues that were patched with the help of ERPScan*
Below are the details of SAP vulnerabilities that were found byERPScan
<http://www.erpscan.com/>researchers.
* An XML eXternal Entity vulnerability in SAP Mobile Platform
on-premise (CVSS Base Score:5.5).Updateis available in SAP Security
Note2159601 <https://service.sap.com/sap/support/notes/2159601>. An
attacker can use XML eXternal Entities to send specially crafted
unauthorized XML requests, which will be processed by the XML
parser. The attacker will get unauthorized access to the OS file system.
* A Hardcoded Credentials vulnerability in SAP Cross-System Tools
(CVSS Base Score:3.6).Updateis available in SAP Security Note2059659
<https://service.sap.com/sap/support/notes/2059659>. In addition, it is likely that the
code will be implemented as a backdoor into the system.
* A Hardcoded Credentials vulnerability in SAP Data Transfer Workbench
(CVSS Base Score:2.1).Updateis available in SAP Security Note2057982
<https://service.sap.com/sap/support/notes/2057982>. In addition, it is likely that the
code will be implemented as a backdoor into the system.
*The most critical issues found by other researchers*
Some of our readers and clients asked us to categorize the most critical
SAP vulnerabilities to patch them first. Companies providing SAP
Security Audit, SAP Security Assessment, or SAP Penetration Testing
services can include these vulnerabilities in their checklists. The most
critical vulnerabilities of this update can be patched by the following
SAP Security Notes:
* 2151237 <https://service.sap.com/sap/support/notes/2151237>: SAP GUI
for Windows has a Buffer Overflow vulnerability (CVSS Base
Score:9.3). An attacker can use Buffer Overflow for injecting
specially crafted code into working memory, which will be executed
by the vulnerable application under the privileges of that
application. This can lead to the attacker taking complete control
over the application, denial of service, command execution, and
other attacks. In case of command execution,attackercan obtain
critical technical and business-related information stored in the
vulnerable SAP-system or escalate their own privileges. As for
denial of service, the process of the vulnerable component may be
terminated. For this time, nobody will be able to use this service,
which negatively influences business processes, system downtime,
and, consequently, business reputation. It is recommended to install
this SAP Security Note to prevent risks.
* 2129609 <https://service.sap.com/sap/support/notes/2129609>: SAP EP
JDBC Connector has an SQL Injection vulnerability (CVSS Base
Score:6.5). An attacker can use SQL Injections with the help of
specially crafted SQL queries. They can read and modify sensitive
information from a database, execute administrative operations in a
database, destroy data or make it unavailable. In some cases, an
attacker can access system data or execute OS commands. It is
recommended to install this SAP Security Note to prevent risks.
* 1997734 <https://service.sap.com/sap/support/notes/1997734>: SAP RFC
runtime has a Missing AuthorizationXheckvulnerability (CVSS Base
Score:6.0). An attacker can use Missing Authorization Checks to
access a service without any authorization procedures and use
service functionality that has restricted access. It
is recommended to install this SAP Security Note to prevent risks.
* 2163306 <https://service.sap.com/sap/support/notes/2163306>: SAP
CommonCryptoLib and SAPCRYPTOLIB are vulnerable to FREAK
(CVE-2015-0204, CVSS Base Score:5.0). It allows an attacker to
intercept HTTPS connections between vulnerable clients and servers
and force them to use weakened encryption, which the attacker can
break to steal or manipulate sensitive data. All the attacks on this
page assume a network adversary (i.e. a man-in-the-middle) to tamper
with TLS handshake messages. The typical scenario to mount such
attacks is by tampering with the Domain Name System (DNS), for
example via DNS rebinding or domain name seizure. This attack
targets a class of deliberately weak export cipher suites. It is
recommended to install this SAP Security Note to prevent risks.
*References about the FREAK vulnerability:*
* SMACK: State Machine AttaCKs <https://www.smacktls.com/>
* Tracking the FREAK Attack <https://freakattack.com/>
* CVE-2015-0204
<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204>
It is highly recommended to patch all those SAP vulnerabilities to
prevent business risks affecting your SAP systems.
SAP has traditionally thanked the security researchers from ERPScan for
found vulnerabilities on theiracknowledgment page
<http://scn.sap.com/docs/DOC-8218>.
Advisories for those SAP vulnerabilities with technical details will be
available in 3 months onerpscan.com <http://www.erpscan.com/>.
--
Darya Maenkova
PR manager
<https://www.linkedin.com/company/2217474?trk=ppro_cprof>
<https://twitter.com/erpscan>
<http://erpscan.com/>
------------------------------------------------------------------------
e-mail: d.maenkova@erpscan.com <mailto:d.maenkova@erpscan.com>
address: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301
phone: 650.798.5255
erpscan.com <http://erpscan.com>
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: openssl security update
Advisory ID: RHSA-2015:0066-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0066.html
Issue date: 2015-01-20
Updated on: 2015-01-21
CVE Names: CVE-2014-3570 CVE-2014-3571 CVE-2014-3572
CVE-2014-8275 CVE-2015-0204 CVE-2015-0205
CVE-2015-0206
=====================================================================
1. Summary:
Updated openssl packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
3. Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),
Transport Layer Security (TLS), and Datagram Transport Layer Security
(DTLS) protocols, as well as a full-strength, general purpose cryptography
library.
A NULL pointer dereference flaw was found in the DTLS implementation of
OpenSSL. A remote attacker could send a specially crafted DTLS message,
which would cause an OpenSSL server to crash. (CVE-2014-3571)
A memory leak flaw was found in the way the dtls1_buffer_record() function
of OpenSSL parsed certain DTLS messages. A remote attacker could send
multiple specially crafted DTLS messages to exhaust all available memory of
a DTLS server. (CVE-2015-0206)
It was found that OpenSSL's BigNumber Squaring implementation could produce
incorrect results under certain special conditions. This flaw could
possibly affect certain OpenSSL library functionality, such as RSA
blinding. Note that this issue occurred rarely and with a low probability,
and there is currently no known way of exploiting it. (CVE-2014-3570)
It was discovered that OpenSSL would perform an ECDH key exchange with a
non-ephemeral key even when the ephemeral ECDH cipher suite was selected.
A malicious server could make a TLS/SSL client using OpenSSL use a weaker
key exchange method than the one requested by the user. (CVE-2014-3572)
It was discovered that OpenSSL would accept ephemeral RSA keys when using
non-export RSA cipher suites. A malicious server could make a TLS/SSL
client using OpenSSL use a weaker key exchange method. (CVE-2015-0204)
Multiple flaws were found in the way OpenSSL parsed X.509 certificates.
An attacker could use these flaws to modify an X.509 certificate to produce
a certificate with a different fingerprint without invalidating its
signature, and possibly bypass fingerprint-based blacklisting in
applications. (CVE-2014-8275)
It was found that an OpenSSL server would, under certain conditions, accept
Diffie-Hellman client certificates without the use of a private key.
An attacker could use a user's client certificate to authenticate as that
user, without needing the private key. (CVE-2015-0205)
All OpenSSL users are advised to upgrade to these updated packages, which
contain a backported patch to mitigate the above issues. For the update to
take effect, all services linked to the OpenSSL library (such as httpd and
other SSL-enabled services) must be restarted or the system rebooted.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1180184 - CVE-2015-0204 openssl: Only allow ephemeral RSA keys in export ciphersuites
1180185 - CVE-2014-3572 openssl: ECDH downgrade bug fix
1180187 - CVE-2014-8275 openssl: Fix various certificate fingerprint issues
1180234 - CVE-2014-3571 openssl: DTLS segmentation fault in dtls1_get_record
1180235 - CVE-2015-0206 openssl: DTLS memory leak in dtls1_buffer_record
1180239 - CVE-2015-0205 openssl: DH client certificates accepted without verification
1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results
6. Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source:
openssl-1.0.1e-30.el6_6.5.src.rpm
i386:
openssl-1.0.1e-30.el6_6.5.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
x86_64:
openssl-1.0.1e-30.el6_6.5.i686.rpm
openssl-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386:
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
openssl-perl-1.0.1e-30.el6_6.5.i686.rpm
openssl-static-1.0.1e-30.el6_6.5.i686.rpm
x86_64:
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
openssl-1.0.1e-30.el6_6.5.src.rpm
x86_64:
openssl-1.0.1e-30.el6_6.5.i686.rpm
openssl-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64:
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
openssl-1.0.1e-30.el6_6.5.src.rpm
i386:
openssl-1.0.1e-30.el6_6.5.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
ppc64:
openssl-1.0.1e-30.el6_6.5.ppc.rpm
openssl-1.0.1e-30.el6_6.5.ppc64.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.ppc.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm
openssl-devel-1.0.1e-30.el6_6.5.ppc.rpm
openssl-devel-1.0.1e-30.el6_6.5.ppc64.rpm
s390x:
openssl-1.0.1e-30.el6_6.5.s390.rpm
openssl-1.0.1e-30.el6_6.5.s390x.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.s390.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm
openssl-devel-1.0.1e-30.el6_6.5.s390.rpm
openssl-devel-1.0.1e-30.el6_6.5.s390x.rpm
x86_64:
openssl-1.0.1e-30.el6_6.5.i686.rpm
openssl-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386:
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-perl-1.0.1e-30.el6_6.5.i686.rpm
openssl-static-1.0.1e-30.el6_6.5.i686.rpm
ppc64:
openssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm
openssl-perl-1.0.1e-30.el6_6.5.ppc64.rpm
openssl-static-1.0.1e-30.el6_6.5.ppc64.rpm
s390x:
openssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm
openssl-perl-1.0.1e-30.el6_6.5.s390x.rpm
openssl-static-1.0.1e-30.el6_6.5.s390x.rpm
x86_64:
openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
openssl-1.0.1e-30.el6_6.5.src.rpm
i386:
openssl-1.0.1e-30.el6_6.5.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
x86_64:
openssl-1.0.1e-30.el6_6.5.i686.rpm
openssl-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386:
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-perl-1.0.1e-30.el6_6.5.i686.rpm
openssl-static-1.0.1e-30.el6_6.5.i686.rpm
x86_64:
openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source:
openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64:
openssl-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-libs-1.0.1e-34.el7_0.7.i686.rpm
openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64:
openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-devel-1.0.1e-34.el7_0.7.i686.rpm
openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-static-1.0.1e-34.el7_0.7.i686.rpm
openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64:
openssl-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-libs-1.0.1e-34.el7_0.7.i686.rpm
openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64:
openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-devel-1.0.1e-34.el7_0.7.i686.rpm
openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-static-1.0.1e-34.el7_0.7.i686.rpm
openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
openssl-1.0.1e-34.el7_0.7.src.rpm
ppc64:
openssl-1.0.1e-34.el7_0.7.ppc64.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm
openssl-devel-1.0.1e-34.el7_0.7.ppc.rpm
openssl-devel-1.0.1e-34.el7_0.7.ppc64.rpm
openssl-libs-1.0.1e-34.el7_0.7.ppc.rpm
openssl-libs-1.0.1e-34.el7_0.7.ppc64.rpm
s390x:
openssl-1.0.1e-34.el7_0.7.s390x.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm
openssl-devel-1.0.1e-34.el7_0.7.s390.rpm
openssl-devel-1.0.1e-34.el7_0.7.s390x.rpm
openssl-libs-1.0.1e-34.el7_0.7.s390.rpm
openssl-libs-1.0.1e-34.el7_0.7.s390x.rpm
x86_64:
openssl-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-devel-1.0.1e-34.el7_0.7.i686.rpm
openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-libs-1.0.1e-34.el7_0.7.i686.rpm
openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64:
openssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm
openssl-perl-1.0.1e-34.el7_0.7.ppc64.rpm
openssl-static-1.0.1e-34.el7_0.7.ppc.rpm
openssl-static-1.0.1e-34.el7_0.7.ppc64.rpm
s390x:
openssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm
openssl-perl-1.0.1e-34.el7_0.7.s390x.rpm
openssl-static-1.0.1e-34.el7_0.7.s390.rpm
openssl-static-1.0.1e-34.el7_0.7.s390x.rpm
x86_64:
openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-static-1.0.1e-34.el7_0.7.i686.rpm
openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64:
openssl-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-devel-1.0.1e-34.el7_0.7.i686.rpm
openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-libs-1.0.1e-34.el7_0.7.i686.rpm
openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-static-1.0.1e-34.el7_0.7.i686.rpm
openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2014-3570
https://access.redhat.com/security/cve/CVE-2014-3571
https://access.redhat.com/security/cve/CVE-2014-3572
https://access.redhat.com/security/cve/CVE-2014-8275
https://access.redhat.com/security/cve/CVE-2015-0204
https://access.redhat.com/security/cve/CVE-2015-0205
https://access.redhat.com/security/cve/CVE-2015-0206
https://access.redhat.com/security/updates/classification/#moderate
https://www.openssl.org/news/secadv_20150108.txt
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFUwCWMXlSAg2UNWIIRAioBAJ4/RjG4OGXzCwg+PJJWNqyvahe3rQCeNE+X
ENFobdxQdJ+gVAiRe8Qf54A=
=wyAg
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201501-0339 | CVE-2015-0205 | OpenSSL of s3_srvr.c of ssl3_get_cert_verify Vulnerability to gain access to functions |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support. OpenSSL is prone to security-bypass vulnerability.
Successfully exploiting these issues may allow attackers to perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. The Common Vulnerabilities and Exposures project
identifies the following issues:
CVE-2014-3569
Frank Schmirler reported that the ssl23_get_client_hello function in
OpenSSL does not properly handle attempts to use unsupported
protocols.
CVE-2014-3571
Markus Stenberg of Cisco Systems, Inc. This
allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks
and trigger a loss of forward secrecy.
CVE-2014-8275
Antti Karjalainen and Tuomo Untinen of the Codenomicon CROSS project
and Konrad Kraszewski of Google reported various certificate
fingerprint issues, which allow remote attackers to defeat a
fingerprint-based certificate-blacklist protection mechanism.
For the stable distribution (wheezy), these problems have been fixed in
version 1.0.1e-2+deb7u14.
For the upcoming stable distribution (jessie), these problems will be
fixed soon.
For the unstable distribution (sid), these problems have been fixed in
version 1.0.1k-1.
References:
CVE-2014-3569 - Remote Denial of Service (DoS)
CVE-2014-3570 - Remote Disclosure of Information
CVE-2014-3571 - Remote Denial of Service (DoS)
CVE-2014-3572 - Remote Disclosure of Information
CVE-2014-8275 - Remote Unauthorized Modification
CVE-2015-0204 - Remote Disclosure of Information
CVE-2015-0205 - Remote Unauthorized Access
CVE-2015-0206 - Remote Denial of Service (DoS)
CVE-2015-5409 - Remote Buffer overflow
CVE-2015-5410 - Remote Denial of Service (DoS), Unauthorized Access,
Execution of Arbitrary Code, Unauthorized Modification
CVE-2015-5411 - Remote Disclosure of Information
CVE-2015-5412 - Cross-Site Request Forgery (CSRF)
CVE-2015-5413 - Remote Elevation of Privilege
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04602055
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04602055
Version: 1
HPSBHF03289 rev.1- HP ThinClient PCs running ThinPro Linux, Remote Code
Execution, Denial of Service, Disclosure of information
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
Release Date: 2015-03-20
Last Updated: 2015-03-20
Potential Security Impact: Remote code execution, denial of service,
disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HP ThinPro Linux
This is the glibc vulnerability known as "GHOST", which could be exploited
remotely to allow execution of arbitrary code. This update also addresses
other vulnerabilities in SSL that would remotely allow denial of service,
disclosure of information and other vulnerabilities.
