VARIoT IoT vulnerabilities database
| VAR-201403-0275 | CVE-2014-2532 | OpenSSH Permissions and Access Control Vulnerability |
CVSS V2: 5.8 CVSS V3: 4.9 Severity: MEDIUM |
sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character. OpenSSH is prone to a security-bypass vulnerability.
An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks.
Versions prior to OpenSSH 6.6 are vulnerable.
Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/openssh-6.6p1-i486-1_slack14.1.txz: Upgraded.
This update fixes a security issue when using environment passing with
a sshd_config(5) AcceptEnv pattern with a wildcard.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2532
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssh-5.9p1-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssh-5.9p1-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/openssh-5.9p1-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/openssh-5.9p1-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/openssh-5.9p1-i486-3_slack13.37.txz
Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/openssh-5.9p1-x86_64-3_slack13.37.txz
Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/openssh-6.6p1-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/openssh-6.6p1-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/openssh-6.6p1-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/openssh-6.6p1-x86_64-1_slack14.1.txz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssh-6.6p1-i486-1.txz
Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssh-6.6p1-x86_64-1.txz
MD5 signatures:
+-------------+
Slackware 13.0 package:
0729d3be6a1886c2462522110333abc0 openssh-5.9p1-i486-1_slack13.0.txz
Slackware x86_64 13.0 package:
a474f048de648347207bacb21b5f8f28 openssh-5.9p1-x86_64-1_slack13.0.txz
Slackware 13.1 package:
8df387cdf44f359a9de7c3e40ea321c6 openssh-5.9p1-i486-1_slack13.1.txz
Slackware x86_64 13.1 package:
e7eb361401849bbcfb0e20ea17181836 openssh-5.9p1-x86_64-1_slack13.1.txz
Slackware 13.37 package:
8404668d896f81b44ddd5e6e2985f590 openssh-5.9p1-i486-3_slack13.37.txz
Slackware x86_64 13.37 package:
b50bb951453824e53dcddbdf1d571561 openssh-5.9p1-x86_64-3_slack13.37.txz
Slackware 14.0 package:
755d1ec29f80ac40636741ddf618715a openssh-6.6p1-i486-1_slack14.0.txz
Slackware x86_64 14.0 package:
cc74307ab8875a8fa04a87f18b0cd216 openssh-6.6p1-x86_64-1_slack14.0.txz
Slackware 14.1 package:
1dcb917e01fa83d1cabd59378c81dd32 openssh-6.6p1-i486-1_slack14.1.txz
Slackware x86_64 14.1 package:
dfb1f98206ce1e2300fea647a5281486 openssh-6.6p1-x86_64-1_slack14.1.txz
Slackware -current package:
7a5f7c123c397d040fff868afbf86e8b n/openssh-6.6p1-i486-1.txz
Slackware x86_64 -current package:
e6d3cced2c7c9e642d8982b27295a408 n/openssh-6.6p1-x86_64-1.txz
Installation instructions:
+------------------------+
Upgrade the package as root:
# upgradepkg openssh-6.6p1-i486-1_slack14.1.txz
Next, restart the sshd daemon:
# sh /etc/rc.d/rc.sshd restart
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| To leave the slackware-security mailing list: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back containing instructions to |
| complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: openssh security, bug fix, and enhancement update
Advisory ID: RHSA-2014:1552-02
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-1552.html
Issue date: 2014-10-14
CVE Names: CVE-2014-2532 CVE-2014-2653
=====================================================================
1. Summary:
Updated openssh packages that fix two security issues, several bugs, and
add various enhancements are now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
3. Description:
OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation.
These packages include the core files necessary for both the OpenSSH client
and server.
It was discovered that OpenSSH clients did not correctly verify DNS SSHFP
records. A malicious server could use this flaw to force a connecting
client to skip the DNS SSHFP record check and require the user to perform
manual host verification of the DNS SSHFP record. (CVE-2014-2653)
It was found that OpenSSH did not properly handle certain AcceptEnv
parameter values with wildcard characters. (CVE-2014-2532)
This update also fixes the following bugs:
* Based on the SP800-131A information security standard, the generation of
a digital signature using the Digital Signature Algorithm (DSA) with the
key size of 1024 bits and RSA with the key size of less than 2048 bits is
disallowed after the year 2013. After this update, ssh-keygen no longer
generates keys with less than 2048 bits in FIPS mode. However, the sshd
service accepts keys of size 1024 bits as well as larger keys for
compatibility reasons. (BZ#993580)
* Previously, the openssh utility incorrectly set the oom_adj value to -17
for all of its children processes. This behavior was incorrect because the
children processes were supposed to have this value set to 0. This update
applies a patch to fix this bug and oom_adj is now properly set to 0 for
all children processes as expected. (BZ#1010429)
* Previously, if the sshd service failed to verify the checksum of an
installed FIPS module using the fipscheck library, the information about
this failure was only provided at the standard error output of sshd. As a
consequence, the user could not notice this message and be uninformed when
a system had not been properly configured for FIPS mode. To fix this bug,
this behavior has been changed and sshd now sends such messages via the
syslog service. (BZ#1020803)
* When keys provided by the pkcs11 library were removed from the ssh agent
using the "ssh-add -e" command, the user was prompted to enter a PIN.
With this update, a patch has been applied to allow the user to remove the
keys provided by pkcs11 without the PIN. (BZ#1042519)
In addition, this update adds the following enhancements:
* With this update, ControlPersist has been added to OpenSSH. The option in
conjunction with the ControlMaster configuration directive specifies that
the master connection remains open in the background after the initial
client connection has been closed. (BZ#953088)
* When the sshd daemon is configured to force the internal SFTP session,
and the user attempts to use a connection other than SFTP, the appropriate
message is logged to the /var/log/secure file. (BZ#997377)
* Support for Elliptic Curve Cryptography modes for key exchange (ECDH) and
host user keys (ECDSA) as specified by RFC5656 has been added to the
openssh packages. However, they are not enabled by default and the user has
to enable them manually. For more information on how to configure ECDSA and
ECDH with OpenSSH, see: https://access.redhat.com/solutions/711953
(BZ#1028335)
All openssh users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add these
enhancements.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
953088 - OpenSSH adding ControlPersist patch to enable full usage of SSH control options
1010429 - Openssh Incorrectly sets oom_adj in all Children after Performing a Reload
1023043 - ssh_config manual page lists incorrect default value of KexAlgorithms
1023044 - Fix man page for ssh-keygen because of certificate support
1027197 - X11 Forwarding does not work with default config - error: Failed to allocate internet-domain X11 display socket
1028643 - Connection remains when fork() fails.
1077843 - CVE-2014-2532 openssh: AcceptEnv environment restriction bypass flaw
1081338 - CVE-2014-2653 openssh: failure to check DNS SSHFP records in certain scenarios
1108836 - ssh-keyscan should ignore SIGPIPE
1111568 - AUTOCREATE_SERVER_KEYS=RSAONLY is not supported by init script
6. Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source:
openssh-5.3p1-104.el6.src.rpm
i386:
openssh-5.3p1-104.el6.i686.rpm
openssh-askpass-5.3p1-104.el6.i686.rpm
openssh-clients-5.3p1-104.el6.i686.rpm
openssh-debuginfo-5.3p1-104.el6.i686.rpm
openssh-server-5.3p1-104.el6.i686.rpm
x86_64:
openssh-5.3p1-104.el6.x86_64.rpm
openssh-askpass-5.3p1-104.el6.x86_64.rpm
openssh-clients-5.3p1-104.el6.x86_64.rpm
openssh-debuginfo-5.3p1-104.el6.x86_64.rpm
openssh-server-5.3p1-104.el6.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386:
openssh-debuginfo-5.3p1-104.el6.i686.rpm
openssh-ldap-5.3p1-104.el6.i686.rpm
pam_ssh_agent_auth-0.9.3-104.el6.i686.rpm
x86_64:
openssh-debuginfo-5.3p1-104.el6.i686.rpm
openssh-debuginfo-5.3p1-104.el6.x86_64.rpm
openssh-ldap-5.3p1-104.el6.x86_64.rpm
pam_ssh_agent_auth-0.9.3-104.el6.i686.rpm
pam_ssh_agent_auth-0.9.3-104.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
openssh-5.3p1-104.el6.src.rpm
x86_64:
openssh-5.3p1-104.el6.x86_64.rpm
openssh-clients-5.3p1-104.el6.x86_64.rpm
openssh-debuginfo-5.3p1-104.el6.x86_64.rpm
openssh-server-5.3p1-104.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64:
openssh-askpass-5.3p1-104.el6.x86_64.rpm
openssh-debuginfo-5.3p1-104.el6.i686.rpm
openssh-debuginfo-5.3p1-104.el6.x86_64.rpm
openssh-ldap-5.3p1-104.el6.x86_64.rpm
pam_ssh_agent_auth-0.9.3-104.el6.i686.rpm
pam_ssh_agent_auth-0.9.3-104.el6.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
openssh-5.3p1-104.el6.src.rpm
i386:
openssh-5.3p1-104.el6.i686.rpm
openssh-askpass-5.3p1-104.el6.i686.rpm
openssh-clients-5.3p1-104.el6.i686.rpm
openssh-debuginfo-5.3p1-104.el6.i686.rpm
openssh-server-5.3p1-104.el6.i686.rpm
ppc64:
openssh-5.3p1-104.el6.ppc64.rpm
openssh-askpass-5.3p1-104.el6.ppc64.rpm
openssh-clients-5.3p1-104.el6.ppc64.rpm
openssh-debuginfo-5.3p1-104.el6.ppc64.rpm
openssh-server-5.3p1-104.el6.ppc64.rpm
s390x:
openssh-5.3p1-104.el6.s390x.rpm
openssh-askpass-5.3p1-104.el6.s390x.rpm
openssh-clients-5.3p1-104.el6.s390x.rpm
openssh-debuginfo-5.3p1-104.el6.s390x.rpm
openssh-server-5.3p1-104.el6.s390x.rpm
x86_64:
openssh-5.3p1-104.el6.x86_64.rpm
openssh-askpass-5.3p1-104.el6.x86_64.rpm
openssh-clients-5.3p1-104.el6.x86_64.rpm
openssh-debuginfo-5.3p1-104.el6.x86_64.rpm
openssh-server-5.3p1-104.el6.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386:
openssh-debuginfo-5.3p1-104.el6.i686.rpm
openssh-ldap-5.3p1-104.el6.i686.rpm
pam_ssh_agent_auth-0.9.3-104.el6.i686.rpm
ppc64:
openssh-debuginfo-5.3p1-104.el6.ppc.rpm
openssh-debuginfo-5.3p1-104.el6.ppc64.rpm
openssh-ldap-5.3p1-104.el6.ppc64.rpm
pam_ssh_agent_auth-0.9.3-104.el6.ppc.rpm
pam_ssh_agent_auth-0.9.3-104.el6.ppc64.rpm
s390x:
openssh-debuginfo-5.3p1-104.el6.s390.rpm
openssh-debuginfo-5.3p1-104.el6.s390x.rpm
openssh-ldap-5.3p1-104.el6.s390x.rpm
pam_ssh_agent_auth-0.9.3-104.el6.s390.rpm
pam_ssh_agent_auth-0.9.3-104.el6.s390x.rpm
x86_64:
openssh-debuginfo-5.3p1-104.el6.i686.rpm
openssh-debuginfo-5.3p1-104.el6.x86_64.rpm
openssh-ldap-5.3p1-104.el6.x86_64.rpm
pam_ssh_agent_auth-0.9.3-104.el6.i686.rpm
pam_ssh_agent_auth-0.9.3-104.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
openssh-5.3p1-104.el6.src.rpm
i386:
openssh-5.3p1-104.el6.i686.rpm
openssh-askpass-5.3p1-104.el6.i686.rpm
openssh-clients-5.3p1-104.el6.i686.rpm
openssh-debuginfo-5.3p1-104.el6.i686.rpm
openssh-server-5.3p1-104.el6.i686.rpm
x86_64:
openssh-5.3p1-104.el6.x86_64.rpm
openssh-askpass-5.3p1-104.el6.x86_64.rpm
openssh-clients-5.3p1-104.el6.x86_64.rpm
openssh-debuginfo-5.3p1-104.el6.x86_64.rpm
openssh-server-5.3p1-104.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386:
openssh-debuginfo-5.3p1-104.el6.i686.rpm
openssh-ldap-5.3p1-104.el6.i686.rpm
pam_ssh_agent_auth-0.9.3-104.el6.i686.rpm
x86_64:
openssh-debuginfo-5.3p1-104.el6.i686.rpm
openssh-debuginfo-5.3p1-104.el6.x86_64.rpm
openssh-ldap-5.3p1-104.el6.x86_64.rpm
pam_ssh_agent_auth-0.9.3-104.el6.i686.rpm
pam_ssh_agent_auth-0.9.3-104.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2014-2532.html
https://www.redhat.com/security/data/cve/CVE-2014-2653.html
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/solutions/711953
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iD8DBQFUPK1zXlSAg2UNWIIRAgLFAKCbc0zGun3IBr/70ChlueemUsEORgCfa8RL
IT6RfneDJRTv3j8EqBZSrp0=
=33Fn
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201405-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: OpenSSH: Multiple vulnerabilities
Date: May 11, 2014
Bugs: #231292, #247466, #386307, #410869, #419357, #456006, #505066
ID: 201405-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in OpenSSH, the worst of which
may allow remote attackers to execute arbitrary code. Please review
the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All OpenSSH users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/openssh-6.6_p1-r1"
NOTE: One or more of the issues described in this advisory have been
fixed in previous updates. They are included in this advisory for the
sake of completeness. It is likely that your system is already no
longer affected by them.
