VARIoT IoT vulnerabilities database
| VAR-201004-0119 | CVE-2010-0201 | Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0194, CVE-2010-0197, and CVE-2010-0204. Adobe Reader and Acrobat There is a service disruption (DoS) A vulnerability exists that could lead to a condition or arbitrary code execution. This vulnerability CVE-2010-0194 , CVE-2010-0197 and CVE-2010-0204 Is a different vulnerability.Denial of service by attacker (DoS) Could be put into a state or execute arbitrary code. Adobe released an advisory addressing multiple issues in Reader and Acrobat.
Attackers can exploit these issues to steal cookie-based authentication credentials, cause a denial-of-service, or execute arbitrary code in the context of the user running an affected application.
I. These
vulnerabilities affect Reader and Acrobat 9.3.1 and earlier 9.x
versions, and 8.2.1 and earlier versions.
An attacker could exploit these vulnerabilities by convincing a
user to open a specially crafted PDF file. The Adobe Reader browser
plug-in is available for multiple web browsers and operating
systems, which can automatically open PDF documents hosted on a
website.
II.
III. For a fresh installation, first install
Adobe Reader 9.3.0 or 8.2.0 and then use the automatic update
feature or install the appropriate update referenced in APSB10-09. Acrobat JavaScript can be disabled using the
Preferences menu (Edit -> Preferences -> JavaScript; uncheck Enable
Acrobat JavaScript).
Adobe provides a framework to blacklist specific JavaScipt APIs. If
JavaScript must be enabled, this feature may be useful when
specific APIs are known to be vulnerable or used in attacks.
Prevent Internet Explorer from automatically opening PDF documents
The installer for Adobe Reader and Acrobat configures Internet
Explorer to automatically open PDF files without any user
interaction. This behavior can be reverted to a safer option that
prompts the user by importing the following as a .REG file:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\AcroExch.Document.7]
"EditFlags"=hex:00,00,00,00
Disable the display of PDF documents in the web browser
Preventing PDF documents from opening inside a web browser will
partially mitigate this vulnerability. If this workaround is
applied, it may also mitigate future vulnerabilities.
To prevent PDF documents from automatically being opened in a web
browser, do the following:
1.
2. Open the Edit menu.
3. Choose the Preferences option.
4. Choose the Internet section.
5. Uncheck the "Display PDF in browser" checkbox.
Do not access PDF documents from untrusted sources
Do not open unfamiliar or unexpected PDF documents, particularly
those hosted on websites or delivered as email attachments. Please
see Cyber Security Tip ST04-010.
IV. Please send
email to <cert@cert.org> with "TA10-103C Feedback VU#352598" in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2010 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
April 13, 2010: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBS8TuRj6pPKYJORa3AQJfzggAj8p3s/TrJT16ceFtRzLR31QBgRq6GxYr
h8WnsGlj2WR71XjH219XaWx9Mj3KBWVxbAsNPmK0tEir7KA+n4DwZCewTDYRqfYs
8N7G9MOI68Z87+7zBiZAo0j5/lQuxLWyTF9PqWbX8gCWLqJWW46cEZCqg7OGRbYt
w8coxdMXU6tM3WGoWAIKwLRtpQUdubcITPTrE7RATyLJ1422B9dkTSeSCuHHZs5d
eXSPYzTQ1EOwHpuA5/a/or2SjeRPLQcpxb/8WKelSqwW3hpK4zviEnPt4cYyeNqW
BQY06OQMTKch/nmniuEDuiwe69m0gTw7Tw2Dm6xrg6BLBy3A6GAwkQ==
=CQ6i
-----END PGP SIGNATURE-----
. For further
information please consult the CVE entries and the Adobe Security
Bulletins referenced below.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/acroread-9.3.4"
References
==========
[ 1 ] APSA10-01
http://www.adobe.com/support/security/advisories/apsa10-01.html
[ 2 ] APSB10-02
http://www.adobe.com/support/security/bulletins/apsb10-02.html
[ 3 ] APSB10-07
http://www.adobe.com/support/security/bulletins/apsb10-07.html
[ 4 ] APSB10-09
http://www.adobe.com/support/security/bulletins/apsb10-09.html
[ 5 ] APSB10-14
http://www.adobe.com/support/security/bulletins/apsb10-14.html
[ 6 ] APSB10-16
http://www.adobe.com/support/security/bulletins/apsb10-16.html
[ 7 ] CVE-2009-3953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3953
[ 8 ] CVE-2009-4324
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4324
[ 9 ] CVE-2010-0186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186
[ 10 ] CVE-2010-0188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0188
[ 11 ] CVE-2010-0190
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0190
[ 12 ] CVE-2010-0191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0191
[ 13 ] CVE-2010-0192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0192
[ 14 ] CVE-2010-0193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0193
[ 15 ] CVE-2010-0194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0194
[ 16 ] CVE-2010-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0195
[ 17 ] CVE-2010-0196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0196
[ 18 ] CVE-2010-0197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0197
[ 19 ] CVE-2010-0198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0198
[ 20 ] CVE-2010-0199
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0199
[ 21 ] CVE-2010-0201
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0201
[ 22 ] CVE-2010-0202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0202
[ 23 ] CVE-2010-0203
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0203
[ 24 ] CVE-2010-0204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0204
[ 25 ] CVE-2010-1241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1241
[ 26 ] CVE-2010-1285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1285
[ 27 ] CVE-2010-1295
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1295
[ 28 ] CVE-2010-1297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297
[ 29 ] CVE-2010-2168
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2168
[ 30 ] CVE-2010-2201
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2201
[ 31 ] CVE-2010-2202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2202
[ 32 ] CVE-2010-2203
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2203
[ 33 ] CVE-2010-2204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2204
[ 34 ] CVE-2010-2205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2205
[ 35 ] CVE-2010-2206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2206
[ 36 ] CVE-2010-2207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2207
[ 37 ] CVE-2010-2208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2208
[ 38 ] CVE-2010-2209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2209
[ 39 ] CVE-2010-2210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2210
[ 40 ] CVE-2010-2211
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2211
[ 41 ] CVE-2010-2212
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2212
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201009-05.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2010 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201004-0125 | CVE-2010-0196 | Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2010-0192 and CVE-2010-0193. This vulnerability CVE-2010-0192 and CVE-2010-0193 Is a different vulnerability.Service disruption by a third party (DoS) Could be put into a state or execute arbitrary code. Failed exploit attempts will result in a denial of service.
The following products are affected:
Adobe Reader 9.3.1 and prior for Windows, Macintosh, and UNIX
Adobe Acrobat 9.3.1 and prior for Windows and Macintosh
Adobe Reader 8.2.1 and prior for Windows and Macintosh
Acrobat 8.2.1 and prior for Windows and Macintosh
Note: This vulnerability was previously documented in BID 39329 (Adobe Acrobat and Reader April 2010 Multiple Remote Vulnerabilities) but has been given its own record to better document the issue. Adobe released an advisory addressing multiple issues in Reader and Acrobat.
I. These
vulnerabilities affect Reader and Acrobat 9.3.1 and earlier 9.x
versions, and 8.2.1 and earlier versions.
An attacker could exploit these vulnerabilities by convincing a
user to open a specially crafted PDF file. The Adobe Reader browser
plug-in is available for multiple web browsers and operating
systems, which can automatically open PDF documents hosted on a
website.
II.
III. For a fresh installation, first install
Adobe Reader 9.3.0 or 8.2.0 and then use the automatic update
feature or install the appropriate update referenced in APSB10-09. Acrobat JavaScript can be disabled using the
Preferences menu (Edit -> Preferences -> JavaScript; uncheck Enable
Acrobat JavaScript).
Adobe provides a framework to blacklist specific JavaScipt APIs. If
JavaScript must be enabled, this feature may be useful when
specific APIs are known to be vulnerable or used in attacks.
Prevent Internet Explorer from automatically opening PDF documents
The installer for Adobe Reader and Acrobat configures Internet
Explorer to automatically open PDF files without any user
interaction. This behavior can be reverted to a safer option that
prompts the user by importing the following as a .REG file:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\AcroExch.Document.7]
"EditFlags"=hex:00,00,00,00
Disable the display of PDF documents in the web browser
Preventing PDF documents from opening inside a web browser will
partially mitigate this vulnerability. If this workaround is
applied, it may also mitigate future vulnerabilities.
To prevent PDF documents from automatically being opened in a web
browser, do the following:
1.
2. Open the Edit menu.
3. Choose the Preferences option.
4. Choose the Internet section.
5. Uncheck the "Display PDF in browser" checkbox.
Do not access PDF documents from untrusted sources
Do not open unfamiliar or unexpected PDF documents, particularly
those hosted on websites or delivered as email attachments. Please
see Cyber Security Tip ST04-010.
IV. Please send
email to <cert@cert.org> with "TA10-103C Feedback VU#352598" in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2010 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
April 13, 2010: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBS8TuRj6pPKYJORa3AQJfzggAj8p3s/TrJT16ceFtRzLR31QBgRq6GxYr
h8WnsGlj2WR71XjH219XaWx9Mj3KBWVxbAsNPmK0tEir7KA+n4DwZCewTDYRqfYs
8N7G9MOI68Z87+7zBiZAo0j5/lQuxLWyTF9PqWbX8gCWLqJWW46cEZCqg7OGRbYt
w8coxdMXU6tM3WGoWAIKwLRtpQUdubcITPTrE7RATyLJ1422B9dkTSeSCuHHZs5d
eXSPYzTQ1EOwHpuA5/a/or2SjeRPLQcpxb/8WKelSqwW3hpK4zviEnPt4cYyeNqW
BQY06OQMTKch/nmniuEDuiwe69m0gTw7Tw2Dm6xrg6BLBy3A6GAwkQ==
=CQ6i
-----END PGP SIGNATURE-----
. Adobe Reader U3D CLODMeshDeclaration Shading Count Buffer Overflow
TSL ID: FSC20100413-01
1. Specifically, the vulnerability is due to an integer overflow when processing the "Shading Count" field in the CLOD Mesh Declaration block, which may lead to a heap based buffer overflow and execution of arbitrary code. An unsuccessful attack can abnormally terminate the affected product. Workaround
Avoid opening untrusted PDF files, or use an alternative application to process PDF files. Disclosure Timeline
2010-02-19 Reported to vendor
2010-02-19 Initial vendor response
2010-04-13 Coordinated public disclosure
8. Credits
Vulnerability Research Team, TELUS Security Labs
9. References
CVE: CVE-2010-0196
TSL: FSC20100413-01
Vendor: apsb10-09
10. About TELUS Security Labs
TELUS Security Labs, formerly Assurent Secure Technologies, is the leading provider of security research. Our research services include:
* Vulnerability Research
* Malware Research
* Signature Development
* Shellcode Exploit Development
* Application Protocols
* Product Security Testing
* Security Content Development (parsers, reports, alerts)
TELUS Security Labs provides a specialized portfolio of services to assist security product vendors with newly
discovered commercial product vulnerabilities and malware attacks. Many of our services are provided on a subscription basis to reduce research costs for our customers. Over 50 of the world's leading security product vendors rely on TELUS Security Labs research.
http://telussecuritylabs.com/
. For further
information please consult the CVE entries and the Adobe Security
Bulletins referenced below.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/acroread-9.3.4"
References
==========
[ 1 ] APSA10-01
http://www.adobe.com/support/security/advisories/apsa10-01.html
[ 2 ] APSB10-02
http://www.adobe.com/support/security/bulletins/apsb10-02.html
[ 3 ] APSB10-07
http://www.adobe.com/support/security/bulletins/apsb10-07.html
[ 4 ] APSB10-09
http://www.adobe.com/support/security/bulletins/apsb10-09.html
[ 5 ] APSB10-14
http://www.adobe.com/support/security/bulletins/apsb10-14.html
[ 6 ] APSB10-16
http://www.adobe.com/support/security/bulletins/apsb10-16.html
[ 7 ] CVE-2009-3953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3953
[ 8 ] CVE-2009-4324
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4324
[ 9 ] CVE-2010-0186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186
[ 10 ] CVE-2010-0188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0188
[ 11 ] CVE-2010-0190
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0190
[ 12 ] CVE-2010-0191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0191
[ 13 ] CVE-2010-0192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0192
[ 14 ] CVE-2010-0193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0193
[ 15 ] CVE-2010-0194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0194
[ 16 ] CVE-2010-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0195
[ 17 ] CVE-2010-0196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0196
[ 18 ] CVE-2010-0197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0197
[ 19 ] CVE-2010-0198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0198
[ 20 ] CVE-2010-0199
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0199
[ 21 ] CVE-2010-0201
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0201
[ 22 ] CVE-2010-0202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0202
[ 23 ] CVE-2010-0203
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0203
[ 24 ] CVE-2010-0204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0204
[ 25 ] CVE-2010-1241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1241
[ 26 ] CVE-2010-1285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1285
[ 27 ] CVE-2010-1295
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1295
[ 28 ] CVE-2010-1297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297
[ 29 ] CVE-2010-2168
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2168
[ 30 ] CVE-2010-2201
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2201
[ 31 ] CVE-2010-2202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2202
[ 32 ] CVE-2010-2203
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2203
[ 33 ] CVE-2010-2204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2204
[ 34 ] CVE-2010-2205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2205
[ 35 ] CVE-2010-2206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2206
[ 36 ] CVE-2010-2207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2207
[ 37 ] CVE-2010-2208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2208
[ 38 ] CVE-2010-2209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2209
[ 39 ] CVE-2010-2210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2210
[ 40 ] CVE-2010-2211
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2211
[ 41 ] CVE-2010-2212
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2212
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201009-05.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2010 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201004-0124 | CVE-2010-0195 | Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, do not properly handle fonts, which allows attackers to execute arbitrary code via unspecified vectors. This vulnerability CVE-2010-0197 , CVE-2010-0201 and CVE-2010-0204 Is a different vulnerability.A third party may execute arbitrary code. User interaction is required in that the victim must be coerced into opening a malicious document or visiting a malicious URL.The specific flaw exists within the parsing of embedded fonts inside a PDF document. Upon parsing particular tables out of a font file the application will miscalculate an index used for seeking into a buffer. Later the application will begin to copy data into the calculated pointer corrupting the referenced data structure. Successful exploitation will lead to code execution under the context of the application. Failed exploit attempts will result in a denial-of-service condition.
The following products are affected:
Adobe Reader 9.3.1 and prior for Windows, Macintosh, and UNIX
Adobe Acrobat 9.3.1 and prior for Windows and Macintosh
Adobe Reader 8.2.1 and prior for Windows and Macintosh
Acrobat 8.2.1 and prior for Windows and Macintosh
NOTE: This issue was originally documented in BID 39329 (Adobe Acrobat and Reader April 2010 Multiple Remote Vulnerabilities); it has been assigned its own BID to better document the vulnerability.
I. These
vulnerabilities affect Reader and Acrobat 9.3.1 and earlier 9.x
versions, and 8.2.1 and earlier versions.
An attacker could exploit these vulnerabilities by convincing a
user to open a specially crafted PDF file. The Adobe Reader browser
plug-in is available for multiple web browsers and operating
systems, which can automatically open PDF documents hosted on a
website.
II.
III. For a fresh installation, first install
Adobe Reader 9.3.0 or 8.2.0 and then use the automatic update
feature or install the appropriate update referenced in APSB10-09. Acrobat JavaScript can be disabled using the
Preferences menu (Edit -> Preferences -> JavaScript; uncheck Enable
Acrobat JavaScript).
Adobe provides a framework to blacklist specific JavaScipt APIs. If
JavaScript must be enabled, this feature may be useful when
specific APIs are known to be vulnerable or used in attacks.
Prevent Internet Explorer from automatically opening PDF documents
The installer for Adobe Reader and Acrobat configures Internet
Explorer to automatically open PDF files without any user
interaction. This behavior can be reverted to a safer option that
prompts the user by importing the following as a .REG file:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\AcroExch.Document.7]
"EditFlags"=hex:00,00,00,00
Disable the display of PDF documents in the web browser
Preventing PDF documents from opening inside a web browser will
partially mitigate this vulnerability. If this workaround is
applied, it may also mitigate future vulnerabilities.
To prevent PDF documents from automatically being opened in a web
browser, do the following:
1.
2. Open the Edit menu.
3. Choose the Preferences option.
4. Choose the Internet section.
5. Uncheck the "Display PDF in browser" checkbox.
Do not access PDF documents from untrusted sources
Do not open unfamiliar or unexpected PDF documents, particularly
those hosted on websites or delivered as email attachments. Please
see Cyber Security Tip ST04-010.
IV. Please send
email to <cert@cert.org> with "TA10-103C Feedback VU#352598" in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2010 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
April 13, 2010: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBS8TuRj6pPKYJORa3AQJfzggAj8p3s/TrJT16ceFtRzLR31QBgRq6GxYr
h8WnsGlj2WR71XjH219XaWx9Mj3KBWVxbAsNPmK0tEir7KA+n4DwZCewTDYRqfYs
8N7G9MOI68Z87+7zBiZAo0j5/lQuxLWyTF9PqWbX8gCWLqJWW46cEZCqg7OGRbYt
w8coxdMXU6tM3WGoWAIKwLRtpQUdubcITPTrE7RATyLJ1422B9dkTSeSCuHHZs5d
eXSPYzTQ1EOwHpuA5/a/or2SjeRPLQcpxb/8WKelSqwW3hpK4zviEnPt4cYyeNqW
BQY06OQMTKch/nmniuEDuiwe69m0gTw7Tw2Dm6xrg6BLBy3A6GAwkQ==
=CQ6i
-----END PGP SIGNATURE-----
. More
details can be found at:
http://www.adobe.com/support/security/bulletins/apsb10-09.html
-- Disclosure Timeline:
2010-02-18 - Vulnerability reported to vendor
2010-04-13 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* Anonymous
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
Follow the ZDI on Twitter:
http://twitter.com/thezdi
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201009-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Adobe Reader: Multiple vulnerabilities
Date: September 07, 2010
Bugs: #297385, #306429, #313343, #322857
ID: 201009-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities in Adobe Reader might result in the execution
of arbitrary code or other attacks. For further
information please consult the CVE entries and the Adobe Security
Bulletins referenced below.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/acroread-9.3.4"
References
==========
[ 1 ] APSA10-01
http://www.adobe.com/support/security/advisories/apsa10-01.html
[ 2 ] APSB10-02
http://www.adobe.com/support/security/bulletins/apsb10-02.html
[ 3 ] APSB10-07
http://www.adobe.com/support/security/bulletins/apsb10-07.html
[ 4 ] APSB10-09
http://www.adobe.com/support/security/bulletins/apsb10-09.html
[ 5 ] APSB10-14
http://www.adobe.com/support/security/bulletins/apsb10-14.html
[ 6 ] APSB10-16
http://www.adobe.com/support/security/bulletins/apsb10-16.html
[ 7 ] CVE-2009-3953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3953
[ 8 ] CVE-2009-4324
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4324
[ 9 ] CVE-2010-0186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186
[ 10 ] CVE-2010-0188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0188
[ 11 ] CVE-2010-0190
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0190
[ 12 ] CVE-2010-0191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0191
[ 13 ] CVE-2010-0192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0192
[ 14 ] CVE-2010-0193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0193
[ 15 ] CVE-2010-0194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0194
[ 16 ] CVE-2010-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0195
[ 17 ] CVE-2010-0196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0196
[ 18 ] CVE-2010-0197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0197
[ 19 ] CVE-2010-0198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0198
[ 20 ] CVE-2010-0199
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0199
[ 21 ] CVE-2010-0201
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0201
[ 22 ] CVE-2010-0202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0202
[ 23 ] CVE-2010-0203
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0203
[ 24 ] CVE-2010-0204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0204
[ 25 ] CVE-2010-1241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1241
[ 26 ] CVE-2010-1285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1285
[ 27 ] CVE-2010-1295
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1295
[ 28 ] CVE-2010-1297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297
[ 29 ] CVE-2010-2168
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2168
[ 30 ] CVE-2010-2201
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2201
[ 31 ] CVE-2010-2202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2202
[ 32 ] CVE-2010-2203
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2203
[ 33 ] CVE-2010-2204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2204
[ 34 ] CVE-2010-2205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2205
[ 35 ] CVE-2010-2206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2206
[ 36 ] CVE-2010-2207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2207
[ 37 ] CVE-2010-2208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2208
[ 38 ] CVE-2010-2209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2209
[ 39 ] CVE-2010-2210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2210
[ 40 ] CVE-2010-2211
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2211
[ 41 ] CVE-2010-2212
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2212
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201009-05.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2010 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201004-0120 | CVE-2010-0202 | Adobe Reader and Acrobat Vulnerable to buffer overflow |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0199, and CVE-2010-0203. Adobe Reader and Acrobat Contains a buffer overflow vulnerability. This vulnerability CVE-2010-0198 , CVE-2010-0199 and CVE-2010-0203 Is a different vulnerability.An attacker could execute arbitrary code.
Attackers can exploit these issues to steal cookie-based authentication credentials, cause a denial-of-service, or execute arbitrary code in the context of the user running an affected application.
I. These
vulnerabilities affect Reader and Acrobat 9.3.1 and earlier 9.x
versions, and 8.2.1 and earlier versions.
An attacker could exploit these vulnerabilities by convincing a
user to open a specially crafted PDF file. The Adobe Reader browser
plug-in is available for multiple web browsers and operating
systems, which can automatically open PDF documents hosted on a
website.
II.
III. For a fresh installation, first install
Adobe Reader 9.3.0 or 8.2.0 and then use the automatic update
feature or install the appropriate update referenced in APSB10-09. Acrobat JavaScript can be disabled using the
Preferences menu (Edit -> Preferences -> JavaScript; uncheck Enable
Acrobat JavaScript).
Adobe provides a framework to blacklist specific JavaScipt APIs. If
JavaScript must be enabled, this feature may be useful when
specific APIs are known to be vulnerable or used in attacks.
Prevent Internet Explorer from automatically opening PDF documents
The installer for Adobe Reader and Acrobat configures Internet
Explorer to automatically open PDF files without any user
interaction. This behavior can be reverted to a safer option that
prompts the user by importing the following as a .REG file:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\AcroExch.Document.7]
"EditFlags"=hex:00,00,00,00
Disable the display of PDF documents in the web browser
Preventing PDF documents from opening inside a web browser will
partially mitigate this vulnerability. If this workaround is
applied, it may also mitigate future vulnerabilities.
To prevent PDF documents from automatically being opened in a web
browser, do the following:
1.
2. Open the Edit menu.
3. Choose the Preferences option.
4. Choose the Internet section.
5. Uncheck the "Display PDF in browser" checkbox.
Do not access PDF documents from untrusted sources
Do not open unfamiliar or unexpected PDF documents, particularly
those hosted on websites or delivered as email attachments. Please
see Cyber Security Tip ST04-010.