References:
CVE-2015-0235 (SSRT101953)
CVE-2014-3569
CVE-2014-3570
CVE-2014-3571
CVE-2014-3572
CVE-2014-8275
CVE-2015-0204
CVE-2015-0205
CVE-2015-0206
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP ThinPro Linux (x86) v5.1
HP ThinPro Linux (x86) v5.0
HP ThinPro Linux (x86) v4.4
HP ThinPro Linux (x86) v4.3
HP ThinPro Linux (x86) v4.2
HP ThinPro Linux (x86) v4.1
HP ThinPro Linux (ARM) v4.4
HP ThinPro Linux (ARM) v4.3
HP ThinPro Linux (ARM) v4.2
HP ThinPro Linux (ARM) v4.1
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2014-3569 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2014-3570 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0
CVE-2014-3571 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2014-3572 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0
CVE-2014-8275 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0
CVE-2015-0204 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0
CVE-2015-0205 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0
CVE-2015-0206 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2015-0235 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has released the following software updates to resolve the vulnerability
for HP ThinPro Linux.
Softpaq:
http://ftp.hp.com/pub/softpaq/sp70501-71000/sp70649.exe
Easy Update Via ThinPro / EasyUpdate (x86):
http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-
4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-
4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-
4.1-4.3-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.1-all-
4.4-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/5.0/service_packs/security-sp-2.1-all-
5.0-5.1-x86.xar
http://ftp.hp.com/pub/tcdebian/updates/5.1/service_packs/security-sp-2.1-all-
5.0-5.1-x86.xar
Via ThinPro / EasyUpdate (ARM):
http://ftp.hp.com/pub/tcdebian/updates/4.1/service_packs/security-sp-2.0-all-
4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.2/service_packs/security-sp-2.0-all-
4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.3/service_packs/security-sp-2.0-all-
4.1-4.3-armel.xar
http://ftp.hp.com/pub/tcdebian/updates/4.4/service_packs/security-sp-2.0-all-
4.4-armel.xar
Note: Known issue on security-sp-2.0-all-4.1-4.3-arm.xar: With the patch
applied, VMware cannot connect if security level is set to "Refuse insecure
connections". Updating VMware to the latest package on ftp.hp.com will solve
the problem.
HISTORY
Version:1 (rev.1) - 20 March 2015 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners. ============================================================================
Ubuntu Security Notice USN-2459-1
January 12, 2015
openssl vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in OpenSSL. (CVE-2014-3571)
Karthikeyan Bhargavan discovered that OpenSSL incorrectly handled certain
handshakes. (CVE-2014-3572)
Antti Karjalainen, Tuomo Untinen and Konrad Kraszewski discovered that
OpenSSL incorrectly handled certain certificate fingerprints. (CVE-2015-0204)
Karthikeyan Bhargavan discovered that OpenSSL incorrectly handled client
authentication.
This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. This issue
only affected Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 14.10.
(CVE-2015-0206)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.10:
libssl1.0.0 1.0.1f-1ubuntu9.1
Ubuntu 14.04 LTS:
libssl1.0.0 1.0.1f-1ubuntu2.8
Ubuntu 12.04 LTS:
libssl1.0.0 1.0.1-4ubuntu5.21
Ubuntu 10.04 LTS:
libssl0.9.8 0.9.8k-7ubuntu8.23
After a standard system update you need to reboot your computer to make
all the necessary changes. OpenSSL Security Advisory [08 Jan 2015]
=======================================
DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)
===========================================================
Severity: Moderate
A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due
to a NULL pointer dereference.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k.
OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p.
OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Markus Stenberg of
Cisco Systems, Inc. The fix was developed by Stephen Henson of the OpenSSL
core team.
DTLS memory leak in dtls1_buffer_record (CVE-2015-0206)
=======================================================
Severity: Moderate
A memory leak can occur in the dtls1_buffer_record function under certain
conditions. In particular this could occur if an attacker sent repeated DTLS
records with the same sequence number but for the next epoch. The memory leak
could be exploited by an attacker in a Denial of Service attack through memory
exhaustion.
This issue affects OpenSSL versions: 1.0.1 and 1.0.0.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k.
OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p.
This issue was reported to OpenSSL on 7th January 2015 by Chris Mueller who also
provided an initial patch. Further analysis was performed by Matt Caswell of the
OpenSSL development team, who also developed the final patch.
no-ssl3 configuration sets method to NULL (CVE-2014-3569)
=========================================================
Severity: Low
When openssl is built with the no-ssl3 option and a SSL v3 ClientHello is
received the ssl method would be set to NULL which could later result in
a NULL pointer dereference.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 17th October 2014 by Frank Schmirler. The
fix was developed by Kurt Roeckx.
ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)
==========================================================
Severity: Low
An OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite
using an ECDSA certificate if the server key exchange message is omitted. This
effectively removes forward secrecy from the ciphersuite.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan
Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen
Henson of the OpenSSL core team.
RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
==============================================================
Severity: Low
An OpenSSL client will accept the use of an RSA temporary key in a non-export
RSA key exchange ciphersuite. A server could present a weak temporary key
and downgrade the security of the session.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan
Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen
Henson of the OpenSSL core team. This effectively allows a client
to authenticate without the use of a private key. This only affects servers
which trust a client certificate authority which issues certificates
containing DH keys: these are extremely rare and hardly ever encountered.
This issue affects OpenSSL versions: 1.0.1 and 1.0.0.
OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan
Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen
Henson of the OpenSSL core team.
Certificate fingerprints can be modified (CVE-2014-8275)
========================================================
Severity: Low
OpenSSL accepts several non-DER-variations of certificate signature
algorithm and signature encodings. OpenSSL also does not enforce a
match between the signature algorithm between the signed and unsigned
portions of the certificate. By modifying the contents of the
signature algorithm or the encoding of the signature, it is possible
to change the certificate's fingerprint.
This does not allow an attacker to forge certificates, and does not
affect certificate verification or OpenSSL servers/clients in any
other way. It also does not affect common revocation mechanisms. Only
custom applications that rely on the uniqueness of the fingerprint
(e.g. certificate blacklists) may be affected.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and
0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
One variant of this issue was discovered by Antti Karjalainen and
Tuomo Untinen from the Codenomicon CROSS program and reported to
OpenSSL on 1st December 2014 by NCSC-FI Vulnerability
Co-ordination. Another variant was independently reported to OpenSSL
on 12th December 2014 by Konrad Kraszewski from Google. Further
analysis was conducted and fixes were developed by Stephen Henson of
the OpenSSL core team.
Bignum squaring may produce incorrect results (CVE-2014-3570)
=============================================================
Severity: Low
Bignum squaring (BN_sqr) may produce incorrect results on some
platforms, including x86_64. This bug occurs at random with a very
low probability, and is not known to be exploitable in any way, though
its exact impact is difficult to determine. The following has been
determined:
*) The probability of BN_sqr producing an incorrect result at random
is very low: 1/2^64 on the single affected 32-bit platform (MIPS) and
1/2^128 on affected 64-bit platforms.
*) On most platforms, RSA follows a different code path and RSA
operations are not affected at all. For the remaining platforms
(e.g. OpenSSL built without assembly support), pre-existing
countermeasures thwart bug attacks [1].
*) Static ECDH is theoretically affected: it is possible to construct
elliptic curve points that would falsely appear to be on the given
curve. However, there is no known computationally feasible way to
construct such points with low order, and so the security of static
ECDH private keys is believed to be unaffected.
*) Other routines known to be theoretically affected are modular
exponentiation, primality testing, DSA, RSA blinding, JPAKE and
SRP. No exploits are known and straightforward bug attacks fail -
either the attacker cannot control when the bug triggers, or no
private key material is involved.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 2nd November 2014 by Pieter Wuille
(Blockstream) who also suggested an initial fix. Further analysis was
conducted by the OpenSSL development team and Adam Langley of
Google. The final fix was developed by Andy Polyakov of the OpenSSL
core team.
[1] http://css.csail.mit.edu/6.858/2013/readings/rsa-bug-attacks.pdf
Note
====
As per our previous announcements and our Release Strategy
(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions
1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these
releases will be provided after that date. Users of these releases are advised
to upgrade.
References
==========
URL for this Security Advisory:
https://www.openssl.org/news/secadv_20150108.txt
Note: the online version of the advisory may be updated with additional
details over time.
For details of OpenSSL severity classifications please see:
https://www.openssl.org/about/secpolicy.html
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: openssl security update
Advisory ID: RHSA-2015:0066-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0066.html
Issue date: 2015-01-20
Updated on: 2015-01-21
CVE Names: CVE-2014-3570 CVE-2014-3571 CVE-2014-3572
CVE-2014-8275 CVE-2015-0204 CVE-2015-0205
CVE-2015-0206
=====================================================================
1. Summary:
Updated openssl packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
3. Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL),
Transport Layer Security (TLS), and Datagram Transport Layer Security
(DTLS) protocols, as well as a full-strength, general purpose cryptography
library.
A NULL pointer dereference flaw was found in the DTLS implementation of
OpenSSL. A remote attacker could send a specially crafted DTLS message,
which would cause an OpenSSL server to crash. A remote attacker could send
multiple specially crafted DTLS messages to exhaust all available memory of
a DTLS server. This flaw could
possibly affect certain OpenSSL library functionality, such as RSA
blinding. (CVE-2014-3570)
It was discovered that OpenSSL would perform an ECDH key exchange with a
non-ephemeral key even when the ephemeral ECDH cipher suite was selected.
An attacker could use these flaws to modify an X.509 certificate to produce
a certificate with a different fingerprint without invalidating its
signature, and possibly bypass fingerprint-based blacklisting in
applications. (CVE-2015-0205)
All OpenSSL users are advised to upgrade to these updated packages, which
contain a backported patch to mitigate the above issues. For the update to
take effect, all services linked to the OpenSSL library (such as httpd and
other SSL-enabled services) must be restarted or the system rebooted.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1180184 - CVE-2015-0204 openssl: Only allow ephemeral RSA keys in export ciphersuites
1180185 - CVE-2014-3572 openssl: ECDH downgrade bug fix
1180187 - CVE-2014-8275 openssl: Fix various certificate fingerprint issues
1180234 - CVE-2014-3571 openssl: DTLS segmentation fault in dtls1_get_record
1180235 - CVE-2015-0206 openssl: DTLS memory leak in dtls1_buffer_record
1180239 - CVE-2015-0205 openssl: DH client certificates accepted without verification
1180240 - CVE-2014-3570 openssl: Bignum squaring may produce incorrect results
6. Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source:
openssl-1.0.1e-30.el6_6.5.src.rpm
i386:
openssl-1.0.1e-30.el6_6.5.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
x86_64:
openssl-1.0.1e-30.el6_6.5.i686.rpm
openssl-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386:
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
openssl-perl-1.0.1e-30.el6_6.5.i686.rpm
openssl-static-1.0.1e-30.el6_6.5.i686.rpm
x86_64:
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
openssl-1.0.1e-30.el6_6.5.src.rpm
x86_64:
openssl-1.0.1e-30.el6_6.5.i686.rpm
openssl-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64:
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
openssl-1.0.1e-30.el6_6.5.src.rpm
i386:
openssl-1.0.1e-30.el6_6.5.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
ppc64:
openssl-1.0.1e-30.el6_6.5.ppc.rpm
openssl-1.0.1e-30.el6_6.5.ppc64.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.ppc.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm
openssl-devel-1.0.1e-30.el6_6.5.ppc.rpm
openssl-devel-1.0.1e-30.el6_6.5.ppc64.rpm
s390x:
openssl-1.0.1e-30.el6_6.5.s390.rpm
openssl-1.0.1e-30.el6_6.5.s390x.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.s390.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm
openssl-devel-1.0.1e-30.el6_6.5.s390.rpm
openssl-devel-1.0.1e-30.el6_6.5.s390x.rpm
x86_64:
openssl-1.0.1e-30.el6_6.5.i686.rpm
openssl-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386:
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-perl-1.0.1e-30.el6_6.5.i686.rpm
openssl-static-1.0.1e-30.el6_6.5.i686.rpm
ppc64:
openssl-debuginfo-1.0.1e-30.el6_6.5.ppc64.rpm
openssl-perl-1.0.1e-30.el6_6.5.ppc64.rpm
openssl-static-1.0.1e-30.el6_6.5.ppc64.rpm
s390x:
openssl-debuginfo-1.0.1e-30.el6_6.5.s390x.rpm
openssl-perl-1.0.1e-30.el6_6.5.s390x.rpm
openssl-static-1.0.1e-30.el6_6.5.s390x.rpm
x86_64:
openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
openssl-1.0.1e-30.el6_6.5.src.rpm
i386:
openssl-1.0.1e-30.el6_6.5.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
x86_64:
openssl-1.0.1e-30.el6_6.5.i686.rpm
openssl-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-devel-1.0.1e-30.el6_6.5.i686.rpm
openssl-devel-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386:
openssl-debuginfo-1.0.1e-30.el6_6.5.i686.rpm
openssl-perl-1.0.1e-30.el6_6.5.i686.rpm
openssl-static-1.0.1e-30.el6_6.5.i686.rpm
x86_64:
openssl-debuginfo-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-perl-1.0.1e-30.el6_6.5.x86_64.rpm
openssl-static-1.0.1e-30.el6_6.5.x86_64.rpm
Red Hat Enterprise Linux Client (v. 7):
Source:
openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64:
openssl-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-libs-1.0.1e-34.el7_0.7.i686.rpm
openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64:
openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-devel-1.0.1e-34.el7_0.7.i686.rpm
openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-static-1.0.1e-34.el7_0.7.i686.rpm
openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64:
openssl-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-libs-1.0.1e-34.el7_0.7.i686.rpm
openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64:
openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-devel-1.0.1e-34.el7_0.7.i686.rpm
openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-static-1.0.1e-34.el7_0.7.i686.rpm
openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
openssl-1.0.1e-34.el7_0.7.src.rpm
ppc64:
openssl-1.0.1e-34.el7_0.7.ppc64.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm
openssl-devel-1.0.1e-34.el7_0.7.ppc.rpm
openssl-devel-1.0.1e-34.el7_0.7.ppc64.rpm
openssl-libs-1.0.1e-34.el7_0.7.ppc.rpm
openssl-libs-1.0.1e-34.el7_0.7.ppc64.rpm
s390x:
openssl-1.0.1e-34.el7_0.7.s390x.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm
openssl-devel-1.0.1e-34.el7_0.7.s390.rpm
openssl-devel-1.0.1e-34.el7_0.7.s390x.rpm
openssl-libs-1.0.1e-34.el7_0.7.s390.rpm
openssl-libs-1.0.1e-34.el7_0.7.s390x.rpm
x86_64:
openssl-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-devel-1.0.1e-34.el7_0.7.i686.rpm
openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-libs-1.0.1e-34.el7_0.7.i686.rpm
openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64:
openssl-debuginfo-1.0.1e-34.el7_0.7.ppc.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.ppc64.rpm
openssl-perl-1.0.1e-34.el7_0.7.ppc64.rpm
openssl-static-1.0.1e-34.el7_0.7.ppc.rpm
openssl-static-1.0.1e-34.el7_0.7.ppc64.rpm
s390x:
openssl-debuginfo-1.0.1e-34.el7_0.7.s390.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.s390x.rpm
openssl-perl-1.0.1e-34.el7_0.7.s390x.rpm
openssl-static-1.0.1e-34.el7_0.7.s390.rpm
openssl-static-1.0.1e-34.el7_0.7.s390x.rpm
x86_64:
openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-static-1.0.1e-34.el7_0.7.i686.rpm
openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
openssl-1.0.1e-34.el7_0.7.src.rpm
x86_64:
openssl-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-devel-1.0.1e-34.el7_0.7.i686.rpm
openssl-devel-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-libs-1.0.1e-34.el7_0.7.i686.rpm
openssl-libs-1.0.1e-34.el7_0.7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
openssl-debuginfo-1.0.1e-34.el7_0.7.i686.rpm
openssl-debuginfo-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-perl-1.0.1e-34.el7_0.7.x86_64.rpm
openssl-static-1.0.1e-34.el7_0.7.i686.rpm
openssl-static-1.0.1e-34.el7_0.7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2014-3570
https://access.redhat.com/security/cve/CVE-2014-3571
https://access.redhat.com/security/cve/CVE-2014-3572
https://access.redhat.com/security/cve/CVE-2014-8275
https://access.redhat.com/security/cve/CVE-2015-0204
https://access.redhat.com/security/cve/CVE-2015-0205
https://access.redhat.com/security/cve/CVE-2015-0206
https://access.redhat.com/security/updates/classification/#moderate
https://www.openssl.org/news/secadv_20150108.txt
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFUwCWMXlSAg2UNWIIRAioBAJ4/RjG4OGXzCwg+PJJWNqyvahe3rQCeNE+X
ENFobdxQdJ+gVAiRe8Qf54A=
=wyAg
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201503-0389 | CVE-2015-1352 | PHP of PostgreSQL Service disruption in extensions (DoS) Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. http://cwe.mitre.org/data/definitions/476.htmlService disruption through a crafted name by a third party (NULL Pointer dereference and application crash ) There is a possibility of being put into a state. PHP is prone to a denial-of-service vulnerability due to a Null-pointer deference condition.