References
==========
[ 1 ] CVE-2008-5161
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5161
[ 2 ] CVE-2010-4478
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4478
[ 3 ] CVE-2010-4755
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4755
[ 4 ] CVE-2010-5107
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-5107
[ 5 ] CVE-2011-5000
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5000
[ 6 ] CVE-2012-0814
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0814
[ 7 ] CVE-2014-2532
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2532
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201405-06.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2015-09-30-3 OS X El Capitan 10.11
OS X El Capitan 10.11 is now available and addresses the following:
Address Book
Available for: Mac OS X v10.6.8 and later
Impact: A local attacker may be able to inject arbitrary code to
processes loading the Address Book framework
Description: An issue existed in Address Book framework's handling
of an environment variable. This issue was addressed through improved
environment variable handling.
CVE-ID
CVE-2015-5897 : Dan Bastone of Gotham Digital Science
AirScan
Available for: Mac OS X v10.6.8 and later
Impact: An attacker with a privileged network position may be able
to extract payload from eSCL packets sent over a secure connection
Description: An issue existed in the processing of eSCL packets.
This issue was addressed through improved validation checks.
CVE-ID
CVE-2015-5853 : an anonymous researcher
apache_mod_php
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in PHP
Description: Multiple vulnerabilities existed in PHP versions prior
to 5.5.27, including one which may have led to remote code execution.
This issue was addressed by updating PHP to version 5.5.27.
CVE-ID
CVE-2014-9425
CVE-2014-9427
CVE-2014-9652
CVE-2014-9705
CVE-2014-9709
CVE-2015-0231
CVE-2015-0232
CVE-2015-0235
CVE-2015-0273
CVE-2015-1351
CVE-2015-1352
CVE-2015-2301
CVE-2015-2305
CVE-2015-2331
CVE-2015-2348
CVE-2015-2783
CVE-2015-2787
CVE-2015-3329
CVE-2015-3330
Apple Online Store Kit
Available for: Mac OS X v10.6.8 and later
Impact: A malicious application may gain access to a user's keychain
items
Description: An issue existed in validation of access control lists
for iCloud keychain items. This issue was addressed through improved
access control list checks.
CVE-ID
CVE-2015-5836 : XiaoFeng Wang of Indiana University, Luyi Xing of
Indiana University, Tongxin Li of Peking University, Tongxin Li of
Peking University, Xiaolong Bai of Tsinghua University
AppleEvents
Available for: Mac OS X v10.6.8 and later
Impact: A user connected through screen sharing can send Apple
Events to a local user's session
Description: An issue existed with Apple Event filtering that
allowed some users to send events to other users. This was addressed
by improved Apple Event handling.
CVE-ID
CVE-2015-5849 : Jack Lawrence (@_jackhl)
Audio
Available for: Mac OS X v10.6.8 and later
Impact: Playing a malicious audio file may lead to an unexpected
application termination
Description: A memory corruption issue existed in the handling of
audio files. This issue issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-5862 : YoungJin Yoon of Information Security Lab. (Adv.:
Prof. Taekyoung Kwon), Yonsei University, Seoul, Korea
bash
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in bash
Description: Multiple vulnerabilities existed in bash versions prior
to 3.2 patch level 57. These issues were addressed by updating bash
version 3.2 to patch level 57.
CVE-ID
CVE-2014-6277
CVE-2014-7186
CVE-2014-7187
Certificate Trust Policy
Available for: Mac OS X v10.6.8 and later
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete
list of certificates may be viewed at https://support.apple.com/en-
us/HT202858.
CFNetwork Cookies
Available for: Mac OS X v10.6.8 and later
Impact: An attacker in a privileged network position can track a
user's activity
Description: A cross-domain cookie issue existed in the handling of
top level domains. The issue was address through improved
restrictions of cookie creation.
CVE-ID
CVE-2015-5885 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua
University
CFNetwork FTPProtocol
Available for: Mac OS X v10.6.8 and later
Impact: Malicious FTP servers may be able to cause the client to
perform reconnaissance on other hosts
Description: An issue existed in the handling of FTP packets when
using the PASV command. This issue was resolved through improved
validation.
CVE-ID
CVE-2015-5912 : Amit Klein
CFNetwork HTTPProtocol
Available for: Mac OS X v10.6.8 and later
Impact: A maliciously crafted URL may be able to bypass HSTS and
leak sensitive data
Description: A URL parsing vulnerability existed in HSTS handling.
This issue was addressed through improved URL parsing.
CVE-ID
CVE-2015-5858 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua
University
CFNetwork HTTPProtocol
Available for: Mac OS X v10.6.8 and later
Impact: A malicious website may be able to track users in Safari
private browsing mode
Description: An issue existed in the handling of HSTS state in
Safari private browsing mode. This issue was addressed through
improved state handling.
CVE-ID
CVE-2015-5860 : Sam Greenhalgh of RadicalResearch Ltd
CFNetwork Proxies
Available for: Mac OS X v10.6.8 and later
Impact: Connecting to a malicious web proxy may set malicious
cookies for a website
Description: An issue existed in the handling of proxy connect
responses. This issue was addressed by removing the set-cookie header
while parsing the connect response.
CVE-ID
CVE-2015-5841 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua
University
CFNetwork SSL
Available for: Mac OS X v10.6.8 and later
Impact: An attacker with a privileged network position may intercept
SSL/TLS connections
Description: A certificate validation issue existed in NSURL when a
certificate changed. This issue was addressed through improved
certificate validation.
CVE-ID
CVE-2015-5824 : Timothy J. Wood of The Omni Group
CFNetwork SSL
Available for: Mac OS X v10.6.8 and later
Impact: An attacker may be able to decrypt data protected by SSL
Description: There are known attacks on the confidentiality of RC4.
An attacker could force the use of RC4, even if the server preferred
better ciphers, by blocking TLS 1.0 and higher connections until
CFNetwork tried SSL 3.0, which only allows RC4. This issue was
addressed by removing the fallback to SSL 3.0.
CoreCrypto
Available for: Mac OS X v10.6.8 and later
Impact: An attacker may be able to determine a private key
Description: By observing many signing or decryption attempts, an
attacker may have been able to determine the RSA private key. This
issue was addressed using improved encryption algorithms.
CoreText
Available for: Mac OS X v10.6.8 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: A memory corruption issue existed in the processing of
font files. This issue was addressed through improved input
validation.
CVE-ID
CVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team
Dev Tools
Available for: Mac OS X v10.6.8 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A memory corruption issue existed in dyld. This was
addressed through improved memory handling.
CVE-ID
CVE-2015-5876 : beist of grayhash
Dev Tools
Available for: Mac OS X v10.6.8 and later
Impact: An application may be able to bypass code signing
Description: An issue existed with validation of the code signature
of executables. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2015-5839 : @PanguTeam
Disk Images
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue existed in DiskImages. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5847 : Filippo Bigarella, Luca Todesco
dyld
Available for: Mac OS X v10.6.8 and later
Impact: An application may be able to bypass code signing
Description: An issue existed with validation of the code signature
of executables. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2015-5839 : TaiG Jailbreak Team
EFI
Available for: Mac OS X v10.6.8 and later
Impact: A malicious application can prevent some systems from
booting
Description: An issue existed with the addresses covered by the
protected range register. This issue was fixed by changing the
protected range.
CVE-ID
CVE-2015-5900 : Xeno Kovah & Corey Kallenberg from LegbaCore
EFI
Available for: Mac OS X v10.6.8 and later
Impact: A malicious Apple Ethernet Thunderbolt adapter may be able
to affect firmware flashing
Description: Apple Ethernet Thunderbolt adapters could modify the
host firmware if connected during an EFI update. This issue was
addressed by not loading option ROMs during updates.
CVE-ID
CVE-2015-5914 : Trammell Hudson of Two Sigma Investments and snare
Finder
Available for: Mac OS X v10.6.8 and later
Impact: The "Secure Empty Trash" feature may not securely delete
files placed in the Trash
Description: An issue existed in guaranteeing secure deletion of
Trash files on some systems, such as those with flash storage. This
issue was addressed by removing the "Secure Empty Trash" option.
CVE-ID
CVE-2015-5901 : Apple
Game Center
Available for: Mac OS X v10.6.8 and later
Impact: A malicious Game Center application may be able to access a
player's email address
Description: An issue existed in Game Center in the handling of a
player's email. This issue was addressed through improved access
restrictions.
CVE-ID
CVE-2015-5855 : Nasser Alnasser
Heimdal
Available for: Mac OS X v10.6.8 and later
Impact: An attacker may be able to replay Kerberos credentials to
the SMB server
Description: An authentication issue existed in Kerberos
credentials. This issue was addressed through additional validation
of credentials using a list of recently seen credentials.
CVE-ID
CVE-2015-5913 : Tarun Chopra of Microsoft Corporation, U.S. and Yu
Fan of Microsoft Corporation, China
ICU
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in ICU
Description: Multiple vulnerabilities existed in ICU versions prior
to 53.1.0. These issues were addressed by updating ICU to version
55.1.
CVE-ID
CVE-2014-8146
CVE-2014-8147
CVE-2015-5922
Install Framework Legacy
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to gain root privileges
Description: A restriction issue existed in the Install private
framework containing a privileged executable. This issue was
addressed by removing the executable.
CVE-ID
CVE-2015-5888 : Apple
Intel Graphics Driver
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: Multiple memory corruption issues existed in the Intel
Graphics Driver. These issues were addressed through improved memory
handling.
CVE-ID
CVE-2015-5830 : Yuki MIZUNO (@mzyy94)
CVE-2015-5877 : Camillus Gerard Cai
IOAudioFamily
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to determine kernel memory layout
Description: An issue existed in IOAudioFamily that led to the
disclosure of kernel memory content. This issue was addressed by
permuting kernel pointers.
CVE-ID
CVE-2015-5864 : Luca Todesco
IOGraphics
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues existed in the
kernel. These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-5871 : Ilja van Sprundel of IOActive
CVE-2015-5872 : Ilja van Sprundel of IOActive
CVE-2015-5873 : Ilja van Sprundel of IOActive
CVE-2015-5890 : Ilja van Sprundel of IOActive
IOGraphics
Available for: Mac OS X v10.6.8 and later
Impact: A malicious application may be able to determine kernel
memory layout
Description: An issue existed in IOGraphics which could have led to
the disclosure of kernel memory layout. This issue was addressed
through improved memory management.
CVE-ID
CVE-2015-5865 : Luca Todesco
IOHIDFamily
Available for: Mac OS X v10.6.8 and later
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: Multiple memory corruption issues existed in
IOHIDFamily. These issues were addressed through improved memory
handling.
CVE-ID
CVE-2015-5866 : Apple
CVE-2015-5867 : moony li of Trend Micro
IOStorageFamily
Available for: Mac OS X v10.6.8 and later
Impact: A local attacker may be able to read kernel memory
Description: A memory initialization issue existed in the kernel.
This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5863 : Ilja van Sprundel of IOActive
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: Multiple memory corruption issues existed in the
Kernel. These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-5868 : Cererdlong of Alibaba Mobile Security Team
CVE-2015-5896 : Maxime Villard of m00nbsd
CVE-2015-5903 : CESG
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: A local process can modify other processes without
entitlement checks
Description: An issue existed where root processes using the
processor_set_tasks API were allowed to retrieve the task ports of
other processes. This issue was addressed through additional
entitlement checks.
CVE-ID
CVE-2015-5882 : Pedro Vilaca, working from original research by
Ming-chieh Pan and Sung-ting Tsai; Jonathan Levin
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: A local attacker may control the value of stack cookies
Description: Multiple weaknesses existed in the generation of user
space stack cookies. These issues were addressed through improved
generation of stack cookies.
CVE-ID
CVE-2013-3951 : Stefan Esser
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: An attacker may be able to launch denial of service attacks
on targeted TCP connections without knowing the correct sequence
number
Description: An issue existed in xnu's validation of TCP packet
headers. This issue was addressed through improved TCP packet header
validation.
