VARIoT IoT vulnerabilities database

The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of service (system hang) via a crafted application, aka the errata 793 issue. Vendors report this vulnerability Errata 793 Published as a problem.Denial of service by a local user via a crafted application ( System hang ) May be in a state. AMD 16h Model Processor is prone to a denial-of-service vulnerability. Successful exploits will cause the affected system to hang, denying service to legitimate users. AMD CPU is a CPU processor launched by AMD Corporation of the United States. CVE-2014-9419 It was found that on Linux kernels compiled with the 32 bit interfaces (CONFIG_X86_32) a malicious user program can do a partial ASLR bypass through TLS base addresses leak when attacking other programs. CVE-2014-9529 It was discovered that the Linux kernel is affected by a race condition flaw when doing key garbage collection, allowing local users to cause a denial of service (memory corruption or panic). CVE-2014-9584 It was found that the Linux kernel does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image. For the stable distribution (wheezy), these problems have been fixed in version 3.2.65-1+deb7u1. For the upcoming stable distribution (jessie) and the unstable distribution (sid), these problems will be fixed soon. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201407-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Xen: Multiple Vunlerabilities Date: July 16, 2014 Bugs: #440768, #484478, #486354, #497082, #497084, #497086, #499054, #499124, #500528, #500530, #500536, #501080, #501906, #505714, #509054, #513824 ID: 201407-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Xen, the worst of which could lead to arbitrary code execution. Background ========== Xen is a bare-metal hypervisor. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-emulations/xen < 4.3.2-r4 >= 4.3.2-r4 *>= 4.2.4-r4 2 app-emulations/xen-tools < 4.3.2-r5 >= 4.3.2-r5 *>= 4.2.4-r6 3 app-emulations/xen-pvgrub < 4.3.2 *>= 4.3.2 *>= 4.2.4 ------------------------------------------------------------------- 3 affected packages Description =========== Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker can utilize multiple vectors to execute arbitrary code, cause Denial of Service, or gain access to data on the host. Workaround ========== There is no known workaround at this time. Resolution ========== All Xen 4.3 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulations/xen-4.3.2-r2" All Xen 4.2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulations/xen-4.2.4-r2" All xen-tools 4.3 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-emulations/xen-tools-4.3.2-r2" All xen-tools 4.2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-emulations/xen-tools-4.2.4-r2" All Xen PVGRUB 4.3 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-emulations/xen-pvgrub-4.3.2" All Xen PVGRUB 4.2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-emulations/xen-pvgrub-4.2.4" References ========== [ 1 ] CVE-2013-1442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1442 [ 2 ] CVE-2013-4329 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4329 [ 3 ] CVE-2013-4355 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4355 [ 4 ] CVE-2013-4356 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4356 [ 5 ] CVE-2013-4361 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4361 [ 6 ] CVE-2013-4368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4368 [ 7 ] CVE-2013-4369 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4369 [ 8 ] CVE-2013-4370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4370 [ 9 ] CVE-2013-4371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4371 [ 10 ] CVE-2013-4375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4375 [ 11 ] CVE-2013-4416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4416 [ 12 ] CVE-2013-4494 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4494 [ 13 ] CVE-2013-4551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4551 [ 14 ] CVE-2013-4553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4553 [ 15 ] CVE-2013-4554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4554 [ 16 ] CVE-2013-6375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6375 [ 17 ] CVE-2013-6400 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6400 [ 18 ] CVE-2013-6885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6885 [ 19 ] CVE-2013-6885 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6885 [ 20 ] CVE-2014-1642 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1642 [ 21 ] CVE-2014-1666 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1666 [ 22 ] CVE-2014-1891 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1891 [ 23 ] CVE-2014-1892 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1892 [ 24 ] CVE-2014-1893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1893 [ 25 ] CVE-2014-1894 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1894 [ 26 ] CVE-2014-1895 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1895 [ 27 ] CVE-2014-1896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1896 [ 28 ] CVE-2014-2599 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2599 [ 29 ] CVE-2014-3124 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3124 [ 30 ] CVE-2014-4021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4021 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201407-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2014:0285-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0285.html Issue date: 2014-03-12 CVE Names: CVE-2013-2929 CVE-2013-4483 CVE-2013-4554 CVE-2013-6381 CVE-2013-6383 CVE-2013-6885 CVE-2013-7263 ===================================================================== 1. Summary: Updated kernel packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A buffer overflow flaw was found in the way the qeth_snmp_command() function in the Linux kernel's QETH network device driver implementation handled SNMP IOCTL requests with an out-of-bounds length. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-6381, Important) * A flaw was found in the way the ipc_rcu_putref() function in the Linux kernel's IPC implementation handled reference counter decrementing. A local, unprivileged user could use this flaw to trigger an Out of Memory (OOM) condition and, potentially, crash the system. (CVE-2013-4483, Moderate) * It was found that the Xen hypervisor implementation did not correctly check privileges of hypercall attempts made by HVM guests, allowing hypercalls to be invoked from protection rings 1 and 2 in addition to ring 0. A local attacker in an HVM guest able to execute code on privilege levels 1 and 2 could potentially use this flaw to further escalate their privileges in that guest. Note: Xen HVM guests running unmodified versions of Red Hat Enterprise Linux and Microsoft Windows are not affected by this issue because they are known to only use protection rings 0 (kernel) and 3 (userspace). (CVE-2013-4554, Moderate) * A flaw was found in the way the Linux kernel's Adaptec RAID controller (aacraid) checked permissions of compat IOCTLs. A local attacker could use this flaw to bypass intended security restrictions. (CVE-2013-6383, Moderate) * It was found that, under specific circumstances, a combination of write operations to write-combined memory and locked CPU instructions may cause a core hang on certain AMD CPUs (for more information, refer to AMD CPU erratum 793 linked in the References section). A privileged user in a guest running under the Xen hypervisor could use this flaw to cause a denial of service on the host system. This update adds a workaround to the Xen hypervisor implementation, which mitigates the AMD CPU issue. Non-AMD CPUs are not vulnerable. (CVE-2013-6885, Moderate) * It was found that certain protocol handlers in the Linux kernel's networking implementation could set the addr_len value without initializing the associated data structure. A local, unprivileged user could use this flaw to leak kernel stack memory to user space using the recvmsg, recvfrom, and recvmmsg system calls. (CVE-2013-7263, Low) * A flaw was found in the way the get_dumpable() function return value was interpreted in the ptrace subsystem of the Linux kernel. When 'fs.suid_dumpable' was set to 2, a local, unprivileged local user could use this flaw to bypass intended ptrace restrictions and obtain potentially sensitive information. (CVE-2013-2929, Low) Red Hat would like to thank Vladimir Davydov of Parallels for reporting CVE-2013-4483 and the Xen project for reporting CVE-2013-4554 and CVE-2013-6885. Upstream acknowledges Jan Beulich as the original reporter of CVE-2013-4554 and CVE-2013-6885. This update also fixes several bugs and adds one enhancement. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement. The system must be rebooted for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (https://bugzilla.redhat.com/): 1024854 - CVE-2013-4483 kernel: ipc: ipc_rcu_putref refcount races 1028148 - CVE-2013-2929 kernel: exec/ptrace: get_dumpable() incorrect tests 1029111 - CVE-2013-4554 kernel: xen: hypercalls exposed to privilege rings 1 and 2 of HVM guests 1033530 - CVE-2013-6383 Kernel: AACRAID Driver compat IOCTL missing capability check 1033600 - CVE-2013-6381 Kernel: qeth: buffer overflow in snmp ioctl 1035823 - CVE-2013-6885 hw: AMD CPU erratum may cause core hang 1035875 - CVE-2013-7263 CVE-2013-7265 Kernel: net: leakage of uninitialized memory to user-space via recv syscalls 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-371.6.1.el5.src.rpm i386: kernel-2.6.18-371.6.1.el5.i686.rpm kernel-PAE-2.6.18-371.6.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-371.6.1.el5.i686.rpm kernel-PAE-devel-2.6.18-371.6.1.el5.i686.rpm kernel-debug-2.6.18-371.6.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-371.6.1.el5.i686.rpm kernel-debug-devel-2.6.18-371.6.1.el5.i686.rpm kernel-debuginfo-2.6.18-371.6.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-371.6.1.el5.i686.rpm kernel-devel-2.6.18-371.6.1.el5.i686.rpm kernel-headers-2.6.18-371.6.1.el5.i386.rpm kernel-xen-2.6.18-371.6.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-371.6.1.el5.i686.rpm kernel-xen-devel-2.6.18-371.6.1.el5.i686.rpm noarch: kernel-doc-2.6.18-371.6.1.el5.noarch.rpm x86_64: kernel-2.6.18-371.6.1.el5.x86_64.rpm kernel-debug-2.6.18-371.6.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-371.6.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-371.6.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-371.6.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-371.6.1.el5.x86_64.rpm kernel-devel-2.6.18-371.6.1.el5.x86_64.rpm kernel-headers-2.6.18-371.6.1.el5.x86_64.rpm kernel-xen-2.6.18-371.6.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-371.6.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-371.6.1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-371.6.1.el5.src.rpm i386: kernel-2.6.18-371.6.1.el5.i686.rpm kernel-PAE-2.6.18-371.6.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-371.6.1.el5.i686.rpm kernel-PAE-devel-2.6.18-371.6.1.el5.i686.rpm kernel-debug-2.6.18-371.6.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-371.6.1.el5.i686.rpm kernel-debug-devel-2.6.18-371.6.1.el5.i686.rpm kernel-debuginfo-2.6.18-371.6.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-371.6.1.el5.i686.rpm kernel-devel-2.6.18-371.6.1.el5.i686.rpm kernel-headers-2.6.18-371.6.1.el5.i386.rpm kernel-xen-2.6.18-371.6.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-371.6.1.el5.i686.rpm kernel-xen-devel-2.6.18-371.6.1.el5.i686.rpm ia64: kernel-2.6.18-371.6.1.el5.ia64.rpm kernel-debug-2.6.18-371.6.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-371.6.1.el5.ia64.rpm kernel-debug-devel-2.6.18-371.6.1.el5.ia64.rpm kernel-debuginfo-2.6.18-371.6.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-371.6.1.el5.ia64.rpm kernel-devel-2.6.18-371.6.1.el5.ia64.rpm kernel-headers-2.6.18-371.6.1.el5.ia64.rpm kernel-xen-2.6.18-371.6.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-371.6.1.el5.ia64.rpm kernel-xen-devel-2.6.18-371.6.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-371.6.1.el5.noarch.rpm ppc: kernel-2.6.18-371.6.1.el5.ppc64.rpm kernel-debug-2.6.18-371.6.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-371.6.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-371.6.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-371.6.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-371.6.1.el5.ppc64.rpm kernel-devel-2.6.18-371.6.1.el5.ppc64.rpm kernel-headers-2.6.18-371.6.1.el5.ppc.rpm kernel-headers-2.6.18-371.6.1.el5.ppc64.rpm kernel-kdump-2.6.18-371.6.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-371.6.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-371.6.1.el5.ppc64.rpm s390x: kernel-2.6.18-371.6.1.el5.s390x.rpm kernel-debug-2.6.18-371.6.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-371.6.1.el5.s390x.rpm kernel-debug-devel-2.6.18-371.6.1.el5.s390x.rpm kernel-debuginfo-2.6.18-371.6.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-371.6.1.el5.s390x.rpm kernel-devel-2.6.18-371.6.1.el5.s390x.rpm kernel-headers-2.6.18-371.6.1.el5.s390x.rpm kernel-kdump-2.6.18-371.6.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-371.6.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-371.6.1.el5.s390x.rpm x86_64: kernel-2.6.18-371.6.1.el5.x86_64.rpm kernel-debug-2.6.18-371.6.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-371.6.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-371.6.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-371.6.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-371.6.1.el5.x86_64.rpm kernel-devel-2.6.18-371.6.1.el5.x86_64.rpm kernel-headers-2.6.18-371.6.1.el5.x86_64.rpm kernel-xen-2.6.18-371.6.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-371.6.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-371.6.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-2929.html https://www.redhat.com/security/data/cve/CVE-2013-4483.html https://www.redhat.com/security/data/cve/CVE-2013-4554.html https://www.redhat.com/security/data/cve/CVE-2013-6381.html https://www.redhat.com/security/data/cve/CVE-2013-6383.html https://www.redhat.com/security/data/cve/CVE-2013-6885.html https://www.redhat.com/security/data/cve/CVE-2013-7263.html https://access.redhat.com/security/updates/classification/#important http://support.amd.com/TechDocs/51810_16h_00h-0Fh_Rev_Guide.pdf https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/5/html/5.10_Technical_Notes/kernel.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFTIKllXlSAg2UNWIIRAoE1AKCRsqWRFKokDuMlc5DqDHLfNVvA/wCdHDXK 1A1C4EUJs9uMy4iYcWc1OjI= =ND0O -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