IV. Please send
email to <cert@cert.org> with "TA10-103C Feedback VU#352598" in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2010 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
April 13, 2010: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBS8TuRj6pPKYJORa3AQJfzggAj8p3s/TrJT16ceFtRzLR31QBgRq6GxYr
h8WnsGlj2WR71XjH219XaWx9Mj3KBWVxbAsNPmK0tEir7KA+n4DwZCewTDYRqfYs
8N7G9MOI68Z87+7zBiZAo0j5/lQuxLWyTF9PqWbX8gCWLqJWW46cEZCqg7OGRbYt
w8coxdMXU6tM3WGoWAIKwLRtpQUdubcITPTrE7RATyLJ1422B9dkTSeSCuHHZs5d
eXSPYzTQ1EOwHpuA5/a/or2SjeRPLQcpxb/8WKelSqwW3hpK4zviEnPt4cYyeNqW
BQY06OQMTKch/nmniuEDuiwe69m0gTw7Tw2Dm6xrg6BLBy3A6GAwkQ==
=CQ6i
-----END PGP SIGNATURE-----
. They are used to create, view, search, digitally
sign, verify, print, and collaborate on Adobe PDF files."
II. Binary Analysis & Proof-of-concept
---------------------------------------
In-depth binary analysis of the vulnerability and a code execution
exploit with DEP bypass have been released by VUPEN through the
VUPEN Binary Analysis & Exploits Service :
http://www.vupen.com/exploits/
V.
VI. CREDIT
--------------
The vulnerability was discovered by Nicolas Joly of VUPEN Security
VII. ABOUT VUPEN Security
---------------------------
VUPEN is a leading IT security research company providing vulnerability
management and security intelligence solutions which enable enterprises
and institutions to eliminate vulnerabilities before they can be exploited,
ensure security policy compliance and meaningfully measure and manage risks.
Governmental and federal agencies, and global enterprises in the financial
services, insurance, manufacturing and technology industries rely on VUPEN
to improve their security, prioritize resources, cut time and costs, and
stay ahead of the latest threats.
* VUPEN Vulnerability Notification Service:
http://www.vupen.com/english/services/
* VUPEN Binary Analysis & Exploits Service :
http://www.vupen.com/exploits/
VIII. REFERENCES
----------------------
http://www.vupen.com/english/advisories/2010/0873
http://www.adobe.com/support/security/bulletins/apsb10-09.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0202
IX. DISCLOSURE TIMELINE
-----------------------------------
2010-03-16 - Vendor notified
2010-03-16 - Vendor response
2010-04-07 - Status update received
2010-04-13 - Coordinated public Disclosure
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201009-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Adobe Reader: Multiple vulnerabilities
Date: September 07, 2010
Bugs: #297385, #306429, #313343, #322857
ID: 201009-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities in Adobe Reader might result in the execution
of arbitrary code or other attacks. For further
information please consult the CVE entries and the Adobe Security
Bulletins referenced below.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/acroread-9.3.4"
References
==========
[ 1 ] APSA10-01
http://www.adobe.com/support/security/advisories/apsa10-01.html
[ 2 ] APSB10-02
http://www.adobe.com/support/security/bulletins/apsb10-02.html
[ 3 ] APSB10-07
http://www.adobe.com/support/security/bulletins/apsb10-07.html
[ 4 ] APSB10-09
http://www.adobe.com/support/security/bulletins/apsb10-09.html
[ 5 ] APSB10-14
http://www.adobe.com/support/security/bulletins/apsb10-14.html
[ 6 ] APSB10-16
http://www.adobe.com/support/security/bulletins/apsb10-16.html
[ 7 ] CVE-2009-3953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3953
[ 8 ] CVE-2009-4324
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4324
[ 9 ] CVE-2010-0186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186
[ 10 ] CVE-2010-0188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0188
[ 11 ] CVE-2010-0190
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0190
[ 12 ] CVE-2010-0191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0191
[ 13 ] CVE-2010-0192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0192
[ 14 ] CVE-2010-0193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0193
[ 15 ] CVE-2010-0194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0194
[ 16 ] CVE-2010-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0195
[ 17 ] CVE-2010-0196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0196
[ 18 ] CVE-2010-0197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0197
[ 19 ] CVE-2010-0198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0198
[ 20 ] CVE-2010-0199
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0199
[ 21 ] CVE-2010-0201
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0201
[ 22 ] CVE-2010-0202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0202
[ 23 ] CVE-2010-0203
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0203
[ 24 ] CVE-2010-0204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0204
[ 25 ] CVE-2010-1241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1241
[ 26 ] CVE-2010-1285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1285
[ 27 ] CVE-2010-1295
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1295
[ 28 ] CVE-2010-1297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297
[ 29 ] CVE-2010-2168
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2168
[ 30 ] CVE-2010-2201
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2201
[ 31 ] CVE-2010-2202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2202
[ 32 ] CVE-2010-2203
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2203
[ 33 ] CVE-2010-2204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2204
[ 34 ] CVE-2010-2205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2205
[ 35 ] CVE-2010-2206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2206
[ 36 ] CVE-2010-2207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2207
[ 37 ] CVE-2010-2208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2208
[ 38 ] CVE-2010-2209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2209
[ 39 ] CVE-2010-2210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2210
[ 40 ] CVE-2010-2211
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2211
[ 41 ] CVE-2010-2212
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2212
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201009-05.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2010 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201204-0214 | CVE-2012-1337 | Cisco WebEx Recording Format (WRF) Player Vulnerable to buffer overflow |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP10, and T27 LD before SP32 CP1 allows remote attackers to execute arbitrary code via a crafted WRF file, a different vulnerability than CVE-2012-1335 and CVE-2012-1336. This vulnerability CVE-2012-1335 and CVE-2012-1336 Is a different vulnerability.Skillfully crafted by a third party WRF An arbitrary code may be executed via the file. Cisco WebEx is prone to multiple remote buffer-overflow vulnerabilities.
An attacker can exploit these issues to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. WebEx Meeting Service is a hosted multimedia conferencing solution managed and maintained by Cisco WebEx. The WRF file format is used to store WebEx meeting minutes. The player is used for playback and editing of recorded files. Cisco WebEx Player is used to play back meeting content recorded on the WebEx meeting site or online meeting participants. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Cisco WebEx Player Three Vulnerabilities
SECUNIA ADVISORY ID:
SA47023
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/47023/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=47023
RELEASE DATE:
2012-04-05
DISCUSS ADVISORY:
http://secunia.com/advisories/47023/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/47023/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47023
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Three vulnerabilities have been reported in Cisco WebEx Player, which
can be exploited by malicious people to compromise a user's system.
1) An error in atdl2006.dll when decompressing certain content can be
exploited to cause a heap-based buffer overflow via a specially
crafted WRF file.
2) An integer overflow error in atas32.dll when decompressing certain
content can be exploited to cause a heap-based buffer overflow via a
specially crafted WRF file.
3) An unspecified error can be exploited to cause a buffer overflow
via a specialy crafted WRF file.
The following versions are affected by one or more of the
vulnerabilities:
* Client builds 27.32.0 (T27 LD SP32) and prior
* Client builds 27.25.9 (T27 LC SP25 EP9) and prior
* Client builds 27.21.10 (T27 LB SP21 EP10) and prior
* Client builds 27.11.26 (T27 L SP11 EP26) and prior
SOLUTION:
Update to Client builds 27.25.10 (T27 LC SP25 EP10) or 27.32.1 (T27
LD SP32 CP1).
PROVIDED AND/OR DISCOVERED BY:
1, 2) Damian Put via Secunia.
3) The vendor credits iDefense.
ORIGINAL ADVISORY:
Cisco:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120404-webex
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201204-0213 | CVE-2012-1336 | Cisco WebEx Recording Format (WRF) Player Vulnerable to buffer overflow |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP10, and T27 LD before SP32 CP1 allows remote attackers to execute arbitrary code via a crafted WRF file, a different vulnerability than CVE-2012-1335 and CVE-2012-1337. This vulnerability CVE-2012-1335 and CVE-2012-1337 Is a different vulnerability.Skillfully crafted by a third party WRF An arbitrary code may be executed via the file. Cisco WebEx is prone to multiple remote buffer-overflow vulnerabilities.
An attacker can exploit these issues to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. WebEx Meeting Service is a hosted multimedia conferencing solution managed and maintained by Cisco WebEx. The WRF file format is used to store WebEx meeting minutes. The player is used for playback and editing of recorded files. Cisco WebEx Player is used to play back meeting content recorded on the WebEx meeting site or online meeting participants. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Cisco WebEx Player Three Vulnerabilities
SECUNIA ADVISORY ID:
SA47023
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/47023/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=47023
RELEASE DATE:
2012-04-05
DISCUSS ADVISORY:
http://secunia.com/advisories/47023/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/47023/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47023
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Three vulnerabilities have been reported in Cisco WebEx Player, which
can be exploited by malicious people to compromise a user's system.
1) An error in atdl2006.dll when decompressing certain content can be
exploited to cause a heap-based buffer overflow via a specially
crafted WRF file.
2) An integer overflow error in atas32.dll when decompressing certain
content can be exploited to cause a heap-based buffer overflow via a
specially crafted WRF file.
3) An unspecified error can be exploited to cause a buffer overflow
via a specialy crafted WRF file.
The following versions are affected by one or more of the
vulnerabilities:
* Client builds 27.32.0 (T27 LD SP32) and prior
* Client builds 27.25.9 (T27 LC SP25 EP9) and prior
* Client builds 27.21.10 (T27 LB SP21 EP10) and prior
* Client builds 27.11.26 (T27 L SP11 EP26) and prior
SOLUTION:
Update to Client builds 27.25.10 (T27 LC SP25 EP10) or 27.32.1 (T27
LD SP32 CP1).
PROVIDED AND/OR DISCOVERED BY:
1, 2) Damian Put via Secunia.
3) The vendor credits iDefense.
ORIGINAL ADVISORY:
Cisco:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120404-webex
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201204-0212 | CVE-2012-1335 | Cisco WebEx Recording Format (WRF) Player Vulnerable to buffer overflow |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP10, and T27 LD before SP32 CP1 allows remote attackers to execute arbitrary code via a crafted WRF file, a different vulnerability than CVE-2012-1336 and CVE-2012-1337. This vulnerability CVE-2012-1336 and CVE-2012-1337 Is a different vulnerability.Skillfully crafted by a third party WRF An arbitrary code may be executed via the file. Cisco WebEx is prone to multiple remote buffer-overflow vulnerabilities.
An attacker can exploit these issues to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. WebEx Meeting Service is a hosted multimedia conferencing solution managed and maintained by Cisco WebEx. The WRF file format is used to store WebEx meeting minutes. The player is used for playback and editing of recorded files. Cisco WebEx Player is used to play back meeting content recorded on the WebEx meeting site or online meeting participants. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Cisco WebEx Player Three Vulnerabilities
SECUNIA ADVISORY ID:
SA47023
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/47023/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=47023
RELEASE DATE:
2012-04-05
DISCUSS ADVISORY:
http://secunia.com/advisories/47023/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/47023/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47023
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Three vulnerabilities have been reported in Cisco WebEx Player, which
can be exploited by malicious people to compromise a user's system.
1) An error in atdl2006.dll when decompressing certain content can be
exploited to cause a heap-based buffer overflow via a specially
crafted WRF file.
2) An integer overflow error in atas32.dll when decompressing certain
content can be exploited to cause a heap-based buffer overflow via a
specially crafted WRF file.
3) An unspecified error can be exploited to cause a buffer overflow
via a specialy crafted WRF file.
The following versions are affected by one or more of the
vulnerabilities:
* Client builds 27.32.0 (T27 LD SP32) and prior
* Client builds 27.25.9 (T27 LC SP25 EP9) and prior
* Client builds 27.21.10 (T27 LB SP21 EP10) and prior
* Client builds 27.11.26 (T27 L SP11 EP26) and prior
SOLUTION:
Update to Client builds 27.25.10 (T27 LC SP25 EP10) or 27.32.1 (T27
LD SP32 CP1).
PROVIDED AND/OR DISCOVERED BY:
1, 2) Damian Put via Secunia.
3) The vendor credits iDefense.
ORIGINAL ADVISORY:
Cisco:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120404-webex
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201204-0162 | CVE-2012-0255 | Quagga contains multiple vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: Medium |
The BGP implementation in bgpd in Quagga before 0.99.20.1 does not properly use message buffers for OPEN messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a message associated with a malformed Four-octet AS Number Capability (aka AS4 capability). Quagga, a routing software suite, contains multiple vulnerabilities that result in a denial-of-service condition. Quagga is prone to multiple remote security vulnerabilities including:
1. A denial-of-service vulnerability
2. Multiple buffer-overflow vulnerabilities
An attackers can exploit these issues to execute arbitrary code in the context of the application or cause denial-of-service conditions.
Quagga versions prior to 0.99.20.1 are vulnerable. ============================================================================
Ubuntu Security Notice USN-1441-1
May 15, 2012
quagga vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Summary:
Quagga could be made to crash if it received specially crafted network
traffic. (CVE-2012-0249,
CVE-2012-0250)
It was discovered that Quagga incorrectly handled messages with a malformed
Four-octet AS Number Capability. After a standard system update you need to restart Quagga to make
all the necessary changes. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Debian update for quagga
SECUNIA ADVISORY ID:
SA48949
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48949/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48949
RELEASE DATE:
2012-04-26
DISCUSS ADVISORY:
http://secunia.com/advisories/48949/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48949/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48949
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Debian has issued an update for quagga. This fixes multiple
vulnerabilities, which can be exploited by malicious people to cause
a DoS (Denial of Service).
For more information:
SA48388
SOLUTION:
Apply updated packages via the apt-get package manager.
ORIGINAL ADVISORY:
DSA-2459-1:
http://lists.debian.org/debian-security-announce/2012/msg00092.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201310-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Quagga: Multiple vulnerabilities
Date: October 10, 2013
Bugs: #408507, #475706
ID: 201310-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Quagga, the worst of which
could lead to arbitrary code execution. Please review
the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Quagga users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/quagga-0.99.22.4"
References
==========
[ 1 ] CVE-2012-0249
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0249
[ 2 ] CVE-2012-0250
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0250
[ 3 ] CVE-2012-0255
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0255
[ 4 ] CVE-2012-1820
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1820
[ 5 ] CVE-2013-2236
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2236
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201310-08.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: quagga security update
Advisory ID: RHSA-2012:1259-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1259.html
Issue date: 2012-09-12
CVE Names: CVE-2011-3323 CVE-2011-3324 CVE-2011-3325
CVE-2011-3326 CVE-2011-3327 CVE-2012-0249
CVE-2012-0250 CVE-2012-0255 CVE-2012-1820
=====================================================================
1. Summary:
Updated quagga packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
3. The Quagga bgpd daemon
implements the BGP (Border Gateway Protocol) routing protocol. The Quagga
ospfd and ospf6d daemons implement the OSPF (Open Shortest Path First)
routing protocol.
A heap-based buffer overflow flaw was found in the way the bgpd daemon
processed malformed Extended Communities path attributes. An attacker could
send a specially-crafted BGP message, causing bgpd on a target system to
crash or, possibly, execute arbitrary code with the privileges of the user
running bgpd. The UPDATE message would have to arrive from an explicitly
configured BGP peer, but could have originated elsewhere in the BGP
network. (CVE-2011-3327)
A stack-based buffer overflow flaw was found in the way the ospf6d daemon
processed malformed Link State Update packets. An OSPF router could use
this flaw to crash ospf6d on an adjacent router. (CVE-2011-3323)
A flaw was found in the way the ospf6d daemon processed malformed link
state advertisements. An OSPF neighbor could use this flaw to crash
ospf6d on a target system. (CVE-2011-3324)
A flaw was found in the way the ospfd daemon processed malformed Hello
packets. An OSPF neighbor could use this flaw to crash ospfd on a
target system. (CVE-2011-3325)
A flaw was found in the way the ospfd daemon processed malformed link state
advertisements. An OSPF router in the autonomous system could use this flaw
to crash ospfd on a target system. (CVE-2011-3326)
An assertion failure was found in the way the ospfd daemon processed
certain Link State Update packets. An OSPF router could use this flaw to
cause ospfd on an adjacent router to abort. (CVE-2012-0249)
A buffer overflow flaw was found in the way the ospfd daemon processed
certain Link State Update packets. An OSPF router could use this flaw to
crash ospfd on an adjacent router. (CVE-2012-0250)
Two flaws were found in the way the bgpd daemon processed certain BGP OPEN
messages. A configured BGP peer could cause bgpd on a target system to
abort via a specially-crafted BGP OPEN message. (CVE-2012-0255,
CVE-2012-1820)
Red Hat would like to thank CERT-FI for reporting CVE-2011-3327,
CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the
CERT/CC for reporting CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, and
CVE-2012-1820. CERT-FI acknowledges Riku Hietamäki, Tuomo Untinen and Jukka
Taimisto of the Codenomicon CROSS project as the original reporters of
CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and
CVE-2011-3326. The CERT/CC acknowledges Martin Winter at
OpenSourceRouting.org as the original reporter of CVE-2012-0249,
CVE-2012-0250, and CVE-2012-0255, and Denis Ovsienko as the original
reporter of CVE-2012-1820.
Users of quagga should upgrade to these updated packages, which contain
backported patches to correct these issues. After installing the updated
packages, the bgpd, ospfd, and ospf6d daemons will be restarted
automatically.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Package List:
Red Hat Enterprise Linux Server (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm
i386:
quagga-0.99.15-7.el6_3.2.i686.rpm
quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm
ppc64:
quagga-0.99.15-7.el6_3.2.ppc64.rpm
quagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm
s390x:
quagga-0.99.15-7.el6_3.2.s390x.rpm
quagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm
x86_64:
quagga-0.99.15-7.el6_3.2.x86_64.rpm
quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm
i386:
quagga-contrib-0.99.15-7.el6_3.2.i686.rpm
quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm
quagga-devel-0.99.15-7.el6_3.2.i686.rpm
ppc64:
quagga-contrib-0.99.15-7.el6_3.2.ppc64.rpm
quagga-debuginfo-0.99.15-7.el6_3.2.ppc.rpm
quagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm
quagga-devel-0.99.15-7.el6_3.2.ppc.rpm
quagga-devel-0.99.15-7.el6_3.2.ppc64.rpm
s390x:
quagga-contrib-0.99.15-7.el6_3.2.s390x.rpm
quagga-debuginfo-0.99.15-7.el6_3.2.s390.rpm
quagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm
quagga-devel-0.99.15-7.el6_3.2.s390.rpm
quagga-devel-0.99.15-7.el6_3.2.s390x.rpm
x86_64:
quagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm
quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm
quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm
quagga-devel-0.99.15-7.el6_3.2.i686.rpm
quagga-devel-0.99.15-7.el6_3.2.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm
i386:
quagga-0.99.15-7.el6_3.2.i686.rpm
quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm
x86_64:
quagga-0.99.15-7.el6_3.2.x86_64.rpm
quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm
i386:
quagga-contrib-0.99.15-7.el6_3.2.i686.rpm
quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm
quagga-devel-0.99.15-7.el6_3.2.i686.rpm
x86_64:
quagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm
quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm
quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm
quagga-devel-0.99.15-7.el6_3.2.i686.rpm
quagga-devel-0.99.15-7.el6_3.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2011-3323.html
https://www.redhat.com/security/data/cve/CVE-2011-3324.html
https://www.redhat.com/security/data/cve/CVE-2011-3325.html
https://www.redhat.com/security/data/cve/CVE-2011-3326.html
https://www.redhat.com/security/data/cve/CVE-2011-3327.html
https://www.redhat.com/security/data/cve/CVE-2012-0249.html
https://www.redhat.com/security/data/cve/CVE-2012-0250.html
https://www.redhat.com/security/data/cve/CVE-2012-0255.html
https://www.redhat.com/security/data/cve/CVE-2012-1820.html
https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFQUOxMXlSAg2UNWIIRAspnAKDCd5umtQIWFZYD8vyRPpCkAlgiwwCglw+g
P4VSjxs4xRnVCtT/IOkBkKQ=
=VtuC
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce.
This security update upgrades the quagga package to the most recent
upstream release. This release includes other corrections, such as
hardening against unknown BGP path attributes.
For the stable distribution (squeeze), these problems have been fixed
in version 0.99.20.1-0+squeeze1.
For the testing distribution (wheezy) and the unstable distribution
(sid), these problems have been fixed in version 0.99.20.1-1
| VAR-201204-0159 | CVE-2012-0249 | Quagga contains multiple vulnerabilities |
CVSS V2: 3.3 CVSS V3: - Severity: LOW |
Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a Link State Update (aka LS Update) packet that is smaller than the length specified in its header. Quagga, a routing software suite, contains multiple vulnerabilities that result in a denial-of-service condition. Quagga is prone to multiple remote security vulnerabilities including:
1. A denial-of-service vulnerability
2. Multiple buffer-overflow vulnerabilities
An attackers can exploit these issues to execute arbitrary code in the context of the application or cause denial-of-service conditions.
Quagga versions prior to 0.99.20.1 are vulnerable. ============================================================================
Ubuntu Security Notice USN-1441-1
May 15, 2012
quagga vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Summary:
Quagga could be made to crash if it received specially crafted network
traffic. (CVE-2012-0249,
CVE-2012-0250)
It was discovered that Quagga incorrectly handled messages with a malformed
Four-octet AS Number Capability. After a standard system update you need to restart Quagga to make
all the necessary changes. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Debian update for quagga
SECUNIA ADVISORY ID:
SA48949
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48949/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48949
RELEASE DATE:
2012-04-26
DISCUSS ADVISORY:
http://secunia.com/advisories/48949/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48949/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48949
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Debian has issued an update for quagga. This fixes multiple
vulnerabilities, which can be exploited by malicious people to cause
a DoS (Denial of Service).
For more information:
SA48388
SOLUTION:
Apply updated packages via the apt-get package manager.
ORIGINAL ADVISORY:
DSA-2459-1:
http://lists.debian.org/debian-security-announce/2012/msg00092.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201310-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Quagga: Multiple vulnerabilities
Date: October 10, 2013
Bugs: #408507, #475706
ID: 201310-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Quagga, the worst of which
could lead to arbitrary code execution. Please review
the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Quagga users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/quagga-0.99.22.4"
References
==========
[ 1 ] CVE-2012-0249
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0249
[ 2 ] CVE-2012-0250
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0250
[ 3 ] CVE-2012-0255
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0255
[ 4 ] CVE-2012-1820
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1820
[ 5 ] CVE-2013-2236
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2236
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201310-08.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: quagga security update
Advisory ID: RHSA-2012:1259-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1259.html
Issue date: 2012-09-12
CVE Names: CVE-2011-3323 CVE-2011-3324 CVE-2011-3325
CVE-2011-3326 CVE-2011-3327 CVE-2012-0249
CVE-2012-0250 CVE-2012-0255 CVE-2012-1820
=====================================================================
1. Summary:
Updated quagga packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
3. The Quagga bgpd daemon
implements the BGP (Border Gateway Protocol) routing protocol. The Quagga
ospfd and ospf6d daemons implement the OSPF (Open Shortest Path First)
routing protocol.
