VARIoT IoT vulnerabilities database

ZOLL Defibrillator / Monitor M Series, E Series, and R Series have a default password for System Configuration mode, which allows physically proximate attackers to modify device configuration and cause a denial of service (adverse human health effects). ZOLL Defibrillator/Monitor M Series, E Series and R Series are all M, E, R series defibrillator devices used by ZOLL in the United States for emergency medical services. There are security vulnerabilities in various ZOLL Defibrillator/Monitor products. Because the System Configuration mode uses the default password. An attacker could exploit this vulnerability to modify the device configuration and cause a denial of service. Monitor/defibrillator is prone to a denial-of-service vulnerability

Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID CSCup74290. An authenticated attacker can leverage this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue is tracked by Cisco Bug ID CSCup74290. CUCM is a call processing component in a unified communication system, which provides a scalable, distributed and highly available enterprise IP phone call processing solution

Raritan Japan Dominion KX2-101 switches before 2 allow remote attackers to cause a denial of service (device hang) via a crafted packet. Dominion KX2-101 provided by Raritan Japan, Inc. contains a denial-of-service (DoS) vulnerability. Dominion KX2-101 provided by Raritan Japan, Inc. is a KVM-over-IP switch. Dominion KX2-101 contains a denial-of-service (DoS) vulnerability. Yusuke Okano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.By receiving a specially crafted packet, the product may be forced to stop responding. Raritan Japan KX2-101 is a switch product from Raritan Corporation of the United States. A denial of service vulnerability exists in Raritan Japan KX2-101. Attackers may leverage this issue to crash the affected device, denying service to legitimate users. Dominion KX2-101 is vulnerable; other versions may also be affected

ZOLL Defibrillator / Monitor X Series has a default (1) supervisor password and (2) service password, which allows physically proximate attackers to modify device configuration and cause a denial of service (adverse human health effects). ( Adversely affect human health ) There are vulnerabilities that are put into a state.An attacker who can physically operate the terminal changes the device settings and disrupts service operation ( Adversely affect human health ) There is a possibility of being put into a state. ZOLL Defibrillator/Monitor X Series is an X-series monitor and defibrillator device for emergency medical services from ZOLL, USA. ZOLL Defibrillator/Monitor is prone to a local denial-of-service vulnerability. Attackers may leverage this issue to crash the affected device, denying service to legitimate users. Defibrillator/Monitor X series is vulnerable; other versions may also be affected

IBM WebSphere DataPower SOA appliances through 4.0.2.15, 5.x through 5.0.0.17, 6.0.0.x through 6.0.0.9, and 6.0.1.x through 6.0.1.5 make it easier for remote attackers to obtain a PreMasterSecret value and defeat cryptographic protection mechanisms by sending a large number of requests in an SSL/TLS side-channel timing attack. IBM WebSphere DataPower SOA Appliances are prone to a remote information-disclosure vulnerability. Successful exploits may allow attackers to obtain potentially sensitive information that may aid in other attacks. The appliance is primarily used to simplify, secure and accelerate XML and Web services deployment in SOA

The Public Key Pinning (PKP) implementation in Google Chrome before 36.0.1985.143 on Windows, OS X, and Linux, and before 36.0.1985.135 on Android, does not correctly consider the properties of SPDY connections, which allows remote attackers to obtain sensitive information by leveraging the use of multiple domain names. Google Chrome is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information. This may aid in further attacks. Versions prior to Chrome 36.0.1985.143 are vulnerable. Verify the properties of the SPDY connection. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3039-1 security@debian.org http://www.debian.org/security/ Michael Gilbert September 28, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser CVE ID : CVE-2014-3160 CVE-2014-3162 CVE-2014-3165 CVE-2014-3166 CVE-2014-3167 CVE-2014-3168 CVE-2014-3169 CVE-2014-3170 CVE-2014-3171 CVE-2014-3172 CVE-2014-3173 CVE-2014-3174 CVE-2014-3175 CVE-2014-3176 CVE-2014-3177 CVE-2014-3178 CVE-2014-3179 Several vulnerabilities were discovered in the chromium web browser. CVE-2014-3160 Christian Schneider discovered a same origin bypass issue in SVG file resource fetching. CVE-2014-3162 The Google Chrome development team addressed multiple issues with potential security impact for chromium 36.0.1985.125. CVE-2014-3165 Colin Payne discovered a use-after-free issue in the Web Sockets implementation. CVE-2014-3166 Antoine Delignat-Lavaud discovered an information leak in the SPDY protocol implementation. CVE-2014-3167 The Google Chrome development team addressed multiple issues with potential security impact for chromium 36.0.1985.143. CVE-2014-3168 cloudfuzzer discovered a use-after-free issue in SVG image file handling. CVE-2014-3169 Andrzej Dyjak discovered a use-after-free issue in the Webkit/Blink Document Object Model implementation. CVE-2014-3170 Rob Wu discovered a way to spoof the url of chromium extensions. CVE-2014-3171 cloudfuzzer discovered a use-after-free issue in chromium's v8 bindings. CVE-2014-3172 Eli Grey discovered a way to bypass access restrictions using chromium's Debugger extension API. CVE-2014-3173 jmuizelaar discovered an uninitialized read issue in WebGL. CVE-2014-3174 Atte Kettunen discovered an uninitialized read issue in Web Audio. CVE-2014-3175 The Google Chrome development team addressed multiple issues with potential security impact for chromium 37.0.2062.94. CVE-2014-3176 lokihardt@asrt discovered a combination of flaws that can lead to remote code execution outside of chromium's sandbox. CVE-2014-3177 lokihardt@asrt discovered a combination of flaws that can lead to remote code execution outside of chromium's sandbox. CVE-2014-3178 miaubiz discovered a use-after-free issue in the Document Object Model implementation in Blink/Webkit. CVE-2014-3179 The Google Chrome development team addressed multiple issues with potential security impact for chromium 37.0.2062.120. For the stable distribution (wheezy), these problems have been fixed in version 37.0.2062.120-1~deb7u1. For the testing (jessie) and unstable (sid) distributions, these problems have been fixed in version 