D-Link DAP-1522 is a wireless router product from D-Link. A security bypass vulnerability exists in the D-Link DAP-1522 wireless router. An attacker could use this vulnerability to bypass the authentication mechanism and gain access to the affected device

The Cisco Express Forwarding processing module in Cisco IOS XE allows remote attackers to cause a denial of service (device reload) via crafted MPLS packets that are not properly handled during IP header validation, aka Bug ID CSCuj23992. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. The module has an error in handling the IP header in MPLS. When some additional functions are configured (\"ip cef accounting\" and \"tcp adjust-mss\"), the attacker can send MPLS as the IP packet to pass and leave. The device can trigger this vulnerability, which can cause a device overload to cause a denial of service attack. Cisco IOS XE is prone to a remote denial-of-service vulnerability. This issue is being tracked by Cisco Bug ID CSCuj23992

The SNMP module in Cisco IOS XR allows remote attackers to cause a denial of service (process reload) via a request for an unspecified MIB, aka Bug ID CSCuh43144. Vendors have confirmed this vulnerability Bug CSCuh43144 It is released as.Unspecified by a third party MIB Service disruption through requests for ( Reload process ) There is a possibility of being put into a state. Cisco IOS XR is a member of the Cisco IOS Software family that uses a microkernel-based operating system architecture. This issue is being tracked by Cisco Bug ID CSCuh43144