A heap-based buffer overflow flaw was found in the way the bgpd daemon
processed malformed Extended Communities path attributes. An attacker could
send a specially-crafted BGP message, causing bgpd on a target system to
crash or, possibly, execute arbitrary code with the privileges of the user
running bgpd. The UPDATE message would have to arrive from an explicitly
configured BGP peer, but could have originated elsewhere in the BGP
network. An OSPF router could use
this flaw to crash ospf6d on an adjacent router. (CVE-2011-3323)
A flaw was found in the way the ospf6d daemon processed malformed link
state advertisements. An OSPF neighbor could use this flaw to crash
ospf6d on a target system. (CVE-2011-3324)
A flaw was found in the way the ospfd daemon processed malformed Hello
packets. An OSPF neighbor could use this flaw to crash ospfd on a
target system. (CVE-2011-3325)
A flaw was found in the way the ospfd daemon processed malformed link state
advertisements. An OSPF router in the autonomous system could use this flaw
to crash ospfd on a target system. An OSPF router could use this flaw to
cause ospfd on an adjacent router to abort. An OSPF router could use this flaw to
crash ospfd on an adjacent router. (CVE-2012-0250)
Two flaws were found in the way the bgpd daemon processed certain BGP OPEN
messages. A configured BGP peer could cause bgpd on a target system to
abort via a specially-crafted BGP OPEN message. (CVE-2012-0255,
CVE-2012-1820)
Red Hat would like to thank CERT-FI for reporting CVE-2011-3327,
CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and CVE-2011-3326; and the
CERT/CC for reporting CVE-2012-0249, CVE-2012-0250, CVE-2012-0255, and
CVE-2012-1820. CERT-FI acknowledges Riku Hietamäki, Tuomo Untinen and Jukka
Taimisto of the Codenomicon CROSS project as the original reporters of
CVE-2011-3327, CVE-2011-3323, CVE-2011-3324, CVE-2011-3325, and
CVE-2011-3326. The CERT/CC acknowledges Martin Winter at
OpenSourceRouting.org as the original reporter of CVE-2012-0249,
CVE-2012-0250, and CVE-2012-0255, and Denis Ovsienko as the original
reporter of CVE-2012-1820.
Users of quagga should upgrade to these updated packages, which contain
backported patches to correct these issues. After installing the updated
packages, the bgpd, ospfd, and ospf6d daemons will be restarted
automatically.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Package List:
Red Hat Enterprise Linux Server (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm
i386:
quagga-0.99.15-7.el6_3.2.i686.rpm
quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm
ppc64:
quagga-0.99.15-7.el6_3.2.ppc64.rpm
quagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm
s390x:
quagga-0.99.15-7.el6_3.2.s390x.rpm
quagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm
x86_64:
quagga-0.99.15-7.el6_3.2.x86_64.rpm
quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm
i386:
quagga-contrib-0.99.15-7.el6_3.2.i686.rpm
quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm
quagga-devel-0.99.15-7.el6_3.2.i686.rpm
ppc64:
quagga-contrib-0.99.15-7.el6_3.2.ppc64.rpm
quagga-debuginfo-0.99.15-7.el6_3.2.ppc.rpm
quagga-debuginfo-0.99.15-7.el6_3.2.ppc64.rpm
quagga-devel-0.99.15-7.el6_3.2.ppc.rpm
quagga-devel-0.99.15-7.el6_3.2.ppc64.rpm
s390x:
quagga-contrib-0.99.15-7.el6_3.2.s390x.rpm
quagga-debuginfo-0.99.15-7.el6_3.2.s390.rpm
quagga-debuginfo-0.99.15-7.el6_3.2.s390x.rpm
quagga-devel-0.99.15-7.el6_3.2.s390.rpm
quagga-devel-0.99.15-7.el6_3.2.s390x.rpm
x86_64:
quagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm
quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm
quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm
quagga-devel-0.99.15-7.el6_3.2.i686.rpm
quagga-devel-0.99.15-7.el6_3.2.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm
i386:
quagga-0.99.15-7.el6_3.2.i686.rpm
quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm
x86_64:
quagga-0.99.15-7.el6_3.2.x86_64.rpm
quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/quagga-0.99.15-7.el6_3.2.src.rpm
i386:
quagga-contrib-0.99.15-7.el6_3.2.i686.rpm
quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm
quagga-devel-0.99.15-7.el6_3.2.i686.rpm
x86_64:
quagga-contrib-0.99.15-7.el6_3.2.x86_64.rpm
quagga-debuginfo-0.99.15-7.el6_3.2.i686.rpm
quagga-debuginfo-0.99.15-7.el6_3.2.x86_64.rpm
quagga-devel-0.99.15-7.el6_3.2.i686.rpm
quagga-devel-0.99.15-7.el6_3.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2011-3323.html
https://www.redhat.com/security/data/cve/CVE-2011-3324.html
https://www.redhat.com/security/data/cve/CVE-2011-3325.html
https://www.redhat.com/security/data/cve/CVE-2011-3326.html
https://www.redhat.com/security/data/cve/CVE-2011-3327.html
https://www.redhat.com/security/data/cve/CVE-2012-0249.html
https://www.redhat.com/security/data/cve/CVE-2012-0250.html
https://www.redhat.com/security/data/cve/CVE-2012-0255.html
https://www.redhat.com/security/data/cve/CVE-2012-1820.html
https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFQUOxMXlSAg2UNWIIRAspnAKDCd5umtQIWFZYD8vyRPpCkAlgiwwCglw+g
P4VSjxs4xRnVCtT/IOkBkKQ=
=VtuC
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce.
This security update upgrades the quagga package to the most recent
upstream release. This release includes other corrections, such as
hardening against unknown BGP path attributes.
For the stable distribution (squeeze), these problems have been fixed
in version 0.99.20.1-0+squeeze1.
For the testing distribution (wheezy) and the unstable distribution
(sid), these problems have been fixed in version 0.99.20.1-1
| VAR-201204-0089 | CVE-2011-3076 | Used in multiple products Webkit Service disruption in (DoS) Vulnerabilities |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to focus handling. Google Chrome Is inadequate in focus processing, so it interferes with service operation. (DoS) There are vulnerabilities that can be in a state or are otherwise unaffected. This vulnerability Webkit Vulnerability in Google Chrome Other than Webkit Products that use may also be affected.Service disruption by a third party (DoS) You may be put into a state or affected by other details. Google Chrome is prone to multiple vulnerabilities.
Attackers can exploit these issues to execute arbitrary code in the context of the browser, bypass security restrictions, and perform cross-origin attacks; other attacks may also be possible.
NOTE: The issue (described by CVE-2011-3071) has been moved to BID 57027 (Webkit CVE-2011-3071 Remote Code Execution Vulnerability) to better document it.
Versions prior to Chrome 18.0.1025.151 are vulnerable. Google Chrome is a web browser developed by Google (Google). ============================================================================
Ubuntu Security Notice USN-1617-1
October 25, 2012
webkit vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
Multiple security vulnerabilities were fixed in WebKit.
Software Description:
- webkit: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKit browser and
JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
libjavascriptcoregtk-1.0-0 1.8.3-0ubuntu0.12.04.1
libjavascriptcoregtk-3.0-0 1.8.3-0ubuntu0.12.04.1
libwebkitgtk-1.0-0 1.8.3-0ubuntu0.12.04.1
libwebkitgtk-3.0-0 1.8.3-0ubuntu0.12.04.1
After a standard system update you need to restart your session to make all
the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1617-1
CVE-2011-3031, CVE-2011-3038, CVE-2011-3042, CVE-2011-3043,
CVE-2011-3044, CVE-2011-3051, CVE-2011-3053, CVE-2011-3059,
CVE-2011-3060, CVE-2011-3064, CVE-2011-3067, CVE-2011-3076,
CVE-2011-3081, CVE-2011-3086, CVE-2011-3090, CVE-2012-1521,
CVE-2012-3598, CVE-2012-3601, CVE-2012-3604, CVE-2012-3611,
CVE-2012-3612, CVE-2012-3617, CVE-2012-3625, CVE-2012-3626,
CVE-2012-3627, CVE-2012-3628, CVE-2012-3645, CVE-2012-3652,
CVE-2012-3657, CVE-2012-3669, CVE-2012-3670, CVE-2012-3671,
CVE-2012-3672, CVE-2012-3674, CVE-2012-3674, https://launchpad.net/bugs/1058339
Package Information:
https://launchpad.net/ubuntu/+source/webkit/1.8.3-0ubuntu0.12.04.1
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2012-09-12-1 iTunes 10.7
iTunes 10.7 is now available and addresses the following:
WebKit
Available for: Windows 7, Vista, XP SP2 or later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues are addressed through improved memory handling.
CVE-ID
CVE-2011-3016 : miaubiz
CVE-2011-3021 : Arthur Gerkis
CVE-2011-3027 : miaubiz
CVE-2011-3032 : Arthur Gerkis
CVE-2011-3034 : Arthur Gerkis
CVE-2011-3035 : wushi of team509 working with iDefense VCP, Arthur
Gerkis
CVE-2011-3036 : miaubiz
CVE-2011-3037 : miaubiz
CVE-2011-3038 : miaubiz
CVE-2011-3039 : miaubiz
CVE-2011-3040 : miaubiz
CVE-2011-3041 : miaubiz
CVE-2011-3042 : miaubiz
CVE-2011-3043 : miaubiz
CVE-2011-3044 : Arthur Gerkis
CVE-2011-3050 : miaubiz
CVE-2011-3053 : miaubiz
CVE-2011-3059 : Arthur Gerkis
CVE-2011-3060 : miaubiz
CVE-2011-3064 : Atte Kettunen of OUSPG
CVE-2011-3068 : miaubiz
CVE-2011-3069 : miaubiz
CVE-2011-3071 : pa_kt working with HP's Zero Day Initiative
CVE-2011-3073 : Arthur Gerkis
CVE-2011-3074 : Slawomir Blazek
CVE-2011-3075 : miaubiz
CVE-2011-3076 : miaubiz
CVE-2011-3078 : Martin Barbella of the Google Chrome Security Team
CVE-2011-3081 : miaubiz
CVE-2011-3086 : Arthur Gerkis
CVE-2011-3089 : Skylined of the Google Chrome Security Team, miaubiz
CVE-2011-3090 : Arthur Gerkis
CVE-2011-3105 : miaubiz
CVE-2011-3913 : Arthur Gerkis
CVE-2011-3924 : Arthur Gerkis
CVE-2011-3926 : Arthur Gerkis
CVE-2011-3958 : miaubiz
CVE-2011-3966 : Aki Helin of OUSPG
CVE-2011-3968 : Arthur Gerkis
CVE-2011-3969 : Arthur Gerkis
CVE-2011-3971 : Arthur Gerkis
CVE-2012-0682 : Apple Product Security
CVE-2012-0683 : Dave Mandelin of Mozilla
CVE-2012-1520 : Martin Barbella of the Google Chrome Security Team
using AddressSanitizer, Jose A. Vazquez of spa-s3c.blogspot.com
working with iDefense VCP
CVE-2012-1521 : Skylined of the Google Chrome Security Team, Jose A.
Vazquez of spa-s3c.blogspot.com working with iDefense VCP
CVE-2012-2817 : miaubiz
CVE-2012-2818 : miaubiz
CVE-2012-2829 : miaubiz
CVE-2012-2831 : miaubiz
CVE-2012-2842 : miaubiz
CVE-2012-2843 : miaubiz
CVE-2012-3589 : Dave Mandelin of Mozilla
CVE-2012-3590 : Apple Product Security
CVE-2012-3591 : Apple Product Security
CVE-2012-3592 : Apple Product Security
CVE-2012-3593 : Apple Product Security
CVE-2012-3594 : miaubiz
CVE-2012-3595 : Martin Barbella of Google Chrome Security
CVE-2012-3596 : Skylined of the Google Chrome Security Team
CVE-2012-3597 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3598 : Apple Product Security
CVE-2012-3599 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3600 : David Levin of the Chromium development community
CVE-2012-3601 : Martin Barbella of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3602 : miaubiz
CVE-2012-3603 : Apple Product Security
CVE-2012-3604 : Skylined of the Google Chrome Security Team
CVE-2012-3605 : Cris Neckar of the Google Chrome Security team
CVE-2012-3606 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3607 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3608 : Skylined of the Google Chrome Security Team
CVE-2012-3609 : Skylined of the Google Chrome Security Team
CVE-2012-3610 : Skylined of the Google Chrome Security Team
CVE-2012-3611 : Apple Product Security
CVE-2012-3612 : Skylined of the Google Chrome Security Team
CVE-2012-3613 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3614 : Yong Li of Research In Motion, Inc.
CVE-2012-3615 : Stephen Chenney of the Chromium development community
CVE-2012-3616 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3617 : Apple Product Security
CVE-2012-3618 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3620 : Abhishek Arya of Google Chrome Security Team
CVE-2012-3621 : Skylined of the Google Chrome Security Team
CVE-2012-3622 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3623 : Skylined of the Google Chrome Security Team
CVE-2012-3624 : Skylined of the Google Chrome Security Team
CVE-2012-3625 : Skylined of Google Chrome Security Team
CVE-2012-3626 : Apple Product Security
CVE-2012-3627 : Skylined and Abhishek Arya of Google Chrome Security
team
CVE-2012-3628 : Apple Product Security
CVE-2012-3629 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3630 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3631 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3632 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3633 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3634 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3635 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3636 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3637 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3638 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3639 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3640 : miaubiz
CVE-2012-3641 : Slawomir Blazek
CVE-2012-3642 : miaubiz
CVE-2012-3643 : Skylined of the Google Chrome Security Team
CVE-2012-3644 : miaubiz
CVE-2012-3645 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3646 : Julien Chaffraix of the Chromium development
community, Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3647 : Skylined of the Google Chrome Security Team
CVE-2012-3648 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3649 : Dominic Cooney of Google and Martin Barbella of the
Google Chrome Security Team
CVE-2012-3651 : Abhishek Arya and Martin Barbella of the Google
Chrome Security Team
CVE-2012-3652 : Martin Barbella of Google Chrome Security Team
CVE-2012-3653 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3654 : Skylined of the Google Chrome Security Team
CVE-2012-3655 : Skylined of the Google Chrome Security Team
CVE-2012-3656 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3657 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3658 : Apple
CVE-2012-3659 : Mario Gomes of netfuzzer.blogspot.com, Abhishek Arya
of the Google Chrome Security Team using AddressSanitizer
CVE-2012-3660 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3661 : Apple Product Security
CVE-2012-3663 : Skylined of Google Chrome Security Team
CVE-2012-3664 : Thomas Sepez of the Chromium development community
CVE-2012-3665 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3666 : Apple
CVE-2012-3667 : Trevor Squires of propaneapp.com
CVE-2012-3668 : Apple Product Security
CVE-2012-3669 : Apple Product Security
CVE-2012-3670 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer, Arthur Gerkis
CVE-2012-3671 : Skylined and Martin Barbella of the Google Chrome
Security Team
CVE-2012-3672 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3673 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3674 : Skylined of Google Chrome Security Team
CVE-2012-3675 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3676 : Julien Chaffraix of the Chromium development
community
CVE-2012-3677 : Apple
CVE-2012-3678 : Apple Product Security
CVE-2012-3679 : Chris Leary of Mozilla
CVE-2012-3680 : Skylined of Google Chrome Security Team
CVE-2012-3681 : Apple
CVE-2012-3682 : Adam Barth of the Google Chrome Security Team
CVE-2012-3683 : wushi of team509 working with iDefense VCP
CVE-2012-3684 : kuzzcc
CVE-2012-3685 : Apple Product Security
CVE-2012-3686 : Robin Cao of Torch Mobile (Beijing)
CVE-2012-3687 : kuzzcc
CVE-2012-3688 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3692 : Skylined of the Google Chrome Security Team, Apple
Product Security
CVE-2012-3699 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3700 : Apple Product Security
CVE-2012-3701 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3702 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3703 : Apple Product Security
CVE-2012-3704 : Skylined of the Google Chrome Security Team
CVE-2012-3705 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3706 : Apple Product Security
CVE-2012-3707 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3708 : Apple
CVE-2012-3709 : Apple Product Security
CVE-2012-3710 : James Robinson of Google
CVE-2012-3711 : Skylined of the Google Chrome Security Team
CVE-2012-3712 : Abhishek Arya of the Google Chrome Security Team
using AddressSanitizer
iTunes 10.7 may be obtained from:
http://www.apple.com/itunes/download/
For Windows XP / Vista / Windows 7:
The download file is named: "iTunesSetup.exe"
Its SHA-1 digest is: 499c39aad4a05c76286e3159f4e1e081dab8fe86
For 64-bit Windows XP / Vista / Windows 7:
The download file is named: "iTunes64Setup.exe"
Its SHA-1 digest is: c632854371097edbf3d831f7f2d449297d9f988e
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJQUMRFAAoJEPefwLHPlZEwmlsP/2mlVZEsRtFPk3k/mkYyj8gs
4j8VH6D5PNk7cR5S65L0BRM6ijmvGJ1J5WyKxdK55BtZ2gd1vGjmpruSMVptDIzF
JkRQKV8koK/kqUIGI679borf8qv9hK0eFsoO8cVfGfA3LoRB94DlKl9UGhZpQjIt
bKS2hsNvDO1EWaoVFZeJw6wxx37zp8XdIuneoNsEPgECJywfMtncQT1MDE0deP5D
79vb3ds44CpCV2ltdwni5n43sUmGalCyMLkuR8GkUUQ7hd631cSOXK1mw39w6CY+
kM8lpczoW8s116E44GeGSu5rrYgOfthJPO0yUolB/kdjoccEri802YLq84Y2FV9u
c0T2BWMjmcoCEfuhT1JW6dL8FXTQGrQz/DvQlIzkzUf3KHVuu0pfc0V4bG202c2h
zGnHNsZOY38wAFwHbISBs0BM78/G2fJeOaXil2eUu1F8ChZOw4+KqQYee9lUgM1u
FBamxVVi5bzc4qj+EraLQS0X1gehKX3Riq6SwF6L7uOw0oSHTUwrqoiJq9s6CtGd
7YdxNQAugTScCWW0dCLajg5M4lW1pudOgIU1VfTnGYvqGTMsLCRL5WtJ69anQzWv
7pi898e8Wn7Iw1y3CTkoZZZNg9yD5ZvYf7FkIqEVj8ksmGliDC/O988KVg/dWQ7F
HUcSouao5FGpzuLJSdhc
=l7aG
-----END PGP SIGNATURE-----
. This fixes multiple
vulnerabilities, where some have unknown impacts while others can be
exploited by malicious people to bypass certain security restrictions
and compromise a user's system. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Google Chrome Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA48732
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48732/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48732
RELEASE DATE:
2012-04-06
DISCUSS ADVISORY:
http://secunia.com/advisories/48732/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48732/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48732
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Google Chrome where
some have unknown impacts while others can be exploited by malicious
people to bypass certain security restrictions and compromise a
user's system.
1) Two unspecified errors in Flash Player can be exploited to corrupt
memory in the Chrome interface.
2) An out-of-bounds read error exists when handling Skia clipping.
3) An error exists within the cross-origin policy when handling
iframe replacement.
4) A use-after-free error exists when handling run-ins.
5) A use-after-free error exists when handling line boxes.
6) A use-after-free error exits when handling v8 bindings.
7) A use-after-free error exits when handling HTMLMediaElement.
8) An error exists within the cross-origin policy when parenting
pop-up windows.
9) A use-after-free error exists when handling SVG resources.
10) A use-after-free error exists when handling media content.
11) A use-after-free error exists when applying style commands.
12) A use-after-free error exists when handling focus events.
13) A read-after-free error exists within script bindings.
SOLUTION:
Update to version 18.0.1025.151.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
2, 4, 5, 11, 12) miaubiz
3, 8) Sergey Glazunov
6) SkyLined, Google Chrome Security Team
7) pa_kt via ZDI
9) Arthur Gerkis
10) Slawomir Blazek
13) Inferno, Google Chrome Security Team
ORIGINAL ADVISORY:
http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201204-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Chromium: Multiple vulnerabilities
Date: April 10, 2012
Bugs: #410963
ID: 201204-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been reported in Chromium, some of which
may allow execution of arbitrary code.
Background
==========
Chromium is an open source web browser project.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 18.0.1025.151 >= 18.0.1025.151
Description
===========
Multiple vulnerabilities have been discovered in Chromium. Please
review the CVE identifiers and release notes referenced below for
details.
Impact
======
A remote attacker could entice a user to open a specially crafted web
site using Chromium, possibly resulting in the execution of arbitrary
code with the privileges of the process, a Denial of Service condition,
or bypass of the same origin policy.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-18.0.1025.151"
References
==========
[ 1 ] CVE-2011-3066
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3066
[ 2 ] CVE-2011-3067
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3067
[ 3 ] CVE-2011-3068
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3068
[ 4 ] CVE-2011-3069
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3069
[ 5 ] CVE-2011-3070
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3070
[ 6 ] CVE-2011-3071
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3071
[ 7 ] CVE-2011-3072
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3072
[ 8 ] CVE-2011-3073
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3073
[ 9 ] CVE-2011-3074
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3074
[ 10 ] CVE-2011-3075
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3075
[ 11 ] CVE-2011-3076
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3076
[ 12 ] CVE-2011-3077
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3077
[ 13 ] Release Notes 18.0.1025.151
http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-=
updates.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201204-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201204-0082 | CVE-2011-3069 | Used in multiple products Webkit Service disruption in (DoS) Vulnerabilities |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to line boxes. This vulnerability Webkit Vulnerability in Google Chrome Other than Webkit Products that use may also be affected.Service disruption by a third party (DoS) May be affected or unknown in detail. Google Chrome is prone to multiple vulnerabilities.
Attackers can exploit these issues to execute arbitrary code in the context of the browser, bypass security restrictions, and perform cross-origin attacks; other attacks may also be possible.
NOTE: The issue (described by CVE-2011-3071) has been moved to BID 57027 (Webkit CVE-2011-3071 Remote Code Execution Vulnerability) to better document it.
Versions prior to Chrome 18.0.1025.151 are vulnerable. Google Chrome is a web browser developed by Google (Google). -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2012-07-25-1 Safari 6.0
Safari 6.0 is now available and addresses the following:
Safari
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-site scripting issue existed in the handling of
feed:// URLs. This update removes handling of feed:// URLs.
CVE-ID
CVE-2012-0678 : Masato Kinugawa
Safari
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may cause files from
the user's system to be sent to a remote server
Description: An access control issue existed in the handling of
feed:// URLs. This update removes handling of feed:// URLs.
CVE-ID
CVE-2012-0679 : Aaron Sigel of vtty.com
Safari
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Passwords may autocomplete even when the site specifies that
autocomplete should be disabled
Description: Password input elements with the autocomplete attribute
set to "off" were being autocompleted. This update addresses the
issue by improved handling of the autocomplete attribute.
CVE-ID
CVE-2012-0680 : Dan Poltawski of Moodle
Safari Downloads
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Opening maliciously crafted files on certain websites may
lead to a cross-site scripting attack
Description: An issue existed in Safari's support for the
'attachment' value for the HTTP Content-Disposition header. This
header is used by many websites to serve files that were uploaded to
the site by a third-party, such as attachments in web-based e-mail
applications. Any script in files served with this header value would
run as if the file had been served inline, with full access to other
resources on the origin server. This issue is addressed by
downloading resources served with this header, rather than displaying
them inline.
CVE-ID
CVE-2011-3426 : Mickey Shkatov of laplinker.com, Kyle Osborn,
Hidetake Jo at Microsoft and Microsoft Vulnerability Research (MSVR)
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues are addressed through improved memory handling.