37.0.2062.120-1. We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQQcBAEBCgAGBQJUKFfrAAoJELjWss0C1vRzHiEgAIABz3HDoSbH2wCbN58xmQPs EXADJVYxCyYN6YFnR4lSxekGX3p0Gr+zjGnVzmAVAQnflWEX4e+U4nXN581oLvC4 9DRGyFW5IANzi98AViRZ5SV5lFG93q/ipL5H74/kfg4gqBoxXTw/a6QF20nRYxES S5LQGqMu9Hzkto23nzQUc45uItapphd78StNLtdpaVVN2UV3dDMItMnDpDWpxv9h kUGK1cKjcMEVWOejvI8YEALYo6OMunwR+G6HwG7soc7k4zHOlesIJ86HoKz1aYgZ Yj6reRBZxpQSwAKMzdxKT5OyAMbYadOk6ryPmJSqJv6ky5q13quqqjjecIthY29G hHRInemqRNoGjza1OJj8+vs1K+uWoLbth91CC62KXKhSGVydbOhBXyLtpWsSLGVn YOAeT45QZqmIzvSuAm3HULJmZdLmiFefu8bSHZRuJLt95UZzHBYtD8i85DTCOWaO p6XymJQPbvJtPQ1Qw+ZIJnsjzMhFIwRmuJPm67ZiLt/aQdnsY+WKWlZAvrCSxczp n+eRNRKBRsEiKIQUvRv0S91wCSVnEX6ywY/faOrZv2aH8J1VcYT+qqjMmvpzHgKl HikDmyW7k67Lko8R8Ah92+pktFFFTx/aPEGWrJUOqd+OdREPlv8F06ZNe0lK1nM2 AYn03pLaJvCv3JqGFdEUEPQQpTMsI6cs+VC21RkP9/c3RV7Y6ExjtarZ/1nNVf7q IyqZyYPRd3WmS9gIrsOODUDBWeamd1RkYm3r0u61oP+39m6rX9GIk/2FrWzrefDK nbewNAPtywb4y1Xjg4aHHFiJEVy+8D3qhZkgUTug10Xye2qSzlwRbi+eNmdFwJ/m xf8QTNvGluPcejRiCYmTEosqT2SksWULDfqUx4+3k/uIfpaI15V4QXyIhGFlNxKs cweaD6U5pAvK/RyTuxigM1ezYTs4JZFkYDhbzeCgb03mWOmbU9VP3Sqr+klRRiLA 1cOm22oXmb8P53gHFXxB9V4jBdPk7XVwjB4EA20+qHH6jIePGnhjkNm7hgZJB7Dr vuKmA7g/bCEnlGJC9XjutVXetgF6rx6uVpDKixLOHYwux+2tIu/Qy0AuWfUhT1Yu /CuW/CVztOPyLY2pOwLT5Ao1ERdCk/JzqRzCUfvX+xGirm5b3yT+9j+C2Ij1ohBc Sxs+kAJlldvbUN8/D+gyInWHqbacnu0pnIag05Cwk2mVgOGhPAyJsPuAawqtPj0K aQbBNpXhCMkTc4kRktISA6CBcQUBdWuavKmkYej3SOmluc+sjw6dbm4W8EjI1pJY 6Up8h8azSmt5OTNiAtjxrw/ddH2mFCJGo5+jUjpaICs/218+f5XnquZZMTD3tV8= =pGsl -----END PGP SIGNATURE----- . ============================================================================ Ubuntu Security Notice USN-2320-1 August 20, 2014 oxide-qt vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Oxide. Software Description: - oxide-qt: Web browser engine library for Qt (QML plugin) Details: A use-after-free was discovered in the websockets implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash. (CVE-2014-3167) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: liboxideqtcore0 1.0.5-0ubuntu0.14.04.1 oxideqt-codecs 1.0.5-0ubuntu0.14.04.1 oxideqt-codecs-extra 1.0.5-0ubuntu0.14.04.1 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2320-1 CVE-2014-3165, CVE-2014-3166, CVE-2014-3167, https://launchpad.net/bugs/1356372 Package Information: https://launchpad.net/ubuntu/+source/oxide-qt/1.0.5-0ubuntu0.14.04.1 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201408-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Chromium: Multiple vulnerabilities Date: August 30, 2014 Bugs: #504328, #504890, #507212, #508788, #510288, #510904, #512944, #517304, #519788, #521276 ID: 201408-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Chromium, the worst of which can allow remote attackers to execute arbitrary code. Background ========== Chromium is an open-source web browser project. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/chromium < 37.0.2062.94 >= 37.0.2062.94 Description =========== Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could conduct a number of attacks which include: cross site scripting attacks, bypassing of sandbox protection, potential execution of arbitrary code with the privileges of the process, or cause a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All chromium users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-client/chromium-37.0.2062.94" References ========== [ 1 ] CVE-2014-1741 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1741 [ 2 ] CVE-2014-0538 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0538 [ 3 ] CVE-2014-1700 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1700 [ 4 ] CVE-2014-1701 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1701 [ 5 ] CVE-2014-1702 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1702 [ 6 ] CVE-2014-1703 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1703 [ 7 ] CVE-2014-1704 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1704 [ 8 ] CVE-2014-1705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1705 [ 9 ] CVE-2014-1713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1713 [ 10 ] CVE-2014-1714 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1714 [ 11 ] CVE-2014-1715 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1715 [ 12 ] CVE-2014-1716 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1716 [ 13 ] CVE-2014-1717 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1717 [ 14 ] CVE-2014-1718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1718 [ 15 ] CVE-2014-1719 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1719 [ 16 ] CVE-2014-1720 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1720 [ 17 ] CVE-2014-1721 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1721 [ 18 ] CVE-2014-1722 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1722 [ 19 ] CVE-2014-1723 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1723 [ 20 ] CVE-2014-1724 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1724 [ 21 ] CVE-2014-1725 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1725 [ 22 ] CVE-2014-1726 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1726 [ 23 ] CVE-2014-1727 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1727 [ 24 ] CVE-2014-1728 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1728 [ 25 ] CVE-2014-1729 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1729 [ 26 ] CVE-2014-1730 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1730 [ 27 ] CVE-2014-1731 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1731 [ 28 ] CVE-2014-1732 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1732 [ 29 ] CVE-2014-1733 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1733 [ 30 ] CVE-2014-1734 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1734 [ 31 ] CVE-2014-1735 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1735 [ 32 ] CVE-2014-1740 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1740 [ 33 ] CVE-2014-1742 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1742 [ 34 ] CVE-2014-1743 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1743 [ 35 ] CVE-2014-1744 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1744 [ 36 ] CVE-2014-1745 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1745 [ 37 ] CVE-2014-1746 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1746 [ 38 ] CVE-2014-1747 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1747 [ 39 ] CVE-2014-1748 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1748 [ 40 ] CVE-2014-1749 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1749 [ 41 ] CVE-2014-3154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3154 [ 42 ] CVE-2014-3155 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3155 [ 43 ] CVE-2014-3156 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3156 [ 