The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification. PHP is prone to a denial-of-service vulnerability due to a heap-based buffer over-read error. Successful exploits will allow attackers to cause a denial of service condition. Due to the nature of this issue, arbitrary code execution may be possible; this has not been confirmed. PHP (PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor) is an open source general-purpose computer scripting language jointly maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. There is a security vulnerability in the 'scan' function in the ext/date/lib/parse_iso_intervals.c file in PHP 5.5.6 and earlier versions. The vulnerability is caused by the program not properly restricting the creation of DateInterval objects. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201408-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: PHP: Multiple vulnerabilities Date: August 29, 2014 Bugs: #459904, #472204, #472558, #474656, #476570, #481004, #483212, #485252, #492784, #493982, #501312, #503630, #503670, #505172, #505712, #509132, #512288, #512492, #513032, #516994, #519932, #520134, #520438 ID: 201408-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to remote execution of arbitrary code. Background ========== PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-lang/php < 5.5.16 >= 5.5.16 *>= 5.4.32 *>= 5.3.29 Description =========== Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact ====== A context-dependent attacker can cause arbitrary code execution, create a Denial of Service condition, read or write arbitrary files, impersonate other servers, hijack a web session, or have other unspecified impact. Additionally, a local attacker could gain escalated privileges. Workaround ========== There is no known workaround at this time. Resolution ========== All PHP 5.5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-5.5.16" All PHP 5.4 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-5.4.32" All PHP 5.3 users should upgrade to the latest version. This release marks the end of life of the PHP 5.3 series. Future releases of this series are not planned. All PHP 5.3 users are encouraged to upgrade to the current stable version of PHP 5.5 or previous stable version of PHP 5.4, which are supported till at least 2016 and 2015 respectively. # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-5.3.29" References ========== [ 1 ] CVE-2011-4718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4718 [ 2 ] CVE-2013-1635 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1635 [ 3 ] CVE-2013-1643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1643 [ 4 ] CVE-2013-1824 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1824 [ 5 ] CVE-2013-2110 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2110 [ 6 ] CVE-2013-3735 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3735 [ 7 ] CVE-2013-4113 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4113 [ 8 ] CVE-2013-4248 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4248 [ 9 ] CVE-2013-4635 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4635 [ 10 ] CVE-2013-4636 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4636 [ 11 ] CVE-2013-6420 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6420 [ 12 ] CVE-2013-6712 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6712 [ 13 ] CVE-2013-7226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7226 [ 14 ] CVE-2013-7327 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7327 [ 15 ] CVE-2013-7345 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7345 [ 16 ] CVE-2014-0185 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0185 [ 17 ] CVE-2014-0237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0237 [ 18 ] CVE-2014-0238 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0238 [ 19 ] CVE-2014-1943 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1943 [ 20 ] CVE-2014-2270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2270 [ 21 ] CVE-2014-2497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2497 [ 22 ] CVE-2014-3597 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3597 [ 23 ] CVE-2014-3981 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3981 [ 24 ] CVE-2014-4049 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4049 [ 25 ] CVE-2014-4670 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4670 [ 26 ] CVE-2014-5120 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5120 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201408-11.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ============================================================================ Ubuntu Security Notice USN-2055-1 December 12, 2013 php5 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 13.10 - Ubuntu 13.04 - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: Several security issues were fixed in PHP. (CVE-2013-6420) It was discovered that PHP incorrectly handled DateInterval objects. (CVE-2013-6712) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 13.10: libapache2-mod-php5 5.5.3+dfsg-1ubuntu2.1 php5-cgi 5.5.3+dfsg-1ubuntu2.1 php5-cli 5.5.3+dfsg-1ubuntu2.1 Ubuntu 13.04: libapache2-mod-php5 5.4.9-4ubuntu2.4 php5-cgi 5.4.9-4ubuntu2.4 php5-cli 5.4.9-4ubuntu2.4 Ubuntu 12.10: libapache2-mod-php5 5.4.6-1ubuntu1.5 php5-cgi 5.4.6-1ubuntu1.5 php5-cli 5.4.6-1ubuntu1.5 Ubuntu 12.04 LTS: libapache2-mod-php5 5.3.10-1ubuntu3.9 php5-cgi 5.3.10-1ubuntu3.9 php5-cli 5.3.10-1ubuntu3.9 Ubuntu 10.04 LTS: libapache2-mod-php5 5.3.2-1ubuntu4.22 php5-cgi 5.3.2-1ubuntu4.22 php5-cli 5.3.2-1ubuntu4.22 In general, a standard system update will make all the necessary changes. Release Date: 2014-09-30 Last Updated: 2014-09-30 Potential Security Impact: Cross-site scripting (XSS), Cross-site Request Forgery (CSRF), unauthorized disclosure of information, Denial of Service (DoS), and Clickjacking Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) on Linux and Windows. The vulnerabilities could be exploited remotely resulting in Cross-site Scripting (XSS), Cross-site Request Forgery (CSRF), unauthorized disclosure of information, Denial of Service (DoS), and Clickjacking. References: CVE-2013-4545 Unauthorized modification CVE-2013-6420 (SSRT101447) Unauthorized disclosure of information CVE-2013-6422 Unauthorized disclosure of information CVE-2013-6712 (SSRT101447) Denial of Service (DoS) CVE-2014-2640 (SSRT101633, SSRT101438) Cross-site Scripting (XSS) CVE-2014-2641 (SSRT101438) Cross-site Request Forgery (CSRF) CVE-2014-2642 (SSRT101701) Clickjacking SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) for Linux and Windows prior to version 7.4 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2013-4545 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2013-6420 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2013-6422 (AV:N/AC:H/Au:N/C:P/I:P/A:N) 4.0 CVE-2013-6712 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2014-2640 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2014-2641 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0 CVE-2014-2642 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made the following software updates available to resolve the vulnerabilities for the impacted versions of HP System Management Homepage (SMH) for Linux and Windows: http://h18013.www1.hp.com/products/servers/management/agents/ HISTORY Version:1 (rev.1) - 30 September 2014 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. 6) - i386, x86_64 3. PHP's fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-04-08-2 OS X 10.10.3 and Security Update 2015-004 OS X Yosemite 10.10.3 and Security Update 2015-004 are now available and address the following: Admin Framework Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A process may gain admin privileges without properly authenticating Description: An issue existed when checking XPC entitlements. This issue was addressed with improved entitlement checking. CVE-ID CVE-2015-1130 : Emil Kvarnhammar at TrueSec apache Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Multiple vulnerabilities in Apache Description: Multiple vulnerabilities existed in Apache versions prior to 2.4.10 and 2.2.29, including one that may allow a remote attacker to execute arbitrary code. These issues were addressed by updating Apache to versions 2.4.10 and 2.2.29 CVE-ID CVE-2013-0118 CVE-2013-5704 CVE-2013-6438 CVE-2014-0098 CVE-2014-0117 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231 CVE-2014-3523 ATS Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: Multiple input validation issues existed in fontd. These issues were addressed through improved input validation. CVE-ID CVE-2015-1131 : Ian Beer of Google Project Zero CVE-2015-1132 : Ian Beer of Google Project Zero CVE-2015-1133 : Ian Beer of Google Project Zero CVE-2015-1134 : Ian Beer of Google Project Zero CVE-2015-1135 : Ian Beer of Google Project Zero Certificate Trust Policy Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at https://support.apple.com/en- us/HT202858. CFNetwork HTTPProtocol Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Cookies belonging to one origin may be sent to another origin Description: A cross-domain cookie issue existed in redirect handling. Cookies set in a redirect response could be passed on to a redirect target belonging to another origin. The issue was address through improved handling of redirects. CVE-ID CVE-2015-1089 : Niklas Keller CFNetwork Session Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Authentication credentials may be sent to a server on another origin Description: A cross-domain HTTP request headers issue existed in redirect handling. HTTP request headers sent in a redirect response could be passed on to another origin. The issue was addressed through improved handling of redirects. CVE-ID CVE-2015-1091 : Diego Torres (http://dtorres.me) CFURL Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: An input validation issue existed within URL processing. This issue was addressed through improved URL validation. CVE-ID CVE-2015-1088 : Luigi Galli CoreAnimation Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A use-after-free issue existed in CoreAnimation. This issue was addressed through improved mutex management. CVE-ID CVE-2015-1136 : Apple FontParser Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: Multiple memory corruption issues existed in the processing of font files. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-1093 : Marc Schoenefeld Graphics Driver Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A NULL pointer dereference existed in NVIDIA graphics driver's handling of certain IOService userclient types. This issue was addressed through additional context validation. CVE-ID CVE-2015-1137 : Frank Graziano and John Villamil of the Yahoo Pentest Team Hypervisor Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local application may be able to cause a denial of service Description: An input validation issue existed in the hypervisor framework. This issue was addressed through improved input validation. CVE-ID CVE-2015-1138 : Izik Eidus and Alex Fishman ImageIO Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Processing a maliciously crafted .sgi file may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of .sgi files. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1139 : Apple IOHIDFamily Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A malicious HID device may be able to cause arbitrary code execution Description: A memory corruption issue existed in an IOHIDFamily API. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1095 : Andrew Church IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A buffer overflow issue existed in IOHIDFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1140 : lokihardt@ASRT working with HP's Zero Day Initiative, Luca Todesco IOHIDFamily Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to determine kernel memory layout Description: An issue existed in IOHIDFamily that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1096 : Ilja van Sprundel of IOActive IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A heap buffer overflow existed in IOHIDFamily's handling of key-mapping properties. This issue was addressed through improved bounds checking. CVE-ID CVE-2014-4404 : Ian Beer of Google Project Zero IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A null pointer dereference existed in IOHIDFamily's handling of key-mapping properties. This issue was addressed through improved validation of IOHIDFamily key-mapping properties. CVE-ID CVE-2014-4405 : Ian Beer of Google Project Zero IOHIDFamily Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 Impact: A user may be able to execute arbitrary code with system privileges Description: An out-of-bounds write issue exited in the IOHIDFamily driver. The issue was addressed through improved input validation. CVE-ID CVE-2014-4380 : cunzhang from Adlab of Venustech Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause unexpected system shutdown Description: An issue existed in the handling of virtual memory operations within the kernel. The issue is fixed through improved handling of the mach_vm_read operation. CVE-ID CVE-2015-1141 : Ole Andre Vadla Ravnas of www.frida.re Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause a system denial of service Description: A race condition existed in the kernel's setreuid system call. This issue was addressed through improved state management. CVE-ID CVE-2015-1099 : Mark Mentovai of Google Inc. Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local application may escalate privileges using a compromised service intended to run with reduced privileges Description: setreuid and setregid system calls failed to drop privileges permanently. This issue was addressed by correctly dropping privileges. CVE-ID CVE-2015-1117 : Mark Mentovai of Google Inc. Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: An attacker with a privileged network position may be able to redirect user traffic to arbitrary hosts Description: ICMP redirects were enabled by default on OS X. This issue was addressed by disabling ICMP redirects. CVE-ID CVE-2015-1103 : Zimperium Mobile Security Labs Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: An attacker with a privileged network position may be able to cause a denial of service Description: A state inconsistency existed in the processing of TCP headers. This issue was addressed through improved state handling. CVE-ID CVE-2015-1102 : Andrey Khudyakov and Maxim Zhuravlev of Kaspersky Lab Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: A out of bounds memory access issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1100 : Maxime Villard of m00nbsd Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A remote attacker may be able to bypass network filters Description: The system would treat some IPv6 packets from remote network interfaces as local packets. The issue was addressed by rejecting these packets. CVE-ID CVE-2015-1104 : Stephen Roettger of the Google Security Team Kernel Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1101 : lokihardt@ASRT working with HP's Zero Day Initiative Kernel Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A remote attacker may be able to cause a denial of service Description: A state inconsistency issue existed in the handling of TCP out of band data. This issue was addressed through improved state management. CVE-ID CVE-2015-1105 : Kenton Varda of Sandstorm.io LaunchServices Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to cause the Finder to crash Description: An input validation issue existed in LaunchServices's handling of application localization data. This issue was addressed through improved validation of localization data. CVE-ID CVE-2015-1142 LaunchServices Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A type confusion issue existed in LaunchServices's handling of localized strings. This issue was addressed through additional bounds checking. CVE-ID CVE-2015-1143 : Apple libnetcore Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Processing a maliciously crafted configuration profile may lead to unexpected application termination Description: A memory corruption issue existed in the handling of configuration profiles. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-1118 : Zhaofeng Chen, Hui Xue, Yulong Zhang, and Tao Wei of FireEye, Inc. ntp Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A remote attacker may brute force ntpd authentication keys Description: The config_auth function in ntpd generated a weak key when an authentication key was not configured. This issue was addressed by improved key generation. CVE-ID CVE-2014-9298 OpenLDAP Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A remote unauthenticated client may be able to cause a denial of service Description: Multiple input validation issues existed in OpenLDAP. These issues were addressed by improved input validation. CVE-ID CVE-2015-1545 : Ryan Tandy CVE-2015-1546 : Ryan Tandy OpenSSL Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Multiple vulnerabilities in OpenSSL Description: Multiple vulnerabilities existed in OpenSSL 0.9.8zc, including one that may allow an attacker to intercept connections to a server that supports export-grade ciphers. These issues were addressed by updating OpenSSL to version 0.9.8zd. CVE-ID CVE-2014-3569 CVE-2014-3570 CVE-2014-3571 CVE-2014-3572 CVE-2014-8275 CVE-2015-0204 Open Directory Client Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A password might be sent unencrypted over the network when using Open Directory from OS X Server Description: If an Open Directory client was bound to an OS X Server but did not install the certificates of the OS X Server, and then a user on that client changed their password, the password change request was sent over the network without encryption. This issue was addressed by having the client require encryption for this case. CVE-ID CVE-2015-1147 : Apple PHP Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.3.29, 5.4.38, and 5.5.20, including one which may have led to arbitrary code execution. This update addresses the issues by updating PHP to versions 5.3.29, 5.4.38, and 5.5.20. CVE-ID CVE-2013-6712 CVE-2014-0207 CVE-2014-0237 CVE-2014-0238 CVE-2014-2497 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3538 CVE-2014-3587 CVE-2014-3597 CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 CVE-2014-3710 CVE-2014-3981 CVE-2014-4049 CVE-2014-4670 CVE-2014-4698 CVE-2014-5120 QuickLook Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Opening a maliciously crafted iWork file may lead to arbitrary code execution Description: A memory corruption issue existed in the handling of iWork files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-1098 : Christopher Hickstein SceneKit Available for: OS X Mountain Lion v10.8.5 Impact: Viewing a maliciously crafted Collada file may lead to arbitrary code execution Description: A heap buffer overflow existed in SceneKit's handling of Collada files. This issue was addressed through improved validation of accessor elements. CVE-ID CVE-2014-8830 : Jose Duart of Google Security Team Screen Sharing Available for: OS X Yosemite v10.10 to v10.10.2 Impact: A user's password may be logged to a local file Description: In some circumstances, Screen Sharing may log a user's password that is not readable by other users on the system. This issue was addressed by removing logging of