CVE-ID
CVE-2011-3016 : miaubiz
CVE-2011-3021 : Arthur Gerkis
CVE-2011-3027 : miaubiz
CVE-2011-3032 : Arthur Gerkis
CVE-2011-3034 : Arthur Gerkis
CVE-2011-3035 : wushi of team509 working with iDefense VCP, Arthur
Gerkis
CVE-2011-3036 : miaubiz
CVE-2011-3037 : miaubiz
CVE-2011-3038 : miaubiz
CVE-2011-3039 : miaubiz
CVE-2011-3040 : miaubiz
CVE-2011-3041 : miaubiz
CVE-2011-3042 : miaubiz
CVE-2011-3043 : miaubiz
CVE-2011-3044 : Arthur Gerkis
CVE-2011-3050 : miaubiz
CVE-2011-3053 : miaubiz
CVE-2011-3059 : Arthur Gerkis
CVE-2011-3060 : miaubiz
CVE-2011-3064 : Atte Kettunen of OUSPG
CVE-2011-3068 : miaubiz
CVE-2011-3069 : miaubiz
CVE-2011-3071 : pa_kt working with HP's Zero Day Initiative
CVE-2011-3073 : Arthur Gerkis
CVE-2011-3074 : Slawomir Blazek
CVE-2011-3075 : miaubiz
CVE-2011-3076 : miaubiz
CVE-2011-3078 : Martin Barbella of the Google Chrome Security Team
CVE-2011-3081 : miaubiz
CVE-2011-3086 : Arthur Gerkis
CVE-2011-3089 : Skylined of the Google Chrome Security Team, miaubiz
CVE-2011-3090 : Arthur Gerkis
CVE-2011-3913 : Arthur Gerkis
CVE-2011-3924 : Arthur Gerkis
CVE-2011-3926 : Arthur Gerkis
CVE-2011-3958 : miaubiz
CVE-2011-3966 : Aki Helin of OUSPG
CVE-2011-3968 : Arthur Gerkis
CVE-2011-3969 : Arthur Gerkis
CVE-2011-3971 : Arthur Gerkis
CVE-2012-0682 : Apple Product Security
CVE-2012-0683 : Dave Mandelin of Mozilla
CVE-2012-1520 : Martin Barbella of the Google Chrome Security Team
using AddressSanitizer, Jose A. Vazquez of spa-s3c.blogspot.com
working with iDefense VCP
CVE-2012-1521 : Skylined of the Google Chrome Security Team, Jose A.
Vazquez of spa-s3c.blogspot.com working with iDefense VCP
CVE-2012-3589 : Dave Mandelin of Mozilla
CVE-2012-3590 : Apple Product Security
CVE-2012-3591 : Apple Product Security
CVE-2012-3592 : Apple Product Security
CVE-2012-3593 : Apple Product Security
CVE-2012-3594 : miaubiz
CVE-2012-3595 : Martin Barbella of Google Chrome Security
CVE-2012-3596 : Skylined of the Google Chrome Security Team
CVE-2012-3597 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3599 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3600 : David Levin of the Chromium development community
CVE-2012-3603 : Apple Product Security
CVE-2012-3604 : Skylined of the Google Chrome Security Team
CVE-2012-3605 : Cris Neckar of the Google Chrome Security team
CVE-2012-3608 : Skylined of the Google Chrome Security Team
CVE-2012-3609 : Skylined of the Google Chrome Security Team
CVE-2012-3610 : Skylined of the Google Chrome Security Team
CVE-2012-3611 : Apple Product Security
CVE-2012-3615 : Stephen Chenney of the Chromium development community
CVE-2012-3618 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3620 : Abhishek Arya of Google Chrome Security Team
CVE-2012-3625 : Skylined of Google Chrome Security Team
CVE-2012-3626 : Apple Product Security
CVE-2012-3627 : Skylined and Abhishek Arya of Google Chrome Security
team
CVE-2012-3628 : Apple Product Security
CVE-2012-3629 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3630 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3631 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3633 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3634 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3635 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3636 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3637 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3638 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3639 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3640 : miaubiz
CVE-2012-3641 : Slawomir Blazek
CVE-2012-3642 : miaubiz
CVE-2012-3644 : miaubiz
CVE-2012-3645 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3646 : Julien Chaffraix of the Chromium development
community, Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3653 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3655 : Skylined of the Google Chrome Security Team
CVE-2012-3656 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3661 : Apple Product Security
CVE-2012-3663 : Skylined of Google Chrome Security Team
CVE-2012-3664 : Thomas Sepez of the Chromium development community
CVE-2012-3665 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3666 : Apple
CVE-2012-3667 : Trevor Squires of propaneapp.com
CVE-2012-3668 : Apple Product Security
CVE-2012-3669 : Apple Product Security
CVE-2012-3670 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer, Arthur Gerkis
CVE-2012-3674 : Skylined of Google Chrome Security Team
CVE-2012-3678 : Apple Product Security
CVE-2012-3679 : Chris Leary of Mozilla
CVE-2012-3680 : Skylined of Google Chrome Security Team
CVE-2012-3681 : Apple
CVE-2012-3682 : Adam Barth of the Google Chrome Security Team
CVE-2012-3683 : wushi of team509 working with iDefense VCP
CVE-2012-3686 : Robin Cao of Torch Mobile (Beijing)
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Dragging and dropping selected text on a web page may lead
to a cross-site information disclosure
Description: A cross-origin issue existed in the handling of drag
and drop events. This issue is addressed through improved origin
tracking.
CVE-ID
CVE-2012-3689 : David Bloom of Cue
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Dragging and dropping selected text on a web page may cause
files from the user's system to be sent to a remote server
Description: An access control issue existed in the handling of drag
and drop events. This issue is addressed through improved origin
tracking.
CVE-ID
CVE-2012-3690 : David Bloom of Cue
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may lead to a cross-
site disclosure of information
Description: A cross-origin issue existed in the handling of CSS
property values. This issue is addressed through improved origin
tracking.
CVE-ID
CVE-2012-3691 : Apple
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: A malicious website may be able to replace the contents of
an iframe on another site
Description: A cross-origin issue existed in the handling of iframes
in popup windows. This issue is addressed through improved origin
tracking.
CVE-ID
CVE-2011-3067 : Sergey Glazunov
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may lead to a cross-
site disclosure of information
Description: A cross-origin issue existed in the handling of iframes
and fragment identifiers. This issue is addressed through improved
origin tracking.
CVE-ID
CVE-2012-2815 : Elie Bursztein, Baptiste Gourdin, Gustav Rydstedt,
and Dan Boneh of the Stanford University Security Laboratory
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Look-alike characters in a URL could be used to masquerade a
website
Description: The International Domain Name (IDN) support and Unicode
fonts embedded in Safari could have been used to create a URL which
contains look-alike characters. These could have been used in a
malicious website to direct the user to a spoofed site that visually
appears to be a legitimate domain. This issue is addressed by
supplementing WebKit's list of known look-alike characters. Look-
alike characters are rendered in Punycode in the address bar.
CVE-ID
CVE-2012-3693 : Matt Cooley of Symantec
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Dragging and dropping a file to Safari may reveal the
filesystem path of the file to the website
Description: An information disclosure issue existed in the handling
of dragged files. This issue is addressed through improved handling
of dragged files.
CVE-ID
CVE-2012-3694 : Daniel Cheng of Google, Aaron Sigel of vtty.com
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A canonicalization issue existed in the handling of
URLs. This may have led to cross-site scripting on sites which use
the location.href property. This issue is addressed through improved
canonicalization of URLs.
CVE-ID
CVE-2012-3695 : Masato Kinugawa
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may lead to HTTP
request splitting
Description: An HTTP header injection issue existed in the handling
of WebSockets. This issue is addressed through improved WebSockets
URI sanitization.
CVE-ID
CVE-2012-3696 : David Belcher of the BlackBerry Security Incident
Response Team
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: A maliciously crafted website may be able to spoof the value
in the URL bar
Description: A state management issue existed in the handling of
session history. Navigations to a fragment on the current page may
cause Safari to display incorrect information in the URL bar. This
issue is addressed through improved session state tracking.
CVE-ID
CVE-2011-2845 : Jordi Chancel
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: An attacker may be able to escape the sandbox and access any
file the current user has access to
Description: An access control issue existed in the handling of file
URLs. An attacker who gains arbitrary code execution in a Safari
WebProcess may be able to bypass the sandbox and access any file that
the user running Safari has access to. This issue is addressed
through improved handling of file URLs.
CVE-ID
CVE-2012-3697 : Aaron Sigel of vtty.com
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may lead to the
disclosure of the disclosure of memory contents
Description: An uninitialized memory access issue existed in the
handling of SVG images. This issue is addressed through improved
memory initialization.
CVE-ID
CVE-2012-3650 : Apple
Safari 6.0 is available via the Apple Software Update
application.
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJQDy1eAAoJEPefwLHPlZEwJRQP/RJ41oMUhox0171MDfV4rs/h
7PpoGz3ZfIijyzy6KlF6mqdJqy/Oh/iGSJlCxhrboZZWPsgvtCQ7DoNC9p5akeH8
+h5ygcEbNm/bus/MDc0nHtHtXwcRGDLhdKtT6Kf5FUIa/lDUZbPOoe/H0/jQ5ROW
DzIXImuioV2rskQvQVXMlKNVkaxLleStU84bBUwH+cCVNj5u9nWPQ7nLbptCzzG/
aL4t8MLAjkqJc/c3/a5fdqzveY0N21rkVceBeJuY5F+ejtPVCIUhqdIYzQXmZNst
r5aEp1hvuyvFj00T/OT7otW52+cNnXwPOU/h/aT29S6ur9cP0mbvshMDhkESe5dv
HjCRrBlkRlWQiS9u8SMwALLsI83Btk/UN5FNRe2rhtMD6O56B0RecZ14R/Uu6GEl
IDRg72AwVq6NO0hFc+z9xoYrvLnmkD1mTq6HiNVbreFsOwyu/psKPwJsUpYJL+gS
5/u/Nh4XVnbK+MpXwpL22w3kzk8zoYazGmh+5B1DdevazjpKkXxj2l/MRxDEI/AE
pYsgA2EwYpQeow6T69MjCuoiGK9EXSNs3bc6rsd/9WLvEedbGS2SnFYnHIO226cl
OwENb/iR7hIm4JEB9pgLFRxvaWMOQVCuTDXKnnQkXPYNvUYUt4I9IZcURVDNlr+5
R4Tyq4x4MZg/D3Ho0YqS
=K1+I
-----END PGP SIGNATURE-----
. ============================================================================
Ubuntu Security Notice USN-1524-1
August 08, 2012
webkit vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
Multiple security vulnerabilities were fixed in WebKit.
Software Description:
- webkit: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKit browser and
JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
libjavascriptcoregtk-1.0-0 1.8.1-0ubuntu0.12.04.1
libjavascriptcoregtk-3.0-0 1.8.1-0ubuntu0.12.04.1
libwebkitgtk-1.0-0 1.8.1-0ubuntu0.12.04.1
libwebkitgtk-3.0-0 1.8.1-0ubuntu0.12.04.1
After a standard system update you need to restart your session to make all
the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1524-1
CVE-2011-3046, CVE-2011-3050, CVE-2011-3067, CVE-2011-3068,
CVE-2011-3069, CVE-2011-3071, CVE-2011-3073, CVE-2011-3074,
CVE-2011-3075, CVE-2011-3078, CVE-2012-0672, CVE-2012-3615,
CVE-2012-3655, CVE-2012-3656, CVE-2012-3680, https://launchpad.net/bugs/1027283
Package Information:
https://launchpad.net/ubuntu/+source/webkit/1.8.1-0ubuntu0.12.04.1
. This fixes multiple
vulnerabilities, where some have unknown impacts while others can be
exploited by malicious people to bypass certain security restrictions
and compromise a user's system. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Google Chrome Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA48732
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48732/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48732
RELEASE DATE:
2012-04-06
DISCUSS ADVISORY:
http://secunia.com/advisories/48732/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48732/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48732
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Google Chrome where
some have unknown impacts while others can be exploited by malicious
people to bypass certain security restrictions and compromise a
user's system.
1) Two unspecified errors in Flash Player can be exploited to corrupt
memory in the Chrome interface.
2) An out-of-bounds read error exists when handling Skia clipping.
3) An error exists within the cross-origin policy when handling
iframe replacement.
4) A use-after-free error exists when handling run-ins.
5) A use-after-free error exists when handling line boxes.
6) A use-after-free error exits when handling v8 bindings.
7) A use-after-free error exits when handling HTMLMediaElement.
8) An error exists within the cross-origin policy when parenting
pop-up windows.
9) A use-after-free error exists when handling SVG resources.
10) A use-after-free error exists when handling media content.
11) A use-after-free error exists when applying style commands.
12) A use-after-free error exists when handling focus events.
13) A read-after-free error exists within script bindings.
SOLUTION:
Update to version 18.0.1025.151.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
2, 4, 5, 11, 12) miaubiz
3, 8) Sergey Glazunov
6) SkyLined, Google Chrome Security Team
7) pa_kt via ZDI
9) Arthur Gerkis
10) Slawomir Blazek
13) Inferno, Google Chrome Security Team
ORIGINAL ADVISORY:
http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201204-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Chromium: Multiple vulnerabilities
Date: April 10, 2012
Bugs: #410963
ID: 201204-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been reported in Chromium, some of which
may allow execution of arbitrary code.
Background
==========
Chromium is an open source web browser project.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 18.0.1025.151 >= 18.0.1025.151
Description
===========
Multiple vulnerabilities have been discovered in Chromium. Please
review the CVE identifiers and release notes referenced below for
details.
Impact
======
A remote attacker could entice a user to open a specially crafted web
site using Chromium, possibly resulting in the execution of arbitrary
code with the privileges of the process, a Denial of Service condition,
or bypass of the same origin policy.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-18.0.1025.151"
References
==========
[ 1 ] CVE-2011-3066
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3066
[ 2 ] CVE-2011-3067
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3067
[ 3 ] CVE-2011-3068
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3068
[ 4 ] CVE-2011-3069
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3069
[ 5 ] CVE-2011-3070
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3070
[ 6 ] CVE-2011-3071
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3071
[ 7 ] CVE-2011-3072
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3072
[ 8 ] CVE-2011-3073
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3073
[ 9 ] CVE-2011-3074
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3074
[ 10 ] CVE-2011-3075
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3075
[ 11 ] CVE-2011-3076
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3076
[ 12 ] CVE-2011-3077
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3077
[ 13 ] Release Notes 18.0.1025.151
http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-=
updates.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201204-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201204-0084 | CVE-2011-3071 | Used in multiple products Webkit Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.5 CVSS V3: - Severity: MEDIUM |
Use-after-free vulnerability in the HTMLMediaElement implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. This vulnerability Webkit Vulnerability in Google Chrome Other than Webkit Products that use may also be affected.Service disruption by a third party (DoS) You may be put into a state or affected by other details. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the library's implementation of a HTMLMedia element. After a source element is created, an attacker can catch the beforeLoad event before the element is used, and delete the element. The pointer to the source element will then be referenced causing a use-after-free condition, which can lead to code execution under the context of the application. Webkit is prone to a remote code-execution vulnerability due to a use-after-free error.
Note: This issue was previously discussed in BID 52913 (Google Chrome Prior to 18.0.1025.151 Multiple Security Vulnerabilities) but has been given its own record to better document it. Google Chrome is a web browser developed by Google (Google). -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2012-07-25-1 Safari 6.0
Safari 6.0 is now available and addresses the following:
Safari
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-site scripting issue existed in the handling of
feed:// URLs. This update removes handling of feed:// URLs.
CVE-ID
CVE-2012-0678 : Masato Kinugawa
Safari
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may cause files from
the user's system to be sent to a remote server
Description: An access control issue existed in the handling of
feed:// URLs. This update removes handling of feed:// URLs.
CVE-ID
CVE-2012-0679 : Aaron Sigel of vtty.com
Safari
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Passwords may autocomplete even when the site specifies that
autocomplete should be disabled
Description: Password input elements with the autocomplete attribute
set to "off" were being autocompleted. This update addresses the
issue by improved handling of the autocomplete attribute.
CVE-ID
CVE-2012-0680 : Dan Poltawski of Moodle
Safari Downloads
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Opening maliciously crafted files on certain websites may
lead to a cross-site scripting attack
Description: An issue existed in Safari's support for the
'attachment' value for the HTTP Content-Disposition header. This
header is used by many websites to serve files that were uploaded to
the site by a third-party, such as attachments in web-based e-mail
applications. Any script in files served with this header value would
run as if the file had been served inline, with full access to other
resources on the origin server. This issue is addressed by
downloading resources served with this header, rather than displaying
them inline.
CVE-ID
CVE-2011-3426 : Mickey Shkatov of laplinker.com, Kyle Osborn,
Hidetake Jo at Microsoft and Microsoft Vulnerability Research (MSVR)
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues are addressed through improved memory handling.
CVE-ID
CVE-2011-3016 : miaubiz
CVE-2011-3021 : Arthur Gerkis
CVE-2011-3027 : miaubiz
CVE-2011-3032 : Arthur Gerkis
CVE-2011-3034 : Arthur Gerkis
CVE-2011-3035 : wushi of team509 working with iDefense VCP, Arthur
Gerkis
CVE-2011-3036 : miaubiz
CVE-2011-3037 : miaubiz
CVE-2011-3038 : miaubiz
CVE-2011-3039 : miaubiz
CVE-2011-3040 : miaubiz
CVE-2011-3041 : miaubiz
CVE-2011-3042 : miaubiz
CVE-2011-3043 : miaubiz
CVE-2011-3044 : Arthur Gerkis
CVE-2011-3050 : miaubiz
CVE-2011-3053 : miaubiz
CVE-2011-3059 : Arthur Gerkis
CVE-2011-3060 : miaubiz
CVE-2011-3064 : Atte Kettunen of OUSPG
CVE-2011-3068 : miaubiz
CVE-2011-3069 : miaubiz
CVE-2011-3071 : pa_kt working with HP's Zero Day Initiative
CVE-2011-3073 : Arthur Gerkis
CVE-2011-3074 : Slawomir Blazek
CVE-2011-3075 : miaubiz
CVE-2011-3076 : miaubiz
CVE-2011-3078 : Martin Barbella of the Google Chrome Security Team
CVE-2011-3081 : miaubiz
CVE-2011-3086 : Arthur Gerkis
CVE-2011-3089 : Skylined of the Google Chrome Security Team, miaubiz
CVE-2011-3090 : Arthur Gerkis
CVE-2011-3913 : Arthur Gerkis
CVE-2011-3924 : Arthur Gerkis
CVE-2011-3926 : Arthur Gerkis
CVE-2011-3958 : miaubiz
CVE-2011-3966 : Aki Helin of OUSPG
CVE-2011-3968 : Arthur Gerkis
CVE-2011-3969 : Arthur Gerkis
CVE-2011-3971 : Arthur Gerkis
CVE-2012-0682 : Apple Product Security
CVE-2012-0683 : Dave Mandelin of Mozilla
CVE-2012-1520 : Martin Barbella of the Google Chrome Security Team
using AddressSanitizer, Jose A. Vazquez of spa-s3c.blogspot.com
working with iDefense VCP
CVE-2012-1521 : Skylined of the Google Chrome Security Team, Jose A.
Vazquez of spa-s3c.blogspot.com working with iDefense VCP
CVE-2012-3589 : Dave Mandelin of Mozilla
CVE-2012-3590 : Apple Product Security
CVE-2012-3591 : Apple Product Security
CVE-2012-3592 : Apple Product Security
CVE-2012-3593 : Apple Product Security
CVE-2012-3594 : miaubiz
CVE-2012-3595 : Martin Barbella of Google Chrome Security
CVE-2012-3596 : Skylined of the Google Chrome Security Team
CVE-2012-3597 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3599 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3600 : David Levin of the Chromium development community
CVE-2012-3603 : Apple Product Security
CVE-2012-3604 : Skylined of the Google Chrome Security Team
CVE-2012-3605 : Cris Neckar of the Google Chrome Security team
CVE-2012-3608 : Skylined of the Google Chrome Security Team
CVE-2012-3609 : Skylined of the Google Chrome Security Team
CVE-2012-3610 : Skylined of the Google Chrome Security Team
CVE-2012-3611 : Apple Product Security
CVE-2012-3615 : Stephen Chenney of the Chromium development community
CVE-2012-3618 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3620 : Abhishek Arya of Google Chrome Security Team
CVE-2012-3625 : Skylined of Google Chrome Security Team
CVE-2012-3626 : Apple Product Security
CVE-2012-3627 : Skylined and Abhishek Arya of Google Chrome Security
team
CVE-2012-3628 : Apple Product Security
CVE-2012-3629 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3630 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3631 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3633 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3634 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3635 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3636 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3637 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3638 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3639 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3640 : miaubiz
CVE-2012-3641 : Slawomir Blazek
CVE-2012-3642 : miaubiz
CVE-2012-3644 : miaubiz
CVE-2012-3645 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3646 : Julien Chaffraix of the Chromium development
community, Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3653 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3655 : Skylined of the Google Chrome Security Team
CVE-2012-3656 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3661 : Apple Product Security
CVE-2012-3663 : Skylined of Google Chrome Security Team
CVE-2012-3664 : Thomas Sepez of the Chromium development community
CVE-2012-3665 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3666 : Apple
CVE-2012-3667 : Trevor Squires of propaneapp.com
CVE-2012-3668 : Apple Product Security
CVE-2012-3669 : Apple Product Security
CVE-2012-3670 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer, Arthur Gerkis
CVE-2012-3674 : Skylined of Google Chrome Security Team
CVE-2012-3678 : Apple Product Security
CVE-2012-3679 : Chris Leary of Mozilla
CVE-2012-3680 : Skylined of Google Chrome Security Team
CVE-2012-3681 : Apple
CVE-2012-3682 : Adam Barth of the Google Chrome Security Team
CVE-2012-3683 : wushi of team509 working with iDefense VCP
CVE-2012-3686 : Robin Cao of Torch Mobile (Beijing)
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Dragging and dropping selected text on a web page may lead
to a cross-site information disclosure
Description: A cross-origin issue existed in the handling of drag
and drop events. This issue is addressed through improved origin
tracking.
CVE-ID
CVE-2012-3689 : David Bloom of Cue
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Dragging and dropping selected text on a web page may cause
files from the user's system to be sent to a remote server
Description: An access control issue existed in the handling of drag
and drop events. This issue is addressed through improved origin
tracking.
CVE-ID
CVE-2012-3690 : David Bloom of Cue
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may lead to a cross-
site disclosure of information
Description: A cross-origin issue existed in the handling of CSS
property values. This issue is addressed through improved origin
tracking.
CVE-ID
CVE-2012-3691 : Apple
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: A malicious website may be able to replace the contents of
an iframe on another site
Description: A cross-origin issue existed in the handling of iframes
in popup windows. This issue is addressed through improved origin
tracking.
CVE-ID
CVE-2011-3067 : Sergey Glazunov
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may lead to a cross-
site disclosure of information
Description: A cross-origin issue existed in the handling of iframes
and fragment identifiers. This issue is addressed through improved
origin tracking.
CVE-ID
CVE-2012-2815 : Elie Bursztein, Baptiste Gourdin, Gustav Rydstedt,
and Dan Boneh of the Stanford University Security Laboratory
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Look-alike characters in a URL could be used to masquerade a
website
Description: The International Domain Name (IDN) support and Unicode
fonts embedded in Safari could have been used to create a URL which
contains look-alike characters. These could have been used in a
malicious website to direct the user to a spoofed site that visually
appears to be a legitimate domain. This issue is addressed by
supplementing WebKit's list of known look-alike characters. Look-
alike characters are rendered in Punycode in the address bar.