44 ] CVE-2014-3157 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3157 [ 45 ] CVE-2014-3160 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3160 [ 46 ] CVE-2014-3162 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3162 [ 47 ] CVE-2014-3165 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3165 [ 48 ] CVE-2014-3166 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3166 [ 49 ] CVE-2014-3167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3167 [ 50 ] CVE-2014-3168 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3168 [ 51 ] CVE-2014-3169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3169 [ 52 ] CVE-2014-3170 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3170 [ 53 ] CVE-2014-3171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3171 [ 54 ] CVE-2014-3172 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3172 [ 55 ] CVE-2014-3173 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3173 [ 56 ] CVE-2014-3174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3174 [ 57 ] CVE-2014-3175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3175 [ 58 ] CVE-2014-3176 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3176 [ 59 ] CVE-2014-3177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3177 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201408-16.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Buffer overflow in the Java GUI Configuration Wizard and Preferences Editor in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.2.5.2, 6.3.x before 6.3.2, and 6.4.x before 6.4.2 on Windows and OS X allows local users to cause a denial of service (application crash or hang) via unspecified vectors. IBM Tivoli Storage Manager is prone to local denial-of-service vulnerability. Successful exploits will allow local attackers to cause a denial-of-service conditions. The solution supports data protection, space management and archiving, business recovery and disaster recovery, etc. A local attacker could exploit this vulnerability to cause a denial of service (application crash or hang). The following versions are affected: IBM TSM 5.x and 6.x prior to 6.2.5.2, 6.3.x prior to 6.3.2, and 6.4.x prior to 6.4.2

Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2014-0540, CVE-2014-0542, CVE-2014-0544, and CVE-2014-0545. This vulnerability CVE-2014-0540 , CVE-2014-0542 , CVE-2014-0544 ,and CVE-2014-0545 Is a different vulnerability.By the attacker, ASLR Protection mechanisms may be bypassed. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition or bypass security restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.400" References ========== [ 1 ] CVE-2014-0538 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0538 [ 2 ] CVE-2014-0540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0540 [ 3 ] CVE-2014-0541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0541 [ 4 ] CVE-2014-0542 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0542 [ 5 ] CVE-2014-0543 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0543 [ 6 ] CVE-2014-0544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0544 [ 7 ] CVE-2014-0545 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0545 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201408-05.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2014:1051-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1051.html Issue date: 2014-08-13 CVE Names: CVE-2014-0538 CVE-2014-0540 CVE-2014-0541 CVE-2014-0542 CVE-2014-0543 CVE-2014-0544 CVE-2014-0545 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-18, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1129417 - CVE-2014-0538 CVE-2014-0540 CVE-2014-0541 CVE-2014-0542 CVE-2014-0543 CVE-2014-0544 CVE-2014-0545 flash-plugin: multiple code execution or security bypass flaws (APSB14-18) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.400-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.400-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.400-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.400-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.400-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.400-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.400-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.400-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.400-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.400-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0538.html https://www.redhat.com/security/data/cve/CVE-2014-0540.html https://www.redhat.com/security/data/cve/CVE-2014-0541.html https://www.redhat.com/security/data/cve/CVE-2014-0542.html https://www.redhat.com/security/data/cve/CVE-2014-0543.html https://www.redhat.com/security/data/cve/CVE-2014-0544.html https://www.redhat.com/security/data/cve/CVE-2014-0545.html https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb14-18.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT6zTMXlSAg2UNWIIRAtSnAJ9+yGavVPR3qd6dZNzYNhI8/lnU4ACglJa2 HwPgN+pLH+y7niDc/WkXmts= =OxJY -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2014-0540, CVE-2014-0543, CVE-2014-0544, and CVE-2014-0545. This vulnerability CVE-2014-0540 , CVE-2014-0543 , CVE-2014-0544 ,and CVE-2014-0545 Is a different vulnerability.By the attacker, ASLR Protection mechanisms may be bypassed. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition or bypass security restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.400" References ========== [ 1 ] CVE-2014-0538 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0538 [ 2 ] CVE-2014-0540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0540 [ 3 ] CVE-2014-0541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0541 [ 4 ] CVE-2014-0542 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0542 [ 5 ] CVE-2014-0543 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0543 [ 6 ] CVE-2014-0544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0544 [ 7 ] CVE-2014-0545 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0545 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201408-05.