credential. CVE-ID CVE-2015-1148 : Apple Security - Code Signing Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: Tampered applications may not be prevented from launching Description: Applications containing specially crafted bundles may have been able to launch without a completely valid signature. This issue was addressed by adding additional checks. CVE-ID CVE-2015-1145 CVE-2015-1146 UniformTypeIdentifiers Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.2 Impact: A local user may be able to execute arbitrary code with system privileges Description: A buffer overflow existed in the way Uniform Type Identifiers were handled. This issue was addressed with improved bounds checking. CVE-ID CVE-2015-1144 : Apple WebKit Available for: OS X Yosemite v10.10 to v10.10.2 Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: A memory corruption issue existed in WebKit. This issues was addressed through improved memory handling. CVE-ID CVE-2015-1069 : lokihardt@ASRT working with HP's Zero Day Initiative Security Update 2015-004 (available for OS X Mountain Lion v10.8.5 and OS X Mavericks v10.9.5) also addresses an issue caused by the fix for CVE-2015-1067 in Security Update 2015-002. This issue prevented Remote Apple Events clients on any version from connecting to the Remote Apple Events server. In default configurations, Remote Apple Events is not enabled. OS X Yosemite 10.10.3 includes the security content of Safari 8.0.5. https://support.apple.com/en-us/HT204658 OS X Yosemite 10.10.3 and Security Update 2015-004 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJVJKj2AAoJEBcWfLTuOo7tDh4QAK0LxfwMRKcdOXOKpXsRz6lg lhZ+CLVcSepq8qBkFQ74f3B5CuhxD0IGQPaAuSXl51tWYdfN+92tkbmyZ9k8901l +I0vw6upeE+oqRnGtSRzq68UhcARbdV8V1+C0Xl3IIuuHc+xlEgvklDhF9Pc8XM6 DudGiVNqt6MOqd5Oc4s4FFF0nnpnyG9+UJem3mi4Ee88PwI4x1Hev7utPPmaPDzj cjkVeislko3QArNJxtBpkYudErA4eR5OX8Tdf12jAmPTtjrXUb3VigEf78Nna0RW kHTOGdB5EZ+YFZ8KlyIQlENBjTtI8CGdCF4/S/2xDN83NTRsimd5Y7LSjdd0uANo pqxAc3Gzn5xngWF1Qbb6V+XZBfz5NoeTq5BXBB5OHz4PSGaQuMsBA2RYFMzNLqWv D/T5U1JtzRLALt0lYAz63B0OhW7KXeLI9oer1Vo4wWF9O9cUFyuSI4JU5uYLQpJX kEpSFt4YPFFxMnlzCLzLkmVGax4w9M/tRHYeSKAnRlnsoPBtIGFItlNZE2RduD/R 5n2APoJa3banQ8miycGORYP3WsktDRZzBy+2QPWuz8sE3AvAkO9xWp8PrQBkqf/b 6CIG5UkCYITG2uzBXqnGbfDiEDvBLNN1Yq0ZZI23iYRxrdW0I0pv1CHio354q12G vVE37tYUU4PnLfwlcazq =MOsT -----END PGP SIGNATURE----- . The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2013-6420 Stefan Esser reported possible memory corruption in openssl_x509_parse(). In addition, the update for Debian 7 "Wheezy" contains several bugfixes originally targeted for the upcoming Wheezy point release. For the oldstable distribution (squeeze), these problems have been fixed in version 5.3.3-7+squeeze18. For the stable distribution (wheezy), these problems have been fixed in version 5.4.4-14+deb7u7. For the unstable distribution (sid), these problems have been fixed in version 5.5.6+dfsg-2. We recommend that you upgrade your php5 packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: php54-php security update Advisory ID: RHSA-2014:1765-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1765.html Issue date: 2014-10-30 CVE Names: CVE-2013-6712 CVE-2013-7345 CVE-2014-0207 CVE-2014-0237 CVE-2014-0238 CVE-2014-1943 CVE-2014-2270 CVE-2014-2497 CVE-2014-3478 CVE-2014-3479 CVE-2014-3480 CVE-2014-3487 CVE-2014-3515 CVE-2014-3538 CVE-2014-3587 CVE-2014-3597 CVE-2014-3668 CVE-2014-3669 CVE-2014-3670 CVE-2014-3710 CVE-2014-4049 CVE-2014-4670 CVE-2014-4698 CVE-2014-4721 CVE-2014-5120 ===================================================================== 1. Summary: Updated php54-php packages that fix multiple security issues are now available for Red Hat Software Collections 1. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.5) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.6) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6) - x86_64 Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A buffer overflow flaw was found in the Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_thumbnail() function to crash or, possibly, execute arbitrary code. (CVE-2014-3670) Multiple buffer overflow flaws were found in the way PHP parsed DNS responses. A malicious DNS server or a man-in-the-middle attacker could use these flaws to crash or, possibly, execute arbitrary code with the privileges of a PHP application that uses the dns_get_record() function. (CVE-2014-4049, CVE-2014-3597) Multiple denial of service flaws were found in the File Information (fileinfo) extension. A remote attacker could use these flaws to cause a PHP application using fileinfo to consume an excessive amount of CPU and possibly crash. (CVE-2013-7345, CVE-2014-0237, CVE-2014-0238, CVE-2014-1943, CVE-2014-3538) Multiple boundary check flaws were found in the File Information (fileinfo) extension. A remote attacker could use these flaws to cause a PHP application using fileinfo to crash. (CVE-2014-0207, CVE-2014-2270, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3587, CVE-2014-3710) A type confusion issue was found in PHP's phpinfo() function. A malicious script author could possibly use this flaw to disclose certain portions of server memory. (CVE-2014-4721) A type confusion issue was found in the SPL ArrayObject and SPLObjectStorage classes' unserialize() method. A remote attacker able to submit specially crafted input to a PHP application, which would then unserialize this input using one of the aforementioned methods, could use this flaw to execute arbitrary code with the privileges of the user running that PHP application. (CVE-2014-3515) Two use-after-free flaws were found in the way PHP handled certain Standard PHP Library (SPL) Iterators and ArrayIterators. A malicious script author could possibly use either of these flaws to disclose certain portions of server memory. (CVE-2014-4670, CVE-2014-4698) An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize() function could cause a PHP application to crash. (CVE-2014-3669) It was found that PHP's gd extension did not properly handle file names with a null character. A remote attacker could possibly use this flaw to make a PHP application access unexpected files and bypass intended file system access restrictions. (CVE-2014-5120) A NULL pointer dereference flaw was found in the gdImageCreateFromXpm() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application using gd via a specially crafted X PixMap (XPM) file. (CVE-2014-2497) A buffer over-read flaw was found in the way the DateInterval class parsed interval specifications. An attacker able to make a PHP application parse a specially crafted specification using DateInterval could possibly cause the PHP interpreter to crash. (CVE-2013-6712) An out of bounds read flaw was found in the way the xmlrpc extension parsed dates in the ISO 8601 format. A specially crafted XML-RPC request or response could possibly cause a PHP application to crash. (CVE-2014-3668) The CVE-2014-0207, CVE-2014-0237, CVE-2014-0238, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, and CVE-2014-3710 issues were discovered by Francisco Alonso of Red Hat Product Security; the CVE-2014-3538 issue was discovered by Jan Kaluža of the Red Hat Web Stack Team; the CVE-2014-3597 issue was discovered by David Kutálek of Red Hat BaseOS QE. All php54-php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd service must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1035670 - CVE-2013-6712 php: heap-based buffer over-read in DateInterval 1065836 - CVE-2014-1943 file: unrestricted recursion in handling of indirect type rules 1072220 - CVE-2014-2270 file: out-of-bounds access in search rules with offsets from input file 1076676 - CVE-2014-2497 gd: NULL pointer dereference in gdImageCreateFromXpm() 1079846 - CVE-2013-7345 file: extensive backtracking in awk rule regular expression 1091842 - CVE-2014-0207 file: cdf_read_short_sector insufficient boundary check 1098155 - CVE-2014-0238 file: CDF property info parsing nelements infinite loop 1098193 - CVE-2014-0237 file: cdf_unpack_summary_info() excessive looping DoS 1098222 - CVE-2014-3538 file: unrestricted regular expression matching 1104858 - CVE-2014-3480 file: cdf_count_chain insufficient boundary check 1104863 - CVE-2014-3478 file: mconvert incorrect handling of truncated pascal string size 1104869 - CVE-2014-3479 file: cdf_check_stream_offset insufficient boundary check 1107544 - CVE-2014-3487 file: cdf_read_property_info insufficient boundary check 1108447 - CVE-2014-4049 php: heap-based buffer overflow in DNS TXT record parsing 1112154 - CVE-2014-3515 php: unserialize() SPL ArrayObject / SPLObjectStorage type confusion flaw 1116662 - CVE-2014-4721 php: type confusion issue in phpinfo() leading to information leak 1120259 - CVE-2014-4698 php: ArrayIterator use-after-free due to object change during sorting 1120266 - CVE-2014-4670 php: SPL Iterators use-after-free 1128587 - CVE-2014-3587 file: incomplete fix for CVE-2012-1571 in cdf_read_property_info 1132589 - CVE-2014-3597 php: multiple buffer over-reads in php_parserr 1132793 - CVE-2014-5120 php: gd extension NUL byte injection in file names 1154500 - CVE-2014-3669 php: integer overflow in unserialize() 1154502 - CVE-2014-3670 php: heap corruption issue in exif_thumbnail() 1154503 - CVE-2014-3668 php: xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime() 1155071 - CVE-2014-3710 file: out-of-bounds read in elf note headers 6. Package List: Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6): Source: php54-php-5.4.16-22.el6.src.rpm x86_64: php54-php-5.4.16-22.el6.x86_64.rpm php54-php-bcmath-5.4.16-22.el6.x86_64.rpm php54-php-cli-5.4.16-22.el6.x86_64.rpm php54-php-common-5.4.16-22.el6.x86_64.rpm php54-php-dba-5.4.16-22.el6.x86_64.rpm php54-php-debuginfo-5.4.16-22.el6.x86_64.rpm php54-php-devel-5.4.16-22.el6.x86_64.rpm php54-php-enchant-5.4.16-22.el6.x86_64.rpm php54-php-fpm-5.4.16-22.el6.x86_64.rpm php54-php-gd-5.4.16-22.el6.x86_64.rpm php54-php-imap-5.4.16-22.el6.x86_64.rpm php54-php-intl-5.4.16-22.el6.x86_64.rpm php54-php-ldap-5.4.16-22.el6.x86_64.rpm php54-php-mbstring-5.4.16-22.el6.x86_64.rpm php54-php-mysqlnd-5.4.16-22.el6.x86_64.rpm php54-php-odbc-5.4.16-22.el6.x86_64.rpm php54-php-pdo-5.4.16-22.el6.x86_64.rpm php54-php-pgsql-5.4.16-22.el6.x86_64.rpm php54-php-process-5.4.16-22.el6.x86_64.rpm php54-php-pspell-5.4.16-22.el6.x86_64.rpm php54-php-recode-5.4.16-22.el6.x86_64.rpm php54-php-snmp-5.4.16-22.el6.x86_64.rpm php54-php-soap-5.4.16-22.el6.x86_64.rpm php54-php-tidy-5.4.16-22.el6.x86_64.rpm php54-php-xml-5.4.16-22.el6.x86_64.rpm php54-php-xmlrpc-5.4.16-22.