CVE-ID
CVE-2012-3693 : Matt Cooley of Symantec
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Dragging and dropping a file to Safari may reveal the
filesystem path of the file to the website
Description: An information disclosure issue existed in the handling
of dragged files. This issue is addressed through improved handling
of dragged files.
CVE-ID
CVE-2012-3694 : Daniel Cheng of Google, Aaron Sigel of vtty.com
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A canonicalization issue existed in the handling of
URLs. This may have led to cross-site scripting on sites which use
the location.href property. This issue is addressed through improved
canonicalization of URLs.
CVE-ID
CVE-2012-3695 : Masato Kinugawa
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may lead to HTTP
request splitting
Description: An HTTP header injection issue existed in the handling
of WebSockets. This issue is addressed through improved WebSockets
URI sanitization.
CVE-ID
CVE-2012-3696 : David Belcher of the BlackBerry Security Incident
Response Team
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: A maliciously crafted website may be able to spoof the value
in the URL bar
Description: A state management issue existed in the handling of
session history. Navigations to a fragment on the current page may
cause Safari to display incorrect information in the URL bar. This
issue is addressed through improved session state tracking.
CVE-ID
CVE-2011-2845 : Jordi Chancel
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: An attacker may be able to escape the sandbox and access any
file the current user has access to
Description: An access control issue existed in the handling of file
URLs. An attacker who gains arbitrary code execution in a Safari
WebProcess may be able to bypass the sandbox and access any file that
the user running Safari has access to. This issue is addressed
through improved handling of file URLs.
CVE-ID
CVE-2012-3697 : Aaron Sigel of vtty.com
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may lead to the
disclosure of the disclosure of memory contents
Description: An uninitialized memory access issue existed in the
handling of SVG images. This issue is addressed through improved
memory initialization.
CVE-ID
CVE-2012-3650 : Apple
Safari 6.0 is available via the Apple Software Update
application.
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJQDy1eAAoJEPefwLHPlZEwJRQP/RJ41oMUhox0171MDfV4rs/h
7PpoGz3ZfIijyzy6KlF6mqdJqy/Oh/iGSJlCxhrboZZWPsgvtCQ7DoNC9p5akeH8
+h5ygcEbNm/bus/MDc0nHtHtXwcRGDLhdKtT6Kf5FUIa/lDUZbPOoe/H0/jQ5ROW
DzIXImuioV2rskQvQVXMlKNVkaxLleStU84bBUwH+cCVNj5u9nWPQ7nLbptCzzG/
aL4t8MLAjkqJc/c3/a5fdqzveY0N21rkVceBeJuY5F+ejtPVCIUhqdIYzQXmZNst
r5aEp1hvuyvFj00T/OT7otW52+cNnXwPOU/h/aT29S6ur9cP0mbvshMDhkESe5dv
HjCRrBlkRlWQiS9u8SMwALLsI83Btk/UN5FNRe2rhtMD6O56B0RecZ14R/Uu6GEl
IDRg72AwVq6NO0hFc+z9xoYrvLnmkD1mTq6HiNVbreFsOwyu/psKPwJsUpYJL+gS
5/u/Nh4XVnbK+MpXwpL22w3kzk8zoYazGmh+5B1DdevazjpKkXxj2l/MRxDEI/AE
pYsgA2EwYpQeow6T69MjCuoiGK9EXSNs3bc6rsd/9WLvEedbGS2SnFYnHIO226cl
OwENb/iR7hIm4JEB9pgLFRxvaWMOQVCuTDXKnnQkXPYNvUYUt4I9IZcURVDNlr+5
R4Tyq4x4MZg/D3Ho0YqS
=K1+I
-----END PGP SIGNATURE-----
. ============================================================================
Ubuntu Security Notice USN-1524-1
August 08, 2012
webkit vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
Multiple security vulnerabilities were fixed in WebKit.
Software Description:
- webkit: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKit browser and
JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
libjavascriptcoregtk-1.0-0 1.8.1-0ubuntu0.12.04.1
libjavascriptcoregtk-3.0-0 1.8.1-0ubuntu0.12.04.1
libwebkitgtk-1.0-0 1.8.1-0ubuntu0.12.04.1
libwebkitgtk-3.0-0 1.8.1-0ubuntu0.12.04.1
After a standard system update you need to restart your session to make all
the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1524-1
CVE-2011-3046, CVE-2011-3050, CVE-2011-3067, CVE-2011-3068,
CVE-2011-3069, CVE-2011-3071, CVE-2011-3073, CVE-2011-3074,
CVE-2011-3075, CVE-2011-3078, CVE-2012-0672, CVE-2012-3615,
CVE-2012-3655, CVE-2012-3656, CVE-2012-3680, https://launchpad.net/bugs/1027283
Package Information:
https://launchpad.net/ubuntu/+source/webkit/1.8.1-0ubuntu0.12.04.1
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ZDI-12-191 : Webkit HTMLMedia Element beforeLoad Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-12-191
December 21, 2012
- -- CVE ID:
CVE-2011-3071
- -- CVSS:
7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P
- -- Affected Vendors:
WebKit.Org
- -- Affected Products:
WebKit.Org WebKit
- -- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 12492.
- -- Vendor Response:
WebKit.Org has issued an update to correct this vulnerability. More details
can be found at:
http://support.apple.com/kb/HT1222
- -- Disclosure Timeline:
2012-03-14 - Vulnerability reported to vendor
2012-12-21 - Coordinated public release of advisory
- -- Credit:
This vulnerability was discovered by:
* pa_kt / twitter.com/pa_kt
- -- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201204-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Chromium: Multiple vulnerabilities
Date: April 10, 2012
Bugs: #410963
ID: 201204-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been reported in Chromium, some of which
may allow execution of arbitrary code.
Background
==========
Chromium is an open source web browser project.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 18.0.1025.151 >= 18.0.1025.151
Description
===========
Multiple vulnerabilities have been discovered in Chromium. Please
review the CVE identifiers and release notes referenced below for
details.
Impact
======
A remote attacker could entice a user to open a specially crafted web
site using Chromium, possibly resulting in the execution of arbitrary
code with the privileges of the process, a Denial of Service condition,
or bypass of the same origin policy.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-18.0.1025.151"
References
==========
[ 1 ] CVE-2011-3066
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3066
[ 2 ] CVE-2011-3067
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3067
[ 3 ] CVE-2011-3068
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3068
[ 4 ] CVE-2011-3069
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3069
[ 5 ] CVE-2011-3070
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3070
[ 6 ] CVE-2011-3071
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3071
[ 7 ] CVE-2011-3072
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3072
[ 8 ] CVE-2011-3073
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3073
[ 9 ] CVE-2011-3074
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3074
[ 10 ] CVE-2011-3075
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3075
[ 11 ] CVE-2011-3076
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3076
[ 12 ] CVE-2011-3077
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3077
[ 13 ] Release Notes 18.0.1025.151
http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-=
updates.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201204-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201204-0088 | CVE-2011-3075 | Used in multiple products Webkit Service disruption in (DoS) Vulnerabilities |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to style-application commands. Google Chrome Is style-application Service operation disruption due to incomplete command processing (DoS) There are vulnerabilities that can be in a state or are otherwise unaffected. This vulnerability Webkit Vulnerability in Google Chrome Other than Webkit Products that use may also be affected.Service disruption by a third party (DoS) You may be put into a state or affected by other details. Google Chrome is prone to multiple vulnerabilities.
Attackers can exploit these issues to execute arbitrary code in the context of the browser, bypass security restrictions, and perform cross-origin attacks; other attacks may also be possible.
NOTE: The issue (described by CVE-2011-3071) has been moved to BID 57027 (Webkit CVE-2011-3071 Remote Code Execution Vulnerability) to better document it.
Versions prior to Chrome 18.0.1025.151 are vulnerable. Google Chrome is a web browser developed by Google (Google). -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2012-07-25-1 Safari 6.0
Safari 6.0 is now available and addresses the following:
Safari
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-site scripting issue existed in the handling of
feed:// URLs. This update removes handling of feed:// URLs.
CVE-ID
CVE-2012-0678 : Masato Kinugawa
Safari
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may cause files from
the user's system to be sent to a remote server
Description: An access control issue existed in the handling of
feed:// URLs. This update removes handling of feed:// URLs.
CVE-ID
CVE-2012-0679 : Aaron Sigel of vtty.com
Safari
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Passwords may autocomplete even when the site specifies that
autocomplete should be disabled
Description: Password input elements with the autocomplete attribute
set to "off" were being autocompleted. This update addresses the
issue by improved handling of the autocomplete attribute.
CVE-ID
CVE-2012-0680 : Dan Poltawski of Moodle
Safari Downloads
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Opening maliciously crafted files on certain websites may
lead to a cross-site scripting attack
Description: An issue existed in Safari's support for the
'attachment' value for the HTTP Content-Disposition header. This
header is used by many websites to serve files that were uploaded to
the site by a third-party, such as attachments in web-based e-mail
applications. Any script in files served with this header value would
run as if the file had been served inline, with full access to other
resources on the origin server. This issue is addressed by
downloading resources served with this header, rather than displaying
them inline.
CVE-ID
CVE-2011-3426 : Mickey Shkatov of laplinker.com, Kyle Osborn,
Hidetake Jo at Microsoft and Microsoft Vulnerability Research (MSVR)
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues are addressed through improved memory handling.
CVE-ID
CVE-2011-3016 : miaubiz
CVE-2011-3021 : Arthur Gerkis
CVE-2011-3027 : miaubiz
CVE-2011-3032 : Arthur Gerkis
CVE-2011-3034 : Arthur Gerkis
CVE-2011-3035 : wushi of team509 working with iDefense VCP, Arthur
Gerkis
CVE-2011-3036 : miaubiz
CVE-2011-3037 : miaubiz
CVE-2011-3038 : miaubiz
CVE-2011-3039 : miaubiz
CVE-2011-3040 : miaubiz
CVE-2011-3041 : miaubiz
CVE-2011-3042 : miaubiz
CVE-2011-3043 : miaubiz
CVE-2011-3044 : Arthur Gerkis
CVE-2011-3050 : miaubiz
CVE-2011-3053 : miaubiz
CVE-2011-3059 : Arthur Gerkis
CVE-2011-3060 : miaubiz
CVE-2011-3064 : Atte Kettunen of OUSPG
CVE-2011-3068 : miaubiz
CVE-2011-3069 : miaubiz
CVE-2011-3071 : pa_kt working with HP's Zero Day Initiative
CVE-2011-3073 : Arthur Gerkis
CVE-2011-3074 : Slawomir Blazek
CVE-2011-3075 : miaubiz
CVE-2011-3076 : miaubiz
CVE-2011-3078 : Martin Barbella of the Google Chrome Security Team
CVE-2011-3081 : miaubiz
CVE-2011-3086 : Arthur Gerkis
CVE-2011-3089 : Skylined of the Google Chrome Security Team, miaubiz
CVE-2011-3090 : Arthur Gerkis
CVE-2011-3913 : Arthur Gerkis
CVE-2011-3924 : Arthur Gerkis
CVE-2011-3926 : Arthur Gerkis
CVE-2011-3958 : miaubiz
CVE-2011-3966 : Aki Helin of OUSPG
CVE-2011-3968 : Arthur Gerkis
CVE-2011-3969 : Arthur Gerkis
CVE-2011-3971 : Arthur Gerkis
CVE-2012-0682 : Apple Product Security
CVE-2012-0683 : Dave Mandelin of Mozilla
CVE-2012-1520 : Martin Barbella of the Google Chrome Security Team
using AddressSanitizer, Jose A. Vazquez of spa-s3c.blogspot.com
working with iDefense VCP
CVE-2012-1521 : Skylined of the Google Chrome Security Team, Jose A.
Vazquez of spa-s3c.blogspot.com working with iDefense VCP
CVE-2012-3589 : Dave Mandelin of Mozilla
CVE-2012-3590 : Apple Product Security
CVE-2012-3591 : Apple Product Security
CVE-2012-3592 : Apple Product Security
CVE-2012-3593 : Apple Product Security
CVE-2012-3594 : miaubiz
CVE-2012-3595 : Martin Barbella of Google Chrome Security
CVE-2012-3596 : Skylined of the Google Chrome Security Team
CVE-2012-3597 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3599 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3600 : David Levin of the Chromium development community
CVE-2012-3603 : Apple Product Security
CVE-2012-3604 : Skylined of the Google Chrome Security Team
CVE-2012-3605 : Cris Neckar of the Google Chrome Security team
CVE-2012-3608 : Skylined of the Google Chrome Security Team
CVE-2012-3609 : Skylined of the Google Chrome Security Team
CVE-2012-3610 : Skylined of the Google Chrome Security Team
CVE-2012-3611 : Apple Product Security
CVE-2012-3615 : Stephen Chenney of the Chromium development community
CVE-2012-3618 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3620 : Abhishek Arya of Google Chrome Security Team
CVE-2012-3625 : Skylined of Google Chrome Security Team
CVE-2012-3626 : Apple Product Security
CVE-2012-3627 : Skylined and Abhishek Arya of Google Chrome Security
team
CVE-2012-3628 : Apple Product Security
CVE-2012-3629 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3630 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3631 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3633 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3634 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3635 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3636 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3637 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3638 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3639 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3640 : miaubiz
CVE-2012-3641 : Slawomir Blazek
CVE-2012-3642 : miaubiz
CVE-2012-3644 : miaubiz
CVE-2012-3645 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3646 : Julien Chaffraix of the Chromium development
community, Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3653 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3655 : Skylined of the Google Chrome Security Team
CVE-2012-3656 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3661 : Apple Product Security
CVE-2012-3663 : Skylined of Google Chrome Security Team
CVE-2012-3664 : Thomas Sepez of the Chromium development community
CVE-2012-3665 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3666 : Apple
CVE-2012-3667 : Trevor Squires of propaneapp.com
CVE-2012-3668 : Apple Product Security
CVE-2012-3669 : Apple Product Security
CVE-2012-3670 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer, Arthur Gerkis
CVE-2012-3674 : Skylined of Google Chrome Security Team
CVE-2012-3678 : Apple Product Security
CVE-2012-3679 : Chris Leary of Mozilla
CVE-2012-3680 : Skylined of Google Chrome Security Team
CVE-2012-3681 : Apple
CVE-2012-3682 : Adam Barth of the Google Chrome Security Team
CVE-2012-3683 : wushi of team509 working with iDefense VCP
CVE-2012-3686 : Robin Cao of Torch Mobile (Beijing)
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Dragging and dropping selected text on a web page may lead
to a cross-site information disclosure
Description: A cross-origin issue existed in the handling of drag
and drop events. This issue is addressed through improved origin
tracking.
CVE-ID
CVE-2012-3689 : David Bloom of Cue
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Dragging and dropping selected text on a web page may cause
files from the user's system to be sent to a remote server
Description: An access control issue existed in the handling of drag
and drop events. This issue is addressed through improved origin
tracking.
CVE-ID
CVE-2012-3690 : David Bloom of Cue
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may lead to a cross-
site disclosure of information
Description: A cross-origin issue existed in the handling of CSS
property values. This issue is addressed through improved origin
tracking.
CVE-ID
CVE-2012-3691 : Apple
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: A malicious website may be able to replace the contents of
an iframe on another site
Description: A cross-origin issue existed in the handling of iframes
in popup windows. This issue is addressed through improved origin
tracking.
CVE-ID
CVE-2011-3067 : Sergey Glazunov
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may lead to a cross-
site disclosure of information
Description: A cross-origin issue existed in the handling of iframes
and fragment identifiers. This issue is addressed through improved
origin tracking.
CVE-ID
CVE-2012-2815 : Elie Bursztein, Baptiste Gourdin, Gustav Rydstedt,
and Dan Boneh of the Stanford University Security Laboratory
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Look-alike characters in a URL could be used to masquerade a
website
Description: The International Domain Name (IDN) support and Unicode
fonts embedded in Safari could have been used to create a URL which
contains look-alike characters. These could have been used in a
malicious website to direct the user to a spoofed site that visually
appears to be a legitimate domain. This issue is addressed by
supplementing WebKit's list of known look-alike characters. Look-
alike characters are rendered in Punycode in the address bar.
CVE-ID
CVE-2012-3693 : Matt Cooley of Symantec
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Dragging and dropping a file to Safari may reveal the
filesystem path of the file to the website
Description: An information disclosure issue existed in the handling
of dragged files. This issue is addressed through improved handling
of dragged files.
CVE-ID
CVE-2012-3694 : Daniel Cheng of Google, Aaron Sigel of vtty.com
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A canonicalization issue existed in the handling of
URLs. This may have led to cross-site scripting on sites which use
the location.href property. This issue is addressed through improved
canonicalization of URLs.
CVE-ID
CVE-2012-3695 : Masato Kinugawa
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may lead to HTTP
request splitting
Description: An HTTP header injection issue existed in the handling
of WebSockets. This issue is addressed through improved WebSockets
URI sanitization.
CVE-ID
CVE-2012-3696 : David Belcher of the BlackBerry Security Incident
Response Team
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: A maliciously crafted website may be able to spoof the value
in the URL bar
Description: A state management issue existed in the handling of
session history. Navigations to a fragment on the current page may
cause Safari to display incorrect information in the URL bar. This
issue is addressed through improved session state tracking.
CVE-ID
CVE-2011-2845 : Jordi Chancel
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: An attacker may be able to escape the sandbox and access any
file the current user has access to
Description: An access control issue existed in the handling of file
URLs. An attacker who gains arbitrary code execution in a Safari
WebProcess may be able to bypass the sandbox and access any file that
the user running Safari has access to. This issue is addressed
through improved handling of file URLs.
CVE-ID
CVE-2012-3697 : Aaron Sigel of vtty.com
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may lead to the
disclosure of the disclosure of memory contents
Description: An uninitialized memory access issue existed in the
handling of SVG images. This issue is addressed through improved
memory initialization.
CVE-ID
CVE-2012-3650 : Apple
Safari 6.0 is available via the Apple Software Update
application.
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJQDy1eAAoJEPefwLHPlZEwJRQP/RJ41oMUhox0171MDfV4rs/h
7PpoGz3ZfIijyzy6KlF6mqdJqy/Oh/iGSJlCxhrboZZWPsgvtCQ7DoNC9p5akeH8
+h5ygcEbNm/bus/MDc0nHtHtXwcRGDLhdKtT6Kf5FUIa/lDUZbPOoe/H0/jQ5ROW
DzIXImuioV2rskQvQVXMlKNVkaxLleStU84bBUwH+cCVNj5u9nWPQ7nLbptCzzG/
aL4t8MLAjkqJc/c3/a5fdqzveY0N21rkVceBeJuY5F+ejtPVCIUhqdIYzQXmZNst
r5aEp1hvuyvFj00T/OT7otW52+cNnXwPOU/h/aT29S6ur9cP0mbvshMDhkESe5dv
HjCRrBlkRlWQiS9u8SMwALLsI83Btk/UN5FNRe2rhtMD6O56B0RecZ14R/Uu6GEl
IDRg72AwVq6NO0hFc+z9xoYrvLnmkD1mTq6HiNVbreFsOwyu/psKPwJsUpYJL+gS
5/u/Nh4XVnbK+MpXwpL22w3kzk8zoYazGmh+5B1DdevazjpKkXxj2l/MRxDEI/AE
pYsgA2EwYpQeow6T69MjCuoiGK9EXSNs3bc6rsd/9WLvEedbGS2SnFYnHIO226cl
OwENb/iR7hIm4JEB9pgLFRxvaWMOQVCuTDXKnnQkXPYNvUYUt4I9IZcURVDNlr+5
R4Tyq4x4MZg/D3Ho0YqS
=K1+I
-----END PGP SIGNATURE-----
. ============================================================================
Ubuntu Security Notice USN-1524-1
August 08, 2012
webkit vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
Multiple security vulnerabilities were fixed in WebKit.
Software Description:
- webkit: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKit browser and
JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
libjavascriptcoregtk-1.0-0 1.8.1-0ubuntu0.12.04.1
libjavascriptcoregtk-3.0-0 1.8.1-0ubuntu0.12.04.1
libwebkitgtk-1.0-0 1.8.1-0ubuntu0.12.04.1
libwebkitgtk-3.0-0 1.8.1-0ubuntu0.12.04.1
After a standard system update you need to restart your session to make all
the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1524-1
CVE-2011-3046, CVE-2011-3050, CVE-2011-3067, CVE-2011-3068,
CVE-2011-3069, CVE-2011-3071, CVE-2011-3073, CVE-2011-3074,
CVE-2011-3075, CVE-2011-3078, CVE-2012-0672, CVE-2012-3615,
CVE-2012-3655, CVE-2012-3656, CVE-2012-3680, https://launchpad.net/bugs/1027283
Package Information:
https://launchpad.net/ubuntu/+source/webkit/1.8.1-0ubuntu0.12.04.1
. This fixes multiple
vulnerabilities, where some have unknown impacts while others can be
exploited by malicious people to bypass certain security restrictions
and compromise a user's system. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Google Chrome Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA48732
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48732/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48732
RELEASE DATE:
2012-04-06
DISCUSS ADVISORY:
http://secunia.com/advisories/48732/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48732/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48732
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Google Chrome where
some have unknown impacts while others can be exploited by malicious
people to bypass certain security restrictions and compromise a
user's system.
1) Two unspecified errors in Flash Player can be exploited to corrupt
memory in the Chrome interface.
2) An out-of-bounds read error exists when handling Skia clipping.
3) An error exists within the cross-origin policy when handling
iframe replacement.
4) A use-after-free error exists when handling run-ins.
5) A use-after-free error exists when handling line boxes.
6) A use-after-free error exits when handling v8 bindings.
7) A use-after-free error exits when handling HTMLMediaElement.
8) An error exists within the cross-origin policy when parenting
pop-up windows.
9) A use-after-free error exists when handling SVG resources.
10) A use-after-free error exists when handling media content.
11) A use-after-free error exists when applying style commands.
12) A use-after-free error exists when handling focus events.
13) A read-after-free error exists within script bindings.
SOLUTION:
Update to version 18.0.1025.151.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
2, 4, 5, 11, 12) miaubiz
3, 8) Sergey Glazunov
6) SkyLined, Google Chrome Security Team
7) pa_kt via ZDI
9) Arthur Gerkis
10) Slawomir Blazek
13) Inferno, Google Chrome Security Team
ORIGINAL ADVISORY:
http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201204-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Chromium: Multiple vulnerabilities
Date: April 10, 2012
Bugs: #410963
ID: 201204-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been reported in Chromium, some of which
may allow execution of arbitrary code.
Background
==========
Chromium is an open source web browser project.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 18.0.1025.151 >= 18.0.1025.151
Description
===========
Multiple vulnerabilities have been discovered in Chromium. Please
review the CVE identifiers and release notes referenced below for
details.