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2014:1051-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1051.html Issue date: 2014-08-13 CVE Names: CVE-2014-0538 CVE-2014-0540 CVE-2014-0541 CVE-2014-0542 CVE-2014-0543 CVE-2014-0544 CVE-2014-0545 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-18, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1129417 - CVE-2014-0538 CVE-2014-0540 CVE-2014-0541 CVE-2014-0542 CVE-2014-0543 CVE-2014-0544 CVE-2014-0545 flash-plugin: multiple code execution or security bypass flaws (APSB14-18) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.400-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.400-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.400-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.400-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.400-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.400-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.400-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.400-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.400-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.400-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0538.html https://www.redhat.com/security/data/cve/CVE-2014-0540.html https://www.redhat.com/security/data/cve/CVE-2014-0541.html https://www.redhat.com/security/data/cve/CVE-2014-0542.html https://www.redhat.com/security/data/cve/CVE-2014-0543.html https://www.redhat.com/security/data/cve/CVE-2014-0544.html https://www.redhat.com/security/data/cve/CVE-2014-0545.html https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb14-18.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT6zTMXlSAg2UNWIIRAtSnAJ9+yGavVPR3qd6dZNzYNhI8/lnU4ACglJa2 HwPgN+pLH+y7niDc/WkXmts= =OxJY -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 allow attackers to bypass intended access restrictions via unspecified vectors. Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Security flaws exist in several Adobe products. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition or bypass security restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.400" References ========== [ 1 ] CVE-2014-0538 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0538 [ 2 ] CVE-2014-0540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0540 [ 3 ] CVE-2014-0541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0541 [ 4 ] CVE-2014-0542 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0542 [ 5 ] CVE-2014-0543 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0543 [ 6 ] CVE-2014-0544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0544 [ 7 ] CVE-2014-0545 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0545 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201408-05.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2014:1051-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1051.html Issue date: 2014-08-13 CVE Names: CVE-2014-0538 CVE-2014-0540 CVE-2014-0541 CVE-2014-0542 CVE-2014-0543 CVE-2014-0544 CVE-2014-0545 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-18, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2014-0538, CVE-2014-0540, CVE-2014-0541, CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, CVE-2014-0545) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.400. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1129417 - CVE-2014-0538 CVE-2014-0540 CVE-2014-0541 CVE-2014-0542 CVE-2014-0543 CVE-2014-0544 CVE-2014-0545 flash-plugin: multiple code execution or security bypass flaws (APSB14-18) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.400-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.400-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.400-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.400-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.400-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.400-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.400-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.400-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.400-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.400-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0538.html https://www.redhat.com/security/data/cve/CVE-2014-0540.html https://www.redhat.com/security/data/cve/CVE-2014-0541.html https://www.redhat.com/security/data/cve/CVE-2014-0542.html https://www.redhat.com/security/data/cve/CVE-2014-0543.html https://www.redhat.com/security/data/cve/CVE-2014-0544.html https://www.redhat.com/security/data/cve/CVE-2014-0545.html https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb14-18.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT6zTMXlSAg2UNWIIRAtSnAJ9+yGavVPR3qd6dZNzYNhI8/lnU4ACglJa2 HwPgN+pLH+y7niDc/WkXmts= =OxJY -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2014-0540, CVE-2014-0542, CVE-2014-0543, and CVE-2014-0544. This vulnerability CVE-2014-0540 , CVE-2014-0542 , CVE-2014-0543 ,and CVE-2014-0544 Is a different vulnerability.By the attacker, ASLR Protection mechanisms may be bypassed. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition or bypass security restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.400" References ========== [ 1 ] CVE-2014-0538 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0538 [ 2 ] CVE-2014-0540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0540 [ 3 ] CVE-2014-0541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0541 [ 4 ] CVE-2014-0542 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0542 [ 5 ] CVE-2014-0543 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0543 [ 6 ] CVE-2014-0544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0544 [ 7 ] CVE-2014-0545 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0545 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201408-05.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2014:1051-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1051.html Issue date: 2014-08-13 CVE Names: CVE-2014-0538 CVE-2014-0540 CVE-2014-0541 CVE-2014-0542 CVE-2014-0543 CVE-2014-0544 CVE-2014-0545 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-18, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1129417 - CVE-2014-0538 CVE-2014-0540 CVE-2014-0541 CVE-2014-0542 CVE-2014-0543 CVE-2014-0544 CVE-2014-0545 flash-plugin: multiple code execution or security bypass flaws (APSB14-18) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.400-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.400-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.400-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.400-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.400-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.400-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.400-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.400-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.400-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.400-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0538.html https://www.redhat.com/security/data/cve/CVE-2014-0540.html https://www.redhat.com/security/data/cve/CVE-2014-0541.html https://www.redhat.com/security/data/cve/CVE-2014-0542.html https://www.redhat.com/security/data/cve/CVE-2014-0543.html https://www.redhat.com/security/data/cve/CVE-2014-0544.html https://www.redhat.com/security/data/cve/CVE-2014-0545.html https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb14-18.