An attacker can exploit this issue to crash the affected application, denying service to legitimate users. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. PostgreSQL (aka pgsql) is one of the object-relational database management system extensions. The vulnerability is caused by the program not correctly validating the 'token' parameter extraction of the form name. ============================================================================
Ubuntu Security Notice USN-2501-1
February 17, 2015
php5 vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in PHP. This issue only affected
Ubuntu 14.04 LTS and Ubuntu 14.10. This issue only
affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2014-9652)
Alex Eubanks discovered that PHP incorrectly handled EXIF data in JPEG
images.
This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10.
(CVE-2015-1351)
It was discovered that the PHP PostgreSQL database extension incorrectly
handled certain pointers. This issue only affected Ubuntu 14.04 LTS and
Ubuntu 14.10. (CVE-2015-1352)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.10:
libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.2
php5-cgi 5.5.12+dfsg-2ubuntu4.2
php5-cli 5.5.12+dfsg-2ubuntu4.2
php5-fpm 5.5.12+dfsg-2ubuntu4.2
php5-pgsql 5.5.12+dfsg-2ubuntu4.2
Ubuntu 14.04 LTS:
libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.6
php5-cgi 5.5.9+dfsg-1ubuntu4.6
php5-cli 5.5.9+dfsg-1ubuntu4.6
php5-fpm 5.5.9+dfsg-1ubuntu4.6
php5-pgsql 5.5.9+dfsg-1ubuntu4.6
Ubuntu 12.04 LTS:
libapache2-mod-php5 5.3.10-1ubuntu3.16
php5-cgi 5.3.10-1ubuntu3.16
php5-cli 5.3.10-1ubuntu3.16
php5-fpm 5.3.10-1ubuntu3.16
php5-pgsql 5.3.10-1ubuntu3.16
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2015-09-30-3 OS X El Capitan 10.11
OS X El Capitan 10.11 is now available and addresses the following:
Address Book
Available for: Mac OS X v10.6.8 and later
Impact: A local attacker may be able to inject arbitrary code to
processes loading the Address Book framework
Description: An issue existed in Address Book framework's handling
of an environment variable. This issue was addressed through improved
environment variable handling.
CVE-ID
CVE-2015-5897 : Dan Bastone of Gotham Digital Science
AirScan
Available for: Mac OS X v10.6.8 and later
Impact: An attacker with a privileged network position may be able
to extract payload from eSCL packets sent over a secure connection
Description: An issue existed in the processing of eSCL packets.
This issue was addressed through improved validation checks.
CVE-ID
CVE-2015-5853 : an anonymous researcher
apache_mod_php
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in PHP
Description: Multiple vulnerabilities existed in PHP versions prior
to 5.5.27, including one which may have led to remote code execution.
This issue was addressed by updating PHP to version 5.5.27.
CVE-ID
CVE-2014-9425
CVE-2014-9427
CVE-2014-9652
CVE-2014-9705
CVE-2014-9709
CVE-2015-0231
CVE-2015-0232
CVE-2015-0235
CVE-2015-0273
CVE-2015-1351
CVE-2015-1352
CVE-2015-2301
CVE-2015-2305
CVE-2015-2331
CVE-2015-2348
CVE-2015-2783
CVE-2015-2787
CVE-2015-3329
CVE-2015-3330
Apple Online Store Kit
Available for: Mac OS X v10.6.8 and later
Impact: A malicious application may gain access to a user's keychain
items
Description: An issue existed in validation of access control lists
for iCloud keychain items. This issue was addressed through improved
access control list checks.
CVE-ID
CVE-2015-5836 : XiaoFeng Wang of Indiana University, Luyi Xing of
Indiana University, Tongxin Li of Peking University, Tongxin Li of
Peking University, Xiaolong Bai of Tsinghua University
AppleEvents
Available for: Mac OS X v10.6.8 and later
Impact: A user connected through screen sharing can send Apple
Events to a local user's session
Description: An issue existed with Apple Event filtering that
allowed some users to send events to other users. This was addressed
by improved Apple Event handling.
CVE-ID
CVE-2015-5849 : Jack Lawrence (@_jackhl)
Audio
Available for: Mac OS X v10.6.8 and later
Impact: Playing a malicious audio file may lead to an unexpected
application termination
Description: A memory corruption issue existed in the handling of
audio files. This issue issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-5862 : YoungJin Yoon of Information Security Lab. (Adv.:
Prof. Taekyoung Kwon), Yonsei University, Seoul, Korea
bash
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in bash
Description: Multiple vulnerabilities existed in bash versions prior
to 3.2 patch level 57. These issues were addressed by updating bash
version 3.2 to patch level 57.
CVE-ID
CVE-2014-6277
CVE-2014-7186
CVE-2014-7187
Certificate Trust Policy
Available for: Mac OS X v10.6.8 and later
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at https://support.apple.com/en-
us/HT202858.
CFNetwork Cookies
Available for: Mac OS X v10.6.8 and later
Impact: An attacker in a privileged network position can track a
user's activity
Description: A cross-domain cookie issue existed in the handling of
top level domains. The issue was address through improved
restrictions of cookie creation.
CVE-ID
CVE-2015-5885 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua
University
CFNetwork FTPProtocol
Available for: Mac OS X v10.6.8 and later
Impact: Malicious FTP servers may be able to cause the client to
perform reconnaissance on other hosts
Description: An issue existed in the handling of FTP packets when
using the PASV command. This issue was resolved through improved
validation.
CVE-ID
CVE-2015-5912 : Amit Klein
CFNetwork HTTPProtocol
Available for: Mac OS X v10.6.8 and later
Impact: A maliciously crafted URL may be able to bypass HSTS and
leak sensitive data
Description: A URL parsing vulnerability existed in HSTS handling.
This issue was addressed through improved URL parsing.
CVE-ID
CVE-2015-5858 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua
University
CFNetwork HTTPProtocol
Available for: Mac OS X v10.6.8 and later
Impact: A malicious website may be able to track users in Safari
private browsing mode
Description: An issue existed in the handling of HSTS state in
Safari private browsing mode. This issue was addressed through
improved state handling.
CVE-ID
CVE-2015-5860 : Sam Greenhalgh of RadicalResearch Ltd
CFNetwork Proxies
Available for: Mac OS X v10.6.8 and later
Impact: Connecting to a malicious web proxy may set malicious
cookies for a website
Description: An issue existed in the handling of proxy connect
responses. This issue was addressed by removing the set-cookie header
while parsing the connect response.
CVE-ID
CVE-2015-5841 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua
University
CFNetwork SSL
Available for: Mac OS X v10.6.8 and later
Impact: An attacker with a privileged network position may intercept
SSL/TLS connections
Description: A certificate validation issue existed in NSURL when a
certificate changed. This issue was addressed through improved
certificate validation.
CVE-ID
CVE-2015-5824 : Timothy J. Wood of The Omni Group
CFNetwork SSL
Available for: Mac OS X v10.6.8 and later
Impact: An attacker may be able to decrypt data protected by SSL
Description: There are known attacks on the confidentiality of RC4.
An attacker could force the use of RC4, even if the server preferred
better ciphers, by blocking TLS 1.0 and higher connections until
CFNetwork tried SSL 3.0, which only allows RC4. This issue was
addressed by removing the fallback to SSL 3.0.
CoreCrypto
Available for: Mac OS X v10.6.8 and later
Impact: An attacker may be able to determine a private key
Description: By observing many signing or decryption attempts, an
attacker may have been able to determine the RSA private key. This
issue was addressed using improved encryption algorithms.
CoreText
Available for: Mac OS X v10.6.8 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team
Dev Tools
Available for: Mac OS X v10.6.8 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A memory corruption issue existed in dyld. This was
addressed through improved memory handling.
CVE-ID
CVE-2015-5876 : beist of grayhash
Dev Tools
Available for: Mac OS X v10.6.8 and later
Impact: An application may be able to bypass code signing
Description: An issue existed with validation of the code signature
of executables. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2015-5839 : @PanguTeam
Disk Images
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue existed in DiskImages. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5847 : Filippo Bigarella, Luca Todesco
dyld
Available for: Mac OS X v10.6.8 and later
Impact: An application may be able to bypass code signing
Description: An issue existed with validation of the code signature
of executables. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2015-5839 : TaiG Jailbreak Team
EFI
Available for: Mac OS X v10.6.8 and later
Impact: A malicious application can prevent some systems from
booting
Description: An issue existed with the addresses covered by the
protected range register. This issue was fixed by changing the
protected range.
CVE-ID
CVE-2015-5900 : Xeno Kovah & Corey Kallenberg from LegbaCore
EFI
Available for: Mac OS X v10.6.8 and later
Impact: A malicious Apple Ethernet Thunderbolt adapter may be able
to affect firmware flashing
Description: Apple Ethernet Thunderbolt adapters could modify the
host firmware if connected during an EFI update. This issue was
addressed by not loading option ROMs during updates.
CVE-ID
CVE-2015-5914 : Trammell Hudson of Two Sigma Investments and snare
Finder
Available for: Mac OS X v10.6.8 and later
Impact: The "Secure Empty Trash" feature may not securely delete
files placed in the Trash
Description: An issue existed in guaranteeing secure deletion of
Trash files on some systems, such as those with flash storage. This
issue was addressed by removing the "Secure Empty Trash" option.
CVE-ID
CVE-2015-5901 : Apple
Game Center
Available for: Mac OS X v10.6.8 and later
Impact: A malicious Game Center application may be able to access a
player's email address
Description: An issue existed in Game Center in the handling of a
player's email. This issue was addressed through improved access
restrictions.
CVE-ID
CVE-2015-5855 : Nasser Alnasser
Heimdal
Available for: Mac OS X v10.6.8 and later
Impact: An attacker may be able to replay Kerberos credentials to
the SMB server
Description: An authentication issue existed in Kerberos
credentials. This issue was addressed through additional validation
of credentials using a list of recently seen credentials.
CVE-ID
CVE-2015-5913 : Tarun Chopra of Microsoft Corporation, U.S. and Yu
Fan of Microsoft Corporation, China
ICU
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in ICU
Description: Multiple vulnerabilities existed in ICU versions prior
to 53.1.0. These issues were addressed by updating ICU to version
55.1.
CVE-ID
CVE-2014-8146
CVE-2014-8147
CVE-2015-5922
Install Framework Legacy
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to gain root privileges
Description: A restriction issue existed in the Install private
framework containing a privileged executable. This issue was
addressed by removing the executable.
CVE-ID
CVE-2015-5888 : Apple
Intel Graphics Driver
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: Multiple memory corruption issues existed in the Intel
Graphics Driver. These issues were addressed through improved memory
handling.
CVE-ID
CVE-2015-5830 : Yuki MIZUNO (@mzyy94)
CVE-2015-5877 : Camillus Gerard Cai
IOAudioFamily
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to determine kernel memory layout
Description: An issue existed in IOAudioFamily that led to the
disclosure of kernel memory content. This issue was addressed by
permuting kernel pointers.
CVE-ID
CVE-2015-5864 : Luca Todesco
IOGraphics
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues existed in the
kernel. These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-5871 : Ilja van Sprundel of IOActive
CVE-2015-5872 : Ilja van Sprundel of IOActive
CVE-2015-5873 : Ilja van Sprundel of IOActive
CVE-2015-5890 : Ilja van Sprundel of IOActive
IOGraphics
Available for: Mac OS X v10.6.8 and later
Impact: A malicious application may be able to determine kernel
memory layout
Description: An issue existed in IOGraphics which could have led to
the disclosure of kernel memory layout. This issue was addressed
through improved memory management.
CVE-ID
CVE-2015-5865 : Luca Todesco
IOHIDFamily
Available for: Mac OS X v10.6.8 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple memory corruption issues existed in
IOHIDFamily. These issues were addressed through improved memory
handling.
CVE-ID
CVE-2015-5866 : Apple
CVE-2015-5867 : moony li of Trend Micro
IOStorageFamily
Available for: Mac OS X v10.6.8 and later
Impact: A local attacker may be able to read kernel memory
Description: A memory initialization issue existed in the kernel.
This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5863 : Ilja van Sprundel of IOActive
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues existed in the
Kernel. These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-5868 : Cererdlong of Alibaba Mobile Security Team
CVE-2015-5896 : Maxime Villard of m00nbsd
CVE-2015-5903 : CESG
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: A local process can modify other processes without
entitlement checks
Description: An issue existed where root processes using the
processor_set_tasks API were allowed to retrieve the task ports of
other processes. This issue was addressed through additional
entitlement checks.
CVE-ID
CVE-2015-5882 : Pedro Vilaca, working from original research by
Ming-chieh Pan and Sung-ting Tsai; Jonathan Levin
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: A local attacker may control the value of stack cookies
Description: Multiple weaknesses existed in the generation of user
space stack cookies. These issues were addressed through improved
generation of stack cookies.
CVE-ID
CVE-2013-3951 : Stefan Esser
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: An attacker may be able to launch denial of service attacks
on targeted TCP connections without knowing the correct sequence
number
Description: An issue existed in xnu's validation of TCP packet
headers. This issue was addressed through improved TCP packet header
validation.
CVE-ID
CVE-2015-5879 : Jonathan Looney
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: An attacker in a local LAN segment may disable IPv6 routing
Description: An insufficient validation issue existed in the
handling of IPv6 router advertisements that allowed an attacker to
set the hop limit to an arbitrary value. This issue was addressed by
enforcing a minimum hop limit.
CVE-ID
CVE-2015-5869 : Dennis Spindel Ljungmark
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to determine kernel memory layout
Description: An issue existed that led to the disclosure of kernel
memory layout. This was addressed through improved initialization of
kernel memory structures.
CVE-ID
CVE-2015-5842 : beist of grayhash
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to determine kernel memory layout
Description: An issue existed in debugging interfaces that led to
the disclosure of memory content. This issue was addressed by
sanitizing output from debugging interfaces.
CVE-ID
CVE-2015-5870 : Apple
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to cause a system denial of service
Description: A state management issue existed in debugging
functionality. This issue was addressed through improved validation.
CVE-ID
CVE-2015-5902 : Sergi Alvarez (pancake) of NowSecure Research Team
libc
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the kernel. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2014-8611 : Adrian Chadd and Alfred Perlstein of Norse
Corporation
libpthread
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the kernel. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5899 : Lufeng Li of Qihoo 360 Vulcan Team
libxpc
Available for: Mac OS X v10.6.8 and later
Impact: Many SSH connections could cause a denial of service
Description: launchd had no limit on the number of processes that
could be started by a network connection. This issue was addressed by
limiting the number of SSH processes to 40.
CVE-ID
CVE-2015-5881 : Apple
Login Window
Available for: Mac OS X v10.6.8 and later
Impact: The screen lock may not engage after the specified time
period
Description: An issue existed with captured display locking. The
issue was addressed through improved lock handling.
CVE-ID
CVE-2015-5833 : Carlos Moreira, Rainer Dorau of rainer dorau
informationsdesign, Chris Nehren, Kai Takac, Hans Douma, Toni
Vaahtera, and an anonymous researcher
lukemftpd
Available for: Mac OS X v10.6.8 and later
Impact: A remote attacker may be able to deny service to the FTP
server
Description: A glob-processing issue existed in tnftpd. This issue
was addressed through improved glob validation.