Impact
======
A remote attacker could entice a user to open a specially crafted web
site using Chromium, possibly resulting in the execution of arbitrary
code with the privileges of the process, a Denial of Service condition,
or bypass of the same origin policy.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-18.0.1025.151"
References
==========
[ 1 ] CVE-2011-3066
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3066
[ 2 ] CVE-2011-3067
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3067
[ 3 ] CVE-2011-3068
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3068
[ 4 ] CVE-2011-3069
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3069
[ 5 ] CVE-2011-3070
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3070
[ 6 ] CVE-2011-3071
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3071
[ 7 ] CVE-2011-3072
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3072
[ 8 ] CVE-2011-3073
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3073
[ 9 ] CVE-2011-3074
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3074
[ 10 ] CVE-2011-3075
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3075
[ 11 ] CVE-2011-3076
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3076
[ 12 ] CVE-2011-3077
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3077
[ 13 ] Release Notes 18.0.1025.151
http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-=
updates.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201204-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201204-0087 | CVE-2011-3074 | Used in multiple products Webkit Service disruption in (DoS) Vulnerabilities |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media. (DoS) There are vulnerabilities that can be in a state or are otherwise unaffected. This vulnerability Webkit Vulnerability in Google Chrome Other than Webkit Products that use may also be affected.Service disruption by a third party (DoS) You may be put into a state or affected by other details. Google Chrome is prone to multiple vulnerabilities.
Attackers can exploit these issues to execute arbitrary code in the context of the browser, bypass security restrictions, and perform cross-origin attacks; other attacks may also be possible.
NOTE: The issue (described by CVE-2011-3071) has been moved to BID 57027 (Webkit CVE-2011-3071 Remote Code Execution Vulnerability) to better document it.
Versions prior to Chrome 18.0.1025.151 are vulnerable. Google Chrome is a web browser developed by Google (Google). -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2012-07-25-1 Safari 6.0
Safari 6.0 is now available and addresses the following:
Safari
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-site scripting issue existed in the handling of
feed:// URLs. This update removes handling of feed:// URLs.
CVE-ID
CVE-2012-0678 : Masato Kinugawa
Safari
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may cause files from
the user's system to be sent to a remote server
Description: An access control issue existed in the handling of
feed:// URLs. This update removes handling of feed:// URLs.
CVE-ID
CVE-2012-0679 : Aaron Sigel of vtty.com
Safari
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Passwords may autocomplete even when the site specifies that
autocomplete should be disabled
Description: Password input elements with the autocomplete attribute
set to "off" were being autocompleted. This update addresses the
issue by improved handling of the autocomplete attribute.
CVE-ID
CVE-2012-0680 : Dan Poltawski of Moodle
Safari Downloads
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Opening maliciously crafted files on certain websites may
lead to a cross-site scripting attack
Description: An issue existed in Safari's support for the
'attachment' value for the HTTP Content-Disposition header. This
header is used by many websites to serve files that were uploaded to
the site by a third-party, such as attachments in web-based e-mail
applications. Any script in files served with this header value would
run as if the file had been served inline, with full access to other
resources on the origin server. This issue is addressed by
downloading resources served with this header, rather than displaying
them inline.
CVE-ID
CVE-2011-3426 : Mickey Shkatov of laplinker.com, Kyle Osborn,
Hidetake Jo at Microsoft and Microsoft Vulnerability Research (MSVR)
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues are addressed through improved memory handling.
CVE-ID
CVE-2011-3016 : miaubiz
CVE-2011-3021 : Arthur Gerkis
CVE-2011-3027 : miaubiz
CVE-2011-3032 : Arthur Gerkis
CVE-2011-3034 : Arthur Gerkis
CVE-2011-3035 : wushi of team509 working with iDefense VCP, Arthur
Gerkis
CVE-2011-3036 : miaubiz
CVE-2011-3037 : miaubiz
CVE-2011-3038 : miaubiz
CVE-2011-3039 : miaubiz
CVE-2011-3040 : miaubiz
CVE-2011-3041 : miaubiz
CVE-2011-3042 : miaubiz
CVE-2011-3043 : miaubiz
CVE-2011-3044 : Arthur Gerkis
CVE-2011-3050 : miaubiz
CVE-2011-3053 : miaubiz
CVE-2011-3059 : Arthur Gerkis
CVE-2011-3060 : miaubiz
CVE-2011-3064 : Atte Kettunen of OUSPG
CVE-2011-3068 : miaubiz
CVE-2011-3069 : miaubiz
CVE-2011-3071 : pa_kt working with HP's Zero Day Initiative
CVE-2011-3073 : Arthur Gerkis
CVE-2011-3074 : Slawomir Blazek
CVE-2011-3075 : miaubiz
CVE-2011-3076 : miaubiz
CVE-2011-3078 : Martin Barbella of the Google Chrome Security Team
CVE-2011-3081 : miaubiz
CVE-2011-3086 : Arthur Gerkis
CVE-2011-3089 : Skylined of the Google Chrome Security Team, miaubiz
CVE-2011-3090 : Arthur Gerkis
CVE-2011-3913 : Arthur Gerkis
CVE-2011-3924 : Arthur Gerkis
CVE-2011-3926 : Arthur Gerkis
CVE-2011-3958 : miaubiz
CVE-2011-3966 : Aki Helin of OUSPG
CVE-2011-3968 : Arthur Gerkis
CVE-2011-3969 : Arthur Gerkis
CVE-2011-3971 : Arthur Gerkis
CVE-2012-0682 : Apple Product Security
CVE-2012-0683 : Dave Mandelin of Mozilla
CVE-2012-1520 : Martin Barbella of the Google Chrome Security Team
using AddressSanitizer, Jose A. Vazquez of spa-s3c.blogspot.com
working with iDefense VCP
CVE-2012-1521 : Skylined of the Google Chrome Security Team, Jose A.
Vazquez of spa-s3c.blogspot.com working with iDefense VCP
CVE-2012-3589 : Dave Mandelin of Mozilla
CVE-2012-3590 : Apple Product Security
CVE-2012-3591 : Apple Product Security
CVE-2012-3592 : Apple Product Security
CVE-2012-3593 : Apple Product Security
CVE-2012-3594 : miaubiz
CVE-2012-3595 : Martin Barbella of Google Chrome Security
CVE-2012-3596 : Skylined of the Google Chrome Security Team
CVE-2012-3597 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3599 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3600 : David Levin of the Chromium development community
CVE-2012-3603 : Apple Product Security
CVE-2012-3604 : Skylined of the Google Chrome Security Team
CVE-2012-3605 : Cris Neckar of the Google Chrome Security team
CVE-2012-3608 : Skylined of the Google Chrome Security Team
CVE-2012-3609 : Skylined of the Google Chrome Security Team
CVE-2012-3610 : Skylined of the Google Chrome Security Team
CVE-2012-3611 : Apple Product Security
CVE-2012-3615 : Stephen Chenney of the Chromium development community
CVE-2012-3618 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3620 : Abhishek Arya of Google Chrome Security Team
CVE-2012-3625 : Skylined of Google Chrome Security Team
CVE-2012-3626 : Apple Product Security
CVE-2012-3627 : Skylined and Abhishek Arya of Google Chrome Security
team
CVE-2012-3628 : Apple Product Security
CVE-2012-3629 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3630 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3631 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3633 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3634 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3635 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3636 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3637 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3638 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3639 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3640 : miaubiz
CVE-2012-3641 : Slawomir Blazek
CVE-2012-3642 : miaubiz
CVE-2012-3644 : miaubiz
CVE-2012-3645 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3646 : Julien Chaffraix of the Chromium development
community, Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3653 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3655 : Skylined of the Google Chrome Security Team
CVE-2012-3656 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3661 : Apple Product Security
CVE-2012-3663 : Skylined of Google Chrome Security Team
CVE-2012-3664 : Thomas Sepez of the Chromium development community
CVE-2012-3665 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3666 : Apple
CVE-2012-3667 : Trevor Squires of propaneapp.com
CVE-2012-3668 : Apple Product Security
CVE-2012-3669 : Apple Product Security
CVE-2012-3670 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer, Arthur Gerkis
CVE-2012-3674 : Skylined of Google Chrome Security Team
CVE-2012-3678 : Apple Product Security
CVE-2012-3679 : Chris Leary of Mozilla
CVE-2012-3680 : Skylined of Google Chrome Security Team
CVE-2012-3681 : Apple
CVE-2012-3682 : Adam Barth of the Google Chrome Security Team
CVE-2012-3683 : wushi of team509 working with iDefense VCP
CVE-2012-3686 : Robin Cao of Torch Mobile (Beijing)
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Dragging and dropping selected text on a web page may lead
to a cross-site information disclosure
Description: A cross-origin issue existed in the handling of drag
and drop events. This issue is addressed through improved origin
tracking.
CVE-ID
CVE-2012-3689 : David Bloom of Cue
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Dragging and dropping selected text on a web page may cause
files from the user's system to be sent to a remote server
Description: An access control issue existed in the handling of drag
and drop events. This issue is addressed through improved origin
tracking.
CVE-ID
CVE-2012-3690 : David Bloom of Cue
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may lead to a cross-
site disclosure of information
Description: A cross-origin issue existed in the handling of CSS
property values. This issue is addressed through improved origin
tracking.
CVE-ID
CVE-2012-3691 : Apple
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: A malicious website may be able to replace the contents of
an iframe on another site
Description: A cross-origin issue existed in the handling of iframes
in popup windows. This issue is addressed through improved origin
tracking.
CVE-ID
CVE-2011-3067 : Sergey Glazunov
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may lead to a cross-
site disclosure of information
Description: A cross-origin issue existed in the handling of iframes
and fragment identifiers. This issue is addressed through improved
origin tracking.
CVE-ID
CVE-2012-2815 : Elie Bursztein, Baptiste Gourdin, Gustav Rydstedt,
and Dan Boneh of the Stanford University Security Laboratory
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Look-alike characters in a URL could be used to masquerade a
website
Description: The International Domain Name (IDN) support and Unicode
fonts embedded in Safari could have been used to create a URL which
contains look-alike characters. These could have been used in a
malicious website to direct the user to a spoofed site that visually
appears to be a legitimate domain. This issue is addressed by
supplementing WebKit's list of known look-alike characters. Look-
alike characters are rendered in Punycode in the address bar.
CVE-ID
CVE-2012-3693 : Matt Cooley of Symantec
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Dragging and dropping a file to Safari may reveal the
filesystem path of the file to the website
Description: An information disclosure issue existed in the handling
of dragged files. This issue is addressed through improved handling
of dragged files.
CVE-ID
CVE-2012-3694 : Daniel Cheng of Google, Aaron Sigel of vtty.com
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A canonicalization issue existed in the handling of
URLs. This may have led to cross-site scripting on sites which use
the location.href property. This issue is addressed through improved
canonicalization of URLs.
CVE-ID
CVE-2012-3695 : Masato Kinugawa
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may lead to HTTP
request splitting
Description: An HTTP header injection issue existed in the handling
of WebSockets. This issue is addressed through improved WebSockets
URI sanitization.
CVE-ID
CVE-2012-3696 : David Belcher of the BlackBerry Security Incident
Response Team
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: A maliciously crafted website may be able to spoof the value
in the URL bar
Description: A state management issue existed in the handling of
session history. Navigations to a fragment on the current page may
cause Safari to display incorrect information in the URL bar. This
issue is addressed through improved session state tracking.
CVE-ID
CVE-2011-2845 : Jordi Chancel
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: An attacker may be able to escape the sandbox and access any
file the current user has access to
Description: An access control issue existed in the handling of file
URLs. An attacker who gains arbitrary code execution in a Safari
WebProcess may be able to bypass the sandbox and access any file that
the user running Safari has access to. This issue is addressed
through improved handling of file URLs.
CVE-ID
CVE-2012-3697 : Aaron Sigel of vtty.com
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may lead to the
disclosure of the disclosure of memory contents
Description: An uninitialized memory access issue existed in the
handling of SVG images. This issue is addressed through improved
memory initialization.
CVE-ID
CVE-2012-3650 : Apple
Safari 6.0 is available via the Apple Software Update
application.
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJQDy1eAAoJEPefwLHPlZEwJRQP/RJ41oMUhox0171MDfV4rs/h
7PpoGz3ZfIijyzy6KlF6mqdJqy/Oh/iGSJlCxhrboZZWPsgvtCQ7DoNC9p5akeH8
+h5ygcEbNm/bus/MDc0nHtHtXwcRGDLhdKtT6Kf5FUIa/lDUZbPOoe/H0/jQ5ROW
DzIXImuioV2rskQvQVXMlKNVkaxLleStU84bBUwH+cCVNj5u9nWPQ7nLbptCzzG/
aL4t8MLAjkqJc/c3/a5fdqzveY0N21rkVceBeJuY5F+ejtPVCIUhqdIYzQXmZNst
r5aEp1hvuyvFj00T/OT7otW52+cNnXwPOU/h/aT29S6ur9cP0mbvshMDhkESe5dv
HjCRrBlkRlWQiS9u8SMwALLsI83Btk/UN5FNRe2rhtMD6O56B0RecZ14R/Uu6GEl
IDRg72AwVq6NO0hFc+z9xoYrvLnmkD1mTq6HiNVbreFsOwyu/psKPwJsUpYJL+gS
5/u/Nh4XVnbK+MpXwpL22w3kzk8zoYazGmh+5B1DdevazjpKkXxj2l/MRxDEI/AE
pYsgA2EwYpQeow6T69MjCuoiGK9EXSNs3bc6rsd/9WLvEedbGS2SnFYnHIO226cl
OwENb/iR7hIm4JEB9pgLFRxvaWMOQVCuTDXKnnQkXPYNvUYUt4I9IZcURVDNlr+5
R4Tyq4x4MZg/D3Ho0YqS
=K1+I
-----END PGP SIGNATURE-----
. ============================================================================
Ubuntu Security Notice USN-1524-1
August 08, 2012
webkit vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
Multiple security vulnerabilities were fixed in WebKit.
Software Description:
- webkit: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKit browser and
JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
libjavascriptcoregtk-1.0-0 1.8.1-0ubuntu0.12.04.1
libjavascriptcoregtk-3.0-0 1.8.1-0ubuntu0.12.04.1
libwebkitgtk-1.0-0 1.8.1-0ubuntu0.12.04.1
libwebkitgtk-3.0-0 1.8.1-0ubuntu0.12.04.1
After a standard system update you need to restart your session to make all
the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1524-1
CVE-2011-3046, CVE-2011-3050, CVE-2011-3067, CVE-2011-3068,
CVE-2011-3069, CVE-2011-3071, CVE-2011-3073, CVE-2011-3074,
CVE-2011-3075, CVE-2011-3078, CVE-2012-0672, CVE-2012-3615,
CVE-2012-3655, CVE-2012-3656, CVE-2012-3680, https://launchpad.net/bugs/1027283
Package Information:
https://launchpad.net/ubuntu/+source/webkit/1.8.1-0ubuntu0.12.04.1
. This fixes multiple
vulnerabilities, where some have unknown impacts while others can be
exploited by malicious people to bypass certain security restrictions
and compromise a user's system. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Google Chrome Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA48732
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48732/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48732
RELEASE DATE:
2012-04-06
DISCUSS ADVISORY:
http://secunia.com/advisories/48732/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48732/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48732
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Google Chrome where
some have unknown impacts while others can be exploited by malicious
people to bypass certain security restrictions and compromise a
user's system.
1) Two unspecified errors in Flash Player can be exploited to corrupt
memory in the Chrome interface.
2) An out-of-bounds read error exists when handling Skia clipping.
3) An error exists within the cross-origin policy when handling
iframe replacement.
4) A use-after-free error exists when handling run-ins.
5) A use-after-free error exists when handling line boxes.
6) A use-after-free error exits when handling v8 bindings.
7) A use-after-free error exits when handling HTMLMediaElement.
8) An error exists within the cross-origin policy when parenting
pop-up windows.
9) A use-after-free error exists when handling SVG resources.
10) A use-after-free error exists when handling media content.
11) A use-after-free error exists when applying style commands.
12) A use-after-free error exists when handling focus events.
13) A read-after-free error exists within script bindings.
SOLUTION:
Update to version 18.0.1025.151.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
2, 4, 5, 11, 12) miaubiz
3, 8) Sergey Glazunov
6) SkyLined, Google Chrome Security Team
7) pa_kt via ZDI
9) Arthur Gerkis
10) Slawomir Blazek
13) Inferno, Google Chrome Security Team
ORIGINAL ADVISORY:
http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201204-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Chromium: Multiple vulnerabilities
Date: April 10, 2012
Bugs: #410963
ID: 201204-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been reported in Chromium, some of which
may allow execution of arbitrary code.
Background
==========
Chromium is an open source web browser project.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 18.0.1025.151 >= 18.0.1025.151
Description
===========
Multiple vulnerabilities have been discovered in Chromium. Please
review the CVE identifiers and release notes referenced below for
details.
Impact
======
A remote attacker could entice a user to open a specially crafted web
site using Chromium, possibly resulting in the execution of arbitrary
code with the privileges of the process, a Denial of Service condition,
or bypass of the same origin policy.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-18.0.1025.151"
References
==========
[ 1 ] CVE-2011-3066
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3066
[ 2 ] CVE-2011-3067
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3067
[ 3 ] CVE-2011-3068
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3068
[ 4 ] CVE-2011-3069
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3069
[ 5 ] CVE-2011-3070
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3070
[ 6 ] CVE-2011-3071
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3071
[ 7 ] CVE-2011-3072
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3072
[ 8 ] CVE-2011-3073
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3073
[ 9 ] CVE-2011-3074
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3074
[ 10 ] CVE-2011-3075
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3075
[ 11 ] CVE-2011-3076
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3076
[ 12 ] CVE-2011-3077
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3077
[ 13 ] Release Notes 18.0.1025.151
http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-=
updates.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201204-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201204-0086 | CVE-2011-3073 | Used by multiple products Webkit Denial of service in Japan (DoS) Vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG resources. This vulnerability Webkit Vulnerability. Google Chrome Other than Webkit Products that make use of may also be affected.Denial of service by third party (DoS) May be affected or otherwise unspecified. Google Chrome is prone to multiple vulnerabilities.
Attackers can exploit these issues to execute arbitrary code in the context of the browser, bypass security restrictions, and perform cross-origin attacks; other attacks may also be possible.
NOTE: The issue (described by CVE-2011-3071) has been moved to BID 57027 (Webkit CVE-2011-3071 Remote Code Execution Vulnerability) to better document it.
Versions prior to Chrome 18.0.1025.151 are vulnerable. Google Chrome is a web browser developed by Google (Google). -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2012-07-25-1 Safari 6.0
Safari 6.0 is now available and addresses the following:
Safari
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-site scripting issue existed in the handling of
feed:// URLs. This update removes handling of feed:// URLs.
CVE-ID
CVE-2012-0678 : Masato Kinugawa
Safari
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may cause files from
the user's system to be sent to a remote server
Description: An access control issue existed in the handling of
feed:// URLs. This update removes handling of feed:// URLs.
CVE-ID
CVE-2012-0679 : Aaron Sigel of vtty.com
Safari
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Passwords may autocomplete even when the site specifies that
autocomplete should be disabled
Description: Password input elements with the autocomplete attribute
set to "off" were being autocompleted. This update addresses the
issue by improved handling of the autocomplete attribute.
CVE-ID
CVE-2012-0680 : Dan Poltawski of Moodle
Safari Downloads
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Opening maliciously crafted files on certain websites may
lead to a cross-site scripting attack
Description: An issue existed in Safari's support for the
'attachment' value for the HTTP Content-Disposition header. This
header is used by many websites to serve files that were uploaded to
the site by a third-party, such as attachments in web-based e-mail
applications. Any script in files served with this header value would
run as if the file had been served inline, with full access to other
resources on the origin server. This issue is addressed by
downloading resources served with this header, rather than displaying
them inline.
CVE-ID
CVE-2011-3426 : Mickey Shkatov of laplinker.com, Kyle Osborn,
Hidetake Jo at Microsoft and Microsoft Vulnerability Research (MSVR)
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues are addressed through improved memory handling.
CVE-ID
CVE-2011-3016 : miaubiz
CVE-2011-3021 : Arthur Gerkis
CVE-2011-3027 : miaubiz
CVE-2011-3032 : Arthur Gerkis
CVE-2011-3034 : Arthur Gerkis
CVE-2011-3035 : wushi of team509 working with iDefense VCP, Arthur
Gerkis
CVE-2011-3036 : miaubiz
CVE-2011-3037 : miaubiz
CVE-2011-3038 : miaubiz
CVE-2011-3039 : miaubiz
CVE-2011-3040 : miaubiz
CVE-2011-3041 : miaubiz
CVE-2011-3042 : miaubiz
CVE-2011-3043 : miaubiz
CVE-2011-3044 : Arthur Gerkis
CVE-2011-3050 : miaubiz
CVE-2011-3053 : miaubiz
CVE-2011-3059 : Arthur Gerkis
CVE-2011-3060 : miaubiz
CVE-2011-3064 : Atte Kettunen of OUSPG
CVE-2011-3068 : miaubiz
CVE-2011-3069 : miaubiz
CVE-2011-3071 : pa_kt working with HP's Zero Day Initiative
CVE-2011-3073 : Arthur Gerkis
CVE-2011-3074 : Slawomir Blazek
CVE-2011-3075 : miaubiz
CVE-2011-3076 : miaubiz
CVE-2011-3078 : Martin Barbella of the Google Chrome Security Team
CVE-2011-3081 : miaubiz
CVE-2011-3086 : Arthur Gerkis
CVE-2011-3089 : Skylined of the Google Chrome Security Team, miaubiz
CVE-2011-3090 : Arthur Gerkis
CVE-2011-3913 : Arthur Gerkis
CVE-2011-3924 : Arthur Gerkis
CVE-2011-3926 : Arthur Gerkis
CVE-2011-3958 : miaubiz
CVE-2011-3966 : Aki Helin of OUSPG
CVE-2011-3968 : Arthur Gerkis
CVE-2011-3969 : Arthur Gerkis
CVE-2011-3971 : Arthur Gerkis
CVE-2012-0682 : Apple Product Security
CVE-2012-0683 : Dave Mandelin of Mozilla
CVE-2012-1520 : Martin Barbella of the Google Chrome Security Team
using AddressSanitizer, Jose A. Vazquez of spa-s3c.blogspot.com
working with iDefense VCP
CVE-2012-1521 : Skylined of the Google Chrome Security Team, Jose A.