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT6zTMXlSAg2UNWIIRAtSnAJ9+yGavVPR3qd6dZNzYNhI8/lnU4ACglJa2 HwPgN+pLH+y7niDc/WkXmts= =OxJY -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2014-0540, CVE-2014-0542, CVE-2014-0543, and CVE-2014-0545. This vulnerability CVE-2014-0540 , CVE-2014-0542 , CVE-2014-0543 ,and CVE-2014-0545 Is a different vulnerability.By the attacker, ASLR Protection mechanisms may be bypassed. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition or bypass security restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.400" References ========== [ 1 ] CVE-2014-0538 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0538 [ 2 ] CVE-2014-0540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0540 [ 3 ] CVE-2014-0541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0541 [ 4 ] CVE-2014-0542 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0542 [ 5 ] CVE-2014-0543 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0543 [ 6 ] CVE-2014-0544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0544 [ 7 ] CVE-2014-0545 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0545 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201408-05.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2014:1051-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1051.html Issue date: 2014-08-13 CVE Names: CVE-2014-0538 CVE-2014-0540 CVE-2014-0541 CVE-2014-0542 CVE-2014-0543 CVE-2014-0544 CVE-2014-0545 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-18, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1129417 - CVE-2014-0538 CVE-2014-0540 CVE-2014-0541 CVE-2014-0542 CVE-2014-0543 CVE-2014-0544 CVE-2014-0545 flash-plugin: multiple code execution or security bypass flaws (APSB14-18) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.400-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.400-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.400-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.400-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.400-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.400-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.400-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.400-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.400-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.400-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0538.html https://www.redhat.com/security/data/cve/CVE-2014-0540.html https://www.redhat.com/security/data/cve/CVE-2014-0541.html https://www.redhat.com/security/data/cve/CVE-2014-0542.html https://www.redhat.com/security/data/cve/CVE-2014-0543.html https://www.redhat.com/security/data/cve/CVE-2014-0544.html https://www.redhat.com/security/data/cve/CVE-2014-0545.html https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb14-18.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT6zTMXlSAg2UNWIIRAtSnAJ9+yGavVPR3qd6dZNzYNhI8/lnU4ACglJa2 HwPgN+pLH+y7niDc/WkXmts= =OxJY -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, and CVE-2014-0545. This vulnerability CVE-2014-0542 , CVE-2014-0543 , CVE-2014-0544 ,and CVE-2014-0545 Is a different vulnerability.By the attacker, ASLR Protection mechanisms may be bypassed. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of Vector objects. By manipulating Vector objects an attacker can read arbitrary memory. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition or bypass security restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.400" References ========== [ 1 ] CVE-2014-0538 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0538 [ 2 ] CVE-2014-0540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0540 [ 3 ] CVE-2014-0541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0541 [ 4 ] CVE-2014-0542 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0542 [ 5 ] CVE-2014-0543 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0543 [ 6 ] CVE-2014-0544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0544 [ 7 ] CVE-2014-0545 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0545 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201408-05.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2014:1051-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1051.html Issue date: 2014-08-13 CVE Names: CVE-2014-0538 CVE-2014-0540 CVE-2014-0541 CVE-2014-0542 CVE-2014-0543 CVE-2014-0544 CVE-2014-0545 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-18, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1129417 - CVE-2014-0538 CVE-2014-0540 CVE-2014-0541 CVE-2014-0542 CVE-2014-0543 CVE-2014-0544 CVE-2014-0545 flash-plugin: multiple code execution or security bypass flaws (APSB14-18) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.400-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.400-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.400-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.400-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.400-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.400-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.400-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.400-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.400-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.400-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0538.html https://www.redhat.com/security/data/cve/CVE-2014-0540.html https://www.redhat.com/security/data/cve/CVE-2014-0541.html https://www.redhat.com/security/data/cve/CVE-2014-0542.html https://www.redhat.com/security/data/cve/CVE-2014-0543.html https://www.redhat.com/security/data/cve/CVE-2014-0544.html https://www.redhat.com/security/data/cve/CVE-2014-0545.html https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb14-18.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT6zTMXlSAg2UNWIIRAtSnAJ9+yGavVPR3qd6dZNzYNhI8/lnU4ACglJa2 HwPgN+pLH+y7niDc/WkXmts= =OxJY -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 allows attackers to execute arbitrary code via unspecified vectors. Adobe Flash Player and AIR are prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. A use-after-free vulnerability exists in several Adobe products. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition or bypass security restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.400" References ========== [ 1 ] CVE-2014-0538 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0538 [ 2 ] CVE-2014-0540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0540 [ 3 ] CVE-2014-0541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0541 [ 4 ] CVE-2014-0542 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0542 [ 5 ] CVE-2014-0543 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0543 [ 6 ] CVE-2014-0544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0544 [ 7 ] CVE-2014-0545 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0545 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201408-05.