CVE-ID
CVE-2015-5917 : Maksymilian Arciemowicz of cxsecurity.com
Mail
Available for: Mac OS X v10.6.8 and later
Impact: Printing an email may leak sensitive user information
Description: An issue existed in Mail which bypassed user
preferences when printing an email. This issue was addressed through
improved user preference enforcement.
CVE-ID
CVE-2015-5881 : Owen DeLong of Akamai Technologies, Noritaka Kamiya,
Dennis Klein from Eschenburg, Germany, Jeff Hammett of Systim
Technology Partners
Mail
Available for: Mac OS X v10.6.8 and later
Impact: An attacker in a privileged network position may be able to
intercept attachments of S/MIME-encrypted e-mail sent via Mail Drop
Description: An issue existed in handling encryption parameters for
large email attachments sent via Mail Drop. The issue is addressed by
no longer offering Mail Drop when sending an encrypted e-mail.
CVE-ID
CVE-2015-5884 : John McCombs of Integrated Mapping Ltd
Multipeer Connectivity
Available for: Mac OS X v10.6.8 and later
Impact: A local attacker may be able to observe unprotected
multipeer data
Description: An issue existed in convenience initializer handling in
which encryption could be actively downgraded to a non-encrypted
session. This issue was addressed by changing the convenience
initializer to require encryption.
CVE-ID
CVE-2015-5851 : Alban Diquet (@nabla_c0d3) of Data Theorem
NetworkExtension
Available for: Mac OS X v10.6.8 and later
Impact: A malicious application may be able to determine kernel
memory layout
Description: An uninitialized memory issue in the kernel led to the
disclosure of kernel memory content. This issue was addressed through
improved memory initialization.
CVE-ID
CVE-2015-5831 : Maxime Villard of m00nbsd
Notes
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to leak sensitive user information
Description: An issue existed in parsing links in the Notes
application. This issue was addressed through improved input
validation.
CVE-ID
CVE-2015-5878 : Craig Young of Tripwire VERT, an anonymous researcher
Notes
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to leak sensitive user information
Description: A cross-site scripting issue existed in parsing text by
the Notes application. This issue was addressed through improved
input validation.
CVE-ID
CVE-2015-5875 : xisigr of Tencent's Xuanwu LAB (www.tencent.com)
OpenSSH
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in OpenSSH
Description: Multiple vulnerabilities existed in OpenSSH versions
prior to 6.9. These issues were addressed by updating OpenSSH to
version 6.9.
CVE-ID
CVE-2014-2532
OpenSSL
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in OpenSSL
Description: Multiple vulnerabilities existed in OpenSSL versions
prior to 0.9.8zg. These were addressed by updating OpenSSL to version
0.9.8zg.
CVE-ID
CVE-2015-0286
CVE-2015-0287
procmail
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in procmail
Description: Multiple vulnerabilities existed in procmail versions
prior to 3.22. These issues were addressed by removing procmail.
CVE-ID
CVE-2014-3618
remote_cmds
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with root
privileges
Description: An issue existed in the usage of environment variables
by the rsh binary. This issue was addressed by dropping setuid
privileges from the rsh binary.
CVE-ID
CVE-2015-5889 : Philip Pettersson
removefile
Available for: Mac OS X v10.6.8 and later
Impact: Processing malicious data may lead to unexpected application
termination
Description: An overflow fault existed in the checkint division
routines. This issue was addressed with improved division routines.
CVE-ID
CVE-2015-5840 : an anonymous researcher
Ruby
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in Ruby
Description: Multiple vulnerabilities existed in Ruby versions prior
to 2.0.0p645. These were addressed by updating Ruby to version
2.0.0p645.
CVE-ID
CVE-2014-8080
CVE-2014-8090
CVE-2015-1855
Security
Available for: Mac OS X v10.6.8 and later
Impact: The lock state of the keychain may be incorrectly displayed
to the user
Description: A state management issue existed in the way keychain
lock status was tracked. This issue was addressed through improved
state management.
CVE-ID
CVE-2015-5915 : Peter Walz of University of Minnesota, David Ephron,
Eric E. Lawrence, Apple
Security
Available for: Mac OS X v10.6.8 and later
Impact: A trust evaluation configured to require revocation checking
may succeed even if revocation checking fails
Description: The kSecRevocationRequirePositiveResponse flag was
specified but not implemented. This issue was addressed by
implementing the flag.
CVE-ID
CVE-2015-5894 : Hannes Oud of kWallet GmbH
Security
Available for: Mac OS X v10.6.8 and later
Impact: A remote server may prompt for a certificate before
identifying itself
Description: Secure Transport accepted the CertificateRequest
message before the ServerKeyExchange message. This issue was
addressed by requiring the ServerKeyExchange first.
CVE-ID
CVE-2015-5887 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine
Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of
INRIA Paris-Rocquencourt, and Cedric Fournet and Markulf Kohlweiss of
Microsoft Research, Pierre-Yves Strub of IMDEA Software Institute
SMB
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the kernel. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5891 : Ilja van Sprundel of IOActive
SMB
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to determine kernel memory layout
Description: An issue existed in SMBClient that led to the
disclosure of kernel memory content. This issue was addressed through
improved bounds checking.
CVE-ID
CVE-2015-5893 : Ilja van Sprundel of IOActive
SQLite
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in SQLite v3.8.5
Description: Multiple vulnerabilities existed in SQLite v3.8.5.
These issues were addressed by updating SQLite to version 3.8.10.2.
CVE-ID
CVE-2015-3414
CVE-2015-3415
CVE-2015-3416
Telephony
Available for: Mac OS X v10.6.8 and later
Impact: A local attacker can place phone calls without the user's
knowledge when using Continuity
Description: An issue existed in the authorization checks for
placing phone calls. This issue was addressed through improved
authorization checks.
CVE-ID
CVE-2015-3785 : Dan Bastone of Gotham Digital Science
Terminal
Available for: Mac OS X v10.6.8 and later
Impact: Maliciously crafted text could mislead the user in Terminal
Description: Terminal did not handle bidirectional override
characters in the same way when displaying text and when selecting
text. This issue was addressed by suppressing bidirectional override
characters in Terminal.
CVE-ID
CVE-2015-5883 : an anonymous researcher
tidy
Available for: Mac OS X v10.6.8 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in tidy.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-5522 : Fernando Munoz of NULLGroup.com
CVE-2015-5523 : Fernando Munoz of NULLGroup.com
Time Machine
Available for: Mac OS X v10.6.8 and later
Impact: A local attacker may gain access to keychain items
Description: An issue existed in backups by the Time Machine
framework. This issue was addressed through improved coverage of Time
Machine backups.
CVE-ID
CVE-2015-5854 : Jonas Magazinius of Assured AB
Note: OS X El Capitan 10.11 includes the security content of
Safari 9: https://support.apple.com/kb/HT205265.
OS X El Capitan 10.11 may be obtained from the Mac App Store:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJWDB2wAAoJEBcWfLTuOo7t0sYP/2L3JOGPkHH8XUh2YHpu5qaw
S5F2v+SRpWleKQBVsGZ7oA8PV0rBTzEkzt8K1tNxYmxEqL9f/TpRiGoforn89thO
/hOtmVOfUcBjPZ4XKwMVzycfSMC9o6LxWTLEKDVylE+F+5jkXafOC9QaqD11dxX6
QhENkpS1BwrKhyaSVxEcgBQtZM9aTsVdZ78rTCb9XTn6gDnvs8NfIQquFOnaQT54
YJ36e5UcUsnyBIol+yGDbC3ZEhzSVIGE5/8/NFlFfRXLgnJArxD8lqz8WdfU9fop
hpT/dDqqAdYbRcW1ihcG1haiNHgP9yQCY5jRNfttb+Tc/kIi/QmPkEO0QS8Ygt/O
c3sUbNulr1LCinymFVwx16CM1DplGS/GmBL18BAEBnL6yi9tEhYDynZWLSEa37VR
8q802rXRSF10Wct9/kEeR4HgY/1k0KK/4Uddm3c0YyOU21ya7NAhoHGwmDa9g11r
N1TniOK8tPiCGjRNOJwuF6DKxD9L3Fv44bVlxAarGUGYkICqzaNS+bgKI1aQNahT
fJ91x5uKD4+L9v9c5slkoDIvWqIhO9oyuxgnmC5GstkwFplFXSOklLkTktjLGNn1
nJq8cPnZ/3E1RXTEwVhGljYw5pdZHNx98XmLomGrPqVlZfjGURK+5AXdf2pOlt2e
g6jld/w5tPuCFhGucE7Z
=XciV
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04686230
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04686230
Version: 1
HPSBUX03337 SSRT102066 rev.1 - HP-UX Apache Web Server Suite running Apache
Web Server, Tomcat v6.x, or PHP v5.4.x, Remote Denial of Service (DoS) and
Other Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
Release Date: 2015-06-10
Last Updated: 2015-06-10
Potential Security Impact: Remote denial of service (DoS), man-in-the-middle
(MitM) attack, modification of data, local modification of data
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with the HP-UX Apache
Web Server Suite, Tomcat Servlet Engine, and PHP. These could be exploited
remotely to create a Denial of Service (DoS) and other vulnerabilities.
HP-UX B.11.31 running HP-UX Apache Web Server Suite v4.04 or earlier
HP-UX B.11.31 running HP-UX Apache Web Server v2.2.15.22 or earlier
HP-UX B.11.31 running Tomcat Servlet Engine v6.0.39.03 or earlier
HP-UX B.11.31 running PHP v5.4.11.04 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2013-5704 (AV:N/AC:L/Au:N/C:N/I:P/A:N) 5.0
CVE-2014-0118 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3
CVE-2014-0226 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8
CVE-2014-0227 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4
CVE-2014-0231 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2014-8142 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2014-9709 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2015-0231 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2015-0273 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2015-1352 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0
CVE-2015-2301 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2015-2305 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8
CVE-2015-2331 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2015-2783 (AV:N/AC:M/Au:N/C:P/I:N/A:P) 5.8
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following software updates to resolve the
vulnerabilities.
The updates are available for download from http://software.hp.com
NOTE: HP-UX Web Server Suite v4.05 HPUXWSATW405 contains Apache v2.2.29.01,
Tomcat Servlet Engine 6.0.43.01, PHP 5.4.40.01, and Webmin v1.070.13
HP-UX 11i Release
Apache Depot name
B.11.31 (11i v3 32-bit)
HP_UX_11.31_HPUXWS22ATW-B405-11-31-64.depot
B.11.31 (11i v3 64-bit)
HP_UX_11.31_HPUXWS22ATW-B405-11-31-64.depot
MANUAL ACTIONS: Yes - Update
Install HP-UX Web Server Suite v4.05 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application
that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins
issued by HP and lists recommended actions that may apply to a specific HP-UX
system. It can also download patches and create a depot automatically. For
more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.31
==================
hpuxws22APCH32.APACHE
hpuxws22APCH32.APACHE2
hpuxws22APCH32.AUTH_LDAP
hpuxws22APCH32.AUTH_LDAP2
hpuxws22APCH32.MOD_JK
hpuxws22APCH32.MOD_JK2
hpuxws22APCH32.MOD_PERL
hpuxws22APCH32.MOD_PERL2
hpuxws22APCH32.PHP
hpuxws22APCH32.PHP2
hpuxws22APCH32.WEBPROXY
hpuxws22APCH32.WEBPROXY2
hpuxws22APACHE.APACHE
hpuxws22APACHE.APACHE2
hpuxws22APACHE.AUTH_LDAP
hpuxws22APACHE.AUTH_LDAP2
hpuxws22APACHE.MOD_JK
hpuxws22APACHE.MOD_JK2
hpuxws22APACHE.MOD_PERL
hpuxws22APACHE.MOD_PERL2
hpuxws22APACHE.PHP
hpuxws22APACHE.PHP2
hpuxws22APACHE.WEBPROXY
hpuxws22APACHE.WEBPROXY2
action: install revision B.2.2.29.01 or subsequent
hpuxws22TOMCAT.TOMCAT
action: install revision C.6.0.43.01 or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) - 10 June 2015 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners.
Background
==========
PHP is a widely-used general-purpose scripting language that is
especially suited for Web development and can be embedded into HTML. Please review the
CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All PHP 5.4 users should upgrade to the latest 5.5 stable branch, as
PHP 5.4 is now masked in Portage:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"
All PHP 5.5 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"
All PHP 5.6 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev=lang/php-5.6.19"
References
==========
[ 1 ] CVE-2013-6501
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501
[ 2 ] CVE-2014-9705
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705
[ 3 ] CVE-2014-9709
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709
[ 4 ] CVE-2015-0231
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231
[ 5 ] CVE-2015-0273
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273
[ 6 ] CVE-2015-1351
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351
[ 7 ] CVE-2015-1352
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352
[ 8 ] CVE-2015-2301
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301
[ 9 ] CVE-2015-2348
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348
[ 10 ] CVE-2015-2783
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783
[ 11 ] CVE-2015-2787
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787
[ 12 ] CVE-2015-3329
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329
[ 13 ] CVE-2015-3330
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330
[ 14 ] CVE-2015-4021
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021
[ 15 ] CVE-2015-4022
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022
[ 16 ] CVE-2015-4025
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025
[ 17 ] CVE-2015-4026
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026
[ 18 ] CVE-2015-4147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147
[ 19 ] CVE-2015-4148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148
[ 20 ] CVE-2015-4642
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642
[ 21 ] CVE-2015-4643
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643
[ 22 ] CVE-2015-4644
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644
[ 23 ] CVE-2015-6831
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831
[ 24 ] CVE-2015-6832
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832
[ 25 ] CVE-2015-6833
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833
[ 26 ] CVE-2015-6834
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834
[ 27 ] CVE-2015-6835
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835
[ 28 ] CVE-2015-6836
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836
[ 29 ] CVE-2015-6837
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837
[ 30 ] CVE-2015-6838
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838
[ 31 ] CVE-2015-7803
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803
[ 32 ] CVE-2015-7804
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201606-10
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: php55 security and bug fix update
Advisory ID: RHSA-2015:1053-01
Product: Red Hat Software Collections
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1053.html
Issue date: 2015-06-04
CVE Names: CVE-2014-8142 CVE-2014-9427 CVE-2014-9652
CVE-2014-9705 CVE-2014-9709 CVE-2015-0231
CVE-2015-0232 CVE-2015-0273 CVE-2015-1351
CVE-2015-1352 CVE-2015-2301 CVE-2015-2305
CVE-2015-2348 CVE-2015-2787 CVE-2015-4147
CVE-2015-4148
=====================================================================
1. Summary:
Updated php55 collection packages that fix multiple security issues and
several bugs are now available as part of Red Hat Software Collections 2.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
3. Description:
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server. The php55 packages provide a recent stable release of PHP with
the PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a
number of additional utilities.
The php55 packages have been upgraded to upstream version 5.5.21, which
provides multiple bug fixes over the version shipped in Red Hat Software
Collections 1. (BZ#1057089)
The following security issues were fixed in the php55-php component:
An uninitialized pointer use flaw was found in PHP's Exif extension. A
specially crafted JPEG or TIFF file could cause a PHP application using the
exif_read_data() function to crash or, possibly, execute arbitrary code
with the privileges of the user running that PHP application.
(CVE-2015-0232)
Multiple flaws were discovered in the way PHP performed object
unserialization. Specially crafted input processed by the unserialize()
function could cause a PHP application to crash or, possibly, execute
arbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,
CVE-2015-2787, CVE-2015-4147, CVE-2015-4148)
A heap buffer overflow flaw was found in the enchant_broker_request_dict()
function of PHP's enchant extension. An attacker able to make a PHP
application enchant dictionaries could possibly cause it to crash.
(CVE-2014-9705)
A heap buffer overflow flaw was found in PHP's regular expression
extension. An attacker able to make PHP process a specially crafted regular
expression pattern could cause it to crash and possibly execute arbitrary
code. (CVE-2015-2305)
A buffer over-read flaw was found in the GD library used by the PHP gd
extension. A specially crafted GIF file could cause a PHP application using
the imagecreatefromgif() function to crash. (CVE-2014-9709)
A use-after-free flaw was found in PHP's OPcache extension. This flaw could
possibly lead to a disclosure of a portion of the server memory.