Vazquez of spa-s3c.blogspot.com working with iDefense VCP
CVE-2012-3589 : Dave Mandelin of Mozilla
CVE-2012-3590 : Apple Product Security
CVE-2012-3591 : Apple Product Security
CVE-2012-3592 : Apple Product Security
CVE-2012-3593 : Apple Product Security
CVE-2012-3594 : miaubiz
CVE-2012-3595 : Martin Barbella of Google Chrome Security
CVE-2012-3596 : Skylined of the Google Chrome Security Team
CVE-2012-3597 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3599 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3600 : David Levin of the Chromium development community
CVE-2012-3603 : Apple Product Security
CVE-2012-3604 : Skylined of the Google Chrome Security Team
CVE-2012-3605 : Cris Neckar of the Google Chrome Security team
CVE-2012-3608 : Skylined of the Google Chrome Security Team
CVE-2012-3609 : Skylined of the Google Chrome Security Team
CVE-2012-3610 : Skylined of the Google Chrome Security Team
CVE-2012-3611 : Apple Product Security
CVE-2012-3615 : Stephen Chenney of the Chromium development community
CVE-2012-3618 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3620 : Abhishek Arya of Google Chrome Security Team
CVE-2012-3625 : Skylined of Google Chrome Security Team
CVE-2012-3626 : Apple Product Security
CVE-2012-3627 : Skylined and Abhishek Arya of Google Chrome Security
team
CVE-2012-3628 : Apple Product Security
CVE-2012-3629 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3630 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3631 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3633 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3634 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3635 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3636 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3637 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3638 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3639 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3640 : miaubiz
CVE-2012-3641 : Slawomir Blazek
CVE-2012-3642 : miaubiz
CVE-2012-3644 : miaubiz
CVE-2012-3645 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3646 : Julien Chaffraix of the Chromium development
community, Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3653 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3655 : Skylined of the Google Chrome Security Team
CVE-2012-3656 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3661 : Apple Product Security
CVE-2012-3663 : Skylined of Google Chrome Security Team
CVE-2012-3664 : Thomas Sepez of the Chromium development community
CVE-2012-3665 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3666 : Apple
CVE-2012-3667 : Trevor Squires of propaneapp.com
CVE-2012-3668 : Apple Product Security
CVE-2012-3669 : Apple Product Security
CVE-2012-3670 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer, Arthur Gerkis
CVE-2012-3674 : Skylined of Google Chrome Security Team
CVE-2012-3678 : Apple Product Security
CVE-2012-3679 : Chris Leary of Mozilla
CVE-2012-3680 : Skylined of Google Chrome Security Team
CVE-2012-3681 : Apple
CVE-2012-3682 : Adam Barth of the Google Chrome Security Team
CVE-2012-3683 : wushi of team509 working with iDefense VCP
CVE-2012-3686 : Robin Cao of Torch Mobile (Beijing)
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Dragging and dropping selected text on a web page may lead
to a cross-site information disclosure
Description: A cross-origin issue existed in the handling of drag
and drop events. This issue is addressed through improved origin
tracking.
CVE-ID
CVE-2012-3689 : David Bloom of Cue
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Dragging and dropping selected text on a web page may cause
files from the user's system to be sent to a remote server
Description: An access control issue existed in the handling of drag
and drop events. This issue is addressed through improved origin
tracking.
CVE-ID
CVE-2012-3690 : David Bloom of Cue
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may lead to a cross-
site disclosure of information
Description: A cross-origin issue existed in the handling of CSS
property values. This issue is addressed through improved origin
tracking.
CVE-ID
CVE-2012-3691 : Apple
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: A malicious website may be able to replace the contents of
an iframe on another site
Description: A cross-origin issue existed in the handling of iframes
in popup windows. This issue is addressed through improved origin
tracking.
CVE-ID
CVE-2011-3067 : Sergey Glazunov
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may lead to a cross-
site disclosure of information
Description: A cross-origin issue existed in the handling of iframes
and fragment identifiers. This issue is addressed through improved
origin tracking.
CVE-ID
CVE-2012-2815 : Elie Bursztein, Baptiste Gourdin, Gustav Rydstedt,
and Dan Boneh of the Stanford University Security Laboratory
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Look-alike characters in a URL could be used to masquerade a
website
Description: The International Domain Name (IDN) support and Unicode
fonts embedded in Safari could have been used to create a URL which
contains look-alike characters. These could have been used in a
malicious website to direct the user to a spoofed site that visually
appears to be a legitimate domain. This issue is addressed by
supplementing WebKit's list of known look-alike characters. Look-
alike characters are rendered in Punycode in the address bar.
CVE-ID
CVE-2012-3693 : Matt Cooley of Symantec
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Dragging and dropping a file to Safari may reveal the
filesystem path of the file to the website
Description: An information disclosure issue existed in the handling
of dragged files. This issue is addressed through improved handling
of dragged files.
CVE-ID
CVE-2012-3694 : Daniel Cheng of Google, Aaron Sigel of vtty.com
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A canonicalization issue existed in the handling of
URLs. This may have led to cross-site scripting on sites which use
the location.href property. This issue is addressed through improved
canonicalization of URLs.
CVE-ID
CVE-2012-3695 : Masato Kinugawa
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may lead to HTTP
request splitting
Description: An HTTP header injection issue existed in the handling
of WebSockets. This issue is addressed through improved WebSockets
URI sanitization.
CVE-ID
CVE-2012-3696 : David Belcher of the BlackBerry Security Incident
Response Team
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: A maliciously crafted website may be able to spoof the value
in the URL bar
Description: A state management issue existed in the handling of
session history. Navigations to a fragment on the current page may
cause Safari to display incorrect information in the URL bar. This
issue is addressed through improved session state tracking.
CVE-ID
CVE-2011-2845 : Jordi Chancel
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: An attacker may be able to escape the sandbox and access any
file the current user has access to
Description: An access control issue existed in the handling of file
URLs. An attacker who gains arbitrary code execution in a Safari
WebProcess may be able to bypass the sandbox and access any file that
the user running Safari has access to. This issue is addressed
through improved handling of file URLs.
CVE-ID
CVE-2012-3697 : Aaron Sigel of vtty.com
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may lead to the
disclosure of the disclosure of memory contents
Description: An uninitialized memory access issue existed in the
handling of SVG images. This issue is addressed through improved
memory initialization.
CVE-ID
CVE-2012-3650 : Apple
Safari 6.0 is available via the Apple Software Update
application.
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJQDy1eAAoJEPefwLHPlZEwJRQP/RJ41oMUhox0171MDfV4rs/h
7PpoGz3ZfIijyzy6KlF6mqdJqy/Oh/iGSJlCxhrboZZWPsgvtCQ7DoNC9p5akeH8
+h5ygcEbNm/bus/MDc0nHtHtXwcRGDLhdKtT6Kf5FUIa/lDUZbPOoe/H0/jQ5ROW
DzIXImuioV2rskQvQVXMlKNVkaxLleStU84bBUwH+cCVNj5u9nWPQ7nLbptCzzG/
aL4t8MLAjkqJc/c3/a5fdqzveY0N21rkVceBeJuY5F+ejtPVCIUhqdIYzQXmZNst
r5aEp1hvuyvFj00T/OT7otW52+cNnXwPOU/h/aT29S6ur9cP0mbvshMDhkESe5dv
HjCRrBlkRlWQiS9u8SMwALLsI83Btk/UN5FNRe2rhtMD6O56B0RecZ14R/Uu6GEl
IDRg72AwVq6NO0hFc+z9xoYrvLnmkD1mTq6HiNVbreFsOwyu/psKPwJsUpYJL+gS
5/u/Nh4XVnbK+MpXwpL22w3kzk8zoYazGmh+5B1DdevazjpKkXxj2l/MRxDEI/AE
pYsgA2EwYpQeow6T69MjCuoiGK9EXSNs3bc6rsd/9WLvEedbGS2SnFYnHIO226cl
OwENb/iR7hIm4JEB9pgLFRxvaWMOQVCuTDXKnnQkXPYNvUYUt4I9IZcURVDNlr+5
R4Tyq4x4MZg/D3Ho0YqS
=K1+I
-----END PGP SIGNATURE-----
. ============================================================================
Ubuntu Security Notice USN-1524-1
August 08, 2012
webkit vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
Multiple security vulnerabilities were fixed in WebKit.
Software Description:
- webkit: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKit browser and
JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
libjavascriptcoregtk-1.0-0 1.8.1-0ubuntu0.12.04.1
libjavascriptcoregtk-3.0-0 1.8.1-0ubuntu0.12.04.1
libwebkitgtk-1.0-0 1.8.1-0ubuntu0.12.04.1
libwebkitgtk-3.0-0 1.8.1-0ubuntu0.12.04.1
After a standard system update you need to restart your session to make all
the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1524-1
CVE-2011-3046, CVE-2011-3050, CVE-2011-3067, CVE-2011-3068,
CVE-2011-3069, CVE-2011-3071, CVE-2011-3073, CVE-2011-3074,
CVE-2011-3075, CVE-2011-3078, CVE-2012-0672, CVE-2012-3615,
CVE-2012-3655, CVE-2012-3656, CVE-2012-3680, https://launchpad.net/bugs/1027283
Package Information:
https://launchpad.net/ubuntu/+source/webkit/1.8.1-0ubuntu0.12.04.1
. This fixes multiple
vulnerabilities, where some have unknown impacts while others can be
exploited by malicious people to bypass certain security restrictions
and compromise a user's system. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Google Chrome Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA48732
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48732/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48732
RELEASE DATE:
2012-04-06
DISCUSS ADVISORY:
http://secunia.com/advisories/48732/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48732/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48732
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Google Chrome where
some have unknown impacts while others can be exploited by malicious
people to bypass certain security restrictions and compromise a
user's system.
1) Two unspecified errors in Flash Player can be exploited to corrupt
memory in the Chrome interface.
2) An out-of-bounds read error exists when handling Skia clipping.
3) An error exists within the cross-origin policy when handling
iframe replacement.
4) A use-after-free error exists when handling run-ins.
5) A use-after-free error exists when handling line boxes.
6) A use-after-free error exits when handling v8 bindings.
7) A use-after-free error exits when handling HTMLMediaElement.
8) An error exists within the cross-origin policy when parenting
pop-up windows.
9) A use-after-free error exists when handling SVG resources.
10) A use-after-free error exists when handling media content.
11) A use-after-free error exists when applying style commands.
12) A use-after-free error exists when handling focus events.
13) A read-after-free error exists within script bindings.
SOLUTION:
Update to version 18.0.1025.151.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
2, 4, 5, 11, 12) miaubiz
3, 8) Sergey Glazunov
6) SkyLined, Google Chrome Security Team
7) pa_kt via ZDI
9) Arthur Gerkis
10) Slawomir Blazek
13) Inferno, Google Chrome Security Team
ORIGINAL ADVISORY:
http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201204-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Chromium: Multiple vulnerabilities
Date: April 10, 2012
Bugs: #410963
ID: 201204-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been reported in Chromium, some of which
may allow execution of arbitrary code.
Background
==========
Chromium is an open source web browser project.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 18.0.1025.151 >= 18.0.1025.151
Description
===========
Multiple vulnerabilities have been discovered in Chromium. Please
review the CVE identifiers and release notes referenced below for
details.
Impact
======
A remote attacker could entice a user to open a specially crafted web
site using Chromium, possibly resulting in the execution of arbitrary
code with the privileges of the process, a Denial of Service condition,
or bypass of the same origin policy.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-18.0.1025.151"
References
==========
[ 1 ] CVE-2011-3066
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3066
[ 2 ] CVE-2011-3067
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3067
[ 3 ] CVE-2011-3068
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3068
[ 4 ] CVE-2011-3069
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3069
[ 5 ] CVE-2011-3070
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3070
[ 6 ] CVE-2011-3071
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3071
[ 7 ] CVE-2011-3072
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3072
[ 8 ] CVE-2011-3073
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3073
[ 9 ] CVE-2011-3074
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3074
[ 10 ] CVE-2011-3075
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3075
[ 11 ] CVE-2011-3076
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3076
[ 12 ] CVE-2011-3077
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3077
[ 13 ] Release Notes 18.0.1025.151
http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-=
updates.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201204-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201204-0081 | CVE-2011-3068 | Used in multiple products Webkit Service disruption in (DoS) Vulnerabilities |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to run-in boxes. This vulnerability Webkit Vulnerability in Google Chrome Other than Webkit Products that use may also be affected.Service disruption by a third party (DoS) May be affected or unknown in detail. Google Chrome is prone to multiple vulnerabilities.
Attackers can exploit these issues to execute arbitrary code in the context of the browser, bypass security restrictions, and perform cross-origin attacks; other attacks may also be possible.
NOTE: The issue (described by CVE-2011-3071) has been moved to BID 57027 (Webkit CVE-2011-3071 Remote Code Execution Vulnerability) to better document it.
Versions prior to Chrome 18.0.1025.151 are vulnerable. Google Chrome is a web browser developed by Google (Google). -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2012-07-25-1 Safari 6.0
Safari 6.0 is now available and addresses the following:
Safari
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-site scripting issue existed in the handling of
feed:// URLs. This update removes handling of feed:// URLs.
CVE-ID
CVE-2012-0678 : Masato Kinugawa
Safari
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may cause files from
the user's system to be sent to a remote server
Description: An access control issue existed in the handling of
feed:// URLs. This update removes handling of feed:// URLs.
CVE-ID
CVE-2012-0679 : Aaron Sigel of vtty.com
Safari
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Passwords may autocomplete even when the site specifies that
autocomplete should be disabled
Description: Password input elements with the autocomplete attribute
set to "off" were being autocompleted. This update addresses the
issue by improved handling of the autocomplete attribute.
CVE-ID
CVE-2012-0680 : Dan Poltawski of Moodle
Safari Downloads
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Opening maliciously crafted files on certain websites may
lead to a cross-site scripting attack
Description: An issue existed in Safari's support for the
'attachment' value for the HTTP Content-Disposition header. This
header is used by many websites to serve files that were uploaded to
the site by a third-party, such as attachments in web-based e-mail
applications. Any script in files served with this header value would
run as if the file had been served inline, with full access to other
resources on the origin server. This issue is addressed by
downloading resources served with this header, rather than displaying
them inline.
CVE-ID
CVE-2011-3426 : Mickey Shkatov of laplinker.com, Kyle Osborn,
Hidetake Jo at Microsoft and Microsoft Vulnerability Research (MSVR)
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues are addressed through improved memory handling.
CVE-ID
CVE-2011-3016 : miaubiz
CVE-2011-3021 : Arthur Gerkis
CVE-2011-3027 : miaubiz
CVE-2011-3032 : Arthur Gerkis
CVE-2011-3034 : Arthur Gerkis
CVE-2011-3035 : wushi of team509 working with iDefense VCP, Arthur
Gerkis
CVE-2011-3036 : miaubiz
CVE-2011-3037 : miaubiz
CVE-2011-3038 : miaubiz
CVE-2011-3039 : miaubiz
CVE-2011-3040 : miaubiz
CVE-2011-3041 : miaubiz
CVE-2011-3042 : miaubiz
CVE-2011-3043 : miaubiz
CVE-2011-3044 : Arthur Gerkis
CVE-2011-3050 : miaubiz
CVE-2011-3053 : miaubiz
CVE-2011-3059 : Arthur Gerkis
CVE-2011-3060 : miaubiz
CVE-2011-3064 : Atte Kettunen of OUSPG
CVE-2011-3068 : miaubiz
CVE-2011-3069 : miaubiz
CVE-2011-3071 : pa_kt working with HP's Zero Day Initiative
CVE-2011-3073 : Arthur Gerkis
CVE-2011-3074 : Slawomir Blazek
CVE-2011-3075 : miaubiz
CVE-2011-3076 : miaubiz
CVE-2011-3078 : Martin Barbella of the Google Chrome Security Team
CVE-2011-3081 : miaubiz
CVE-2011-3086 : Arthur Gerkis
CVE-2011-3089 : Skylined of the Google Chrome Security Team, miaubiz
CVE-2011-3090 : Arthur Gerkis
CVE-2011-3913 : Arthur Gerkis
CVE-2011-3924 : Arthur Gerkis
CVE-2011-3926 : Arthur Gerkis
CVE-2011-3958 : miaubiz
CVE-2011-3966 : Aki Helin of OUSPG
CVE-2011-3968 : Arthur Gerkis
CVE-2011-3969 : Arthur Gerkis
CVE-2011-3971 : Arthur Gerkis
CVE-2012-0682 : Apple Product Security
CVE-2012-0683 : Dave Mandelin of Mozilla
CVE-2012-1520 : Martin Barbella of the Google Chrome Security Team
using AddressSanitizer, Jose A. Vazquez of spa-s3c.blogspot.com
working with iDefense VCP
CVE-2012-1521 : Skylined of the Google Chrome Security Team, Jose A.
Vazquez of spa-s3c.blogspot.com working with iDefense VCP
CVE-2012-3589 : Dave Mandelin of Mozilla
CVE-2012-3590 : Apple Product Security
CVE-2012-3591 : Apple Product Security
CVE-2012-3592 : Apple Product Security
CVE-2012-3593 : Apple Product Security
CVE-2012-3594 : miaubiz
CVE-2012-3595 : Martin Barbella of Google Chrome Security
CVE-2012-3596 : Skylined of the Google Chrome Security Team
CVE-2012-3597 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3599 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3600 : David Levin of the Chromium development community
CVE-2012-3603 : Apple Product Security
CVE-2012-3604 : Skylined of the Google Chrome Security Team
CVE-2012-3605 : Cris Neckar of the Google Chrome Security team
CVE-2012-3608 : Skylined of the Google Chrome Security Team
CVE-2012-3609 : Skylined of the Google Chrome Security Team
CVE-2012-3610 : Skylined of the Google Chrome Security Team
CVE-2012-3611 : Apple Product Security
CVE-2012-3615 : Stephen Chenney of the Chromium development community
CVE-2012-3618 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3620 : Abhishek Arya of Google Chrome Security Team
CVE-2012-3625 : Skylined of Google Chrome Security Team
CVE-2012-3626 : Apple Product Security
CVE-2012-3627 : Skylined and Abhishek Arya of Google Chrome Security
team
CVE-2012-3628 : Apple Product Security
CVE-2012-3629 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3630 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3631 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3633 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3634 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3635 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3636 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3637 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3638 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3639 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3640 : miaubiz
CVE-2012-3641 : Slawomir Blazek
CVE-2012-3642 : miaubiz
CVE-2012-3644 : miaubiz
CVE-2012-3645 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3646 : Julien Chaffraix of the Chromium development
community, Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3653 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3655 : Skylined of the Google Chrome Security Team
CVE-2012-3656 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3661 : Apple Product Security
CVE-2012-3663 : Skylined of Google Chrome Security Team
CVE-2012-3664 : Thomas Sepez of the Chromium development community
CVE-2012-3665 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3666 : Apple
CVE-2012-3667 : Trevor Squires of propaneapp.com
CVE-2012-3668 : Apple Product Security
CVE-2012-3669 : Apple Product Security
CVE-2012-3670 : Abhishek Arya of Google Chrome Security Team using
AddressSanitizer, Arthur Gerkis
CVE-2012-3674 : Skylined of Google Chrome Security Team
CVE-2012-3678 : Apple Product Security
CVE-2012-3679 : Chris Leary of Mozilla
CVE-2012-3680 : Skylined of Google Chrome Security Team
CVE-2012-3681 : Apple
CVE-2012-3682 : Adam Barth of the Google Chrome Security Team
CVE-2012-3683 : wushi of team509 working with iDefense VCP
CVE-2012-3686 : Robin Cao of Torch Mobile (Beijing)
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Dragging and dropping selected text on a web page may lead
to a cross-site information disclosure
Description: A cross-origin issue existed in the handling of drag
and drop events. This issue is addressed through improved origin
tracking.
CVE-ID
CVE-2012-3689 : David Bloom of Cue
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Dragging and dropping selected text on a web page may cause
files from the user's system to be sent to a remote server
Description: An access control issue existed in the handling of drag
and drop events. This issue is addressed through improved origin
tracking.
CVE-ID
CVE-2012-3690 : David Bloom of Cue
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may lead to a cross-
site disclosure of information
Description: A cross-origin issue existed in the handling of CSS
property values. This issue is addressed through improved origin
tracking.
CVE-ID
CVE-2012-3691 : Apple
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: A malicious website may be able to replace the contents of
an iframe on another site
Description: A cross-origin issue existed in the handling of iframes
in popup windows. This issue is addressed through improved origin
tracking.
CVE-ID
CVE-2011-3067 : Sergey Glazunov
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may lead to a cross-
site disclosure of information
Description: A cross-origin issue existed in the handling of iframes
and fragment identifiers. This issue is addressed through improved
origin tracking.
CVE-ID
CVE-2012-2815 : Elie Bursztein, Baptiste Gourdin, Gustav Rydstedt,
and Dan Boneh of the Stanford University Security Laboratory
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Look-alike characters in a URL could be used to masquerade a
website
Description: The International Domain Name (IDN) support and Unicode
fonts embedded in Safari could have been used to create a URL which
contains look-alike characters. These could have been used in a
malicious website to direct the user to a spoofed site that visually
appears to be a legitimate domain. This issue is addressed by
supplementing WebKit's list of known look-alike characters. Look-
alike characters are rendered in Punycode in the address bar.
CVE-ID
CVE-2012-3693 : Matt Cooley of Symantec
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Dragging and dropping a file to Safari may reveal the
filesystem path of the file to the website
Description: An information disclosure issue existed in the handling
of dragged files. This issue is addressed through improved handling
of dragged files.
CVE-ID
CVE-2012-3694 : Daniel Cheng of Google, Aaron Sigel of vtty.com
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A canonicalization issue existed in the handling of
URLs. This may have led to cross-site scripting on sites which use
the location.href property. This issue is addressed through improved
canonicalization of URLs.
CVE-ID
CVE-2012-3695 : Masato Kinugawa
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may lead to HTTP
request splitting
Description: An HTTP header injection issue existed in the handling
of WebSockets. This issue is addressed through improved WebSockets
URI sanitization.
CVE-ID
CVE-2012-3696 : David Belcher of the BlackBerry Security Incident
Response Team
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: A maliciously crafted website may be able to spoof the value
in the URL bar
Description: A state management issue existed in the handling of
session history. Navigations to a fragment on the current page may
cause Safari to display incorrect information in the URL bar. This
issue is addressed through improved session state tracking.
CVE-ID
CVE-2011-2845 : Jordi Chancel
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: An attacker may be able to escape the sandbox and access any
file the current user has access to
Description: An access control issue existed in the handling of file
URLs. An attacker who gains arbitrary code execution in a Safari
WebProcess may be able to bypass the sandbox and access any file that
the user running Safari has access to. This issue is addressed
through improved handling of file URLs.
CVE-ID
CVE-2012-3697 : Aaron Sigel of vtty.com
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Visiting a maliciously crafted website may lead to the
disclosure of the disclosure of memory contents
Description: An uninitialized memory access issue existed in the
handling of SVG images. This issue is addressed through improved
memory initialization.
CVE-ID
CVE-2012-3650 : Apple
Safari 6.0 is available via the Apple Software Update
application.
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJQDy1eAAoJEPefwLHPlZEwJRQP/RJ41oMUhox0171MDfV4rs/h
7PpoGz3ZfIijyzy6KlF6mqdJqy/Oh/iGSJlCxhrboZZWPsgvtCQ7DoNC9p5akeH8
+h5ygcEbNm/bus/MDc0nHtHtXwcRGDLhdKtT6Kf5FUIa/lDUZbPOoe/H0/jQ5ROW
DzIXImuioV2rskQvQVXMlKNVkaxLleStU84bBUwH+cCVNj5u9nWPQ7nLbptCzzG/
aL4t8MLAjkqJc/c3/a5fdqzveY0N21rkVceBeJuY5F+ejtPVCIUhqdIYzQXmZNst
r5aEp1hvuyvFj00T/OT7otW52+cNnXwPOU/h/aT29S6ur9cP0mbvshMDhkESe5dv
HjCRrBlkRlWQiS9u8SMwALLsI83Btk/UN5FNRe2rhtMD6O56B0RecZ14R/Uu6GEl
IDRg72AwVq6NO0hFc+z9xoYrvLnmkD1mTq6HiNVbreFsOwyu/psKPwJsUpYJL+gS
5/u/Nh4XVnbK+MpXwpL22w3kzk8zoYazGmh+5B1DdevazjpKkXxj2l/MRxDEI/AE
pYsgA2EwYpQeow6T69MjCuoiGK9EXSNs3bc6rsd/9WLvEedbGS2SnFYnHIO226cl
OwENb/iR7hIm4JEB9pgLFRxvaWMOQVCuTDXKnnQkXPYNvUYUt4I9IZcURVDNlr+5
R4Tyq4x4MZg/D3Ho0YqS
=K1+I
-----END PGP SIGNATURE-----
. ============================================================================
Ubuntu Security Notice USN-1524-1
August 08, 2012
webkit vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
Multiple security vulnerabilities were fixed in WebKit.