CVE-ID
CVE-2015-5879 : Jonathan Looney
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: An attacker in a local LAN segment may disable IPv6 routing
Description: An insufficient validation issue existed in the
handling of IPv6 router advertisements that allowed an attacker to
set the hop limit to an arbitrary value. This issue was addressed by
enforcing a minimum hop limit.
CVE-ID
CVE-2015-5869 : Dennis Spindel Ljungmark
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to determine kernel memory layout
Description: An issue existed that led to the disclosure of kernel
memory layout. This was addressed through improved initialization of
kernel memory structures.
CVE-ID
CVE-2015-5842 : beist of grayhash
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to determine kernel memory layout
Description: An issue existed in debugging interfaces that led to
the disclosure of memory content. This issue was addressed by
sanitizing output from debugging interfaces.
CVE-ID
CVE-2015-5870 : Apple
Kernel
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to cause a system denial of service
Description: A state management issue existed in debugging
functionality. This issue was addressed through improved validation.
CVE-ID
CVE-2015-5902 : Sergi Alvarez (pancake) of NowSecure Research Team
libc
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the kernel. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2014-8611 : Adrian Chadd and Alfred Perlstein of Norse
Corporation
libpthread
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the kernel. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5899 : Lufeng Li of Qihoo 360 Vulcan Team
libxpc
Available for: Mac OS X v10.6.8 and later
Impact: Many SSH connections could cause a denial of service
Description: launchd had no limit on the number of processes that
could be started by a network connection. This issue was addressed by
limiting the number of SSH processes to 40.
CVE-ID
CVE-2015-5881 : Apple
Login Window
Available for: Mac OS X v10.6.8 and later
Impact: The screen lock may not engage after the specified time
period
Description: An issue existed with captured display locking. The
issue was addressed through improved lock handling.
CVE-ID
CVE-2015-5833 : Carlos Moreira, Rainer Dorau of rainer dorau
informationsdesign, Chris Nehren, Kai Takac, Hans Douma, Toni
Vaahtera, and an anonymous researcher
lukemftpd
Available for: Mac OS X v10.6.8 and later
Impact: A remote attacker may be able to deny service to the FTP
server
Description: A glob-processing issue existed in tnftpd. This issue
was addressed through improved glob validation.
CVE-ID
CVE-2015-5917 : Maksymilian Arciemowicz of cxsecurity.com
Mail
Available for: Mac OS X v10.6.8 and later
Impact: Printing an email may leak sensitive user information
Description: An issue existed in Mail which bypassed user
preferences when printing an email. This issue was addressed through
improved user preference enforcement.
CVE-ID
CVE-2015-5881 : Owen DeLong of Akamai Technologies, Noritaka Kamiya,
Dennis Klein from Eschenburg, Germany, Jeff Hammett of Systim
Technology Partners
Mail
Available for: Mac OS X v10.6.8 and later
Impact: An attacker in a privileged network position may be able to
intercept attachments of S/MIME-encrypted e-mail sent via Mail Drop
Description: An issue existed in handling encryption parameters for
large email attachments sent via Mail Drop. The issue is addressed by
no longer offering Mail Drop when sending an encrypted e-mail.
CVE-ID
CVE-2015-5884 : John McCombs of Integrated Mapping Ltd
Multipeer Connectivity
Available for: Mac OS X v10.6.8 and later
Impact: A local attacker may be able to observe unprotected
multipeer data
Description: An issue existed in convenience initializer handling in
which encryption could be actively downgraded to a non-encrypted
session. This issue was addressed by changing the convenience
initializer to require encryption.
CVE-ID
CVE-2015-5851 : Alban Diquet (@nabla_c0d3) of Data Theorem
NetworkExtension
Available for: Mac OS X v10.6.8 and later
Impact: A malicious application may be able to determine kernel
memory layout
Description: An uninitialized memory issue in the kernel led to the
disclosure of kernel memory content. This issue was addressed through
improved memory initialization.
CVE-ID
CVE-2015-5831 : Maxime Villard of m00nbsd
Notes
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to leak sensitive user information
Description: An issue existed in parsing links in the Notes
application. This issue was addressed through improved input
validation.
CVE-ID
CVE-2015-5878 : Craig Young of Tripwire VERT, an anonymous researcher
Notes
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to leak sensitive user information
Description: A cross-site scripting issue existed in parsing text by
the Notes application. This issue was addressed through improved
input validation.
CVE-ID
CVE-2015-5875 : xisigr of Tencent's Xuanwu LAB (www.tencent.com)
OpenSSH
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in OpenSSH
Description: Multiple vulnerabilities existed in OpenSSH versions
prior to 6.9. These issues were addressed by updating OpenSSH to
version 6.9.
CVE-ID
CVE-2014-2532
OpenSSL
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in OpenSSL
Description: Multiple vulnerabilities existed in OpenSSL versions
prior to 0.9.8zg. These were addressed by updating OpenSSL to version
0.9.8zg.
CVE-ID
CVE-2015-0286
CVE-2015-0287
procmail
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in procmail
Description: Multiple vulnerabilities existed in procmail versions
prior to 3.22. These issues were addressed by removing procmail.
CVE-ID
CVE-2014-3618
remote_cmds
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with root
privileges
Description: An issue existed in the usage of environment variables
by the rsh binary. This issue was addressed by dropping setuid
privileges from the rsh binary.
CVE-ID
CVE-2015-5889 : Philip Pettersson
removefile
Available for: Mac OS X v10.6.8 and later
Impact: Processing malicious data may lead to unexpected application
termination
Description: An overflow fault existed in the checkint division
routines. This issue was addressed with improved division routines.
CVE-ID
CVE-2015-5840 : an anonymous researcher
Ruby
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in Ruby
Description: Multiple vulnerabilities existed in Ruby versions prior
to 2.0.0p645. These were addressed by updating Ruby to version
2.0.0p645.
CVE-ID
CVE-2014-8080
CVE-2014-8090
CVE-2015-1855
Security
Available for: Mac OS X v10.6.8 and later
Impact: The lock state of the keychain may be incorrectly displayed
to the user
Description: A state management issue existed in the way keychain
lock status was tracked. This issue was addressed through improved
state management.
CVE-ID
CVE-2015-5915 : Peter Walz of University of Minnesota, David Ephron,
Eric E. Lawrence, Apple
Security
Available for: Mac OS X v10.6.8 and later
Impact: A trust evaluation configured to require revocation checking
may succeed even if revocation checking fails
Description: The kSecRevocationRequirePositiveResponse flag was
specified but not implemented. This issue was addressed by
implementing the flag.
CVE-ID
CVE-2015-5894 : Hannes Oud of kWallet GmbH
Security
Available for: Mac OS X v10.6.8 and later
Impact: A remote server may prompt for a certificate before
identifying itself
Description: Secure Transport accepted the CertificateRequest
message before the ServerKeyExchange message. This issue was
addressed by requiring the ServerKeyExchange first.
CVE-ID
CVE-2015-5887 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine
Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of
INRIA Paris-Rocquencourt, and Cedric Fournet and Markulf Kohlweiss of
Microsoft Research, Pierre-Yves Strub of IMDEA Software Institute
SMB
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the kernel. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5891 : Ilja van Sprundel of IOActive
SMB
Available for: Mac OS X v10.6.8 and later
Impact: A local user may be able to determine kernel memory layout
Description: An issue existed in SMBClient that led to the
disclosure of kernel memory content. This issue was addressed through
improved bounds checking.
CVE-ID
CVE-2015-5893 : Ilja van Sprundel of IOActive
SQLite
Available for: Mac OS X v10.6.8 and later
Impact: Multiple vulnerabilities in SQLite v3.8.5
Description: Multiple vulnerabilities existed in SQLite v3.8.5.
These issues were addressed by updating SQLite to version 3.8.10.2.
CVE-ID
CVE-2015-3414
CVE-2015-3415
CVE-2015-3416
Telephony
Available for: Mac OS X v10.6.8 and later
Impact: A local attacker can place phone calls without the user's
knowledge when using Continuity
Description: An issue existed in the authorization checks for
placing phone calls. This issue was addressed through improved
authorization checks.
CVE-ID
CVE-2015-3785 : Dan Bastone of Gotham Digital Science
Terminal
Available for: Mac OS X v10.6.8 and later
Impact: Maliciously crafted text could mislead the user in Terminal
Description: Terminal did not handle bidirectional override
characters in the same way when displaying text and when selecting
text. This issue was addressed by suppressing bidirectional override
characters in Terminal.
CVE-ID
CVE-2015-5883 : an anonymous researcher
tidy
Available for: Mac OS X v10.6.8 and later
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in tidy.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-5522 : Fernando Munoz of NULLGroup.com
CVE-2015-5523 : Fernando Munoz of NULLGroup.com
Time Machine
Available for: Mac OS X v10.6.8 and later
Impact: A local attacker may gain access to keychain items
Description: An issue existed in backups by the Time Machine
framework. This issue was addressed through improved coverage of Time
Machine backups.
CVE-ID
CVE-2015-5854 : Jonas Magazinius of Assured AB
Note: OS X El Capitan 10.11 includes the security content of
Safari 9: https://support.apple.com/kb/HT205265.
OS X El Capitan 10.11 may be obtained from the Mac App Store:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJWDB2wAAoJEBcWfLTuOo7t0sYP/2L3JOGPkHH8XUh2YHpu5qaw
S5F2v+SRpWleKQBVsGZ7oA8PV0rBTzEkzt8K1tNxYmxEqL9f/TpRiGoforn89thO
/hOtmVOfUcBjPZ4XKwMVzycfSMC9o6LxWTLEKDVylE+F+5jkXafOC9QaqD11dxX6
QhENkpS1BwrKhyaSVxEcgBQtZM9aTsVdZ78rTCb9XTn6gDnvs8NfIQquFOnaQT54
YJ36e5UcUsnyBIol+yGDbC3ZEhzSVIGE5/8/NFlFfRXLgnJArxD8lqz8WdfU9fop
hpT/dDqqAdYbRcW1ihcG1haiNHgP9yQCY5jRNfttb+Tc/kIi/QmPkEO0QS8Ygt/O
c3sUbNulr1LCinymFVwx16CM1DplGS/GmBL18BAEBnL6yi9tEhYDynZWLSEa37VR
8q802rXRSF10Wct9/kEeR4HgY/1k0KK/4Uddm3c0YyOU21ya7NAhoHGwmDa9g11r
N1TniOK8tPiCGjRNOJwuF6DKxD9L3Fv44bVlxAarGUGYkICqzaNS+bgKI1aQNahT
fJ91x5uKD4+L9v9c5slkoDIvWqIhO9oyuxgnmC5GstkwFplFXSOklLkTktjLGNn1
nJq8cPnZ/3E1RXTEwVhGljYw5pdZHNx98XmLomGrPqVlZfjGURK+5AXdf2pOlt2e
g6jld/w5tPuCFhGucE7Z
=XciV
-----END PGP SIGNATURE-----
.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2532
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2653
http://advisories.mageia.org/MGASA-2014-0143.html
http://advisories.mageia.org/MGASA-2014-0166.html
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 2/X86_64:
4cdb04be31987117f5111e3e6571dc98 mbs2/x86_64/openssh-6.2p2-6.2.mbs2.x86_64.rpm
7ab96e3da3647c4e5209b2d9d24f8fdb mbs2/x86_64/openssh-askpass-6.2p2-6.2.mbs2.x86_64.rpm
6c8c44006180a82b4e5a9bbdebaecbba mbs2/x86_64/openssh-askpass-common-6.2p2-6.2.mbs2.x86_64.rpm
dcff6d34efa6fb0f9128420d78a65eaa mbs2/x86_64/openssh-askpass-gnome-6.2p2-6.2.mbs2.x86_64.rpm
0323b38edadf62dfa9b7d3ae7a4c01fe mbs2/x86_64/openssh-clients-6.2p2-6.2.mbs2.x86_64.rpm
ebc1702b94487b1164de4d4a57723cc6 mbs2/x86_64/openssh-ldap-6.2p2-6.2.mbs2.x86_64.rpm
24bf0a4c7fbd35b3638385e7b406d036 mbs2/x86_64/openssh-server-6.2p2-6.2.mbs2.x86_64.rpm
4a887cb49bdb4aa4677fd409f8a6d927 mbs2/SRPMS/openssh-6.2p2-6.2.mbs2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2014-2532
Jann Horn discovered that OpenSSH incorrectly handled wildcards in
AcceptEnv lines.
CVE-2014-2653
Matthew Vernon reported that if a SSH server offers a
HostCertificate that the ssh client doesn't accept, then the client
doesn't check the DNS for SSHFP records. As a consequence a
malicious server can disable SSHFP-checking by presenting a
certificate.
Note that a host verification prompt is still displayed before
connecting.
For the oldstable distribution (squeeze), these problems have been fixed in
version 1:5.5p1-6+squeeze5.
For the stable distribution (wheezy), these problems have been fixed in
version 1:6.0p1-4+deb7u1.
For the unstable distribution (sid), these problems have been fixed in
version 1:6.6p1-1.