(CVE-2015-1351)
A use-after-free flaw was found in PHP's phar (PHP Archive) extension.
An attacker able to trigger certain error condition in phar archive
processing could possibly use this flaw to disclose certain portions of
server memory. (CVE-2015-2301)
An ouf-of-bounds read flaw was found in the way the File Information
(fileinfo) extension processed certain Pascal strings. (CVE-2014-9652)
It was found that PHP move_uploaded_file() function did not properly handle
file names with a NULL character. A remote attacker could possibly use this
flaw to make a PHP script access unexpected files and bypass intended file
system access restrictions. (CVE-2015-1352)
A flaw was found in the way PHP handled malformed source files when running
in CGI mode. A specially crafted PHP file could cause PHP CGI to crash.
(CVE-2014-9427)
All php55 users are advised to upgrade to these updated packages, which
correct these issues. After installing the updated packages, the
httpd24-httpd service must be restarted for the update to take effect.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1132446 - php55-php-fpm misinterpreting error_log=syslog
1175718 - CVE-2014-8142 php: use after free vulnerability in unserialize()
1178736 - CVE-2014-9427 php: out of bounds read when parsing a crafted .php file
1185397 - CVE-2015-0231 php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142)
1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c
1185900 - CVE-2015-1351 php: use after free in opcache extension
1185904 - CVE-2015-1352 php: NULL pointer dereference in pgsql extension
1188599 - CVE-2014-9652 file: out of bounds read in mconvert()
1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c
1191049 - CVE-2015-2305 regex: heap overflow in regcomp() on 32-bit architectures
1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone
1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict()
1194747 - CVE-2015-2301 php: use after free in phar_object.c
1204868 - CVE-2015-4147 php: SoapClient's __call() type confusion through unserialize()
1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re
1207682 - CVE-2015-2348 php: move_uploaded_file() NUL byte injection in file name
1226916 - CVE-2015-4148 php: SoapClient's do_soap_call() type confusion after unserialize()
6. Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source:
php55-2.0-1.el6.src.rpm
php55-php-5.5.21-2.el6.src.rpm
x86_64:
php55-2.0-1.el6.x86_64.rpm
php55-php-5.5.21-2.el6.x86_64.rpm
php55-php-bcmath-5.5.21-2.el6.x86_64.rpm
php55-php-cli-5.5.21-2.el6.x86_64.rpm
php55-php-common-5.5.21-2.el6.x86_64.rpm
php55-php-dba-5.5.21-2.el6.x86_64.rpm
php55-php-debuginfo-5.5.21-2.el6.x86_64.rpm
php55-php-devel-5.5.21-2.el6.x86_64.rpm
php55-php-enchant-5.5.21-2.el6.x86_64.rpm
php55-php-fpm-5.5.21-2.el6.x86_64.rpm
php55-php-gd-5.5.21-2.el6.x86_64.rpm
php55-php-gmp-5.5.21-2.el6.x86_64.rpm
php55-php-imap-5.5.21-2.el6.x86_64.rpm
php55-php-intl-5.5.21-2.el6.x86_64.rpm
php55-php-ldap-5.5.21-2.el6.x86_64.rpm
php55-php-mbstring-5.5.21-2.el6.x86_64.rpm
php55-php-mysqlnd-5.5.21-2.el6.x86_64.rpm
php55-php-odbc-5.5.21-2.el6.x86_64.rpm
php55-php-opcache-5.5.21-2.el6.x86_64.rpm
php55-php-pdo-5.5.21-2.el6.x86_64.rpm
php55-php-pgsql-5.5.21-2.el6.x86_64.rpm
php55-php-process-5.5.21-2.el6.x86_64.rpm
php55-php-pspell-5.5.21-2.el6.x86_64.rpm
php55-php-recode-5.5.21-2.el6.x86_64.rpm
php55-php-snmp-5.5.21-2.el6.x86_64.rpm
php55-php-soap-5.5.21-2.el6.x86_64.rpm
php55-php-tidy-5.5.21-2.el6.x86_64.rpm
php55-php-xml-5.5.21-2.el6.x86_64.rpm
php55-php-xmlrpc-5.5.21-2.el6.x86_64.rpm
php55-runtime-2.0-1.el6.x86_64.rpm
php55-scldevel-2.0-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5):
Source:
php55-2.0-1.el6.src.rpm
php55-php-5.5.21-2.el6.src.rpm
x86_64:
php55-2.0-1.el6.x86_64.rpm
php55-php-5.5.21-2.el6.x86_64.rpm
php55-php-bcmath-5.5.21-2.el6.x86_64.rpm
php55-php-cli-5.5.21-2.el6.x86_64.rpm
php55-php-common-5.5.21-2.el6.x86_64.rpm
php55-php-dba-5.5.21-2.el6.x86_64.rpm
php55-php-debuginfo-5.5.21-2.el6.x86_64.rpm
php55-php-devel-5.5.21-2.el6.x86_64.rpm
php55-php-enchant-5.5.21-2.el6.x86_64.rpm
php55-php-fpm-5.5.21-2.el6.x86_64.rpm
php55-php-gd-5.5.21-2.el6.x86_64.rpm
php55-php-gmp-5.5.21-2.el6.x86_64.rpm
php55-php-imap-5.5.21-2.el6.x86_64.rpm
php55-php-intl-5.5.21-2.el6.x86_64.rpm
php55-php-ldap-5.5.21-2.el6.x86_64.rpm
php55-php-mbstring-5.5.21-2.el6.x86_64.rpm
php55-php-mysqlnd-5.5.21-2.el6.x86_64.rpm
php55-php-odbc-5.5.21-2.el6.x86_64.rpm
php55-php-opcache-5.5.21-2.el6.x86_64.rpm
php55-php-pdo-5.5.21-2.el6.x86_64.rpm
php55-php-pgsql-5.5.21-2.el6.x86_64.rpm
php55-php-process-5.5.21-2.el6.x86_64.rpm
php55-php-pspell-5.5.21-2.el6.x86_64.rpm
php55-php-recode-5.5.21-2.el6.x86_64.rpm
php55-php-snmp-5.5.21-2.el6.x86_64.rpm
php55-php-soap-5.5.21-2.el6.x86_64.rpm
php55-php-tidy-5.5.21-2.el6.x86_64.rpm
php55-php-xml-5.5.21-2.el6.x86_64.rpm
php55-php-xmlrpc-5.5.21-2.el6.x86_64.rpm
php55-runtime-2.0-1.el6.x86_64.rpm
php55-scldevel-2.0-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):
Source:
php55-2.0-1.el6.src.rpm
php55-php-5.5.21-2.el6.src.rpm
x86_64:
php55-2.0-1.el6.x86_64.rpm
php55-php-5.5.21-2.el6.x86_64.rpm
php55-php-bcmath-5.5.21-2.el6.x86_64.rpm
php55-php-cli-5.5.21-2.el6.x86_64.rpm
php55-php-common-5.5.21-2.el6.x86_64.rpm
php55-php-dba-5.5.21-2.el6.x86_64.rpm
php55-php-debuginfo-5.5.21-2.el6.x86_64.rpm
php55-php-devel-5.5.21-2.el6.x86_64.rpm
php55-php-enchant-5.5.21-2.el6.x86_64.rpm
php55-php-fpm-5.5.21-2.el6.x86_64.rpm
php55-php-gd-5.5.21-2.el6.x86_64.rpm
php55-php-gmp-5.5.21-2.el6.x86_64.rpm
php55-php-imap-5.5.21-2.el6.x86_64.rpm
php55-php-intl-5.5.21-2.el6.x86_64.rpm
php55-php-ldap-5.5.21-2.el6.x86_64.rpm
php55-php-mbstring-5.5.21-2.el6.x86_64.rpm
php55-php-mysqlnd-5.5.21-2.el6.x86_64.rpm
php55-php-odbc-5.5.21-2.el6.x86_64.rpm
php55-php-opcache-5.5.21-2.el6.x86_64.rpm
php55-php-pdo-5.5.21-2.el6.x86_64.rpm
php55-php-pgsql-5.5.21-2.el6.x86_64.rpm
php55-php-process-5.5.21-2.el6.x86_64.rpm
php55-php-pspell-5.5.21-2.el6.x86_64.rpm
php55-php-recode-5.5.21-2.el6.x86_64.rpm
php55-php-snmp-5.5.21-2.el6.x86_64.rpm
php55-php-soap-5.5.21-2.el6.x86_64.rpm
php55-php-tidy-5.5.21-2.el6.x86_64.rpm
php55-php-xml-5.5.21-2.el6.x86_64.rpm
php55-php-xmlrpc-5.5.21-2.el6.x86_64.rpm
php55-runtime-2.0-1.el6.x86_64.rpm
php55-scldevel-2.0-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source:
php55-2.0-1.el6.src.rpm
php55-php-5.5.21-2.el6.src.rpm
x86_64:
php55-2.0-1.el6.x86_64.rpm
php55-php-5.5.21-2.el6.x86_64.rpm
php55-php-bcmath-5.5.21-2.el6.x86_64.rpm
php55-php-cli-5.5.21-2.el6.x86_64.rpm
php55-php-common-5.5.21-2.el6.x86_64.rpm
php55-php-dba-5.5.21-2.el6.x86_64.rpm
php55-php-debuginfo-5.5.21-2.el6.x86_64.rpm
php55-php-devel-5.5.21-2.el6.x86_64.rpm
php55-php-enchant-5.5.21-2.el6.x86_64.rpm
php55-php-fpm-5.5.21-2.el6.x86_64.rpm
php55-php-gd-5.5.21-2.el6.x86_64.rpm
php55-php-gmp-5.5.21-2.el6.x86_64.rpm
php55-php-imap-5.5.21-2.el6.x86_64.rpm
php55-php-intl-5.5.21-2.el6.x86_64.rpm
php55-php-ldap-5.5.21-2.el6.x86_64.rpm
php55-php-mbstring-5.5.21-2.el6.x86_64.rpm
php55-php-mysqlnd-5.5.21-2.el6.x86_64.rpm
php55-php-odbc-5.5.21-2.el6.x86_64.rpm
php55-php-opcache-5.5.21-2.el6.x86_64.rpm
php55-php-pdo-5.5.21-2.el6.x86_64.rpm
php55-php-pgsql-5.5.21-2.el6.x86_64.rpm
php55-php-process-5.5.21-2.el6.x86_64.rpm
php55-php-pspell-5.5.21-2.el6.x86_64.rpm
php55-php-recode-5.5.21-2.el6.x86_64.rpm
php55-php-snmp-5.5.21-2.el6.x86_64.rpm
php55-php-soap-5.5.21-2.el6.x86_64.rpm
php55-php-tidy-5.5.21-2.el6.x86_64.rpm
php55-php-xml-5.5.21-2.el6.x86_64.rpm
php55-php-xmlrpc-5.5.21-2.el6.x86_64.rpm
php55-runtime-2.0-1.el6.x86_64.rpm
php55-scldevel-2.0-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source:
php55-2.0-1.el7.src.rpm
php55-php-5.5.21-2.el7.src.rpm
x86_64:
php55-2.0-1.el7.x86_64.rpm
php55-php-5.5.21-2.el7.x86_64.rpm
php55-php-bcmath-5.5.21-2.el7.x86_64.rpm
php55-php-cli-5.5.21-2.el7.x86_64.rpm
php55-php-common-5.5.21-2.el7.x86_64.rpm
php55-php-dba-5.5.21-2.el7.x86_64.rpm
php55-php-debuginfo-5.5.21-2.el7.x86_64.rpm
php55-php-devel-5.5.21-2.el7.x86_64.rpm
php55-php-enchant-5.5.21-2.el7.x86_64.rpm
php55-php-fpm-5.5.21-2.el7.x86_64.rpm
php55-php-gd-5.5.21-2.el7.x86_64.rpm
php55-php-gmp-5.5.21-2.el7.x86_64.rpm
php55-php-intl-5.5.21-2.el7.x86_64.rpm
php55-php-ldap-5.5.21-2.el7.x86_64.rpm
php55-php-mbstring-5.5.21-2.el7.x86_64.rpm
php55-php-mysqlnd-5.5.21-2.el7.x86_64.rpm
php55-php-odbc-5.5.21-2.el7.x86_64.rpm
php55-php-opcache-5.5.21-2.el7.x86_64.rpm
php55-php-pdo-5.5.21-2.el7.x86_64.rpm
php55-php-pgsql-5.5.21-2.el7.x86_64.rpm
php55-php-process-5.5.21-2.el7.x86_64.rpm
php55-php-pspell-5.5.21-2.el7.x86_64.rpm
php55-php-recode-5.5.21-2.el7.x86_64.rpm
php55-php-snmp-5.5.21-2.el7.x86_64.rpm
php55-php-soap-5.5.21-2.el7.x86_64.rpm
php55-php-xml-5.5.21-2.el7.x86_64.rpm
php55-php-xmlrpc-5.5.21-2.el7.x86_64.rpm
php55-runtime-2.0-1.el7.x86_64.rpm
php55-scldevel-2.0-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source:
php55-2.0-1.el7.src.rpm
php55-php-5.5.21-2.el7.src.rpm
x86_64:
php55-2.0-1.el7.x86_64.rpm
php55-php-5.5.21-2.el7.x86_64.rpm
php55-php-bcmath-5.5.21-2.el7.x86_64.rpm
php55-php-cli-5.5.21-2.el7.x86_64.rpm
php55-php-common-5.5.21-2.el7.x86_64.rpm
php55-php-dba-5.5.21-2.el7.x86_64.rpm
php55-php-debuginfo-5.5.21-2.el7.x86_64.rpm
php55-php-devel-5.5.21-2.el7.x86_64.rpm
php55-php-enchant-5.5.21-2.el7.x86_64.rpm
php55-php-fpm-5.5.21-2.el7.x86_64.rpm
php55-php-gd-5.5.21-2.el7.x86_64.rpm
php55-php-gmp-5.5.21-2.el7.x86_64.rpm
php55-php-intl-5.5.21-2.el7.x86_64.rpm
php55-php-ldap-5.5.21-2.el7.x86_64.rpm
php55-php-mbstring-5.5.21-2.el7.x86_64.rpm
php55-php-mysqlnd-5.5.21-2.el7.x86_64.rpm
php55-php-odbc-5.5.21-2.el7.x86_64.rpm
php55-php-opcache-5.5.21-2.el7.x86_64.rpm
php55-php-pdo-5.5.21-2.el7.x86_64.rpm
php55-php-pgsql-5.5.21-2.el7.x86_64.rpm
php55-php-process-5.5.21-2.el7.x86_64.rpm
php55-php-pspell-5.5.21-2.el7.x86_64.rpm
php55-php-recode-5.5.21-2.el7.x86_64.rpm
php55-php-snmp-5.5.21-2.el7.x86_64.rpm
php55-php-soap-5.5.21-2.el7.x86_64.rpm
php55-php-xml-5.5.21-2.el7.x86_64.rpm
php55-php-xmlrpc-5.5.21-2.el7.x86_64.rpm
php55-runtime-2.0-1.el7.x86_64.rpm
php55-scldevel-2.0-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2014-8142
https://access.redhat.com/security/cve/CVE-2014-9427
https://access.redhat.com/security/cve/CVE-2014-9652
https://access.redhat.com/security/cve/CVE-2014-9705
https://access.redhat.com/security/cve/CVE-2014-9709
https://access.redhat.com/security/cve/CVE-2015-0231
https://access.redhat.com/security/cve/CVE-2015-0232
https://access.redhat.com/security/cve/CVE-2015-0273
https://access.redhat.com/security/cve/CVE-2015-1351
https://access.redhat.com/security/cve/CVE-2015-1352
https://access.redhat.com/security/cve/CVE-2015-2301
https://access.redhat.com/security/cve/CVE-2015-2305
https://access.redhat.com/security/cve/CVE-2015-2348
https://access.redhat.com/security/cve/CVE-2015-2787
https://access.redhat.com/security/cve/CVE-2015-4147
https://access.redhat.com/security/cve/CVE-2015-4148
https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFVcBWDXlSAg2UNWIIRAnzoAJ9qn4wDNXMD8JU1N7k7nEzKlPpGDwCgi0Si
MD3ZncY/P8Pl6+DgQxJQCjo=
=MxfY
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201503-0388 | CVE-2015-1351 | PHP of OPcache Service disruption in extensions (DoS) Vulnerabilities |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlService disruption by a third party (DoS) There is a possibility of being affected unspecified, such as being in a state. PHP is prone to a denial-of-service vulnerability due to a user-after-free condition.