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2014:1051-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1051.html Issue date: 2014-08-13 CVE Names: CVE-2014-0538 CVE-2014-0540 CVE-2014-0541 CVE-2014-0542 CVE-2014-0543 CVE-2014-0544 CVE-2014-0545 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security Bulletin APSB14-18, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1129417 - CVE-2014-0538 CVE-2014-0540 CVE-2014-0541 CVE-2014-0542 CVE-2014-0543 CVE-2014-0544 CVE-2014-0545 flash-plugin: multiple code execution or security bypass flaws (APSB14-18) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.400-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.400-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.400-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.400-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.400-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.400-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.400-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.400-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.400-1.el6.i686.rpm x86_64: flash-plugin-11.2.202.400-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2014-0538.html https://www.redhat.com/security/data/cve/CVE-2014-0540.html https://www.redhat.com/security/data/cve/CVE-2014-0541.html https://www.redhat.com/security/data/cve/CVE-2014-0542.html https://www.redhat.com/security/data/cve/CVE-2014-0543.html https://www.redhat.com/security/data/cve/CVE-2014-0544.html https://www.redhat.com/security/data/cve/CVE-2014-0545.html https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb14-18.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFT6zTMXlSAg2UNWIIRAtSnAJ9+yGavVPR3qd6dZNzYNhI8/lnU4ACglJa2 HwPgN+pLH+y7niDc/WkXmts= =OxJY -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Background ========== Chromium is an open-source web browser project

The CTIManager module in Cisco Unified Communications Manager (CM) 10.0(1), when single sign-on is enabled, does not properly validate Kerberos SSO tokens, which allows remote authenticated users to gain privileges and execute arbitrary commands via crafted token data, aka Bug ID CSCum95491. Cisco Unified Communications Manager is prone to a remote command-injection vulnerability because it fails to properly sanitize user-supplied input. Successfully exploiting this issue may allow an attacker to execute arbitrary commands in context of the affected application. This issue is being tracked by Cisco bug ID CSCum95491. Cisco Unified Communications Manager (CUCM, Unified CM, CallManager) is a call processing component in a unified communication system of Cisco (Cisco). This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. There is a security vulnerability in the CTIManager module of Cisco Unified CM version 10.0(1)

The SIP implementation in Cisco Unified Communications Manager (CM) 8.6(.2) and earlier allows remote authenticated users to cause a denial of service (process crash) via a crafted SIP message that is not properly handled during processing of an XML document, aka Bug ID CSCtq76428. Attackers can exploit this issue to cause a process to crash, resulting in a denial of service condition. This issue is being tracked by Cisco Bug ID CSCtq76428. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. The vulnerability is caused by the SIP subsystem not properly handling XML documents

D-Link DNS-315L, DNS-320L, DNS-327L, DNS-340L, and DNS-345 are NAS network storage devices. Multiple D-Link products 'login_mgr.cgi' have remote command injection vulnerabilities that allow an attacker to exploit a vulnerability to execute arbitrary commands in the context of an affected device. Multiple D-Link Products are prone to a command-injection vulnerability. Failed exploit attempts will likely result in denial-of-service conditions

Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitrary code via a series of "cpw -keepold" commands. MIT kerberos 5 is prone to a buffer overflow vulnerability due to a out-of-bounds write memory access condition. Attackers can exploit this issue to execute arbitrary code within the context of the user. Failed attempts will likely cause a denial-of-service condition. MIT kerberos 5 1.6 through 1.12.1 are vulnerable. ========================================================================== Ubuntu Security Notice USN-2310-1 August 11, 2014 krb5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: Several security issues were fixed in Kerberos. This issue only affected Ubuntu 12.04 LTS. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2014-4344) Tomas Kuthan and Greg Hudson discovered that the Kerberos kadmind daemon incorrectly handled buffers when used with the LDAP backend. (CVE-2014-4345) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: krb5-admin-server 1.12+dfsg-2ubuntu4.2 krb5-kdc 1.12+dfsg-2ubuntu4.2 krb5-kdc-ldap 1.12+dfsg-2ubuntu4.2 krb5-otp 1.12+dfsg-2ubuntu4.2 krb5-pkinit 1.12+dfsg-2ubuntu4.2 krb5-user 1.12+dfsg-2ubuntu4.2 libgssapi-krb5-2 1.12+dfsg-2ubuntu4.2 libgssrpc4 1.12+dfsg-2ubuntu4.2 libk5crypto3 1.12+dfsg-2ubuntu4.2 libkadm5clnt-mit9 1.12+dfsg-2ubuntu4.2 libkadm5srv-mit9 1.12+dfsg-2ubuntu4.2 libkdb5-7 1.12+dfsg-2ubuntu4.2 libkrad0 1.12+dfsg-2ubuntu4.2 libkrb5-3 1.12+dfsg-2ubuntu4.2 libkrb5support0 1.12+dfsg-2ubuntu4.2 Ubuntu 12.04 LTS: krb5-admin-server 1.10+dfsg~beta1-2ubuntu0.5 krb5-kdc 1.10+dfsg~beta1-2ubuntu0.5 krb5-kdc-ldap 1.10+dfsg~beta1-2ubuntu0.5 krb5-pkinit 1.10+dfsg~beta1-2ubuntu0.5 krb5-user 1.10+dfsg~beta1-2ubuntu0.5 libgssapi-krb5-2 1.10+dfsg~beta1-2ubuntu0.5 libgssrpc4 1.10+dfsg~beta1-2ubuntu0.5 libk5crypto3 1.10+dfsg~beta1-2ubuntu0.5 libkadm5clnt-mit8 1.10+dfsg~beta1-2ubuntu0.5 libkadm5srv-mit8 1.10+dfsg~beta1-2ubuntu0.5 libkdb5-6 1.10+dfsg~beta1-2ubuntu0.5 libkrb5-3 1.10+dfsg~beta1-2ubuntu0.5 libkrb5support0 1.10+dfsg~beta1-2ubuntu0.5 Ubuntu 10.04 LTS: krb5-admin-server 1.8.1+dfsg-2ubuntu0.13 krb5-kdc 1.8.1+dfsg-2ubuntu0.13 krb5-kdc-ldap 1.8.1+dfsg-2ubuntu0.13 krb5-pkinit 1.8.1+dfsg-2ubuntu0.13 krb5-user 1.8.1+dfsg-2ubuntu0.13 libgssapi-krb5-2 1.8.1+dfsg-2ubuntu0.13 libgssrpc4 1.8.1+dfsg-2ubuntu0.13 libk5crypto3 1.8.1+dfsg-2ubuntu0.13 libkadm5clnt-mit7 1.8.1+dfsg-2ubuntu0.13 libkadm5srv-mit7 1.8.1+dfsg-2ubuntu0.13 libkdb5-4 1.8.1+dfsg-2ubuntu0.13 libkrb5-3 1.8.1+dfsg-2ubuntu0.13 libkrb5support0 1.8.1+dfsg-2ubuntu0.13 In general, a standard system update will make all the necessary changes. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFUBa7NmqjQ0CJFipgRAlcfAJ4hqeYaZE247yCwWqEKlQcmHK4yNQCeIwSx j3hOjffJ+uTIc659WvlF8SI= =TECv -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 MITKRB5-SA-2014-001 MIT krb5 Security Advisory 2014-001 Original release: 2014-08-07 Last update: 2014-08-07 Topic: Buffer overrun in kadmind with LDAP backend CVSSv2 Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C CVSSv2 Base Score: 8.5 Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete CVSSv2 Temporal Score: 6.7 Exploitability: Proof-of-Concept Remediation Level: Official Fix Report Confidence: Confirmed SUMMARY ======= In MIT krb5, when kadmind is configured to use LDAP for the KDC database, an authenticated remote attacker can cause it to perform an out-of-bounds write (buffer overflow). This is not a protocol vulnerability. Using LDAP for the KDC database is a non-default configuration for the KDC. IMPACT ====== Historically, it has been possible to convert an out-of-bounds write into remote code execution in some cases, though the necessary exploits must be tailored to the individual application and are usually quite complicated. Depending on the allocated length of the array, an out-of-bounds write may also cause a segmentation fault and/or application crash. Releases of MIT krb5 prior to 1.6 did not provide the ability to use LDAP for the KDB backend. FIXES ===== * Workaround: disable or restrict access to kadmind until a patched version can be installed. This will prevent principal creation, password changes, keytab updates, and other administrative operations. * The krb5-1.12.2 and krb5-1.11.6 releases will contain a fix for this vulnerability. diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c index ce851ea..df5934c 100644 - --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c @@ -456,7 +456,8 @@ krb5_encode_krbsecretkey(krb5_key_data *key_data_in, int n_key_data, j++; last = i + 1; - - currkvno = key_data[i].key_data_kvno; + if (i < n_key_data - 1) + currkvno = key_data[i + 1].key_data_kvno; } } ret[num_versions] = NULL; This patch is also available at http://web.mit.edu/kerberos/advisories/2014-001-patch.txt A PGP-signed patch is available at http://web.mit.edu/kerberos/advisories/2014-001-patch.txt.asc REFERENCES ========== This announcement is posted at: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2014-001.txt This announcement and related security advisories may be found on the MIT Kerberos security advisory page at: http://web.mit.edu/kerberos/advisories/index.html The main MIT Kerberos web page is at: http://web.mit.edu/kerberos/index.html CVSSv2: http://www.first.org/cvss/cvss-guide.html http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2 CVE: CVE-2014-4345 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345 ACKNOWLEDGMENTS =============== This off-by-one error was reported by Tomas Kuthan as github pull request #181 and recognized as a vulnerability by Greg Hudson. When sending sensitive information, please PGP-encrypt it using the following key: pub 2048R/C436A9C6 2014-01-07 [expires: 2015-02-01] Key fingerprint = 1849 02FF 0CA8 A385 F28D 2E7E 2AF0 C1EA C436 A9C6 uid MIT Kerberos Team Security Contact <krbcore-security@mit.edu> DETAILS ======= The 'cpw -keepold' functionality allows for the existing keys to be retained at password-change (or keytab-change) time, instead of being discarded as usual. An array must be allocated to store all the old keys, as well as the new keys and a NULL terminator. In normal operation, all the keys for a single kvno will share an array slot. An off-by-one error while copying key information to the new array results in keys sharing a common kvno being written to different array buckets, with the first key of a kvno betting a single bucket, and the remaining keys getting the next bucket. After sufficient iterations, the extra writes extend past the end of the (NULL-terminated) array. The NULL terminator is always written after the end of the loop, so no out-of-bounds data is read, it is only written. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-crypt/mit-krb5 < 1.13 >= 1.13 Description =========== Multiple vulnerabilities have been discovered in MIT Kerberos 5. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All MIT Kerberos 5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-crypt/mit-krb5-1.13" References ========== [ 1 ] CVE-2014-4341 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4341 [ 2 ] CVE-2014-4343 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4343 [ 3 ] CVE-2014-4345 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4345 [ 4 ] CVE-2014-5351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5351 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201412-53.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . After installing the updated packages, the krb5kdc and kadmind daemons will be restarted automatically. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: krb5 security and bug fix update Advisory ID: RHSA-2014:1389-02 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1389.html Issue date: 2014-10-14 CVE Names: CVE-2013-1418 CVE-2013-6800 CVE-2014-4341 CVE-2014-4342 CVE-2014-4343 CVE-2014-4344 CVE-2014-4345 ===================================================================== 1. Summary: Updated krb5 packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 3. Description: Kerberos is a networked authentication system which allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos KDC. It was found that if a KDC served multiple realms, certain requests could cause the setup_server_realm() function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. (CVE-2013-1418, CVE-2013-6800) A NULL pointer dereference flaw was found in the MIT Kerberos SPNEGO acceptor for continuation tokens. A remote, unauthenticated attacker could use this flaw to crash a GSSAPI-enabled server application. (CVE-2014-4344) A buffer overflow was found in the KADM5 administration server (kadmind) when it was used with an LDAP back end for the KDC database. (CVE-2014-4345) Two buffer over-read flaws were found in the way MIT Kerberos handled certain requests. A remote, unauthenticated attacker who is able to inject packets into a client or server application's GSSAPI session could use either of these flaws to crash the application. An attacker able to spoof packets to appear as though they are from an GSSAPI acceptor could use this flaw to crash a client application that uses MIT Kerberos. (CVE-2014-4343) These updated krb5 packages also include several bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.6 Technical Notes, linked to in the References section, for information on the most significant of these changes. All krb5 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1001961 - Wrong obsoletes