We recommend that you upgrade your openssh packages. ============================================================================
Ubuntu Security Notice USN-2155-1
March 25, 2014
openssh vulnerability
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.10
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
OpenSSH incorrectly handled environment restrictions with wildcards.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.10:
openssh-server 1:6.2p2-6ubuntu0.2
Ubuntu 12.10:
openssh-server 1:6.0p1-3ubuntu1.1
Ubuntu 12.04 LTS:
openssh-server 1:5.9p1-5ubuntu1.2
Ubuntu 10.04 LTS:
openssh-server 1:5.3p1-3ubuntu7.1
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04499681
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04499681
Version: 1
HPSBUX03188 SSRT101487 rev.1 - HP-UX running HP Secure Shell, Remote Denial
of Service (DoS) and other Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
Release Date: 2014-11-07
Last Updated: 2014-11-07
Potential Security Impact: Remote Denial of Service (DoS) and other
vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP-UX running HP
Secure Shell. These vulnerabilities could be exploited remotely to create a
Denial of Service (DoS) and other vulnerabilities.
References:
CVE-2013-4548 - remote Permissions, Privileges, and Access Control (CWE-264)
CVE-2014-1692 - remote Denial of Service (DoS), Buffer Errors (CWE-119)
CVE-2014-2532 - remote Permissions, Privileges, and Access Control (CWE-264)
CVE-2014-2653 - remote Input Validation (CWE-20)
SSRT101487
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.11 running HP Secure Shell before version A.06.20.010
HP-UX B.11.23 running HP Secure Shell before version A.06.20.011
HP-UX B.11.31 running HP Secure Shell before version A.06.20.012
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2013-4548 (AV:N/AC:M/Au:S/C:P/I:P/A:P) 6.0
CVE-2014-1692 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5
CVE-2014-2532 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8
CVE-2014-2653 (AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following software updates to resolve this vulnerability.
The updates are available for download from:
http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=
T1471AA
OS Release
HP Secure Shell Version
Depot Name
HP-UX B.11.11 (11i v1)
A.06.20.010 or subsequent
HP_UX_11i_v1_T1471AA_A.06.20.010_HP-UX_B.11.11_32_64.depot
HP-UX B.11.23 (11i v2)
A.06.20.011 or subsequent
HP_UX_11i_v2_T1471AA_A.06.20.011_HP-UX_B.11.23_IA_PA.depot
HP-UX B.11.31 (11i v3)
A.06.20.012 or subsequent
HP_UX_11i_v3_SecureShell_A.06.20.012_HP-UX_B.11.31_IA_PA.depot
MANUAL ACTIONS: Yes - Update
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant:
HP-UX Software Assistant is an enhanced application that replaces HP-UX
Security Patch Check. It analyzes all HP-issued Security Bulletins and lists
recommended actions that may apply to a specific HP-UX system. It can also
download patches and create a depot automatically. For more information see:
https://www.hp.com/go/swa
AFFECTED VERSIONS
HP-UX B.11.11
==============
Secure_Shell.SECURE_SHELL
action: install revision A.06.20.010 or subsequent
HP-UX B.11.23
==============
Secure_Shell.SECSH-CMN
Secure_Shell.SECURE_SHELL
action: install revision A.06.20.011 or subsequent
HP-UX B.11.31
==============
Secure_Shell.SECSH-CMN
Secure_Shell.SECURE_SHELL
action: install revision A.06.20.012 or subsequent
END AFFECTED VERSIONS
HISTORY: Version:1 (rev.1) - 7 November 2014 Initial Release
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2014 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners
| VAR-201403-0548 | CVE-2014-0133 | nginx of SPDY Implementation of heap-based buffer overflow vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request. nginx is prone to a heap-based buffer-overflow vulnerability.
Successful exploitation of this issue allow an attacker to execute arbitrary code in the context of the application, failed exploit attempts may lead to denial-of-service.
nginx 1.3.15 through 1.4.7 and 1.5.0 through 1.5.12 are vulnerable. nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server developed by Russian programmer Igor Sysoev. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201406-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: nginx: Arbitrary code execution
Date: June 22, 2014
Bugs: #505018
ID: 201406-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
A vulnerability has been found in nginx which may allow execution of
arbitrary code.
Background
==========
nginx is a robust, small, and high performance HTTP and reverse proxy
server. The SPDY implementation is not enabled in default
configurations.
Workaround
==========
Disable the spdy module in NGINX_MODULES_HTTP.
Resolution
==========
All nginx users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-servers/nginx-1.4.7"
References
==========
[ 1 ] CVE-2014-0133
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0133
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201406-20.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that
it was possible to reuse cached SSL sessions in unrelated contexts,
allowing virtual host confusion attacks in some configurations by an
attacker in a privileged network position (CVE-2014-3616).
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0133
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3616
http://advisories.mageia.org/MGASA-2014-0136.html
http://advisories.mageia.org/MGASA-2014-0427.html
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 2/X86_64:
f859044a48eda0b859c931bce3688184 mbs2/x86_64/nginx-1.4.7-1.mbs2.x86_64.rpm
36f49f7a1ca40c8546e82d514023b3f4 mbs2/SRPMS/nginx-1.4.7-1.mbs2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFVFnUlmqjQ0CJFipgRAvneAJ0evtNmMhS+lWltq9051wHRR6vuDgCg3BW0
x8jC+tKifZWs8shTG2EYzgo=
=oIRY
-----END PGP SIGNATURE-----
| VAR-201403-0710 | No CVE | Huawei Ethernet Switches Denial of Service Vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Huawei Ethernet Switches is a switch device developed by Huawei. Huawei Ethernet Switches have errors when the device processes certain Y.1731 messages, allowing an attacker to exploit a vulnerability to submit a specially crafted message to overload the device. Huawei multiple Ethernet switches are prone to a denial-of-service vulnerability.
Successfully exploiting this issue will result in a denial-of-service condition to the legitimate users
| VAR-201403-0713 | No CVE | D-Link DIR-615 Multiple Security Vulnerabilities |
CVSS V2: 5.8 CVSS V3: - Severity: MEDIUM |
The D-Link DIR-615 is a router device. There are several security vulnerabilities in D-Link DIR-615: 1. There is a cross-site request forgery vulnerability that allows remote attackers to build malicious URIs, entice users to resolve, and perform malicious operations in the target user context, such as changing device configuration. 2. The application fails to properly restrict access to certain requests, allowing an attacker to exploit the vulnerability to obtain sensitive information. D-Link DIR-615 is a small wireless router product from D-Link.
There are multiple security vulnerabilities in D-Link DIR-615 routers running 5.10 and earlier firmware, including: 1. Authentication bypass vulnerability 2. Cross-site request forgery vulnerability 3. HTML injection vulnerability 4. Information leakage vulnerability Attackers can use these vulnerabilities to execute HTML and arbitrary script code in the context of the affected device, steal cookie-based authentication, bypass authentication mechanisms, or obtain sensitive information. Other attacks are also possible
| VAR-201403-0715 | No CVE | D-Link DIR-615 Cross-Site Request Forgery Vulnerability |
CVSS V2: 3.5 CVSS V3: - Severity: LOW |
The D-Link DIR-615 is a router device. D-Link DIR-615 has a cross-site request forgery vulnerability that allows remote attackers to build malicious URIs, entice users to resolve, and perform malicious actions in the target user context, such as changing device configuration. D-Link DIR-615 is a small wireless router product from D-Link.
A cross-site request forgery vulnerability exists in D-Link DIR-615 routers running firmware versions prior to 8.0A. A remote attacker could use this vulnerability to perform unauthorized operations. D-Link DIR-615 is prone to a cross-site request-forgery vulnerability. This may lead to further attacks.
D-Link DIR-615 Rev. H1 running firmware version 8.0A and lower are vulnerable
| VAR-201403-0292 | CVE-2014-1714 | plural OS Run on Google Chrome of ui/base/clipboard/scoped_clipboard_writer.cc Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
The ScopedClipboardWriter::WritePickledData function in ui/base/clipboard/scoped_clipboard_writer.cc in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows does not verify a certain format value, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the clipboard. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of the Microsoft Windows Clipboard. An attacker can leverage this vulnerability to execute code under the context of the broker process. Google Chrome is prone to a security-bypass vulnerability.
An attacker can exploit this issue to bypass sandbox protection and execute arbitrary code with elevated privileges by leveraging access to a sandboxed process.
Versions prior Chrome 33.0.1750.154 are vulnerable. A remote attacker could exploit this vulnerability to cause a denial of service or other effects. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201408-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Chromium: Multiple vulnerabilities
Date: August 30, 2014
Bugs: #504328, #504890, #507212, #508788, #510288, #510904,
#512944, #517304, #519788, #521276
ID: 201408-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Chromium, the worst of
which can allow remote attackers to execute arbitrary code.
Background
==========
Chromium is an open-source web browser project.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 37.0.2062.94 >= 37.0.2062.94
Description
===========
Multiple vulnerabilities have been discovered in Chromium. Please
review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-37.0.2062.94"
References
==========
[ 1 ] CVE-2014-1741
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1741
[ 2 ] CVE-2014-0538
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0538
[ 3 ] CVE-2014-1700
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1700
[ 4 ] CVE-2014-1701
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1701
[ 5 ] CVE-2014-1702
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1702
[ 6 ] CVE-2014-1703
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1703
[ 7 ] CVE-2014-1704
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1704
[ 8 ] CVE-2014-1705
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1705
[ 9 ] CVE-2014-1713
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1713
[ 10 ] CVE-2014-1714
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1714
[ 11 ] CVE-2014-1715
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1715
[ 12 ] CVE-2014-1716
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1716
[ 13 ] CVE-2014-1717
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1717
[ 14 ] CVE-2014-1718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1718
[ 15 ] CVE-2014-1719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1719
[ 16 ] CVE-2014-1720
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1720
[ 17 ] CVE-2014-1721
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1721
[ 18 ] CVE-2014-1722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1722
[ 19 ] CVE-2014-1723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1723
[ 20 ] CVE-2014-1724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1724
[ 21 ] CVE-2014-1725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1725
[ 22 ] CVE-2014-1726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1726
[ 23 ] CVE-2014-1727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1727
[ 24 ] CVE-2014-1728
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1728
[ 25 ] CVE-2014-1729
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1729
[ 26 ] CVE-2014-1730
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1730
[ 27 ] CVE-2014-1731
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1731
[ 28 ] CVE-2014-1732
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1732
[ 29 ] CVE-2014-1733
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1733
[ 30 ] CVE-2014-1734
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1734
[ 31 ] CVE-2014-1735
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1735
[ 32 ] CVE-2014-1740
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1740
[ 33 ] CVE-2014-1742
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1742
[ 34 ] CVE-2014-1743
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1743
[ 35 ] CVE-2014-1744
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1744
[ 36 ] CVE-2014-1745
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1745
[ 37 ] CVE-2014-1746
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1746
[ 38 ] CVE-2014-1747
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1747
[ 39 ] CVE-2014-1748
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1748
[ 40 ] CVE-2014-1749
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1749
[ 41 ] CVE-2014-3154
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3154
[ 42 ] CVE-2014-3155
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3155
[ 43 ] CVE-2014-3156
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3156
[ 44 ] CVE-2014-3157
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3157
[ 45 ] CVE-2014-3160
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3160
[ 46 ] CVE-2014-3162
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3162
[ 47 ] CVE-2014-3165
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3165
[ 48 ] CVE-2014-3166
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3166
[ 49 ] CVE-2014-3167
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3167
[ 50 ] CVE-2014-3168
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3168
[ 51 ] CVE-2014-3169
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3169
[ 52 ] CVE-2014-3170
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3170
[ 53 ] CVE-2014-3171
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3171
[ 54 ] CVE-2014-3172
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3172
[ 55 ] CVE-2014-3173
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3173
[ 56 ] CVE-2014-3174
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3174
[ 57 ] CVE-2014-3175
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3175
[ 58 ] CVE-2014-3176
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3176
[ 59 ] CVE-2014-3177
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3177
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201408-16.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201403-0285 | CVE-2014-1705 | plural OS Run on Google Chrome Used in Google V8 Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Google V8, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of TypedArray objects. By carefully manipulating a TypedArray object an attacker can read and write data to any address. An attacker can leverage this vulnerability to execute code under the context of the current process. Failed exploit attempts will result in a denial-of-service condition.
Versions prior Chrome 33.0.1750.152 for Mac and Linux and 33.0.1750.154 for Windows are vulnerable. Bugtraq ID: 66239 CVE ID: CVE-2014-1705 Google Chrome is a popular web browser. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2883-1 security@debian.org
http://www.debian.org/security/ Michael Gilbert
March 23, 2014 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : chromium-browser
CVE ID : CVE-2013-6653 CVE-2013-6654 CVE-2013-6655 CVE-2013-6656
CVE-2013-6657 CVE-2013-6658 CVE-2013-6659 CVE-2013-6660
CVE-2013-6661 CVE-2013-6663 CVE-2013-6664 CVE-2013-6665
CVE-2013-6666 CVE-2013-6667 CVE-2013-6668 CVE-2014-1700
CVE-2014-1701 CVE-2014-1702 CVE-2014-1703 CVE-2014-1704
CVE-2014-1705 CVE-2014-1713 CVE-2014-1715
Several vulnerabilities have been discovered in the chromium web browser.