An attacker can exploit this issue to crash the affected application, denying service to legitimate users. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. OPcache is one of the extension components that improves PHP performance by storing the precompiled bytecode of PHP scripts in shared memory. ============================================================================
Ubuntu Security Notice USN-2501-1
February 17, 2015
php5 vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in PHP. This issue only affected
Ubuntu 14.04 LTS and Ubuntu 14.10. This issue only
affected Ubuntu 14.04 LTS and Ubuntu 14.10.
This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. This issue only affected Ubuntu 14.04 LTS and
Ubuntu 14.10. (CVE-2015-1352)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.10:
libapache2-mod-php5 5.5.12+dfsg-2ubuntu4.2
php5-cgi 5.5.12+dfsg-2ubuntu4.2
php5-cli 5.5.12+dfsg-2ubuntu4.2
php5-fpm 5.5.12+dfsg-2ubuntu4.2
php5-pgsql 5.5.12+dfsg-2ubuntu4.2
Ubuntu 14.04 LTS:
libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.6
php5-cgi 5.5.9+dfsg-1ubuntu4.6
php5-cli 5.5.9+dfsg-1ubuntu4.6
php5-fpm 5.5.9+dfsg-1ubuntu4.6
php5-pgsql 5.5.9+dfsg-1ubuntu4.6
Ubuntu 12.04 LTS:
libapache2-mod-php5 5.3.10-1ubuntu3.16
php5-cgi 5.3.10-1ubuntu3.16
php5-cli 5.3.10-1ubuntu3.16
php5-fpm 5.3.10-1ubuntu3.16
php5-pgsql 5.3.10-1ubuntu3.16
In general, a standard system update will make all the necessary changes.
Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/php-5.4.40-i486-1_slack14.1.txz: Upgraded.
This update fixes some security issues.
Please note that this package build also moves the configuration files
from /etc/httpd to /etc, /etc/php.d, and /etc/php-fpm.d.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9709
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0231
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2301
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2305
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2331
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3330
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.4.40-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.4.40-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.4.40-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.4.40-x86_64-1_slack14.1.txz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.8-i486-1.txz
Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.8-x86_64-1.txz
MD5 signatures:
+-------------+
Slackware 14.0 package:
2666059d6540b1b4385d25dfc5ebbe99 php-5.4.40-i486-1_slack14.0.txz
Slackware x86_64 14.0 package:
c146f500912ba9c7e5d652e5e3643c04 php-5.4.40-x86_64-1_slack14.0.txz
Slackware 14.1 package:
9efc8a96f9a3f3261e5f640292b1b781 php-5.4.40-i486-1_slack14.1.txz
Slackware x86_64 14.1 package:
2c95e077f314f1cfa3ee83b9aba90b91 php-5.4.40-x86_64-1_slack14.1.txz
Slackware -current package:
30d14f237c71fada0d594c2360a58016 n/php-5.6.8-i486-1.txz
Slackware x86_64 -current package:
1a0fcc590aa4dff5de5f08293936d0d9 n/php-5.6.8-x86_64-1.txz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg php-5.4.40-i486-1_slack14.1.txz
Then, restart Apache httpd:
# /etc/rc.d/rc.httpd stop
# /etc/rc.d/rc.httpd start
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2015-09-30-3 OS X El Capitan 10.11
OS X El Capitan 10.11 is now available and addresses the following:
Address Book
Available for: Mac OS X v10.6.8 and later
Impact: A local attacker may be able to inject arbitrary code to
processes loading the Address Book framework
Description: An issue existed in Address Book framework's handling
of an environment variable. This issue was addressed through improved
environment variable handling.
CVE-ID
CVE-2015-5897 : Dan Bastone of Gotham Digital Science
AirScan
Available for: Mac OS X v10.6.8 and later
Impact: An attacker with a privileged network position may be able
to extract payload from eSCL packets sent over a secure connection
Description: An issue existed in the processing of eSCL packets.
This issue was addressed through improved validation checks.
CVE-ID
CVE-2015-5853 : an anonymous researcher
apache_mod_php
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in PHP
Description: Multiple vulnerabilities existed in PHP versions prior
to 5.5.27, including one which may have led to remote code execution.
This issue was addressed by updating PHP to version 5.5.27.
CVE-ID
CVE-2014-9425
CVE-2014-9427
CVE-2014-9652
CVE-2014-9705
CVE-2014-9709
CVE-2015-0231
CVE-2015-0232
CVE-2015-0235
CVE-2015-0273
CVE-2015-1351
CVE-2015-1352
CVE-2015-2301
CVE-2015-2305
CVE-2015-2331
CVE-2015-2348
CVE-2015-2783
CVE-2015-2787
CVE-2015-3329
CVE-2015-3330
Apple Online Store Kit
Available for: Mac OS X v10.6.8 and later
Impact: A malicious application may gain access to a user's keychain
items
Description: An issue existed in validation of access control lists
for iCloud keychain items. This issue was addressed through improved
access control list checks.
CVE-ID
CVE-2015-5836 : XiaoFeng Wang of Indiana University, Luyi Xing of
Indiana University, Tongxin Li of Peking University, Tongxin Li of
Peking University, Xiaolong Bai of Tsinghua University
AppleEvents
Available for: Mac OS X v10.6.8 and later
Impact: A user connected through screen sharing can send Apple
Events to a local user's session
Description: An issue existed with Apple Event filtering that
allowed some users to send events to other users. This was addressed
by improved Apple Event handling.
CVE-ID
CVE-2015-5849 : Jack Lawrence (@_jackhl)
Audio
Available for: Mac OS X v10.6.8 and later
Impact: Playing a malicious audio file may lead to an unexpected
application termination
Description: A memory corruption issue existed in the handling of
audio files. This issue issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-5862 : YoungJin Yoon of Information Security Lab. (Adv.:
Prof. Taekyoung Kwon), Yonsei University, Seoul, Korea
bash
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in bash
Description: Multiple vulnerabilities existed in bash versions prior
to 3.2 patch level 57. These issues were addressed by updating bash
version 3.2 to patch level 57.
CVE-ID
CVE-2014-6277
CVE-2014-7186
CVE-2014-7187
Certificate Trust Policy
Available for: Mac OS X v10.6.8 and later
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at https://support.apple.com/en-
us/HT202858.
CFNetwork Cookies
Available for: Mac OS X v10.6.8 and later
Impact: An attacker in a privileged network position can track a
user's activity
Description: A cross-domain cookie issue existed in the handling of
top level domains. The issue was address through improved
restrictions of cookie creation.
CVE-ID
CVE-2015-5885 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua
University
CFNetwork FTPProtocol
Available for: Mac OS X v10.6.8 and later
Impact: Malicious FTP servers may be able to cause the client to
perform reconnaissance on other hosts
Description: An issue existed in the handling of FTP packets when
using the PASV command. This issue was resolved through improved
validation.
CVE-ID
CVE-2015-5912 : Amit Klein
CFNetwork HTTPProtocol
Available for: Mac OS X v10.6.8 and later
Impact: A maliciously crafted URL may be able to bypass HSTS and
leak sensitive data
Description: A URL parsing vulnerability existed in HSTS handling.
This issue was addressed through improved URL parsing.
CVE-ID
CVE-2015-5858 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua
University
CFNetwork HTTPProtocol
Available for: Mac OS X v10.6.8 and later
Impact: A malicious website may be able to track users in Safari
private browsing mode
Description: An issue existed in the handling of HSTS state in
Safari private browsing mode. This issue was addressed through
improved state handling.
CVE-ID
CVE-2015-5860 : Sam Greenhalgh of RadicalResearch Ltd
CFNetwork Proxies
Available for: Mac OS X v10.6.8 and later
Impact: Connecting to a malicious web proxy may set malicious
cookies for a website
Description: An issue existed in the handling of proxy connect
responses. This issue was addressed by removing the set-cookie header
while parsing the connect response.
CVE-ID
CVE-2015-5841 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua
University
CFNetwork SSL
Available for: Mac OS X v10.6.8 and later
Impact: An attacker with a privileged network position may intercept
SSL/TLS connections
Description: A certificate validation issue existed in NSURL when a
certificate changed. This issue was addressed through improved
certificate validation.
CVE-ID
CVE-2015-5824 : Timothy J. Wood of The Omni Group
CFNetwork SSL
Available for: Mac OS X v10.6.8 and later
Impact: An attacker may be able to decrypt data protected by SSL
Description: There are known attacks on the confidentiality of RC4.
An attacker could force the use of RC4, even if the server preferred
better ciphers, by blocking TLS 1.0 and higher connections until
CFNetwork tried SSL 3.0, which only allows RC4. This issue was
addressed by removing the fallback to SSL 3.0.
CoreCrypto
Available for: Mac OS X v10.6.8 and later
Impact: An attacker may be able to determine a private key
Description: By observing many signing or decryption attempts, an
attacker may have been able to determine the RSA private key. This
issue was addressed using improved encryption algorithms.
CoreText
Available for: Mac OS X v10.6.8 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team
Dev Tools
Available for: Mac OS X v10.6.8 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A memory corruption issue existed in dyld. This was
addressed through improved memory handling.
CVE-ID
CVE-2015-5876 : beist of grayhash
Dev Tools
Available for: Mac OS X v10.6.8 and later
Impact: An application may be able to bypass code signing
Description: An issue existed with validation of the code signature
of executables. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2015-5839 : @PanguTeam
Disk Images
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue existed in DiskImages. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5847 : Filippo Bigarella, Luca Todesco
dyld
Available for: Mac OS X v10.6.8 and later
Impact: An application may be able to bypass code signing
Description: An issue existed with validation of the code signature
of executables. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2015-5839 : TaiG Jailbreak Team
EFI
Available for: Mac OS X v10.6.8 and later
Impact: A malicious application can prevent some systems from
booting
Description: An issue existed with the addresses covered by the
protected range register. This issue was fixed by changing the
protected range.
CVE-ID
CVE-2015-5900 : Xeno Kovah & Corey Kallenberg from LegbaCore
EFI
Available for: Mac OS X v10.6.8 and later
Impact: A malicious Apple Ethernet Thunderbolt adapter may be able
to affect firmware flashing
Description: Apple Ethernet Thunderbolt adapters could modify the
host firmware if connected during an EFI update. This issue was
addressed by not loading option ROMs during updates.
CVE-ID
CVE-2015-5914 : Trammell Hudson of Two Sigma Investments and snare
Finder
Available for: Mac OS X v10.6.8 and later
Impact: The "Secure Empty Trash" feature may not securely delete
files placed in the Trash
Description: An issue existed in guaranteeing secure deletion of
Trash files on some systems, such as those with flash storage. This
issue was addressed by removing the "Secure Empty Trash" option.
CVE-ID
CVE-2015-5901 : Apple
Game Center
Available for: Mac OS X v10.6.8 and later
Impact: A malicious Game Center application may be able to access a
player's email address
Description: An issue existed in Game Center in the handling of a
player's email. This issue was addressed through improved access
restrictions.
CVE-ID
CVE-2015-5855 : Nasser Alnasser
Heimdal
Available for: Mac OS X v10.6.8 and later
Impact: An attacker may be able to replay Kerberos credentials to
the SMB server
Description: An authentication issue existed in Kerberos
credentials. This issue was addressed through additional validation
of credentials using a list of recently seen credentials.
CVE-ID
CVE-2015-5913 : Tarun Chopra of Microsoft Corporation, U.S. and Yu
Fan of Microsoft Corporation, China
ICU
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in ICU
Description: Multiple vulnerabilities existed in ICU versions prior
to 53.1.0. These issues were addressed by updating ICU to version
55.1.
CVE-ID
CVE-2014-8146
CVE-2014-8147
CVE-2015-5922
Install Framework Legacy
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to gain root privileges
Description: A restriction issue existed in the Install private
framework containing a privileged executable. This issue was
addressed by removing the executable.
CVE-ID
CVE-2015-5888 : Apple
Intel Graphics Driver
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: Multiple memory corruption issues existed in the Intel
Graphics Driver. These issues were addressed through improved memory
handling.
CVE-ID
CVE-2015-5830 : Yuki MIZUNO (@mzyy94)
CVE-2015-5877 : Camillus Gerard Cai
IOAudioFamily
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to determine kernel memory layout
Description: An issue existed in IOAudioFamily that led to the
disclosure of kernel memory content. This issue was addressed by
permuting kernel pointers.
CVE-ID
CVE-2015-5864 : Luca Todesco
IOGraphics
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues existed in the
kernel. These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-5871 : Ilja van Sprundel of IOActive
CVE-2015-5872 : Ilja van Sprundel of IOActive
CVE-2015-5873 : Ilja van Sprundel of IOActive
CVE-2015-5890 : Ilja van Sprundel of IOActive
IOGraphics
Available for: Mac OS X v10.6.8 and later
Impact: A malicious application may be able to determine kernel
memory layout
Description: An issue existed in IOGraphics which could have led to
the disclosure of kernel memory layout. This issue was addressed
through improved memory management.
CVE-ID
CVE-2015-5865 : Luca Todesco
IOHIDFamily
Available for: Mac OS X v10.6.8 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple memory corruption issues existed in
IOHIDFamily. These issues were addressed through improved memory
handling.
CVE-ID
CVE-2015-5866 : Apple
CVE-2015-5867 : moony li of Trend Micro
IOStorageFamily
Available for: Mac OS X v10.6.8 and later
Impact: A local attacker may be able to read kernel memory
Description: A memory initialization issue existed in the kernel.
This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5863 : Ilja van Sprundel of IOActive
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues existed in the
Kernel. These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-5868 : Cererdlong of Alibaba Mobile Security Team
CVE-2015-5896 : Maxime Villard of m00nbsd
CVE-2015-5903 : CESG
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: A local process can modify other processes without
entitlement checks
Description: An issue existed where root processes using the
processor_set_tasks API were allowed to retrieve the task ports of
other processes. This issue was addressed through additional
entitlement checks.
CVE-ID
CVE-2015-5882 : Pedro Vilaca, working from original research by
Ming-chieh Pan and Sung-ting Tsai; Jonathan Levin
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: A local attacker may control the value of stack cookies
Description: Multiple weaknesses existed in the generation of user
space stack cookies. These issues were addressed through improved
generation of stack cookies.
CVE-ID
CVE-2013-3951 : Stefan Esser
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: An attacker may be able to launch denial of service attacks
on targeted TCP connections without knowing the correct sequence
number
Description: An issue existed in xnu's validation of TCP packet
headers. This issue was addressed through improved TCP packet header
validation.
CVE-ID
CVE-2015-5879 : Jonathan Looney
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: An attacker in a local LAN segment may disable IPv6 routing
Description: An insufficient validation issue existed in the
handling of IPv6 router advertisements that allowed an attacker to
set the hop limit to an arbitrary value. This issue was addressed by
enforcing a minimum hop limit.
CVE-ID
CVE-2015-5869 : Dennis Spindel Ljungmark
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to determine kernel memory layout
Description: An issue existed that led to the disclosure of kernel
memory layout. This was addressed through improved initialization of
kernel memory structures.
CVE-ID
CVE-2015-5842 : beist of grayhash
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to determine kernel memory layout
Description: An issue existed in debugging interfaces that led to
the disclosure of memory content. This issue was addressed by
sanitizing output from debugging interfaces.
CVE-ID
CVE-2015-5870 : Apple
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to cause a system denial of service
Description: A state management issue existed in debugging
functionality. This issue was addressed through improved validation.