in krb5-pkinit-openssl 1009389 - service krb5kdc start unable to get default realm 1026942 - CVE-2013-1418 krb5: multi-realm KDC null dereference leads to crash 1031499 - CVE-2013-6800 krb5: KDC remote DoS (NULL pointer dereference and daemon crash) 1059730 - Kerberos does not handle incorrect Active Directory DNS SRV entries correctly 1087068 - 0006526: GSS api stopped working properly after krb5 update 1113652 - trusted domain logins cannot find KDC for requested realm 1116180 - CVE-2014-4341 krb5: denial of service flaws when handling padding length longer than the plaintext 1120581 - CVE-2014-4342 krb5: denial of service flaws when handling RFC 1964 tokens 1121876 - CVE-2014-4343 krb5: double-free flaw in SPNEGO initiators 1121877 - CVE-2014-4344 krb5: NULL pointer dereference flaw in SPNEGO acceptor for continuation tokens 1128157 - CVE-2014-4345 krb5: buffer overrun in kadmind with LDAP backend (MITKRB5-SA-2014-001) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: krb5-1.10.3-33.el6.src.rpm i386: krb5-debuginfo-1.10.3-33.el6.i686.rpm krb5-libs-1.10.3-33.el6.i686.rpm krb5-pkinit-openssl-1.10.3-33.el6.i686.rpm krb5-workstation-1.10.3-33.el6.i686.rpm x86_64: krb5-debuginfo-1.10.3-33.el6.i686.rpm krb5-debuginfo-1.10.3-33.el6.x86_64.rpm krb5-libs-1.10.3-33.el6.i686.rpm krb5-libs-1.10.3-33.el6.x86_64.rpm krb5-pkinit-openssl-1.10.3-33.el6.x86_64.rpm krb5-workstation-1.10.3-33.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: krb5-debuginfo-1.10.3-33.el6.i686.rpm krb5-devel-1.10.3-33.el6.i686.rpm krb5-server-1.10.3-33.el6.i686.rpm krb5-server-ldap-1.10.3-33.el6.i686.rpm x86_64: krb5-debuginfo-1.10.3-33.el6.i686.rpm krb5-debuginfo-1.10.3-33.el6.x86_64.rpm krb5-devel-1.10.3-33.el6.i686.rpm krb5-devel-1.10.3-33.el6.x86_64.rpm krb5-server-1.10.3-33.el6.x86_64.rpm krb5-server-ldap-1.10.3-33.el6.i686.rpm krb5-server-ldap-1.10.3-33.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: krb5-1.10.3-33.el6.src.rpm x86_64: krb5-debuginfo-1.10.3-33.el6.i686.rpm krb5-debuginfo-1.10.3-33.el6.x86_64.rpm krb5-libs-1.10.3-33.el6.i686.rpm krb5-libs-1.10.3-33.el6.x86_64.rpm krb5-pkinit-openssl-1.10.3-33.el6.x86_64.rpm krb5-workstation-1.10.3-33.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: krb5-debuginfo-1.10.3-33.el6.i686.rpm krb5-debuginfo-1.10.3-33.el6.x86_64.rpm krb5-devel-1.10.3-33.el6.i686.rpm krb5-devel-1.10.3-33.el6.x86_64.rpm krb5-server-1.10.3-33.el6.x86_64.rpm krb5-server-ldap-1.10.3-33.el6.i686.rpm krb5-server-ldap-1.10.3-33.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: krb5-1.10.3-33.el6.src.rpm i386: krb5-debuginfo-1.10.3-33.el6.i686.rpm krb5-devel-1.10.3-33.el6.i686.rpm krb5-libs-1.10.3-33.el6.i686.rpm krb5-pkinit-openssl-1.10.3-33.el6.i686.rpm krb5-server-1.10.3-33.el6.i686.rpm krb5-server-ldap-1.10.3-33.el6.i686.rpm krb5-workstation-1.10.3-33.el6.i686.rpm ppc64: krb5-debuginfo-1.10.3-33.el6.ppc.rpm krb5-debuginfo-1.10.3-33.el6.ppc64.rpm krb5-devel-1.10.3-33.el6.ppc.rpm krb5-devel-1.10.3-33.el6.ppc64.rpm krb5-libs-1.10.3-33.el6.ppc.rpm krb5-libs-1.10.3-33.el6.ppc64.rpm krb5-pkinit-openssl-1.10.3-33.el6.ppc64.rpm krb5-server-1.10.3-33.el6.ppc64.rpm krb5-server-ldap-1.10.3-33.el6.ppc.rpm krb5-server-ldap-1.10.3-33.el6.ppc64.rpm krb5-workstation-1.10.3-33.el6.ppc64.rpm s390x: krb5-debuginfo-1.10.3-33.el6.s390.rpm krb5-debuginfo-1.10.3-33.el6.s390x.rpm krb5-devel-1.10.3-33.el6.s390.rpm krb5-devel-1.10.3-33.el6.s390x.rpm krb5-libs-1.10.3-33.el6.s390.rpm krb5-libs-1.10.3-33.el6.s390x.rpm krb5-pkinit-openssl-1.10.3-33.el6.s390x.rpm krb5-server-1.10.3-33.el6.s390x.rpm krb5-server-ldap-1.10.3-33.el6.s390.rpm krb5-server-ldap-1.10.3-33.el6.s390x.rpm krb5-workstation-1.10.3-33.el6.s390x.rpm x86_64: krb5-debuginfo-1.10.3-33.el6.i686.rpm krb5-debuginfo-1.10.3-33.el6.x86_64.rpm krb5-devel-1.10.3-33.el6.i686.rpm krb5-devel-1.10.3-33.el6.x86_64.rpm krb5-libs-1.10.3-33.el6.i686.rpm krb5-libs-1.10.3-33.el6.x86_64.rpm krb5-pkinit-openssl-1.10.3-33.el6.x86_64.rpm krb5-server-1.10.3-33.el6.x86_64.rpm krb5-server-ldap-1.10.3-33.el6.i686.rpm krb5-server-ldap-1.10.3-33.el6.x86_64.rpm krb5-workstation-1.10.3-33.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: krb5-1.10.3-33.el6.src.rpm i386: krb5-debuginfo-1.10.3-33.el6.i686.rpm krb5-devel-1.10.3-33.el6.i686.rpm krb5-libs-1.10.3-33.el6.i686.rpm krb5-pkinit-openssl-1.10.3-33.el6.i686.rpm krb5-server-1.10.3-33.el6.i686.rpm krb5-server-ldap-1.10.3-33.el6.i686.rpm krb5-workstation-1.10.3-33.el6.i686.rpm x86_64: krb5-debuginfo-1.10.3-33.el6.i686.rpm krb5-debuginfo-1.10.3-33.el6.x86_64.rpm krb5-devel-1.10.3-33.el6.i686.rpm krb5-devel-1.10.3-33.el6.x86_64.rpm krb5-libs-1.10.3-33.el6.i686.rpm krb5-libs-1.10.3-33.el6.x86_64.rpm krb5-pkinit-openssl-1.10.3-33.el6.x86_64.rpm krb5-server-1.10.3-33.el6.x86_64.rpm krb5-server-ldap-1.10.3-33.el6.i686.rpm krb5-server-ldap-1.10.3-33.el6.x86_64.rpm krb5-workstation-1.10.3-33.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-1418.html https://www.redhat.com/security/data/cve/CVE-2013-6800.html https://www.redhat.com/security/data/cve/CVE-2014-4341.html https://www.redhat.com/security/data/cve/CVE-2014-4342.html https://www.redhat.com/security/data/cve/CVE-2014-4343.html https://www.redhat.com/security/data/cve/CVE-2014-4344.html https://www.redhat.com/security/data/cve/CVE-2014-4345.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.6_Technical_Notes/krb5.html#RHSA-2014-1389 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUPKtIXlSAg2UNWIIRAvWWAKCIPvD42qwV6OJacP3t/NqhesvYDQCgwaB6 OijTyj8pzslkZpZbdIFkl6E= =ZvXN -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

SQL injection vulnerability in the web framework in Cisco Unity Connection 9.1(2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted request, aka Bug ID CSCuq31016. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue is being tracked by Cisco Bug ID CSCuq31016. The platform can use voice commands to make calls or listen to messages "hands-free"

Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the authentication of users for requests that (1) modify configurations, (2) send SMS messages, or have other unspecified impact via unknown vectors. Huawei HiLink is a new and simpler network card that Huawei has introduced. Huawei HiLink E3236 and E3276 are prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks. Both Huawei HiLink E3276 and E3236 are USB modem products of the Chinese Huawei (Huawei). Cross-site request forgery vulnerabilities exist in several Huawei HiLink products. The following products and versions are affected: Huawei HiLink E3276 and E3236 TCPPU versions prior to V200R002B470D13SP00C00, WebUI versions prior to V100R007B100D03SP01C03, versions prior to E5180s-22 21.270.21.00.00, and versions prior to E586Bs-2 21.322.1089.00.8