CVE-2013-6653
Khalil Zhani discovered a use-after-free issue in chromium's web
contents color chooser.
CVE-2013-6654
TheShow3511 discovered an issue in SVG handling.
CVE-2013-6655
cloudfuzzer discovered a use-after-free issue in dom event handling.
CVE-2013-6656
NeexEmil discovered an information leak in the XSS auditor.
CVE-2013-6657
NeexEmil discovered a way to bypass the Same Origin policy in the
XSS auditor.
CVE-2013-6658
cloudfuzzer discovered multiple use-after-free issues surrounding
the updateWidgetPositions function.
CVE-2013-6659
Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that
it was possible to trigger an unexpected certificate chain during
TLS renegotiation.
CVE-2013-6660
bishopjeffreys discovered an information leak in the drag and drop
implementation.
CVE-2013-6661
The Google Chrome team discovered and fixed multiple issues in
version 33.0.1750.117.
CVE-2013-6663
Atte Kettunen discovered a use-after-free issue in SVG handling.
CVE-2013-6664
Khalil Zhani discovered a use-after-free issue in the speech
recognition feature.
CVE-2013-6665
cloudfuzzer discovered a buffer overflow issue in the software
renderer.
CVE-2013-6666
netfuzzer discovered a restriction bypass in the Pepper Flash
plugin.
CVE-2013-6667
The Google Chrome team discovered and fixed multiple issues in
version 33.0.1750.146.
CVE-2013-6668
Multiple vulnerabilities were fixed in version 3.24.35.10 of
the V8 javascript library.
CVE-2014-1700
Chamal de Silva discovered a use-after-free issue in speech
synthesis.
CVE-2014-1701
aidanhs discovered a cross-site scripting issue in event handling.
CVE-2014-1702
Colin Payne discovered a use-after-free issue in the web database
implementation.
CVE-2014-1703
VUPEN discovered a use-after-free issue in web sockets that
could lead to a sandbox escape.
CVE-2014-1704
Multiple vulnerabilities were fixed in version 3.23.17.18 of
the V8 javascript library.
CVE-2014-1705
A memory corruption issue was discovered in the V8 javascript
library.
CVE-2014-1713
A use-after-free issue was discovered in the AttributeSetter
function.
CVE-2014-1715
A directory traversal issue was found and fixed.
For the stable distribution (wheezy), these problems have been fixed in
version 33.0.1750.152-1~deb7u1.
For the testing distribution (jessie), these problems will be fixed soon.
For the unstable distribution (sid), these problems have been fixed in
version 33.0.1750.152-1.
We recommend that you upgrade your chromium-browser packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQQcBAEBCgAGBQJTL4L5AAoJELjWss0C1vRzmmkf/3IwJbpRQ+HKdWFLjEqap7hN
o5p82LhmXthyNNBTfOoylxN03hBPfwvNC6zYZ9wMp0qBJJKvPVvswg3FdpvHMiUS
4N96l0rDyf8HRrd7goQnsagn2RrqDROHHEFsFdwuiC6pB3rLEKN8lPAmpo6VZHkH
LQ5zO0uI/fi3q8Ad2VCeG8O6kdcHUmmvFuB49Sl3YFKpfIVLv5XVaMJBlKSbt62T
pbs4/iB4gYTwSeFuN20z17mAchFj31hxuT/UlCD6tn0cIkN9DpL2TDkxG3boVLne
FgDkgSIqV8Zy2mCK3fz7M4INHlyeIh/xiBK+k+VECaVlznUqctCTlQFXXotf19ch
V19rjXMyXMIwe8nVR0C7PoQT225aH9QYBem/S2v6D0hQjpLcDIoZbHvB9zw/7g/o
Y8wUhiBsgLTOqy3tsKt1aVGGbElMjBCTqAJ+/SzJZNtZEwNXGkTz2k3EwdarHsaG
ea2f1xhiJJaVdXXALGjQwWoKWFEN56WhX749DsFC1jD3F2CTHSI9BN38voMUm1wq
RcoXfc56OR9S+7f+5rDQQ3c2zeDCFgo7Ue3E4/9ZP2IvBdc8qhsZCViZVCE1nCz4
e/NzbauOyLOI1IB4IJkctiRyszvGD30TZYSx8JX6YY6T58HH7HbgLSEEGaLj/dcG
Fx4GQHnufVaBPrbpdrXQRqcUwJh2rJO7DM0BsxVKbgNCKQNI65FTNpWn/P7rJ/72
i7VsTUzDT3pcScJ1oqM+egvpEqKnbsPO97+iuzeD5UhJK3s5H23ErGHzwV2ZcHnD
cdc6VwHHCo0gJQ+EA9D/W8/S9MdJscetOb4AzafGUnCq5kGjcs5wFnNh2CWgxNHc
/JJA027nMSRwUnW4kkcJAMiOfTPmNLN0QDy1wok6fJUuOtCP6/I5ptR87gDyX3FW
0JBxbZ6sZigXsIcMNaGJoPxd454dCAFAlLbehm+7i7d9U9Yb3c5o2F81WT4Qx0bu
XdKw5xhFz9OL5TA66GQ2Cr5aaKfrHqW1SzeiOeDJPqJ0ZbPHlIY0c+XJRRKepV22
lBbZzHVMOzv0jkhQjZV4ulf9Rv7xlcSmq2JF7TdjejoS7YrbU8+qg9h9LZ38XDtI
Ar/w05YNpZRVtT4XP2v7eYw/vJ7c+6dLwqSqGFVe4VOjkazbM15tB6QoDVjmr1y+
Ti/cfFsQAH45joi3v7HXWTXu4NVPN1oQypur/MBO1EvtigbBwxmRdn95mx6zotfY
voLocT7KLWwPTklh5wtUZ6/DGWv0dXcb7tcbNeEo4e9lhrAP0694huGkJprW5Z09
yItPaD9PNnHySK3FWvz91MpIVqAIlU+7HFuvs7N7Y/RTsQx9bFEjUrn1epeGNL0=
=tb+u
-----END PGP SIGNATURE-----
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201408-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Chromium: Multiple vulnerabilities
Date: August 30, 2014
Bugs: #504328, #504890, #507212, #508788, #510288, #510904,
#512944, #517304, #519788, #521276
ID: 201408-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Chromium, the worst of
which can allow remote attackers to execute arbitrary code.
Background
==========
Chromium is an open-source web browser project.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 37.0.2062.94 >= 37.0.2062.94
Description
===========
Multiple vulnerabilities have been discovered in Chromium. Please
review the CVE identifiers referenced below for details.
Impact
======
A remote attacker could conduct a number of attacks which include:
cross site scripting attacks, bypassing of sandbox protection,
potential execution of arbitrary code with the privileges of the
process, or cause a Denial of Service condition.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-37.0.2062.94"
References
==========
[ 1 ] CVE-2014-1741
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1741
[ 2 ] CVE-2014-0538
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0538
[ 3 ] CVE-2014-1700
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1700
[ 4 ] CVE-2014-1701
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1701
[ 5 ] CVE-2014-1702
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1702
[ 6 ] CVE-2014-1703
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1703
[ 7 ] CVE-2014-1704
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1704
[ 8 ] CVE-2014-1705
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1705
[ 9 ] CVE-2014-1713
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1713
[ 10 ] CVE-2014-1714
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1714
[ 11 ] CVE-2014-1715
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1715
[ 12 ] CVE-2014-1716
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1716
[ 13 ] CVE-2014-1717
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1717
[ 14 ] CVE-2014-1718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1718
[ 15 ] CVE-2014-1719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1719
[ 16 ] CVE-2014-1720
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1720
[ 17 ] CVE-2014-1721
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1721
[ 18 ] CVE-2014-1722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1722
[ 19 ] CVE-2014-1723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1723
[ 20 ] CVE-2014-1724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1724
[ 21 ] CVE-2014-1725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1725
[ 22 ] CVE-2014-1726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1726
[ 23 ] CVE-2014-1727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1727
[ 24 ] CVE-2014-1728
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1728
[ 25 ] CVE-2014-1729
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1729
[ 26 ] CVE-2014-1730
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1730
[ 27 ] CVE-2014-1731
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1731
[ 28 ] CVE-2014-1732
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1732
[ 29 ] CVE-2014-1733
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1733
[ 30 ] CVE-2014-1734
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1734
[ 31 ] CVE-2014-1735
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1735
[ 32 ] CVE-2014-1740
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1740
[ 33 ] CVE-2014-1742
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1742
[ 34 ] CVE-2014-1743
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1743
[ 35 ] CVE-2014-1744
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1744
[ 36 ] CVE-2014-1745
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1745
[ 37 ] CVE-2014-1746
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1746
[ 38 ] CVE-2014-1747
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1747
[ 39 ] CVE-2014-1748
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1748
[ 40 ] CVE-2014-1749
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1749
[ 41 ] CVE-2014-3154
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3154
[ 42 ] CVE-2014-3155
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3155
[ 43 ] CVE-2014-3156
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3156
[ 44 ] CVE-2014-3157
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3157
[ 45 ] CVE-2014-3160
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3160
[ 46 ] CVE-2014-3162
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3162
[ 47 ] CVE-2014-3165
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3165
[ 48 ] CVE-2014-3166
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3166
[ 49 ] CVE-2014-3167
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3167
[ 50 ] CVE-2014-3168
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3168
[ 51 ] CVE-2014-3169
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3169
[ 52 ] CVE-2014-3170
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3170
[ 53 ] CVE-2014-3171
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3171
[ 54 ] CVE-2014-3172
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3172
[ 55 ] CVE-2014-3173
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3173
[ 56 ] CVE-2014-3174
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3174
[ 57 ] CVE-2014-3175
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3175
[ 58 ] CVE-2014-3176
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3176
[ 59 ] CVE-2014-3177
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3177
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201408-16.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201403-0284 | CVE-2014-1715 | plural OS Run on Google Chrome Vulnerable to directory traversal |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Directory traversal vulnerability in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows has unspecified impact and attack vectors. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of directories. The issue lies in the failure to fully check for directory traversal attempts. An attacker can leverage this vulnerability to execute code under the context of the broker process. Google Chrome is prone to a directory-traversal vulnerability.
Attackers can exploit this issue to obtain sensitive information. This may aid in further attacks.
Versions prior Chrome 33.0.1750.152 for Mac and Linux and 33.0.1750.154 for Windows are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2883-1 security@debian.org
http://www.debian.org/security/ Michael Gilbert
March 23, 2014 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : chromium-browser
CVE ID : CVE-2013-6653 CVE-2013-6654 CVE-2013-6655 CVE-2013-6656
CVE-2013-6657 CVE-2013-6658 CVE-2013-6659 CVE-2013-6660
CVE-2013-6661 CVE-2013-6663 CVE-2013-6664 CVE-2013-6665
CVE-2013-6666 CVE-2013-6667 CVE-2013-6668 CVE-2014-1700
CVE-2014-1701 CVE-2014-1702 CVE-2014-1703 CVE-2014-1704
CVE-2014-1705 CVE-2014-1713 CVE-2014-1715
Several vulnerabilities have been discovered in the chromium web browser.
CVE-2013-6653
Khalil Zhani discovered a use-after-free issue in chromium's web
contents color chooser.
CVE-2013-6654
TheShow3511 discovered an issue in SVG handling.
CVE-2013-6655
cloudfuzzer discovered a use-after-free issue in dom event handling.
CVE-2013-6656
NeexEmil discovered an information leak in the XSS auditor.
CVE-2013-6657
NeexEmil discovered a way to bypass the Same Origin policy in the
XSS auditor.
CVE-2013-6658
cloudfuzzer discovered multiple use-after-free issues surrounding
the updateWidgetPositions function.
CVE-2013-6659
Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that
it was possible to trigger an unexpected certificate chain during
TLS renegotiation.
CVE-2013-6660
bishopjeffreys discovered an information leak in the drag and drop
implementation.
CVE-2013-6661
The Google Chrome team discovered and fixed multiple issues in
version 33.0.1750.117.
CVE-2013-6663
Atte Kettunen discovered a use-after-free issue in SVG handling.
CVE-2013-6664
Khalil Zhani discovered a use-after-free issue in the speech
recognition feature.
CVE-2013-6665
cloudfuzzer discovered a buffer overflow issue in the software
renderer.
CVE-2013-6666
netfuzzer discovered a restriction bypass in the Pepper Flash
plugin.
CVE-2013-6667
The Google Chrome team discovered and fixed multiple issues in
version 33.0.1750.146.