CVE-ID
CVE-2015-5902 : Sergi Alvarez (pancake) of NowSecure Research Team
libc
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the kernel. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2014-8611 : Adrian Chadd and Alfred Perlstein of Norse
Corporation
libpthread
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the kernel. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5899 : Lufeng Li of Qihoo 360 Vulcan Team
libxpc
Available for: Mac OS X v10.6.8 and later
Impact: Many SSH connections could cause a denial of service
Description: launchd had no limit on the number of processes that
could be started by a network connection. This issue was addressed by
limiting the number of SSH processes to 40.
CVE-ID
CVE-2015-5881 : Apple
Login Window
Available for: Mac OS X v10.6.8 and later
Impact: The screen lock may not engage after the specified time
period
Description: An issue existed with captured display locking. The
issue was addressed through improved lock handling.
CVE-ID
CVE-2015-5833 : Carlos Moreira, Rainer Dorau of rainer dorau
informationsdesign, Chris Nehren, Kai Takac, Hans Douma, Toni
Vaahtera, and an anonymous researcher
lukemftpd
Available for: Mac OS X v10.6.8 and later
Impact: A remote attacker may be able to deny service to the FTP
server
Description: A glob-processing issue existed in tnftpd. This issue
was addressed through improved glob validation.
CVE-ID
CVE-2015-5917 : Maksymilian Arciemowicz of cxsecurity.com
Mail
Available for: Mac OS X v10.6.8 and later
Impact: Printing an email may leak sensitive user information
Description: An issue existed in Mail which bypassed user
preferences when printing an email. This issue was addressed through
improved user preference enforcement.
CVE-ID
CVE-2015-5881 : Owen DeLong of Akamai Technologies, Noritaka Kamiya,
Dennis Klein from Eschenburg, Germany, Jeff Hammett of Systim
Technology Partners
Mail
Available for: Mac OS X v10.6.8 and later
Impact: An attacker in a privileged network position may be able to
intercept attachments of S/MIME-encrypted e-mail sent via Mail Drop
Description: An issue existed in handling encryption parameters for
large email attachments sent via Mail Drop. The issue is addressed by
no longer offering Mail Drop when sending an encrypted e-mail.
CVE-ID
CVE-2015-5884 : John McCombs of Integrated Mapping Ltd
Multipeer Connectivity
Available for: Mac OS X v10.6.8 and later
Impact: A local attacker may be able to observe unprotected
multipeer data
Description: An issue existed in convenience initializer handling in
which encryption could be actively downgraded to a non-encrypted
session. This issue was addressed by changing the convenience
initializer to require encryption.
CVE-ID
CVE-2015-5851 : Alban Diquet (@nabla_c0d3) of Data Theorem
NetworkExtension
Available for: Mac OS X v10.6.8 and later
Impact: A malicious application may be able to determine kernel
memory layout
Description: An uninitialized memory issue in the kernel led to the
disclosure of kernel memory content. This issue was addressed through
improved memory initialization.
CVE-ID
CVE-2015-5831 : Maxime Villard of m00nbsd
Notes
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to leak sensitive user information
Description: An issue existed in parsing links in the Notes
application. This issue was addressed through improved input
validation.
CVE-ID
CVE-2015-5878 : Craig Young of Tripwire VERT, an anonymous researcher
Notes
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to leak sensitive user information
Description: A cross-site scripting issue existed in parsing text by
the Notes application. This issue was addressed through improved
input validation.
CVE-ID
CVE-2015-5875 : xisigr of Tencent's Xuanwu LAB (www.tencent.com)
OpenSSH
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in OpenSSH
Description: Multiple vulnerabilities existed in OpenSSH versions
prior to 6.9. These issues were addressed by updating OpenSSH to
version 6.9.
CVE-ID
CVE-2014-2532
OpenSSL
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in OpenSSL
Description: Multiple vulnerabilities existed in OpenSSL versions
prior to 0.9.8zg. These were addressed by updating OpenSSL to version
0.9.8zg.
CVE-ID
CVE-2015-0286
CVE-2015-0287
procmail
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in procmail
Description: Multiple vulnerabilities existed in procmail versions
prior to 3.22. These issues were addressed by removing procmail.
CVE-ID
CVE-2014-3618
remote_cmds
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with root
privileges
Description: An issue existed in the usage of environment variables
by the rsh binary. This issue was addressed by dropping setuid
privileges from the rsh binary.
CVE-ID
CVE-2015-5889 : Philip Pettersson
removefile
Available for: Mac OS X v10.6.8 and later
Impact: Processing malicious data may lead to unexpected application
termination
Description: An overflow fault existed in the checkint division
routines. This issue was addressed with improved division routines.
CVE-ID
CVE-2015-5840 : an anonymous researcher
Ruby
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in Ruby
Description: Multiple vulnerabilities existed in Ruby versions prior
to 2.0.0p645. These were addressed by updating Ruby to version
2.0.0p645.
CVE-ID
CVE-2014-8080
CVE-2014-8090
CVE-2015-1855
Security
Available for: Mac OS X v10.6.8 and later
Impact: The lock state of the keychain may be incorrectly displayed
to the user
Description: A state management issue existed in the way keychain
lock status was tracked. This issue was addressed through improved
state management.
CVE-ID
CVE-2015-5915 : Peter Walz of University of Minnesota, David Ephron,
Eric E. Lawrence, Apple
Security
Available for: Mac OS X v10.6.8 and later
Impact: A trust evaluation configured to require revocation checking
may succeed even if revocation checking fails
Description: The kSecRevocationRequirePositiveResponse flag was
specified but not implemented. This issue was addressed by
implementing the flag.
CVE-ID
CVE-2015-5894 : Hannes Oud of kWallet GmbH
Security
Available for: Mac OS X v10.6.8 and later
Impact: A remote server may prompt for a certificate before
identifying itself
Description: Secure Transport accepted the CertificateRequest
message before the ServerKeyExchange message. This issue was
addressed by requiring the ServerKeyExchange first.
CVE-ID
CVE-2015-5887 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine
Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of
INRIA Paris-Rocquencourt, and Cedric Fournet and Markulf Kohlweiss of
Microsoft Research, Pierre-Yves Strub of IMDEA Software Institute
SMB
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the kernel. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5891 : Ilja van Sprundel of IOActive
SMB
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to determine kernel memory layout
Description: An issue existed in SMBClient that led to the
disclosure of kernel memory content. This issue was addressed through
improved bounds checking.
CVE-ID
CVE-2015-5893 : Ilja van Sprundel of IOActive
SQLite
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in SQLite v3.8.5
Description: Multiple vulnerabilities existed in SQLite v3.8.5.
These issues were addressed by updating SQLite to version 3.8.10.2.
CVE-ID
CVE-2015-3414
CVE-2015-3415
CVE-2015-3416
Telephony
Available for: Mac OS X v10.6.8 and later
Impact: A local attacker can place phone calls without the user's
knowledge when using Continuity
Description: An issue existed in the authorization checks for
placing phone calls. This issue was addressed through improved
authorization checks.
CVE-ID
CVE-2015-3785 : Dan Bastone of Gotham Digital Science
Terminal
Available for: Mac OS X v10.6.8 and later
Impact: Maliciously crafted text could mislead the user in Terminal
Description: Terminal did not handle bidirectional override
characters in the same way when displaying text and when selecting
text. This issue was addressed by suppressing bidirectional override
characters in Terminal.
CVE-ID
CVE-2015-5883 : an anonymous researcher
tidy
Available for: Mac OS X v10.6.8 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in tidy.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-5522 : Fernando Munoz of NULLGroup.com
CVE-2015-5523 : Fernando Munoz of NULLGroup.com
Time Machine
Available for: Mac OS X v10.6.8 and later
Impact: A local attacker may gain access to keychain items
Description: An issue existed in backups by the Time Machine
framework. This issue was addressed through improved coverage of Time
Machine backups.
CVE-ID
CVE-2015-5854 : Jonas Magazinius of Assured AB
Note: OS X El Capitan 10.11 includes the security content of
Safari 9: https://support.apple.com/kb/HT205265.
OS X El Capitan 10.11 may be obtained from the Mac App Store:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJWDB2wAAoJEBcWfLTuOo7t0sYP/2L3JOGPkHH8XUh2YHpu5qaw
S5F2v+SRpWleKQBVsGZ7oA8PV0rBTzEkzt8K1tNxYmxEqL9f/TpRiGoforn89thO
/hOtmVOfUcBjPZ4XKwMVzycfSMC9o6LxWTLEKDVylE+F+5jkXafOC9QaqD11dxX6
QhENkpS1BwrKhyaSVxEcgBQtZM9aTsVdZ78rTCb9XTn6gDnvs8NfIQquFOnaQT54
YJ36e5UcUsnyBIol+yGDbC3ZEhzSVIGE5/8/NFlFfRXLgnJArxD8lqz8WdfU9fop
hpT/dDqqAdYbRcW1ihcG1haiNHgP9yQCY5jRNfttb+Tc/kIi/QmPkEO0QS8Ygt/O
c3sUbNulr1LCinymFVwx16CM1DplGS/GmBL18BAEBnL6yi9tEhYDynZWLSEa37VR
8q802rXRSF10Wct9/kEeR4HgY/1k0KK/4Uddm3c0YyOU21ya7NAhoHGwmDa9g11r
N1TniOK8tPiCGjRNOJwuF6DKxD9L3Fv44bVlxAarGUGYkICqzaNS+bgKI1aQNahT
fJ91x5uKD4+L9v9c5slkoDIvWqIhO9oyuxgnmC5GstkwFplFXSOklLkTktjLGNn1
nJq8cPnZ/3E1RXTEwVhGljYw5pdZHNx98XmLomGrPqVlZfjGURK+5AXdf2pOlt2e
g6jld/w5tPuCFhGucE7Z
=XciV
-----END PGP SIGNATURE-----
. NOTE: this vulnerability exists because of an incomplete
fix for CVE-2014-8142 (CVE-2015-0231).
An integer overflow flaw, leading to a heap-based buffer overflow,
was found in the way libzip, which is embedded in PHP, processed
certain ZIP archives.
It was discovered that the PHP PostgreSQL database extension
incorrectly handled certain pointers. The libzip packages
has been patched to address the CVE-2015-2331 flaw.
Additionally the php-xdebug package has been upgraded to the latest
2.3.2 and the PECL packages which requires so has been rebuilt for
php-5.5.23. The verification
of md5 checksums and GPG signatures is performed automatically for you. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: php55 security and bug fix update
Advisory ID: RHSA-2015:1053-01
Product: Red Hat Software Collections
Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1053.html
Issue date: 2015-06-04
CVE Names: CVE-2014-8142 CVE-2014-9427 CVE-2014-9652
CVE-2014-9705 CVE-2014-9709 CVE-2015-0231
CVE-2015-0232 CVE-2015-0273 CVE-2015-1351
CVE-2015-1352 CVE-2015-2301 CVE-2015-2305
CVE-2015-2348 CVE-2015-2787 CVE-2015-4147
CVE-2015-4148
=====================================================================
1. Summary:
Updated php55 collection packages that fix multiple security issues and
several bugs are now available as part of Red Hat Software Collections 2.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - x86_64
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - x86_64
3. Description:
PHP is an HTML-embedded scripting language commonly used with the Apache
HTTP Server. The php55 packages provide a recent stable release of PHP with
the PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a
number of additional utilities.
The php55 packages have been upgraded to upstream version 5.5.21, which
provides multiple bug fixes over the version shipped in Red Hat Software
Collections 1. (BZ#1057089)
The following security issues were fixed in the php55-php component:
An uninitialized pointer use flaw was found in PHP's Exif extension. A
specially crafted JPEG or TIFF file could cause a PHP application using the
exif_read_data() function to crash or, possibly, execute arbitrary code
with the privileges of the user running that PHP application.
(CVE-2015-0232)
Multiple flaws were discovered in the way PHP performed object
unserialization. Specially crafted input processed by the unserialize()
function could cause a PHP application to crash or, possibly, execute
arbitrary code. (CVE-2014-8142, CVE-2015-0231, CVE-2015-0273,
CVE-2015-2787, CVE-2015-4147, CVE-2015-4148)
A heap buffer overflow flaw was found in the enchant_broker_request_dict()
function of PHP's enchant extension. An attacker able to make a PHP
application enchant dictionaries could possibly cause it to crash.
(CVE-2014-9705)
A heap buffer overflow flaw was found in PHP's regular expression
extension. An attacker able to make PHP process a specially crafted regular
expression pattern could cause it to crash and possibly execute arbitrary
code. (CVE-2015-2305)
A buffer over-read flaw was found in the GD library used by the PHP gd
extension. A specially crafted GIF file could cause a PHP application using
the imagecreatefromgif() function to crash. (CVE-2014-9709)
A use-after-free flaw was found in PHP's OPcache extension. This flaw could
possibly lead to a disclosure of a portion of the server memory.
(CVE-2015-1351)
A use-after-free flaw was found in PHP's phar (PHP Archive) extension.
An attacker able to trigger certain error condition in phar archive
processing could possibly use this flaw to disclose certain portions of
server memory. (CVE-2015-2301)
An ouf-of-bounds read flaw was found in the way the File Information
(fileinfo) extension processed certain Pascal strings. (CVE-2014-9652)
It was found that PHP move_uploaded_file() function did not properly handle
file names with a NULL character. A remote attacker could possibly use this
flaw to make a PHP script access unexpected files and bypass intended file
system access restrictions. (CVE-2015-2348)
A NULL pointer dereference flaw was found in PHP's pgsql extension. A
specially crafted table name passed to a function such as pg_insert() or
pg_select() could cause a PHP application to crash. (CVE-2015-1352)
A flaw was found in the way PHP handled malformed source files when running
in CGI mode. A specially crafted PHP file could cause PHP CGI to crash.