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.4): Source: php54-php-5.4.16-22.el6.src.rpm x86_64: php54-php-5.4.16-22.el6.x86_64.rpm php54-php-bcmath-5.4.16-22.el6.x86_64.rpm php54-php-cli-5.4.16-22.el6.x86_64.rpm php54-php-common-5.4.16-22.el6.x86_64.rpm php54-php-dba-5.4.16-22.el6.x86_64.rpm php54-php-debuginfo-5.4.16-22.el6.x86_64.rpm php54-php-devel-5.4.16-22.el6.x86_64.rpm php54-php-enchant-5.4.16-22.el6.x86_64.rpm php54-php-fpm-5.4.16-22.el6.x86_64.rpm php54-php-gd-5.4.16-22.el6.x86_64.rpm php54-php-imap-5.4.16-22.el6.x86_64.rpm php54-php-intl-5.4.16-22.el6.x86_64.rpm php54-php-ldap-5.4.16-22.el6.x86_64.rpm php54-php-mbstring-5.4.16-22.el6.x86_64.rpm php54-php-mysqlnd-5.4.16-22.el6.x86_64.rpm php54-php-odbc-5.4.16-22.el6.x86_64.rpm php54-php-pdo-5.4.16-22.el6.x86_64.rpm php54-php-pgsql-5.4.16-22.el6.x86_64.rpm php54-php-process-5.4.16-22.el6.x86_64.rpm php54-php-pspell-5.4.16-22.el6.x86_64.rpm php54-php-recode-5.4.16-22.el6.x86_64.rpm php54-php-snmp-5.4.16-22.el6.x86_64.rpm php54-php-soap-5.4.16-22.el6.x86_64.rpm php54-php-tidy-5.4.16-22.el6.x86_64.rpm php54-php-xml-5.4.16-22.el6.x86_64.rpm php54-php-xmlrpc-5.4.16-22.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.5): Source: php54-php-5.4.16-22.el6.src.rpm x86_64: php54-php-5.4.16-22.el6.x86_64.rpm php54-php-bcmath-5.4.16-22.el6.x86_64.rpm php54-php-cli-5.4.16-22.el6.x86_64.rpm php54-php-common-5.4.16-22.el6.x86_64.rpm php54-php-dba-5.4.16-22.el6.x86_64.rpm php54-php-debuginfo-5.4.16-22.el6.x86_64.rpm php54-php-devel-5.4.16-22.el6.x86_64.rpm php54-php-enchant-5.4.16-22.el6.x86_64.rpm php54-php-fpm-5.4.16-22.el6.x86_64.rpm php54-php-gd-5.4.16-22.el6.x86_64.rpm php54-php-imap-5.4.16-22.el6.x86_64.rpm php54-php-intl-5.4.16-22.el6.x86_64.rpm php54-php-ldap-5.4.16-22.el6.x86_64.rpm php54-php-mbstring-5.4.16-22.el6.x86_64.rpm php54-php-mysqlnd-5.4.16-22.el6.x86_64.rpm php54-php-odbc-5.4.16-22.el6.x86_64.rpm php54-php-pdo-5.4.16-22.el6.x86_64.rpm php54-php-pgsql-5.4.16-22.el6.x86_64.rpm php54-php-process-5.4.16-22.el6.x86_64.rpm php54-php-pspell-5.4.16-22.el6.x86_64.rpm php54-php-recode-5.4.16-22.el6.x86_64.rpm php54-php-snmp-5.4.16-22.el6.x86_64.rpm php54-php-soap-5.4.16-22.el6.x86_64.rpm php54-php-tidy-5.4.16-22.el6.x86_64.rpm php54-php-xml-5.4.16-22.el6.x86_64.rpm php54-php-xmlrpc-5.4.16-22.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server EUS (v. 6.6): Source: php54-php-5.4.16-22.el6.src.rpm x86_64: php54-php-5.4.16-22.el6.x86_64.rpm php54-php-bcmath-5.4.16-22.el6.x86_64.rpm php54-php-cli-5.4.16-22.el6.x86_64.rpm php54-php-common-5.4.16-22.el6.x86_64.rpm php54-php-dba-5.4.16-22.el6.x86_64.rpm php54-php-debuginfo-5.4.16-22.el6.x86_64.rpm php54-php-devel-5.4.16-22.el6.x86_64.rpm php54-php-enchant-5.4.16-22.el6.x86_64.rpm php54-php-fpm-5.4.16-22.el6.x86_64.rpm php54-php-gd-5.4.16-22.el6.x86_64.rpm php54-php-imap-5.4.16-22.el6.x86_64.rpm php54-php-intl-5.4.16-22.el6.x86_64.rpm php54-php-ldap-5.4.16-22.el6.x86_64.rpm php54-php-mbstring-5.4.16-22.el6.x86_64.rpm php54-php-mysqlnd-5.4.16-22.el6.x86_64.rpm php54-php-odbc-5.4.16-22.el6.x86_64.rpm php54-php-pdo-5.4.16-22.el6.x86_64.rpm php54-php-pgsql-5.4.16-22.el6.x86_64.rpm php54-php-process-5.4.16-22.el6.x86_64.rpm php54-php-pspell-5.4.16-22.el6.x86_64.rpm php54-php-recode-5.4.16-22.el6.x86_64.rpm php54-php-snmp-5.4.16-22.el6.x86_64.rpm php54-php-soap-5.4.16-22.el6.x86_64.rpm php54-php-tidy-5.4.16-22.el6.x86_64.rpm php54-php-xml-5.4.16-22.el6.x86_64.rpm php54-php-xmlrpc-5.4.16-22.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 6): Source: php54-php-5.4.16-22.el6.src.rpm x86_64: php54-php-5.4.16-22.el6.x86_64.rpm php54-php-bcmath-5.4.16-22.el6.x86_64.rpm php54-php-cli-5.4.16-22.el6.x86_64.rpm php54-php-common-5.4.16-22.el6.x86_64.rpm php54-php-dba-5.4.16-22.el6.x86_64.rpm php54-php-debuginfo-5.4.16-22.el6.x86_64.rpm php54-php-devel-5.4.16-22.el6.x86_64.rpm php54-php-enchant-5.4.16-22.el6.x86_64.rpm php54-php-fpm-5.4.16-22.el6.x86_64.rpm php54-php-gd-5.4.16-22.el6.x86_64.rpm php54-php-imap-5.4.16-22.el6.x86_64.rpm php54-php-intl-5.4.16-22.el6.x86_64.rpm php54-php-ldap-5.4.16-22.el6.x86_64.rpm php54-php-mbstring-5.4.16-22.el6.x86_64.rpm php54-php-mysqlnd-5.4.16-22.el6.x86_64.rpm php54-php-odbc-5.4.16-22.el6.x86_64.rpm php54-php-pdo-5.4.16-22.el6.x86_64.rpm php54-php-pgsql-5.4.16-22.el6.x86_64.rpm php54-php-process-5.4.16-22.el6.x86_64.rpm php54-php-pspell-5.4.16-22.el6.x86_64.rpm php54-php-recode-5.4.16-22.el6.x86_64.rpm php54-php-snmp-5.4.16-22.el6.x86_64.rpm php54-php-soap-5.4.16-22.el6.x86_64.rpm php54-php-tidy-5.4.16-22.el6.x86_64.rpm php54-php-xml-5.4.16-22.el6.x86_64.rpm php54-php-xmlrpc-5.4.16-22.el6.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7): Source: php54-php-5.4.16-22.el7.src.rpm x86_64: php54-php-5.4.16-22.el7.x86_64.rpm php54-php-bcmath-5.4.16-22.el7.x86_64.rpm php54-php-cli-5.4.16-22.el7.x86_64.rpm php54-php-common-5.4.16-22.el7.x86_64.rpm php54-php-dba-5.4.16-22.el7.x86_64.rpm php54-php-debuginfo-5.4.16-22.el7.x86_64.rpm php54-php-devel-5.4.16-22.el7.x86_64.rpm php54-php-enchant-5.4.16-22.el7.x86_64.rpm php54-php-fpm-5.4.16-22.el7.x86_64.rpm php54-php-gd-5.4.16-22.el7.x86_64.rpm php54-php-intl-5.4.16-22.el7.x86_64.rpm php54-php-ldap-5.4.16-22.el7.x86_64.rpm php54-php-mbstring-5.4.16-22.el7.x86_64.rpm php54-php-mysqlnd-5.4.16-22.el7.x86_64.rpm php54-php-odbc-5.4.16-22.el7.x86_64.rpm php54-php-pdo-5.4.16-22.el7.x86_64.rpm php54-php-pgsql-5.4.16-22.el7.x86_64.rpm php54-php-process-5.4.16-22.el7.x86_64.rpm php54-php-pspell-5.4.16-22.el7.x86_64.rpm php54-php-recode-5.4.16-22.el7.x86_64.rpm php54-php-snmp-5.4.16-22.el7.x86_64.rpm php54-php-soap-5.4.16-22.el7.x86_64.rpm php54-php-xml-5.4.16-22.el7.x86_64.rpm php54-php-xmlrpc-5.4.16-22.el7.x86_64.rpm Red Hat Software Collections 1 for Red Hat Enterprise Linux Workstation (v. 7): Source: php54-php-5.4.16-22.el7.src.rpm x86_64: php54-php-5.4.16-22.el7.x86_64.rpm php54-php-bcmath-5.4.16-22.el7.x86_64.rpm php54-php-cli-5.4.16-22.el7.x86_64.rpm php54-php-common-5.4.16-22.el7.x86_64.rpm php54-php-dba-5.4.16-22.el7.x86_64.rpm php54-php-debuginfo-5.4.16-22.el7.x86_64.rpm php54-php-devel-5.4.16-22.el7.x86_64.rpm php54-php-enchant-5.4.16-22.el7.x86_64.rpm php54-php-fpm-5.4.16-22.el7.x86_64.rpm php54-php-gd-5.4.16-22.el7.x86_64.rpm php54-php-intl-5.4.16-22.el7.x86_64.rpm php54-php-ldap-5.4.16-22.el7.x86_64.rpm php54-php-mbstring-5.4.16-22.el7.x86_64.rpm php54-php-mysqlnd-5.4.16-22.el7.x86_64.rpm php54-php-odbc-5.4.16-22.el7.x86_64.rpm php54-php-pdo-5.4.16-22.el7.x86_64.rpm php54-php-pgsql-5.4.16-22.el7.x86_64.rpm php54-php-process-5.4.16-22.el7.x86_64.rpm php54-php-pspell-5.4.16-22.el7.x86_64.rpm php54-php-recode-5.4.16-22.el7.x86_64.rpm php54-php-snmp-5.4.16-22.el7.x86_64.rpm php54-php-soap-5.4.16-22.el7.x86_64.rpm php54-php-xml-5.4.16-22.el7.x86_64.rpm php54-php-xmlrpc-5.4.16-22.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2013-6712 https://access.redhat.com/security/cve/CVE-2013-7345 https://access.redhat.com/security/cve/CVE-2014-0207 https://access.redhat.com/security/cve/CVE-2014-0237 https://access.redhat.com/security/cve/CVE-2014-0238 https://access.redhat.com/security/cve/CVE-2014-1943 https://access.redhat.com/security/cve/CVE-2014-2270 https://access.redhat.com/security/cve/CVE-2014-2497 https://access.redhat.com/security/cve/CVE-2014-3478 https://access.redhat.com/security/cve/CVE-2014-3479 https://access.redhat.com/security/cve/CVE-2014-3480 https://access.redhat.com/security/cve/CVE-2014-3487 https://access.redhat.com/security/cve/CVE-2014-3515 https://access.redhat.com/security/cve/CVE-2014-3538 https://access.redhat.com/security/cve/CVE-2014-3587 https://access.redhat.com/security/cve/CVE-2014-3597 https://access.redhat.com/security/cve/CVE-2014-3668 https://access.redhat.com/security/cve/CVE-2014-3669 https://access.redhat.com/security/cve/CVE-2014-3670 https://access.redhat.com/security/cve/CVE-2014-3710 https://access.redhat.com/security/cve/CVE-2014-4049 https://access.redhat.com/security/cve/CVE-2014-4670 https://access.redhat.com/security/cve/CVE-2014-4698 https://access.redhat.com/security/cve/CVE-2014-4721 https://access.redhat.com/security/cve/CVE-2014-5120 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUUqUKXlSAg2UNWIIRAjOVAKCpGLdlKkkekepN6kcFJZMPAAABIQCeOxaS CZNh+ke6Be93ZKCSwqWDm+c= =YZgO -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Buffer overflow in the Interstage HTTP Server log functionality, as used in Fujitsu Interstage Application Server 9.0.0, 9.1.0, 9.2.0, 9.3.1, and 10.0.0; and Interstage Studio 9.0.0, 9.1.0, 9.2.0, and 10.0.0, has unspecified impact and attack vectors related to "ihsrlog/rotatelogs.". An attacker could execute arbitrary code. Fujitsu Interstage is a modular software component for enterprise business operations management. Multiple Fujitsu Interstage Products are prone to an unspecified buffer-overflow vulnerability because it fails to properly bounds check data. Failed attempts will likely cause a denial-of-service condition