CVE-2013-6668
Multiple vulnerabilities were fixed in version 3.24.35.10 of
the V8 javascript library.
CVE-2014-1700
Chamal de Silva discovered a use-after-free issue in speech
synthesis.
CVE-2014-1701
aidanhs discovered a cross-site scripting issue in event handling.
CVE-2014-1702
Colin Payne discovered a use-after-free issue in the web database
implementation.
CVE-2014-1703
VUPEN discovered a use-after-free issue in web sockets that
could lead to a sandbox escape.
CVE-2014-1704
Multiple vulnerabilities were fixed in version 3.23.17.18 of
the V8 javascript library.
CVE-2014-1705
A memory corruption issue was discovered in the V8 javascript
library.
CVE-2014-1713
A use-after-free issue was discovered in the AttributeSetter
function.
For the stable distribution (wheezy), these problems have been fixed in
version 33.0.1750.152-1~deb7u1.
For the testing distribution (jessie), these problems will be fixed soon.
For the unstable distribution (sid), these problems have been fixed in
version 33.0.1750.152-1.
We recommend that you upgrade your chromium-browser packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQQcBAEBCgAGBQJTL4L5AAoJELjWss0C1vRzmmkf/3IwJbpRQ+HKdWFLjEqap7hN
o5p82LhmXthyNNBTfOoylxN03hBPfwvNC6zYZ9wMp0qBJJKvPVvswg3FdpvHMiUS
4N96l0rDyf8HRrd7goQnsagn2RrqDROHHEFsFdwuiC6pB3rLEKN8lPAmpo6VZHkH
LQ5zO0uI/fi3q8Ad2VCeG8O6kdcHUmmvFuB49Sl3YFKpfIVLv5XVaMJBlKSbt62T
pbs4/iB4gYTwSeFuN20z17mAchFj31hxuT/UlCD6tn0cIkN9DpL2TDkxG3boVLne
FgDkgSIqV8Zy2mCK3fz7M4INHlyeIh/xiBK+k+VECaVlznUqctCTlQFXXotf19ch
V19rjXMyXMIwe8nVR0C7PoQT225aH9QYBem/S2v6D0hQjpLcDIoZbHvB9zw/7g/o
Y8wUhiBsgLTOqy3tsKt1aVGGbElMjBCTqAJ+/SzJZNtZEwNXGkTz2k3EwdarHsaG
ea2f1xhiJJaVdXXALGjQwWoKWFEN56WhX749DsFC1jD3F2CTHSI9BN38voMUm1wq
RcoXfc56OR9S+7f+5rDQQ3c2zeDCFgo7Ue3E4/9ZP2IvBdc8qhsZCViZVCE1nCz4
e/NzbauOyLOI1IB4IJkctiRyszvGD30TZYSx8JX6YY6T58HH7HbgLSEEGaLj/dcG
Fx4GQHnufVaBPrbpdrXQRqcUwJh2rJO7DM0BsxVKbgNCKQNI65FTNpWn/P7rJ/72
i7VsTUzDT3pcScJ1oqM+egvpEqKnbsPO97+iuzeD5UhJK3s5H23ErGHzwV2ZcHnD
cdc6VwHHCo0gJQ+EA9D/W8/S9MdJscetOb4AzafGUnCq5kGjcs5wFnNh2CWgxNHc
/JJA027nMSRwUnW4kkcJAMiOfTPmNLN0QDy1wok6fJUuOtCP6/I5ptR87gDyX3FW
0JBxbZ6sZigXsIcMNaGJoPxd454dCAFAlLbehm+7i7d9U9Yb3c5o2F81WT4Qx0bu
XdKw5xhFz9OL5TA66GQ2Cr5aaKfrHqW1SzeiOeDJPqJ0ZbPHlIY0c+XJRRKepV22
lBbZzHVMOzv0jkhQjZV4ulf9Rv7xlcSmq2JF7TdjejoS7YrbU8+qg9h9LZ38XDtI
Ar/w05YNpZRVtT4XP2v7eYw/vJ7c+6dLwqSqGFVe4VOjkazbM15tB6QoDVjmr1y+
Ti/cfFsQAH45joi3v7HXWTXu4NVPN1oQypur/MBO1EvtigbBwxmRdn95mx6zotfY
voLocT7KLWwPTklh5wtUZ6/DGWv0dXcb7tcbNeEo4e9lhrAP0694huGkJprW5Z09
yItPaD9PNnHySK3FWvz91MpIVqAIlU+7HFuvs7N7Y/RTsQx9bFEjUrn1epeGNL0=
=tb+u
-----END PGP SIGNATURE-----
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201408-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Chromium: Multiple vulnerabilities
Date: August 30, 2014
Bugs: #504328, #504890, #507212, #508788, #510288, #510904,
#512944, #517304, #519788, #521276
ID: 201408-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Chromium, the worst of
which can allow remote attackers to execute arbitrary code.
Background
==========
Chromium is an open-source web browser project.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 37.0.2062.94 >= 37.0.2062.94
Description
===========
Multiple vulnerabilities have been discovered in Chromium. Please
review the CVE identifiers referenced below for details.
Impact
======
A remote attacker could conduct a number of attacks which include:
cross site scripting attacks, bypassing of sandbox protection,
potential execution of arbitrary code with the privileges of the
process, or cause a Denial of Service condition.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-37.0.2062.94"
References
==========
[ 1 ] CVE-2014-1741
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1741
[ 2 ] CVE-2014-0538
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0538
[ 3 ] CVE-2014-1700
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1700
[ 4 ] CVE-2014-1701
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1701
[ 5 ] CVE-2014-1702
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1702
[ 6 ] CVE-2014-1703
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1703
[ 7 ] CVE-2014-1704
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1704
[ 8 ] CVE-2014-1705
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1705
[ 9 ] CVE-2014-1713
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1713
[ 10 ] CVE-2014-1714
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1714
[ 11 ] CVE-2014-1715
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1715
[ 12 ] CVE-2014-1716
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1716
[ 13 ] CVE-2014-1717
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1717
[ 14 ] CVE-2014-1718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1718
[ 15 ] CVE-2014-1719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1719
[ 16 ] CVE-2014-1720
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1720
[ 17 ] CVE-2014-1721
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1721
[ 18 ] CVE-2014-1722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1722
[ 19 ] CVE-2014-1723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1723
[ 20 ] CVE-2014-1724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1724
[ 21 ] CVE-2014-1725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1725
[ 22 ] CVE-2014-1726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1726
[ 23 ] CVE-2014-1727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1727
[ 24 ] CVE-2014-1728
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1728
[ 25 ] CVE-2014-1729
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1729
[ 26 ] CVE-2014-1730
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1730
[ 27 ] CVE-2014-1731
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1731
[ 28 ] CVE-2014-1732
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1732
[ 29 ] CVE-2014-1733
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1733
[ 30 ] CVE-2014-1734
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1734
[ 31 ] CVE-2014-1735
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1735
[ 32 ] CVE-2014-1740
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1740
[ 33 ] CVE-2014-1742
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1742
[ 34 ] CVE-2014-1743
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1743
[ 35 ] CVE-2014-1744
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1744
[ 36 ] CVE-2014-1745
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1745
[ 37 ] CVE-2014-1746
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1746
[ 38 ] CVE-2014-1747
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1747
[ 39 ] CVE-2014-1748
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1748
[ 40 ] CVE-2014-1749
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1749
[ 41 ] CVE-2014-3154
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3154
[ 42 ] CVE-2014-3155
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3155
[ 43 ] CVE-2014-3156
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3156
[ 44 ] CVE-2014-3157
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3157
[ 45 ] CVE-2014-3160
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3160
[ 46 ] CVE-2014-3162
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3162
[ 47 ] CVE-2014-3165
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3165
[ 48 ] CVE-2014-3166
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3166
[ 49 ] CVE-2014-3167
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3167
[ 50 ] CVE-2014-3168
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3168
[ 51 ] CVE-2014-3169
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3169
[ 52 ] CVE-2014-3170
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3170
[ 53 ] CVE-2014-3171
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3171
[ 54 ] CVE-2014-3172
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3172
[ 55 ] CVE-2014-3173
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3173
[ 56 ] CVE-2014-3174
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3174
[ 57 ] CVE-2014-3175
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3175
[ 58 ] CVE-2014-3176
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3176
[ 59 ] CVE-2014-3177
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3177
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201408-16.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201403-0291 | CVE-2014-1713 | plural OS Run on Google Chrome Used in Blink Service disruption in bindings (DoS) Vulnerabilities |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Use-after-free vulnerability in the AttributeSetter function in bindings/templates/attributes.cpp in the bindings in Blink, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the document.location value. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of Blink bindings. By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. WebKit is prone to a remote code-execution vulnerability. Failed exploit attempts will result in a denial-of-service condition. The title and technical details have been changed to better reflect the underlying component affected. Google Chrome is a web browser developed by Google (Google). Blink is a browser typesetting engine (rendering engine) jointly developed by Google and Opera Software. A remote attacker could use a specially crafted 'document.location' value to exploit this vulnerability to cause a denial of service or other effects. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2883-1 security@debian.org
http://www.debian.org/security/ Michael Gilbert
March 23, 2014 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : chromium-browser
CVE ID : CVE-2013-6653 CVE-2013-6654 CVE-2013-6655 CVE-2013-6656
CVE-2013-6657 CVE-2013-6658 CVE-2013-6659 CVE-2013-6660
CVE-2013-6661 CVE-2013-6663 CVE-2013-6664 CVE-2013-6665
CVE-2013-6666 CVE-2013-6667 CVE-2013-6668 CVE-2014-1700
CVE-2014-1701 CVE-2014-1702 CVE-2014-1703 CVE-2014-1704
CVE-2014-1705 CVE-2014-1713 CVE-2014-1715
Several vulnerabilities have been discovered in the chromium web browser.
CVE-2013-6653
Khalil Zhani discovered a use-after-free issue in chromium's web
contents color chooser.
CVE-2013-6654
TheShow3511 discovered an issue in SVG handling.
CVE-2013-6655
cloudfuzzer discovered a use-after-free issue in dom event handling.
CVE-2013-6656
NeexEmil discovered an information leak in the XSS auditor.
CVE-2013-6657
NeexEmil discovered a way to bypass the Same Origin policy in the
XSS auditor.
CVE-2013-6658
cloudfuzzer discovered multiple use-after-free issues surrounding
the updateWidgetPositions function.
CVE-2013-6659
Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that
it was possible to trigger an unexpected certificate chain during
TLS renegotiation.
CVE-2013-6660
bishopjeffreys discovered an information leak in the drag and drop
implementation.
CVE-2013-6661
The Google Chrome team discovered and fixed multiple issues in
version 33.0.1750.117.
CVE-2013-6663
Atte Kettunen discovered a use-after-free issue in SVG handling.
CVE-2013-6664
Khalil Zhani discovered a use-after-free issue in the speech
recognition feature.
CVE-2013-6665
cloudfuzzer discovered a buffer overflow issue in the software
renderer.
CVE-2013-6666
netfuzzer discovered a restriction bypass in the Pepper Flash
plugin.
CVE-2013-6667
The Google Chrome team discovered and fixed multiple issues in
version 33.0.1750.146.
CVE-2013-6668
Multiple vulnerabilities were fixed in version 3.24.35.10 of
the V8 javascript library.
CVE-2014-1700
Chamal de Silva discovered a use-after-free issue in speech
synthesis.
CVE-2014-1701
aidanhs discovered a cross-site scripting issue in event handling.
CVE-2014-1702
Colin Payne discovered a use-after-free issue in the web database
implementation.
CVE-2014-1703
VUPEN discovered a use-after-free issue in web sockets that
could lead to a sandbox escape.
CVE-2014-1704
Multiple vulnerabilities were fixed in version 3.23.17.18 of
the V8 javascript library.
CVE-2014-1705
A memory corruption issue was discovered in the V8 javascript
library.
CVE-2014-1713
A use-after-free issue was discovered in the AttributeSetter
function.
CVE-2014-1715
A directory traversal issue was found and fixed.
For the stable distribution (wheezy), these problems have been fixed in
version 33.0.1750.152-1~deb7u1.
For the testing distribution (jessie), these problems will be fixed soon.
For the unstable distribution (sid), these problems have been fixed in
version 33.0.1750.152-1.