(CVE-2014-9427)
All php55 users are advised to upgrade to these updated packages, which
correct these issues. After installing the updated packages, the
httpd24-httpd service must be restarted for the update to take effect.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1132446 - php55-php-fpm misinterpreting error_log=syslog
1175718 - CVE-2014-8142 php: use after free vulnerability in unserialize()
1178736 - CVE-2014-9427 php: out of bounds read when parsing a crafted .php file
1185397 - CVE-2015-0231 php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142)
1185472 - CVE-2015-0232 php: Free called on unitialized pointer in exif.c
1185900 - CVE-2015-1351 php: use after free in opcache extension
1185904 - CVE-2015-1352 php: NULL pointer dereference in pgsql extension
1188599 - CVE-2014-9652 file: out of bounds read in mconvert()
1188639 - CVE-2014-9709 gd: buffer read overflow in gd_gif_in.c
1191049 - CVE-2015-2305 regex: heap overflow in regcomp() on 32-bit architectures
1194730 - CVE-2015-0273 php: use after free vulnerability in unserialize() with DateTimeZone
1194737 - CVE-2014-9705 php: heap buffer overflow in enchant_broker_request_dict()
1194747 - CVE-2015-2301 php: use after free in phar_object.c
1204868 - CVE-2015-4147 php: SoapClient's __call() type confusion through unserialize()
1207676 - CVE-2015-2787 php: use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re
1207682 - CVE-2015-2348 php: move_uploaded_file() NUL byte injection in file name
1226916 - CVE-2015-4148 php: SoapClient's do_soap_call() type confusion after unserialize()
6. Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source:
php55-2.0-1.el6.src.rpm
php55-php-5.5.21-2.el6.src.rpm
x86_64:
php55-2.0-1.el6.x86_64.rpm
php55-php-5.5.21-2.el6.x86_64.rpm
php55-php-bcmath-5.5.21-2.el6.x86_64.rpm
php55-php-cli-5.5.21-2.el6.x86_64.rpm
php55-php-common-5.5.21-2.el6.x86_64.rpm
php55-php-dba-5.5.21-2.el6.x86_64.rpm
php55-php-debuginfo-5.5.21-2.el6.x86_64.rpm
php55-php-devel-5.5.21-2.el6.x86_64.rpm
php55-php-enchant-5.5.21-2.el6.x86_64.rpm
php55-php-fpm-5.5.21-2.el6.x86_64.rpm
php55-php-gd-5.5.21-2.el6.x86_64.rpm
php55-php-gmp-5.5.21-2.el6.x86_64.rpm
php55-php-imap-5.5.21-2.el6.x86_64.rpm
php55-php-intl-5.5.21-2.el6.x86_64.rpm
php55-php-ldap-5.5.21-2.el6.x86_64.rpm
php55-php-mbstring-5.5.21-2.el6.x86_64.rpm
php55-php-mysqlnd-5.5.21-2.el6.x86_64.rpm
php55-php-odbc-5.5.21-2.el6.x86_64.rpm
php55-php-opcache-5.5.21-2.el6.x86_64.rpm
php55-php-pdo-5.5.21-2.el6.x86_64.rpm
php55-php-pgsql-5.5.21-2.el6.x86_64.rpm
php55-php-process-5.5.21-2.el6.x86_64.rpm
php55-php-pspell-5.5.21-2.el6.x86_64.rpm
php55-php-recode-5.5.21-2.el6.x86_64.rpm
php55-php-snmp-5.5.21-2.el6.x86_64.rpm
php55-php-soap-5.5.21-2.el6.x86_64.rpm
php55-php-tidy-5.5.21-2.el6.x86_64.rpm
php55-php-xml-5.5.21-2.el6.x86_64.rpm
php55-php-xmlrpc-5.5.21-2.el6.x86_64.rpm
php55-runtime-2.0-1.el6.x86_64.rpm
php55-scldevel-2.0-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.5):
Source:
php55-2.0-1.el6.src.rpm
php55-php-5.5.21-2.el6.src.rpm
x86_64:
php55-2.0-1.el6.x86_64.rpm
php55-php-5.5.21-2.el6.x86_64.rpm
php55-php-bcmath-5.5.21-2.el6.x86_64.rpm
php55-php-cli-5.5.21-2.el6.x86_64.rpm
php55-php-common-5.5.21-2.el6.x86_64.rpm
php55-php-dba-5.5.21-2.el6.x86_64.rpm
php55-php-debuginfo-5.5.21-2.el6.x86_64.rpm
php55-php-devel-5.5.21-2.el6.x86_64.rpm
php55-php-enchant-5.5.21-2.el6.x86_64.rpm
php55-php-fpm-5.5.21-2.el6.x86_64.rpm
php55-php-gd-5.5.21-2.el6.x86_64.rpm
php55-php-gmp-5.5.21-2.el6.x86_64.rpm
php55-php-imap-5.5.21-2.el6.x86_64.rpm
php55-php-intl-5.5.21-2.el6.x86_64.rpm
php55-php-ldap-5.5.21-2.el6.x86_64.rpm
php55-php-mbstring-5.5.21-2.el6.x86_64.rpm
php55-php-mysqlnd-5.5.21-2.el6.x86_64.rpm
php55-php-odbc-5.5.21-2.el6.x86_64.rpm
php55-php-opcache-5.5.21-2.el6.x86_64.rpm
php55-php-pdo-5.5.21-2.el6.x86_64.rpm
php55-php-pgsql-5.5.21-2.el6.x86_64.rpm
php55-php-process-5.5.21-2.el6.x86_64.rpm
php55-php-pspell-5.5.21-2.el6.x86_64.rpm
php55-php-recode-5.5.21-2.el6.x86_64.rpm
php55-php-snmp-5.5.21-2.el6.x86_64.rpm
php55-php-soap-5.5.21-2.el6.x86_64.rpm
php55-php-tidy-5.5.21-2.el6.x86_64.rpm
php55-php-xml-5.5.21-2.el6.x86_64.rpm
php55-php-xmlrpc-5.5.21-2.el6.x86_64.rpm
php55-runtime-2.0-1.el6.x86_64.rpm
php55-scldevel-2.0-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.6):
Source:
php55-2.0-1.el6.src.rpm
php55-php-5.5.21-2.el6.src.rpm
x86_64:
php55-2.0-1.el6.x86_64.rpm
php55-php-5.5.21-2.el6.x86_64.rpm
php55-php-bcmath-5.5.21-2.el6.x86_64.rpm
php55-php-cli-5.5.21-2.el6.x86_64.rpm
php55-php-common-5.5.21-2.el6.x86_64.rpm
php55-php-dba-5.5.21-2.el6.x86_64.rpm
php55-php-debuginfo-5.5.21-2.el6.x86_64.rpm
php55-php-devel-5.5.21-2.el6.x86_64.rpm
php55-php-enchant-5.5.21-2.el6.x86_64.rpm
php55-php-fpm-5.5.21-2.el6.x86_64.rpm
php55-php-gd-5.5.21-2.el6.x86_64.rpm
php55-php-gmp-5.5.21-2.el6.x86_64.rpm
php55-php-imap-5.5.21-2.el6.x86_64.rpm
php55-php-intl-5.5.21-2.el6.x86_64.rpm
php55-php-ldap-5.5.21-2.el6.x86_64.rpm
php55-php-mbstring-5.5.21-2.el6.x86_64.rpm
php55-php-mysqlnd-5.5.21-2.el6.x86_64.rpm
php55-php-odbc-5.5.21-2.el6.x86_64.rpm
php55-php-opcache-5.5.21-2.el6.x86_64.rpm
php55-php-pdo-5.5.21-2.el6.x86_64.rpm
php55-php-pgsql-5.5.21-2.el6.x86_64.rpm
php55-php-process-5.5.21-2.el6.x86_64.rpm
php55-php-pspell-5.5.21-2.el6.x86_64.rpm
php55-php-recode-5.5.21-2.el6.x86_64.rpm
php55-php-snmp-5.5.21-2.el6.x86_64.rpm
php55-php-soap-5.5.21-2.el6.x86_64.rpm
php55-php-tidy-5.5.21-2.el6.x86_64.rpm
php55-php-xml-5.5.21-2.el6.x86_64.rpm
php55-php-xmlrpc-5.5.21-2.el6.x86_64.rpm
php55-runtime-2.0-1.el6.x86_64.rpm
php55-scldevel-2.0-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source:
php55-2.0-1.el6.src.rpm
php55-php-5.5.21-2.el6.src.rpm
x86_64:
php55-2.0-1.el6.x86_64.rpm
php55-php-5.5.21-2.el6.x86_64.rpm
php55-php-bcmath-5.5.21-2.el6.x86_64.rpm
php55-php-cli-5.5.21-2.el6.x86_64.rpm
php55-php-common-5.5.21-2.el6.x86_64.rpm
php55-php-dba-5.5.21-2.el6.x86_64.rpm
php55-php-debuginfo-5.5.21-2.el6.x86_64.rpm
php55-php-devel-5.5.21-2.el6.x86_64.rpm
php55-php-enchant-5.5.21-2.el6.x86_64.rpm
php55-php-fpm-5.5.21-2.el6.x86_64.rpm
php55-php-gd-5.5.21-2.el6.x86_64.rpm
php55-php-gmp-5.5.21-2.el6.x86_64.rpm
php55-php-imap-5.5.21-2.el6.x86_64.rpm
php55-php-intl-5.5.21-2.el6.x86_64.rpm
php55-php-ldap-5.5.21-2.el6.x86_64.rpm
php55-php-mbstring-5.5.21-2.el6.x86_64.rpm
php55-php-mysqlnd-5.5.21-2.el6.x86_64.rpm
php55-php-odbc-5.5.21-2.el6.x86_64.rpm
php55-php-opcache-5.5.21-2.el6.x86_64.rpm
php55-php-pdo-5.5.21-2.el6.x86_64.rpm
php55-php-pgsql-5.5.21-2.el6.x86_64.rpm
php55-php-process-5.5.21-2.el6.x86_64.rpm
php55-php-pspell-5.5.21-2.el6.x86_64.rpm
php55-php-recode-5.5.21-2.el6.x86_64.rpm
php55-php-snmp-5.5.21-2.el6.x86_64.rpm
php55-php-soap-5.5.21-2.el6.x86_64.rpm
php55-php-tidy-5.5.21-2.el6.x86_64.rpm
php55-php-xml-5.5.21-2.el6.x86_64.rpm
php55-php-xmlrpc-5.5.21-2.el6.x86_64.rpm
php55-runtime-2.0-1.el6.x86_64.rpm
php55-scldevel-2.0-1.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source:
php55-2.0-1.el7.src.rpm
php55-php-5.5.21-2.el7.src.rpm
x86_64:
php55-2.0-1.el7.x86_64.rpm
php55-php-5.5.21-2.el7.x86_64.rpm
php55-php-bcmath-5.5.21-2.el7.x86_64.rpm
php55-php-cli-5.5.21-2.el7.x86_64.rpm
php55-php-common-5.5.21-2.el7.x86_64.rpm
php55-php-dba-5.5.21-2.el7.x86_64.rpm
php55-php-debuginfo-5.5.21-2.el7.x86_64.rpm
php55-php-devel-5.5.21-2.el7.x86_64.rpm
php55-php-enchant-5.5.21-2.el7.x86_64.rpm
php55-php-fpm-5.5.21-2.el7.x86_64.rpm
php55-php-gd-5.5.21-2.el7.x86_64.rpm
php55-php-gmp-5.5.21-2.el7.x86_64.rpm
php55-php-intl-5.5.21-2.el7.x86_64.rpm
php55-php-ldap-5.5.21-2.el7.x86_64.rpm
php55-php-mbstring-5.5.21-2.el7.x86_64.rpm
php55-php-mysqlnd-5.5.21-2.el7.x86_64.rpm
php55-php-odbc-5.5.21-2.el7.x86_64.rpm
php55-php-opcache-5.5.21-2.el7.x86_64.rpm
php55-php-pdo-5.5.21-2.el7.x86_64.rpm
php55-php-pgsql-5.5.21-2.el7.x86_64.rpm
php55-php-process-5.5.21-2.el7.x86_64.rpm
php55-php-pspell-5.5.21-2.el7.x86_64.rpm
php55-php-recode-5.5.21-2.el7.x86_64.rpm
php55-php-snmp-5.5.21-2.el7.x86_64.rpm
php55-php-soap-5.5.21-2.el7.x86_64.rpm
php55-php-xml-5.5.21-2.el7.x86_64.rpm
php55-php-xmlrpc-5.5.21-2.el7.x86_64.rpm
php55-runtime-2.0-1.el7.x86_64.rpm
php55-scldevel-2.0-1.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source:
php55-2.0-1.el7.src.rpm
php55-php-5.5.21-2.el7.src.rpm
x86_64:
php55-2.0-1.el7.x86_64.rpm
php55-php-5.5.21-2.el7.x86_64.rpm
php55-php-bcmath-5.5.21-2.el7.x86_64.rpm
php55-php-cli-5.5.21-2.el7.x86_64.rpm
php55-php-common-5.5.21-2.el7.x86_64.rpm
php55-php-dba-5.5.21-2.el7.x86_64.rpm
php55-php-debuginfo-5.5.21-2.el7.x86_64.rpm
php55-php-devel-5.5.21-2.el7.x86_64.rpm
php55-php-enchant-5.5.21-2.el7.x86_64.rpm
php55-php-fpm-5.5.21-2.el7.x86_64.rpm
php55-php-gd-5.5.21-2.el7.x86_64.rpm
php55-php-gmp-5.5.21-2.el7.x86_64.rpm
php55-php-intl-5.5.21-2.el7.x86_64.rpm
php55-php-ldap-5.5.21-2.el7.x86_64.rpm
php55-php-mbstring-5.5.21-2.el7.x86_64.rpm
php55-php-mysqlnd-5.5.21-2.el7.x86_64.rpm
php55-php-odbc-5.5.21-2.el7.x86_64.rpm
php55-php-opcache-5.5.21-2.el7.x86_64.rpm
php55-php-pdo-5.5.21-2.el7.x86_64.rpm
php55-php-pgsql-5.5.21-2.el7.x86_64.rpm
php55-php-process-5.5.21-2.el7.x86_64.rpm
php55-php-pspell-5.5.21-2.el7.x86_64.rpm
php55-php-recode-5.5.21-2.el7.x86_64.rpm
php55-php-snmp-5.5.21-2.el7.x86_64.rpm
php55-php-soap-5.5.21-2.el7.x86_64.rpm
php55-php-xml-5.5.21-2.el7.x86_64.rpm
php55-php-xmlrpc-5.5.21-2.el7.x86_64.rpm
php55-runtime-2.0-1.el7.x86_64.rpm
php55-scldevel-2.0-1.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2014-8142
https://access.redhat.com/security/cve/CVE-2014-9427
https://access.redhat.com/security/cve/CVE-2014-9652
https://access.redhat.com/security/cve/CVE-2014-9705
https://access.redhat.com/security/cve/CVE-2014-9709
https://access.redhat.com/security/cve/CVE-2015-0231
https://access.redhat.com/security/cve/CVE-2015-0232
https://access.redhat.com/security/cve/CVE-2015-0273
https://access.redhat.com/security/cve/CVE-2015-1351
https://access.redhat.com/security/cve/CVE-2015-1352
https://access.redhat.com/security/cve/CVE-2015-2301
https://access.redhat.com/security/cve/CVE-2015-2305
https://access.redhat.com/security/cve/CVE-2015-2348
https://access.redhat.com/security/cve/CVE-2015-2787
https://access.redhat.com/security/cve/CVE-2015-4147
https://access.redhat.com/security/cve/CVE-2015-4148
https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2015 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFVcBWDXlSAg2UNWIIRAnzoAJ9qn4wDNXMD8JU1N7k7nEzKlPpGDwCgi0Si
MD3ZncY/P8Pl6+DgQxJQCjo=
=MxfY
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201501-0272 | CVE-2014-8835 | Apple OS X of libxpc of xpc_data_get_bytes Vulnerability in arbitrary code execution in function |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
The xpc_data_get_bytes function in libxpc in Apple OS X before 10.10.2 does not verify that a dictionary's Attributes key has the xpc_data data type, which allows attackers to execute arbitrary code by providing a crafted dictionary to sysmond, related to an "XPC type confusion" issue. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. http://cwe.mitre.org/data/definitions/19.htmlBy the attacker, sysmond By providing a crafted dictionary, arbitrary code could be executed. Apple Mac OS X is prone to multiple security vulnerabilities.
The update addresses new vulnerabilities that affect Bluetooth, CPU Software, CommerceKit Framework, CoreGraphics, CoreSymbolication, Intel Graphics Driver, IOHIDFamily, IOUSBFamily, Kernel, LaunchServices, LoginWindow, Sandbox, SceneKit, security, security_taskgate, Spotlight, SpotlightIndex, sysmond, and UserAccountUpdater components.
Attackers can exploit these issues to execute arbitrary code, gain unauthorized access, bypass security restrictions, disclose sensitive information and perform other attacks. Failed attacks may cause denial-of-service conditions.
These issues affect OS X prior to 10.10.2
| VAR-201501-0384 | CVE-2014-3019 | IBM BladeCenter SAS Connectivity Module and SAS RAID Module Vulnerable to access to blades and storage pools |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
IBM BladeCenter SAS Connectivity Module (aka NSSM) and SAS RAID Module (aka RSSM) before 1.3.3.006 allow remote attackers to obtain blade and storage-pool access via a TELNET session.
An attacker can exploit this issue to gain unauthorized access to the affected application. This may aid in further attacks. A security vulnerability exists in IBM BladeCenter NSSM and RSSM 1.3.3.004 and earlier versions
| VAR-201501-0136 | CVE-2015-1056 | Brother MFC-J4410DW Cross-site scripting vulnerability in printer firmware |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in Brother MFC-J4410DW printer with firmware before L allows remote attackers to inject arbitrary web script or HTML via the url parameter to general/status.html and possibly other pages. The Brother MFC-J4410DW is a color laser printer device that supports wireless network printing. An attacker could exploit these vulnerabilities to execute arbitrary script code in the context of a browser that is not known to the affected user. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Brother MFC-J4410DW is a printer product of Japan Brother Industries (Brother). The vulnerability is caused by the general/status.html file not adequately filtering the 'url' parameter