Cross-site request forgery (CSRF) vulnerability in D-Link DAP-2253 Access Point (Rev. A1) with firmware before 1.30 allows remote attackers to hijack the authentication of administrators for requests that modify configuration settings via unspecified vectors. D-Link DAP-2253 is a router device of D-Link. Attackers can use these vulnerabilities to execute arbitrary script code in the context browser of the affected site, steal cookie-based authentication, perform unauthorized operations, leak or modify sensitive information, and there may be other forms of attacks. Attackers may exploit these issues to gain unauthorized access to restricted content by bypassing intended security restrictions or to obtain sensitive information that may aid in launching further attacks. Other attacks may also be possible. D-Link DAP-2253 running firmware 1.26rc55 and prior are vulnerable. D-Link DAP-2253 Access Point is a wireless access point product of D-Link. A1) with firmware 1.26rc55 and earlier

Cross-site scripting (XSS) vulnerability in the web interface in Cisco Prime Network Registrar 8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted field, aka Bug ID CSCuh41429. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCuh41429. The product provides services such as Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS) and IP Address Management (IPAM)

Cross-site scripting (XSS) vulnerability in D-Link DAP-2253 Access Point (Rev. A1) with firmware before 1.30 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. D-Link DAP-2253 is a router device of D-Link. Cross-site scripting and cross-site request forgery vulnerabilities exist in D-Link DAP-2253 routers using firmware 1.26rc55 and earlier. Attackers can use these vulnerabilities to execute arbitrary script code in the context browser of the affected site, steal cookie-based authentication, perform unauthorized operations, leak or modify sensitive information, and there may be other forms of attacks. Attackers may exploit these issues to gain unauthorized access to restricted content by bypassing intended security restrictions or to obtain sensitive information that may aid in launching further attacks. Other attacks may also be possible. D-Link DAP-2253 running firmware 1.26rc55 and prior are vulnerable. D-Link DAP-2553 Access Point is a wireless access point product of D-Link. A1) with firmware 1.26rc55 and earlier