We recommend that you upgrade your chromium-browser packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQQcBAEBCgAGBQJTL4L5AAoJELjWss0C1vRzmmkf/3IwJbpRQ+HKdWFLjEqap7hN
o5p82LhmXthyNNBTfOoylxN03hBPfwvNC6zYZ9wMp0qBJJKvPVvswg3FdpvHMiUS
4N96l0rDyf8HRrd7goQnsagn2RrqDROHHEFsFdwuiC6pB3rLEKN8lPAmpo6VZHkH
LQ5zO0uI/fi3q8Ad2VCeG8O6kdcHUmmvFuB49Sl3YFKpfIVLv5XVaMJBlKSbt62T
pbs4/iB4gYTwSeFuN20z17mAchFj31hxuT/UlCD6tn0cIkN9DpL2TDkxG3boVLne
FgDkgSIqV8Zy2mCK3fz7M4INHlyeIh/xiBK+k+VECaVlznUqctCTlQFXXotf19ch
V19rjXMyXMIwe8nVR0C7PoQT225aH9QYBem/S2v6D0hQjpLcDIoZbHvB9zw/7g/o
Y8wUhiBsgLTOqy3tsKt1aVGGbElMjBCTqAJ+/SzJZNtZEwNXGkTz2k3EwdarHsaG
ea2f1xhiJJaVdXXALGjQwWoKWFEN56WhX749DsFC1jD3F2CTHSI9BN38voMUm1wq
RcoXfc56OR9S+7f+5rDQQ3c2zeDCFgo7Ue3E4/9ZP2IvBdc8qhsZCViZVCE1nCz4
e/NzbauOyLOI1IB4IJkctiRyszvGD30TZYSx8JX6YY6T58HH7HbgLSEEGaLj/dcG
Fx4GQHnufVaBPrbpdrXQRqcUwJh2rJO7DM0BsxVKbgNCKQNI65FTNpWn/P7rJ/72
i7VsTUzDT3pcScJ1oqM+egvpEqKnbsPO97+iuzeD5UhJK3s5H23ErGHzwV2ZcHnD
cdc6VwHHCo0gJQ+EA9D/W8/S9MdJscetOb4AzafGUnCq5kGjcs5wFnNh2CWgxNHc
/JJA027nMSRwUnW4kkcJAMiOfTPmNLN0QDy1wok6fJUuOtCP6/I5ptR87gDyX3FW
0JBxbZ6sZigXsIcMNaGJoPxd454dCAFAlLbehm+7i7d9U9Yb3c5o2F81WT4Qx0bu
XdKw5xhFz9OL5TA66GQ2Cr5aaKfrHqW1SzeiOeDJPqJ0ZbPHlIY0c+XJRRKepV22
lBbZzHVMOzv0jkhQjZV4ulf9Rv7xlcSmq2JF7TdjejoS7YrbU8+qg9h9LZ38XDtI
Ar/w05YNpZRVtT4XP2v7eYw/vJ7c+6dLwqSqGFVe4VOjkazbM15tB6QoDVjmr1y+
Ti/cfFsQAH45joi3v7HXWTXu4NVPN1oQypur/MBO1EvtigbBwxmRdn95mx6zotfY
voLocT7KLWwPTklh5wtUZ6/DGWv0dXcb7tcbNeEo4e9lhrAP0694huGkJprW5Z09
yItPaD9PNnHySK3FWvz91MpIVqAIlU+7HFuvs7N7Y/RTsQx9bFEjUrn1epeGNL0=
=tb+u
-----END PGP SIGNATURE-----
.
CVE-ID
CVE-2014-1297 : Ian Beer of Google Project Zero
For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.3
and Safari 6.1.3 may be obtained from Mac App Store.
For OS X Lion systems Safari 6.1.3 is available via the Apple
Software Update application. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201408-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Chromium: Multiple vulnerabilities
Date: August 30, 2014
Bugs: #504328, #504890, #507212, #508788, #510288, #510904,
#512944, #517304, #519788, #521276
ID: 201408-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Chromium, the worst of
which can allow remote attackers to execute arbitrary code.
Background
==========
Chromium is an open-source web browser project.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 37.0.2062.94 >= 37.0.2062.94
Description
===========
Multiple vulnerabilities have been discovered in Chromium. Please
review the CVE identifiers referenced below for details.
Impact
======
A remote attacker could conduct a number of attacks which include:
cross site scripting attacks, bypassing of sandbox protection,
potential execution of arbitrary code with the privileges of the
process, or cause a Denial of Service condition.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-37.0.2062.94"
References
==========
[ 1 ] CVE-2014-1741
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1741
[ 2 ] CVE-2014-0538
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0538
[ 3 ] CVE-2014-1700
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1700
[ 4 ] CVE-2014-1701
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1701
[ 5 ] CVE-2014-1702
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1702
[ 6 ] CVE-2014-1703
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1703
[ 7 ] CVE-2014-1704
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1704
[ 8 ] CVE-2014-1705
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1705
[ 9 ] CVE-2014-1713
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1713
[ 10 ] CVE-2014-1714
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1714
[ 11 ] CVE-2014-1715
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1715
[ 12 ] CVE-2014-1716
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1716
[ 13 ] CVE-2014-1717
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1717
[ 14 ] CVE-2014-1718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1718
[ 15 ] CVE-2014-1719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1719
[ 16 ] CVE-2014-1720
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1720
[ 17 ] CVE-2014-1721
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1721
[ 18 ] CVE-2014-1722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1722
[ 19 ] CVE-2014-1723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1723
[ 20 ] CVE-2014-1724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1724
[ 21 ] CVE-2014-1725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1725
[ 22 ] CVE-2014-1726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1726
[ 23 ] CVE-2014-1727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1727
[ 24 ] CVE-2014-1728
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1728
[ 25 ] CVE-2014-1729
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1729
[ 26 ] CVE-2014-1730
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1730
[ 27 ] CVE-2014-1731
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1731
[ 28 ] CVE-2014-1732
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1732
[ 29 ] CVE-2014-1733
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1733
[ 30 ] CVE-2014-1734
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1734
[ 31 ] CVE-2014-1735
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1735
[ 32 ] CVE-2014-1740
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1740
[ 33 ] CVE-2014-1742
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1742
[ 34 ] CVE-2014-1743
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1743
[ 35 ] CVE-2014-1744
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1744
[ 36 ] CVE-2014-1745
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1745
[ 37 ] CVE-2014-1746
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1746
[ 38 ] CVE-2014-1747
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1747
[ 39 ] CVE-2014-1748
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1748
[ 40 ] CVE-2014-1749
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1749
[ 41 ] CVE-2014-3154
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3154
[ 42 ] CVE-2014-3155
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3155
[ 43 ] CVE-2014-3156
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3156
[ 44 ] CVE-2014-3157
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3157
[ 45 ] CVE-2014-3160
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3160
[ 46 ] CVE-2014-3162
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3162
[ 47 ] CVE-2014-3165
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3165
[ 48 ] CVE-2014-3166
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3166
[ 49 ] CVE-2014-3167
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3167
[ 50 ] CVE-2014-3168
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3168
[ 51 ] CVE-2014-3169
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3169
[ 52 ] CVE-2014-3170
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3170
[ 53 ] CVE-2014-3171
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3171
[ 54 ] CVE-2014-3172
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3172
[ 55 ] CVE-2014-3173
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3173
[ 56 ] CVE-2014-3174
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3174
[ 57 ] CVE-2014-3175
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3175
[ 58 ] CVE-2014-3176
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3176
[ 59 ] CVE-2014-3177
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3177
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201408-16.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2014-04-22-2 iOS 7.1.1
iOS 7.1.1 is now available and addresses the following:
CFNetwork HTTPProtocol
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker in a privileged network position can obtain web
site credentials
Description: Set-Cookie HTTP headers would be processed even if the
connection closed before the header line was complete. An attacker
could strip security settings from the cookie by forcing the
connection to close before the security settings were sent, and then
obtain the value of the unprotected cookie. This issue was addressed
by ignoring incomplete HTTP header lines.
CVE-ID
CVE-2014-1296 : Antoine Delignat-Lavaud of Prosecco at Inria Paris
IOKit Kernel
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user can read kernel pointers, which can be used to
bypass kernel address space layout randomization
Description: A set of kernel pointers stored in an IOKit object
could be retrieved from userland. This issue was addressed through
removing the pointers from the object.
CVE-ID
CVE-2014-1320 : Ian Beer of Google Project Zero working with HP's
Zero Day Initiative
Security - Secure Transport
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may capture
data or change the operations performed in sessions protected by SSL
Description: In a 'triple handshake' attack, it was possible for an
attacker to establish two connections which had the same encryption
keys and handshake, insert the attacker's data in one connection, and
renegotiate so that the connections may be forwarded to each other.
To prevent attacks based on this scenario, Secure Transport was
changed so that, by default, a renegotiation must present the same
server certificate as was presented in the original connection.
CVE-ID
CVE-2014-1295 : Antoine Delignat-Lavaud, Karthikeyan Bhargavan and
Alfredo Pironti of Prosecco at Inria Paris
WebKit
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "7.1.1"
| VAR-201403-0253 | CVE-2014-1303 | Apple Safari Used in etc. Webkit Heap-based buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Heap-based buffer overflow in Apple Safari 7.0.2 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Liang Chen during a Pwn2Own competition at CanSecWest 2014. Apple Safari Used in etc. Webkit Contains a heap-based buffer overflow vulnerability. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of CSS rules. The issue lies in the improper handling of CSSSelector elements. An attacker can leverage this vulnerability to execute code under the context of the current process. WebKit is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Failed exploit attempts will result in a denial-of-service condition.
Note: This BID was previously titled 'Apple Safari Unspecified Heap Based Buffer Overflow Vulnerability'. The title and technical details have been changed to better reflect the underlying component affected.
CVE-ID
CVE-2014-1297 : Ian Beer of Google Project Zero
For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.3
and Safari 6.1.3 may be obtained from Mac App Store.
For OS X Lion systems Safari 6.1.3 is available via the Apple
Software Update application. ------------------------------------------------------------------------
WebKitGTK+ Security Advisory WSA-2015-0001
------------------------------------------------------------------------
Date reported : January 26, 2015
Advisory ID : WSA-2015-0001
Advisory URL : http://webkitgtk.org/security/WSA-2015-0001.html
Affected versions : 2.4 series before 2.4.1, 2.4.2 and 2.4.8.
CVE identifiers : CVE-2013-2871, CVE-2014-1292, CVE-2014-1298,
CVE-2014-1299, CVE-2014-1300, CVE-2014-1303,
CVE-2014-1304, CVE-2014-1305, CVE-2014-1307,
CVE-2014-1308, CVE-2014-1309, CVE-2014-1311,
CVE-2014-1313, CVE-2014-1713, CVE-2014-1297,
CVE-2013-2875, CVE-2013-2927, CVE-2014-1323,
CVE-2014-1326, CVE-2014-1329, CVE-2014-1330,
CVE-2014-1331, CVE-2014-1333, CVE-2014-1334,
CVE-2014-1335, CVE-2014-1336, CVE-2014-1337,
CVE-2014-1338, CVE-2014-1339, CVE-2014-1341,
CVE-2014-1342, CVE-2014-1343, CVE-2014-1731,
CVE-2014-1346, CVE-2014-1344, CVE-2014-1384,
CVE-2014-1385, CVE-2014-1387, CVE-2014-1388,
CVE-2014-1389, CVE-2014-1390.
Several vulnerabilities were discovered on the 2.4 stable series of
WebKitGTK+.
CVE-2013-2871
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to miaubiz.
Use-after-free vulnerability in Google Chrome before 28.0.1500.71
allows remote attackers to cause a denial of service or possibly
have unspecified other impact via vectors related to the handling of
input.
CVE-2014-1292
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Google Chrome Security Team.
CVE-2014-1298
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Google Chrome Security Team.
CVE-2014-1299
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Google Chrome Security Team, Apple, Renata Hodovan of
University of Szeged / Samsung Electronics.
CVE-2014-1300
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Ian Beer of Google Project Zero working with HP's Zero Day
Initiative.
CVE-2014-1303
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to KeenTeam working with HP's Zero Day Initiative.
CVE-2014-1304
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
CVE-2014-1305
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
CVE-2014-1307
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Google Chrome Security Team.
CVE-2014-1308
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Google Chrome Security Team.
CVE-2014-1309
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to cloudfuzzer.
CVE-2014-1311
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Google Chrome Security Team.
CVE-2014-1313
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Google Chrome Security Team.
CVE-2014-1713
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to VUPEN working with HP's Zero Day Initiative.
Use-after-free vulnerability in the AttributeSetter function in
bindings/templates/attributes.cpp in the bindings in Blink, as used
in Google Chrome before 33.0.1750.152 on OS X and Linux and before
33.0.1750.154 on Windows, allows remote attackers to cause a denial
of service or possibly have unspecified other impact via vectors
involving the document.location value.
CVE-2014-1297
Versions affected: WebKitGTK+ 2.4.X before 2.4.1.
Credit to Ian Beer of Google Project Zero.
CVE-2013-2875
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to miaubiz.
core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in
Blink, as used in Google Chrome before 28.0.1500.71, allows remote
attackers to cause a denial of service (out-of-bounds read) via
unspecified vectors.
CVE-2013-2927
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to cloudfuzzer.
Use-after-free vulnerability in the
HTMLFormElement::prepareForSubmission function in
core/html/HTMLFormElement.cpp in Blink, as used in Google Chrome
before 30.0.1599.101, allows remote attackers to cause a denial of
service or possibly have unspecified other impact via vectors
related to submission for FORM elements.
CVE-2014-1323
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to banty.
CVE-2014-1326
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
CVE-2014-1329
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Google Chrome Security Team.
CVE-2014-1330
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Google Chrome Security Team.
CVE-2014-1331
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to cloudfuzzer.
CVE-2014-1333
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Google Chrome Security Team.
CVE-2014-1334
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
CVE-2014-1335
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Google Chrome Security Team.
CVE-2014-1336
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
CVE-2014-1337
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
CVE-2014-1338
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Google Chrome Security Team.
CVE-2014-1339
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Atte Kettunen of OUSPG.
CVE-2014-1341
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Google Chrome Security Team.
CVE-2014-1342
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
CVE-2014-1343
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Google Chrome Security Team.
CVE-2014-1731
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to an anonymous member of the Blink development community.
core/html/HTMLSelectElement.cpp in the DOM implementation in Blink,
as used in Google Chrome before 34.0.1847.131 on Windows and OS X
and before 34.0.1847.132 on Linux, does not properly check renderer
state upon a focus event, which allows remote attackers to cause a
denial of service or possibly have unspecified other impact via
vectors that leverage "type confusion" for SELECT elements.
CVE-2014-1346
Versions affected: WebKitGTK+ 2.4.X before 2.4.2.
Credit to Erling Ellingsen of Facebook.
WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4,
does not properly interpret Unicode encoding, which allows remote
attackers to spoof a postMessage origin, and bypass intended
restrictions on sending a message to a connected frame or window,
via crafted characters in a URL.
CVE-2014-1344
Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
Credit to Ian Beer of Google Project Zero.
CVE-2014-1384
Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
CVE-2014-1385
Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
CVE-2014-1387
Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
Credit to Google Chrome Security Team.
CVE-2014-1388
Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
CVE-2014-1389
Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
CVE-2014-1390
Versions affected: WebKitGTK+ 2.4.X before 2.4.8.
For the 2.4 series, these problems have been fixed in release 2.4.8.
Further information about WebKitGTK+ Security Advisories can be found
at: http://webkitgtk.org/security.html
The WebKitGTK+ team,
January 26, 2015
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2014-04-22-2 iOS 7.1.1
iOS 7.1.1 is now available and addresses the following:
CFNetwork HTTPProtocol
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker in a privileged network position can obtain web
site credentials
Description: Set-Cookie HTTP headers would be processed even if the
connection closed before the header line was complete. An attacker
could strip security settings from the cookie by forcing the
connection to close before the security settings were sent, and then
obtain the value of the unprotected cookie. This issue was addressed
by ignoring incomplete HTTP header lines.
CVE-ID
CVE-2014-1296 : Antoine Delignat-Lavaud of Prosecco at Inria Paris
IOKit Kernel
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A local user can read kernel pointers, which can be used to
bypass kernel address space layout randomization
Description: A set of kernel pointers stored in an IOKit object
could be retrieved from userland. This issue was addressed through
removing the pointers from the object.
CVE-ID
CVE-2014-1320 : Ian Beer of Google Project Zero working with HP's
Zero Day Initiative
Security - Secure Transport
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may capture
data or change the operations performed in sessions protected by SSL
Description: In a 'triple handshake' attack, it was possible for an
attacker to establish two connections which had the same encryption
keys and handshake, insert the attacker's data in one connection, and
renegotiate so that the connections may be forwarded to each other.
To prevent attacks based on this scenario, Secure Transport was
changed so that, by default, a renegotiation must present the same
server certificate as was presented in the original connection.
CVE-ID
CVE-2014-1295 : Antoine Delignat-Lavaud, Karthikeyan Bhargavan and
Alfredo Pironti of Prosecco at Inria Paris
WebKit
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "7.1.1".
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJTVet5AAoJEPefwLHPlZEwx3YP/iL/NwYn7T1q1ezvAVHQ6T3F
9X+ylJYZ+Ago+ij0wdzlDNJfVLPPbWde3biss6p10zDtLHHJK1jOQJLcZOBHtABG
7+OjIxFw5ZZCmWfOkF/GkfL/kBZllN0GuDCb7v4DVUf6GQPtWBsszQ9pre9Peotx
TZOHxpPd2TBdz1GkLoFSd4I2yXIT5uIkRfvv9vgDXeNihDMlrJdq8ZBSlfKt+eXT
kQ3+hGW2knT7np3BdWPQgqo9+YIfcAXN4Rnj0rPXVzzeKwpUrVjLwJgivecwhB7w
mF+AWfH5oajw+ANzMeFm/DirlAADcM5LgdxtHnXH2Xh1NV5tOCSnaYWyFK4Nadex
rVEWTOW4VxSb881dOikwY182kBlpaMjVgpvb04GA5zMAW+MtS7o4hj/H6ywGe7zm
t7ZdyAo7i3QRFwBGEcJw1KjyTWnP1ILuBC9dekek+3DmxRAeQuBsrbPz2cxXPf9V
jlvnxwiRzc/VqgAIyhCtgj0S3sEAMxnVXYSrbZpTpi1ZifiTriyyX291mS8xZBcF
LZaNUzusQnEkyE+iGODKi+OPvgUnACIK8gWjMIDbwX99Fmd3LXU1fTpvdlkeuDBS
LKBvZQs0JyYqOxkhU7PsRI6WN1F2nQHuMnb0mlFruejTrRbgyHxvMK6lpVP0nMoK
Av6eIuVxA8q9Lm6TCh+h
=ilSw
-----END PGP SIGNATURE-----
| VAR-201403-0341 | CVE-2014-2247 | Siemens SIMATIC S7-1500 CPU PLC Device integration Web Server header insertion vulnerability |
CVSS V2: 5.8 CVSS V3: - Severity: MEDIUM |
The integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to inject headers via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) (Web Related to script on page HTML Improper detoxification of tags ) Has been identified. http://cwe.mitre.org/data/definitions/80.htmlThe header may be inserted by a third party. Siemens SIMATIC is an automation software in a single engineering environment. Siemens SIMATIC S7-1500 is prone to an HTTP response-splitting vulnerability.
Attackers can leverage this issue to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into having a false sense of trust.
Versions prior to SIMATIC S7-1500 1.5.0 are vulnerable. A remote attacker could exploit this vulnerability to inject header data
| VAR-201403-0314 | CVE-2014-2253 | Siemens SIMATIC S7-1500 Denial of service vulnerability |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted Profinet packets. Supplementary information : CWE Vulnerability type by CWE-404: Improper Resource Shutdown or Release ( Improper shutdown and release of resources ) Has been identified. http://cwe.mitre.org/data/definitions/404.htmlSkillfully crafted by a third party Profinet Service disruption via packets (defect-mode Transition to ) There is a possibility of being put into a state. Siemens SIMATIC is an automation software in a single engineering environment. Siemens SIMATIC S7-1500 failed to properly handle specially crafted Profinet messages, allowing remote attackers with access to local Ethernet segments to exploit vulnerabilities to send specially crafted requests to put the device into defect mode, requiring a restart to resume normal functionality. Siemens SIMATIC S7-1500 is prone to a denial-of-service vulnerability.
Remote attackers may exploit this issue to cause denial-of-service conditions, denying service to legitimate users.
Versions prior to SIMATIC S7-1500 1.5.0 are vulnerable
| VAR-201403-0318 | CVE-2014-2257 | Siemens SIMATIC S7-1500 CPU PLC Denial of service in device firmware (DoS) Vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted ISO-TSAP packets. Supplementary information : CWE Vulnerability types by CWE-404: Improper Resource Shutdown or Release ( Improper shutdown and release of resources ) Has been identified. Siemens SIMATIC is an automation software in a single engineering environment. The Siemens SIMATIC S7-1500 fails to properly handle specially crafted messages sent to the 102/TCP (ISO-TSAP) port, allowing remote attackers to exploit the vulnerability to send specially crafted requests to put the device into defect mode and to restart the normal function. Siemens SIMATIC S7-1500 is prone to a denial-of-service vulnerability.
Remote attackers may exploit this issue to cause denial-of-service conditions, denying service to legitimate users.
Versions prior to SIMATIC S7-1500 1.5.0 are vulnerable
| VAR-201403-0320 | CVE-2014-2259 | Siemens SIMATIC S7-1500 CPU PLC Service disruption in device firmware (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTPS packets. Supplementary information : CWE Vulnerability type by CWE-404: Improper Resource Shutdown or Release ( Improper shutdown and release of resources ) Has been identified. Siemens SIMATIC is an automation software in a single engineering environment. The Siemens SIMATIC S7-1500 failed to properly handle the specially crafted messages sent to the 443/tcp (HTTPS) port, allowing remote attackers to exploit the vulnerability to send specially crafted requests to put the device into defect mode and to restart the normal function. Siemens SIMATIC S7-1500 is prone to a denial-of-service vulnerability.
Remote attackers may exploit this issue to cause denial-of-service conditions, denying service to legitimate users.
Versions prior to SIMATIC S7-1500 1.5.0 are vulnerable
| VAR-201403-0316 | CVE-2014-2255 | Siemens SIMATIC S7-1500 CPU PLC Service disruption in device firmware (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allow remote attackers to cause a denial of service (defect-mode transition) via crafted HTTP packets. Supplementary information : CWE Vulnerability type by CWE-404: Improper Resource Shutdown or Release ( Improper shutdown and release of resources ) Has been identified. Siemens SIMATIC is an automation software in a single engineering environment. Siemens SIMATIC S7-1500 failed to properly handle specially crafted messages sent to the 80/tcp (HTTP) port, allowing remote attackers to exploit the vulnerability to send specially crafted requests to put the device into defect mode, requiring a restart to resume normal functionality. Siemens SIMATIC S7-1500 is prone to a denial-of-service vulnerability.
Remote attackers may exploit this issue to cause denial-of-service conditions, denying service to legitimate users.
Versions prior to SIMATIC S7-1500 1.5.0 are vulnerable
| VAR-201403-0328 | CVE-2014-2291 | IVE OS of Juniper Junos Pulse Secure Access Service Vulnerable to cross-site scripting |
CVSS V2: 3.5 CVSS V3: - Severity: LOW |
Cross-site scripting (XSS) vulnerability in the Pulse Collaboration (Secure Meeting) user pages in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Juniper Networks' Secure Access is an enterprise-class SSL VPN access device running on Juniper IVE OS. Because the input to the relevant Pulse Collaboration (Secure Meeting) user page lacks filtering before returning to the user, the remote attacker is allowed to exploit the vulnerability to construct a malicious URI, entice the user to resolve, obtain sensitive cookies, hijack the session, or perform malicious operations on the client.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The client supports remote and mobile users to access enterprise resources with various web devices. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML
| VAR-201403-0329 | CVE-2014-2292 | IVE OS of Juniper Junos Pulse Secure Access Service of Linux Network Connect Vulnerabilities that can be used to acquire privileges on clients |
CVSS V2: 7.2 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in the Linux Network Connect client in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows local users to gain privileges via unspecified vectors. Juniper Junos is prone to local privilege-escalation vulnerability.
Local attackers can exploit this issue to escalate their access to root privileges. The client supports remote and mobile users to access enterprise resources with various web devices
| VAR-201403-0578 | No CVE | ZyXEL P-660HN-T1A Authentication Bypass Vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
ZyXEL P-660HN-T1A is a wireless router product of ZyXEL technology company.
An authentication bypass vulnerability exists in ZyXEL P-660HN-T1A. Attackers can use this vulnerability to bypass the authentication mechanism and perform unauthorized operations, which can help launch further attacks. Vulnerabilities in ZyXEL P-660HN-T1A version 3.40, other versions may also be affected. ZyXEL P-660HN-T1A is prone to an authentication-bypass vulnerability. This may aid in further attacks
| VAR-201408-0376 | CVE-2014-1222 | Vtiger CRM of kcfinder/browse.php Vulnerable to directory traversal |
CVSS V2: 4.0 CVSS V3: - Severity: MEDIUM |
Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM before 6.0.0 Security patch 1 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter in a download action. NOTE: it is likely that this issue is actually in the KCFinder third-party component, and it affects additional products besides Vtiger CRM. Vtiger CRM of kcfinder/browse.php Contains a directory traversal vulnerability.
An attacker can exploit this issue using directory-traversal strings to view files and execute local script code in the context of the web server process. This may allow the attacker to compromise the application; other attacks are also possible.
vtiger CRM 5.4.0, 6.0 RC and 6.0.0 GA are vulnerable; other versions may also be affected. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information
| VAR-201403-0340 | CVE-2014-2246 | Siemens SIMATIC S7-1500 CPU PLC Device integration Web Server cross-site scripting vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in the integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Siemens SIMATIC is an automation software in a single engineering environment. Remote attackers can exploit the vulnerability to build malicious URIs, entice users to parse, obtain sensitive cookies, hijack sessions or perform malicious operations on the client.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Versions prior to SIMATIC S7-1500 1.5.0 are vulnerable