The ASUS WL-330NUL router has a configuration process that relies on accessing the 192.168.1.1 IP address, but the documentation advises users to instead access a DNS hostname that does not always resolve to 192.168.1.1, which makes it easier for remote attackers to hijack the configuration traffic by controlling the server associated with that hostname. ASUS Wireless provided by LAN The router has a static DNS There is a problem with the record being registered. ASUS Wireless provided by LAN Static on the router DNS Record is registered (192.168.1.1 / www.asusnetwork .net) . When the user is not connected to the device network www.asusnetwork .net If you access the URL with a web browser, you may connect to an unintended website.It may lead to malicious websites containing malware. The documentation recommends that users use www.asusnetwork.net to configure the device. Mutiple ASUS Wireless Router is prone to a remote URL-redirection vulnerability. An attacker can leverage this issue by constructing a URI that includes a malicious site redirection. When an unsuspecting victim follows the URI, they may be redirected to an attacker-controlled site; this may aid in phishing attacks

Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DSL-6740U gateway (Rev. H1) allow remote attackers to hijack the authentication of administrators for requests that change administrator credentials or enable remote management services to (1) Custom Services in Port Forwarding, (2) Port Triggering Entries, (3) URL Filters in Parental Control, (4) Print Server settings, (5) QoS Queue Setup, or (6) QoS Classification Entries. D-Link DSL-6740U Gateway contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The D-Link DSL-6740U is a broadband router device. The D-Link DSL-6740U has a cross-site request forgery vulnerability that allows remote attackers to build malicious URIs, entice users to resolve, and perform malicious actions in the target user context. Such as changing the administrator password or enabling remote management services. D-Link DSL-6740U is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected device. Other attacks are also possible

SAP Network Interface Router (SAProuter) 39.3 SP4 allows remote attackers to bypass authentication and modify the configuration via unspecified vectors. SAProuter is prone to an authentication-bypass vulnerability. SAP Network Interface Router (SAProuter) is a network connection program between SAP systems of Germany's SAP (SAP). There is an authorization problem vulnerability in SAProuter 39.3 SP4 version

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB MicroSCADA Wserver. Authentication is not required to exploit this vulnerability.The specific flaw exists within the wserver.exe component which listens on TCP port 12221. This component performs insufficient bounds checking on user-supplied data which results in stack corruption. An attacker can leverage this situation to execute code under the context of the user running the application. ABB MicroSCADA wserver.exe incorrectly filters user-submitted input, allowing remote attackers to exploit vulnerabilities to send specially crafted requests to TCP port 12221 to trigger a stack-based buffer overflow that can crash an application or execute arbitrary code. ABB MicroSCADA is a set of substation monitoring software developed by ABB in Switzerland for power transmission and distribution systems. The software includes a human-machine interface (MMI) and flexible application engineering tools, and provides functions such as monitoring, event alarms, and trend graph statistics. There is a code execution vulnerability in ABB MicroSCADA, which is caused by the program not performing boundary checks on user-submitted input

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB MicroSCADA Wserver. Authentication is not required to exploit this vulnerability.The specific flaw exists within the wserver.exe component which listens on TCP port 12221. This component user-supplied data directly to a CreateProcessA call. By supplying a UNC path to a controlled binary a remote attacker can execute arbitrary code under the context of the vulnerable process. ABB MicroSCADA wserver.exe The \"CreateProcessA()\" function fails to properly filter the input submitted by the user to the parameter, allowing the remote attacker to exploit the vulnerability to send a specially crafted request to the TCP port 12221 to trigger a stack-based buffer overflow, which can crash the application or Execute arbitrary code in the SYSTEM context. ABB MicroSCADA is a set of substation monitoring software developed by ABB in Switzerland for power transmission and distribution systems. The software includes a human-machine interface (MMI) and flexible application engineering tools, and provides functions such as monitoring, event alarms, and trend graph statistics. There is a code execution vulnerability in ABB MicroSCADA that originates from a program that does not properly filter input submitted by users

ADB Discus DRG A125G wlbasic.wl and wladv.wl have cross-site request forgery vulnerabilities that allow remote attackers to build malicious URIs, entice users to resolve, and perform malicious operations in the target user context. Discus DRG A125G is a wireless router product from Swiss ADB company. Cross-site request forgery vulnerability exists in ADB Discus DRG A125G router. A remote attacker could use this vulnerability to perform unauthorized operations and take control of an affected device

TP-LINK TL-WR740N/TL-WR740ND 'WlanSecurityRpm.htm' has a cross-site request forgery vulnerability that allows remote attackers to exploit vulnerabilities to build malicious URIs, entice users to resolve, and perform malicious actions in the target user context. TP-LINK TL-WR740N and TL-WR740ND are wireless router products of China TP-LINK company. There is a cross-site request forgery vulnerability in TP-Link TL-WR740N and TL-WR740ND using 3.16.6 Build 130529 firmware, which originates from the program's incorrect verification of HTTP requests. A remote attacker could use this vulnerability to perform unauthorized operations, and other forms of attack may also exist. Other attacks are also possible. TP-Link TL-WR740N/TL-WR740ND running firmware 3.16.6 Build 130529 are vulnerable; other versions may also be affected

Discus DRG A125G is a wireless router product from Swiss ADB company. An information disclosure vulnerability exists in Discus DRG A125G. Attackers can use this vulnerability to obtain sensitive information that can help launch further attacks. Discus DRG A125G is vulnerable; other versions may also be affected

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB RobotStudio Tools. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the cw3dgrph.ocx ActiveX control. The ImportStyle method allows an attacker to load a specially crafted .cwx file from a remote network share. Following this call, the attacker can invoke the ExportStyle method to save the file to an arbitrary location through the use of a directory traversal vulnerability. A remote attacker can abuse this to execute arbitrary code under the context of the user. ABB is a leader in power and automation technology among the world's top 500 companies. The attacker constructs a malicious WEB page to induce the user to parse, and can write arbitrary files to any position of the system. ABB Test Signal Viewer is a software product of Swiss ABB company, which is mainly used to optimize and adjust the axis speed of ABB robots, and grasp the robot operating conditions. Failed exploit attempts will likely result in denial-of-service conditions

SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. SAP NetWeaver Portal has a vulnerability in handling GET requests sent through ConfigServlet, allowing remote attackers to execute arbitrary operating system commands using specially crafted requests

There are unspecified security vulnerabilities in multiple TRENDnet products, and no detailed vulnerability details are available. The telnet service for vulnerability related TRENDnet products. The impact of this issue is currently unknown. We will update this BID when more information emerges