Software Description:
- webkit: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKit browser and
JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
libjavascriptcoregtk-1.0-0 1.8.1-0ubuntu0.12.04.1
libjavascriptcoregtk-3.0-0 1.8.1-0ubuntu0.12.04.1
libwebkitgtk-1.0-0 1.8.1-0ubuntu0.12.04.1
libwebkitgtk-3.0-0 1.8.1-0ubuntu0.12.04.1
After a standard system update you need to restart your session to make all
the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1524-1
CVE-2011-3046, CVE-2011-3050, CVE-2011-3067, CVE-2011-3068,
CVE-2011-3069, CVE-2011-3071, CVE-2011-3073, CVE-2011-3074,
CVE-2011-3075, CVE-2011-3078, CVE-2012-0672, CVE-2012-3615,
CVE-2012-3655, CVE-2012-3656, CVE-2012-3680, https://launchpad.net/bugs/1027283
Package Information:
https://launchpad.net/ubuntu/+source/webkit/1.8.1-0ubuntu0.12.04.1
. This fixes multiple
vulnerabilities, where some have unknown impacts while others can be
exploited by malicious people to bypass certain security restrictions
and compromise a user's system. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Google Chrome Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA48732
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48732/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48732
RELEASE DATE:
2012-04-06
DISCUSS ADVISORY:
http://secunia.com/advisories/48732/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48732/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48732
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Google Chrome where
some have unknown impacts while others can be exploited by malicious
people to bypass certain security restrictions and compromise a
user's system.
1) Two unspecified errors in Flash Player can be exploited to corrupt
memory in the Chrome interface.
2) An out-of-bounds read error exists when handling Skia clipping.
3) An error exists within the cross-origin policy when handling
iframe replacement.
4) A use-after-free error exists when handling run-ins.
5) A use-after-free error exists when handling line boxes.
6) A use-after-free error exits when handling v8 bindings.
7) A use-after-free error exits when handling HTMLMediaElement.
8) An error exists within the cross-origin policy when parenting
pop-up windows.
9) A use-after-free error exists when handling SVG resources.
10) A use-after-free error exists when handling media content.
11) A use-after-free error exists when applying style commands.
12) A use-after-free error exists when handling focus events.
13) A read-after-free error exists within script bindings.
SOLUTION:
Update to version 18.0.1025.151.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
2, 4, 5, 11, 12) miaubiz
3, 8) Sergey Glazunov
6) SkyLined, Google Chrome Security Team
7) pa_kt via ZDI
9) Arthur Gerkis
10) Slawomir Blazek
13) Inferno, Google Chrome Security Team
ORIGINAL ADVISORY:
http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201204-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Chromium: Multiple vulnerabilities
Date: April 10, 2012
Bugs: #410963
ID: 201204-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been reported in Chromium, some of which
may allow execution of arbitrary code.
Background
==========
Chromium is an open source web browser project.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 18.0.1025.151 >= 18.0.1025.151
Description
===========
Multiple vulnerabilities have been discovered in Chromium. Please
review the CVE identifiers and release notes referenced below for
details.
Impact
======
A remote attacker could entice a user to open a specially crafted web
site using Chromium, possibly resulting in the execution of arbitrary
code with the privileges of the process, a Denial of Service condition,
or bypass of the same origin policy.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-18.0.1025.151"
References
==========
[ 1 ] CVE-2011-3066
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3066
[ 2 ] CVE-2011-3067
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3067
[ 3 ] CVE-2011-3068
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3068
[ 4 ] CVE-2011-3069
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3069
[ 5 ] CVE-2011-3070
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3070
[ 6 ] CVE-2011-3071
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3071
[ 7 ] CVE-2011-3072
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3072
[ 8 ] CVE-2011-3073
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3073
[ 9 ] CVE-2011-3074
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3074
[ 10 ] CVE-2011-3075
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3075
[ 11 ] CVE-2011-3076
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3076
[ 12 ] CVE-2011-3077
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3077
[ 13 ] Release Notes 18.0.1025.151
http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-=
updates.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201204-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201204-0092 | CVE-2011-3067 | Used in multiple products Webkit Vulnerabilities that bypass the same origin policy |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements. Google Chrome is prone to multiple vulnerabilities.
Attackers can exploit these issues to execute arbitrary code in the context of the browser, bypass security restrictions, and perform cross-origin attacks; other attacks may also be possible.
NOTE: The issue (described by CVE-2011-3071) has been moved to BID 57027 (Webkit CVE-2011-3071 Remote Code Execution Vulnerability) to better document it.
Versions prior to Chrome 18.0.1025.151 are vulnerable. Google Chrome is a web browser developed by Google (Google). This update removes handling of feed:// URLs. This update removes handling of feed:// URLs. This
header is used by many websites to serve files that were uploaded to
the site by a third-party, such as attachments in web-based e-mail
applications. Any script in files served with this header value would
run as if the file had been served inline, with full access to other
resources on the origin server.
CVE-ID
CVE-2012-3689 : David Bloom of Cue
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: Dragging and dropping selected text on a web page may cause
files from the user's system to be sent to a remote server
Description: An access control issue existed in the handling of drag
and drop events.
CVE-ID
CVE-2011-2845 : Jordi Chancel
WebKit
Available for: OS X Lion v10.7.4, OS X Lion Server v10.7.4
Impact: An attacker may be able to escape the sandbox and access any
file the current user has access to
Description: An access control issue existed in the handling of file
URLs. An attacker who gains arbitrary code execution in a Safari
WebProcess may be able to bypass the sandbox and access any file that
the user running Safari has access to. ============================================================================
Ubuntu Security Notice USN-1524-1
August 08, 2012
webkit vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
Multiple security vulnerabilities were fixed in WebKit.
Software Description:
- webkit: Web content engine library for GTK+
Details:
A large number of security issues were discovered in the WebKit browser and
JavaScript engines.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
libjavascriptcoregtk-1.0-0 1.8.1-0ubuntu0.12.04.1
libjavascriptcoregtk-3.0-0 1.8.1-0ubuntu0.12.04.1
libwebkitgtk-1.0-0 1.8.1-0ubuntu0.12.04.1
libwebkitgtk-3.0-0 1.8.1-0ubuntu0.12.04.1
After a standard system update you need to restart your session to make all
the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1524-1
CVE-2011-3046, CVE-2011-3050, CVE-2011-3067, CVE-2011-3068,
CVE-2011-3069, CVE-2011-3071, CVE-2011-3073, CVE-2011-3074,
CVE-2011-3075, CVE-2011-3078, CVE-2012-0672, CVE-2012-3615,
CVE-2012-3655, CVE-2012-3656, CVE-2012-3680, https://launchpad.net/bugs/1027283
Package Information:
https://launchpad.net/ubuntu/+source/webkit/1.8.1-0ubuntu0.12.04.1
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2012-09-19-1 iOS 6
iOS 6 is now available and addresses the following:
CFNetwork
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to the
disclosure of sensitive information
Description: An issue existed in CFNetwork's handling of malformed
URLs. CFNetwork may send requests to an incorrect hostname, resulting
in the disclosure of sensitive information. This issue was addressed
through improvements to URL handling.
CVE-ID
CVE-2012-3724 : Erling Ellingsen of Facebook
CoreGraphics
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Multiple vulnerabilities in FreeType
Description: Multiple vulnerabilities existed in FreeType, the most
serious of which may lead to arbitrary code execution when processing
a maliciously crafted font. These issues were addressed by updating
FreeType to version 2.4.9. Further information is available via the
FreeType site at http://www.freetype.org/
CVE-ID
CVE-2012-1126
CVE-2012-1127
CVE-2012-1128
CVE-2012-1129
CVE-2012-1130
CVE-2012-1131
CVE-2012-1132
CVE-2012-1133
CVE-2012-1134
CVE-2012-1135
CVE-2012-1136
CVE-2012-1137
CVE-2012-1138
CVE-2012-1139
CVE-2012-1140
CVE-2012-1141
CVE-2012-1142
CVE-2012-1143
CVE-2012-1144
CoreMedia
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: An uninitialized memory access existed in the handling
of Sorenson encoded movie files. This issue was addressed through
improved memory initialization.
CVE-ID
CVE-2012-3722 : Will Dormann of the CERT/CC
DHCP
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A malicious Wi-Fi network may be able to determine networks
a device has previously accessed
Description: Upon connecting to a Wi-Fi network, iOS may broadcast
MAC addresses of previously accessed networks per the DNAv4 protocol.
This issue was addressed by disabling DNAv4 on unencrypted Wi-Fi
networks.
CVE-ID
CVE-2012-3725 : Mark Wuergler of Immunity, Inc.
ImageIO
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted TIFF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in libtiff's handling of
ThunderScan encoded TIFF images. This issue was addressed by updating
libtiff to version 3.9.5.
CVE-ID
CVE-2011-1167
ImageIO
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted PNG image may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in libpng's
handling of PNG images. These issues were addressed through improved
validation of PNG images.
CVE-ID
CVE-2011-3026 : Juri Aedla
CVE-2011-3048
CVE-2011-3328
ImageIO
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted JPEG image may lead to an
unexpected application termination or arbitrary code execution
Description: A double free issue existed in ImageIO's handling of
JPEG images. This issue was addressed through improved memory
management.
CVE-ID
CVE-2012-3726 : Phil of PKJE Consulting
ImageIO
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted TIFF image may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow issue existed in libTIFF's handling
of TIFF images. This issue was addressed through improved validation
of TIFF images.
CVE-ID
CVE-2012-1173 : Alexander Gavrun working with HP's Zero Day
Initiative
International Components for Unicode
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Applications that use ICU may be vulnerable to an unexpected
application termination or arbitrary code execution
Description: A stack buffer overflow existed in the handling of ICU
locale IDs. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2011-4599
IPSec
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Loading a maliciously crafted racoon configuration file may
lead to arbitrary code execution
Description: A buffer overflow existed in the handling of racoon
configuration files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2012-3727 : iOS Jailbreak Dream Team
Kernel
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: An invalid pointer dereference issue existed in the
kernel's handling of packet filter ioctls. This may allow an attacker
to alter kernel memory. This issue was addressed through improved
error handling.
CVE-ID
CVE-2012-3728 : iOS Jailbreak Dream Team
Kernel
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A local user may be able to determine kernel memory layout
Description: An uninitialized memory access issue existed in the
Berkeley Packet Filter interpreter, which led to the disclosure of
memory content. This issue was addressed through improved memory
initialization.
CVE-ID
CVE-2012-3729 : Dan Rosenberg
libxml
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted web page may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple vulnerabilities existed in libxml, the most
serious of which may lead to an unexpected application termination or
arbitrary code execution. These issues were addressed by applying the
relevant upstream patches.
CVE-ID
CVE-2011-1944 : Chris Evans of Google Chrome Security Team
CVE-2011-2821 : Yang Dingning of NCNIPC, Graduate University of
Chinese Academy of Sciences
CVE-2011-2834 : Yang Dingning of NCNIPC, Graduate University of
Chinese Academy of Sciences
CVE-2011-3919 : Juri Aedla
Mail
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Mail may present the wrong attachment in a message
Description: A logic issue existed in Mail's handling of
attachments. If a subsequent mail attachment used the same Content-ID
as a previous one, the previous attachment would be displayed, even
in the case where the 2 mails originated from different senders. This
could facilitate some spoofing or phishing attacks. This issue was
addressed through improved handling of attachments.
CVE-ID
CVE-2012-3730 : Angelo Prado of the salesforce.com Product Security
Team
Mail
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Email attachments may be read without user's passcode
Description: A logic issue existed in Mail's use of Data Protection
on email attachments. This issue was addressed by properly setting
the Data Protection class for email attachments.
CVE-ID
CVE-2012-3731 : Stephen Prairie of Travelers Insurance, Erich
Stuntebeck of AirWatch
Mail
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: An attacker may spoof the sender of a S/MIME signed message
Description: S/MIME signed messages displayed the untrusted 'From'
address, instead of the name associated with the message signer's
identity. This issue was addressed by displaying the address
associated with the message signer's identity when it is available.
CVE-ID
CVE-2012-3732 : An anonymous researcher
Messages
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A user may unintentionally disclose the existence of their
email addresses
Description: When a user had multiple email addresses associated
with iMessage, replying to a message may have resulted in the reply
being sent from a different email address. This may disclose another
email address associated to the user's account. This issue was
addressed by always replying from the email address the original
message was sent to.
CVE-ID
CVE-2012-3733 : Rodney S. Foley of Gnomesoft, LLC
Office Viewer
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Unencrypted document data may be written to a temporary file
Description: An information disclosure issue existed in the support
for viewing Microsoft Office files. When viewing a document, the
Office Viewer would write a temporary file containing data from the
viewed document to the temporary directory of the invoking process.
For an application that uses data protection or other encryption to
protect the user's files, this could lead to information
disclosure. This issue was addressed by avoiding creation of
temporary files when viewing Office documents.
CVE-ID
CVE-2012-3734 : Salvatore Cataudella of Open Systems Technologies
OpenGL
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Applications that use OS X's OpenGL implementation may be
vulnerable to an unexpected application termination or arbitrary code
execution
Description: Multiple memory corruption issues existed in the
handling of GLSL compilation. These issues were addressed through
improved validation of GLSL shaders.
CVE-ID
CVE-2011-3457 : Chris Evans of the Google Chrome Security Team, and
Marc Schoenefeld of the Red Hat Security Response Team
Passcode Lock
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A person with physical access to the device could briefly
view the last used third-party app on a locked device
Description: A logic issue existed with the display of the "Slide to
Power Off" slider on the lock screen. This issue was addressed
through improved lock state management.
CVE-ID
CVE-2012-3735 : Chris Lawrence DBB
Passcode Lock
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A person with physical access to the device may be able to
bypass the screen lock
Description: A logic issue existed in the termination of FaceTime
calls from the lock screen. This issue was addressed through improved
lock state management.
CVE-ID
CVE-2012-3736 : Ian Vitek of 2Secure AB
Passcode Lock
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: All photos may be accessible at the lock screen
Description: A design issue existed in the support for viewing
photos that were taken at the lock screen. In order to determine
which photos to permit access to, the passcode lock consulted the
time at which the device was locked and compared it to the time that
a photo was taken. By spoofing the current time, an attacker could
gain access to photos that were taken before the device was locked.
This issues was addressed by explicitly keeping track of the photos
that were taken while the device was locked.
CVE-ID
CVE-2012-3737 : Ade Barkah of BlueWax Inc.
Passcode Lock
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A person with physical access to a locked device may perform
FaceTime calls
Description: A logic issue existed in the Emergency Dialer screen,
which permitted FaceTime calls via Voice Dialing on the locked
device. This could also disclose the user's contacts via contact
suggestions. This issue was addressed by disabling Voice Dialing on
the Emergency Dialer screen.
CVE-ID
CVE-2012-3738 : Ade Barkah of BlueWax Inc.
Passcode Lock
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A person with physical access to the device may be able to
bypass the screen lock
Description: Using the camera from the screen lock could in some
cases interfere with automatic lock functionality, allowing a person
with physical access to the device to bypass the Passcode Lock
screen. This issue was addressed through improved lock state
management.
CVE-ID
CVE-2012-3739 : Sebastian Spanninger of the Austrian Federal
Computing Centre (BRZ)
Passcode Lock
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A person with physical access to the device may be able to
bypass the screen lock
Description: A state management issue existed in the handling of the
screen lock. This issue was addressed through improved lock state
management.
CVE-ID
CVE-2012-3740 : Ian Vitek of 2Secure AB
Restrictions
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A user may be able to make purchases without entering Apple
ID credentials
Description: After disabling Restrictions, iOS may not ask for the
user's password during a transaction. This issue was addressed by
additional enforcement of purchase authorization.
CVE-ID
CVE-2012-3741 : Kevin Makens of Redwood High School
Safari
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Websites may use characters with an appearance similar to
the lock icon in their titles
Description: Websites could use a Unicode character to create a lock
icon in the page title. This icon was similar in appearance to the
icon used to indicate a secure connection, and could have lead the
user to believe a secure connection had been established. This issue
was addressed by removing these characters from page titles.
CVE-ID
CVE-2012-3742 : Boku Kihara of Lepidum
Safari
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Passwords may autocomplete even when the site specifies that
autocomplete should be disabled
Description: Password input elements with the autocomplete attribute
set to "off" were being autocompleted. This issue was addressed
through improved handling of the autocomplete attribute.
CVE-ID
CVE-2012-0680 : Dan Poltawski of Moodle
System Logs
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Sandboxed apps may obtain system log content
Description: Sandboxed apps had read access to /var/log directory,
which may allow them to obtain sensitive information contained in
system logs. This issue was addressed by denying sandboxed apps
access to the /var/log directory.
CVE-ID
CVE-2012-3743
Telephony
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: An SMS message may appear to have been sent by an arbitrary
user
Description: Messages displayed the return address of an SMS message
as the sender. Return addresses may be spoofed. This issue was
addressed by always displaying the originating address instead of the
return address.
CVE-ID
CVE-2012-3744 : pod2g
Telephony
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: An SMS message may disrupt cellular connectivity
Description: An off-by-one buffer overflow existed in the handling
of SMS user data headers. This issue was addressed through improved
bounds checking.
CVE-ID
CVE-2012-3745 : pod2g
UIKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: An attacker that gains access to a device's filesystem may
be able to read files that were being displayed in a UIWebView
Description: Applications that use UIWebView may leave unencrypted
files on the file system even when a passcode is enabled. This issue
was addressed through improved use of data protection.
CVE-ID
CVE-2012-3746 : Ben Smith of Box
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2011-3016 : miaubiz
CVE-2011-3021 : Arthur Gerkis
CVE-2011-3027 : miaubiz
CVE-2011-3032 : Arthur Gerkis
CVE-2011-3034 : Arthur Gerkis
CVE-2011-3035 : wushi of team509 working with iDefense VCP, Arthur
Gerkis
CVE-2011-3036 : miaubiz
CVE-2011-3037 : miaubiz
CVE-2011-3038 : miaubiz
CVE-2011-3039 : miaubiz
CVE-2011-3040 : miaubiz
CVE-2011-3041 : miaubiz
CVE-2011-3042 : miaubiz
CVE-2011-3043 : miaubiz
CVE-2011-3044 : Arthur Gerkis
CVE-2011-3050 : miaubiz
CVE-2011-3053 : miaubiz
CVE-2011-3059 : Arthur Gerkis
CVE-2011-3060 : miaubiz
CVE-2011-3064 : Atte Kettunen of OUSPG
CVE-2011-3068 : miaubiz
CVE-2011-3069 : miaubiz
CVE-2011-3071 : pa_kt working with HP's Zero Day Initiative
CVE-2011-3073 : Arthur Gerkis
CVE-2011-3074 : Slawomir Blazek
CVE-2011-3075 : miaubiz
CVE-2011-3076 : miaubiz
CVE-2011-3078 : Martin Barbella of the Google Chrome Security Team
CVE-2011-3081 : miaubiz
CVE-2011-3086 : Arthur Gerkis
CVE-2011-3089 : Skylined of the Google Chrome Security Team, miaubiz
CVE-2011-3090 : Arthur Gerkis
CVE-2011-3105 : miaubiz
CVE-2011-3913 : Arthur Gerkis
CVE-2011-3924 : Arthur Gerkis
CVE-2011-3926 : Arthur Gerkis
CVE-2011-3958 : miaubiz
CVE-2011-3966 : Aki Helin of OUSPG
CVE-2011-3968 : Arthur Gerkis
CVE-2011-3969 : Arthur Gerkis
CVE-2011-3971 : Arthur Gerkis
CVE-2012-0682 : Apple Product Security
CVE-2012-0683 : Dave Mandelin of Mozilla
CVE-2012-1520 : Martin Barbella of the Google Chrome Security Team
using AddressSanitizer, Jose A. Vazquez of spa-s3c.blogspot.com
working with iDefense VCP
CVE-2012-1521 : Skylined of the Google Chrome Security Team, Jose A.
Vazquez of spa-s3c.blogspot.com working with iDefense VCP
CVE-2012-2818 : miaubiz
CVE-2012-3589 : Dave Mandelin of Mozilla
CVE-2012-3590 : Apple Product Security
CVE-2012-3591 : Apple Product Security
CVE-2012-3592 : Apple Product Security
CVE-2012-3593 : Apple Product Security
CVE-2012-3594 : miaubiz
CVE-2012-3595 : Martin Barbella of Google Chrome Security
CVE-2012-3596 : Skylined of the Google Chrome Security Team
CVE-2012-3597 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3598 : Apple Product Security
CVE-2012-3599 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3600 : David Levin of the Chromium development community
CVE-2012-3601 : Martin Barbella of the Google Chrome Security Team
using AddressSanitizer
CVE-2012-3602 : miaubiz
CVE-2012-3603 : Apple Product Security
CVE-2012-3604 : Skylined of the Google Chrome Security Team
CVE-2012-3605 : Cris Neckar of the Google Chrome Security team
CVE-2012-3608 : Skylined of the Google Chrome Security Team
CVE-2012-3609 : Skylined of the Google Chrome Security Team
CVE-2012-3610 : Skylined of the Google Chrome Security Team
CVE-2012-3611 : Apple Product Security
CVE-2012-3612 : Skylined of the Google Chrome Security Team
CVE-2012-3613 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3614 : Yong Li of Research In Motion, Inc.
CVE-2012-3615 : Stephen Chenney of the Chromium development community
CVE-2012-3617 : Apple Product Security
CVE-2012-3618 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3620 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3624 : Skylined of the Google Chrome Security Team
CVE-2012-3625 : Skylined of Google Chrome Security Team
CVE-2012-3626 : Apple Product Security
CVE-2012-3627 : Skylined and Abhishek Arya (Inferno) of Google Chrome
Security team
CVE-2012-3628 : Apple Product Security
CVE-2012-3629 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3630 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3631 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3633 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3634 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3635 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3636 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3637 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3638 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3639 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3640 : miaubiz
CVE-2012-3641 : Slawomir Blazek
CVE-2012-3642 : miaubiz
CVE-2012-3644 : miaubiz
CVE-2012-3645 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3646 : Julien Chaffraix of the Chromium development
community, Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3647 : Skylined of the Google Chrome Security Team
CVE-2012-3648 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3651 : Abhishek Arya (Inferno) and Martin Barbella of the
Google Chrome Security Team
CVE-2012-3652 : Martin Barbella of Google Chrome Security Team
CVE-2012-3653 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3655 : Skylined of the Google Chrome Security Team
CVE-2012-3656 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3658 : Apple
CVE-2012-3659 : Mario Gomes of netfuzzer.blogspot.com, Abhishek Arya
(Inferno) of the Google Chrome Security Team
CVE-2012-3660 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3661 : Apple Product Security
CVE-2012-3663 : Skylined of Google Chrome Security Team
CVE-2012-3664 : Thomas Sepez of the Chromium development community
CVE-2012-3665 : Martin Barbella of Google Chrome Security Team using
AddressSanitizer
CVE-2012-3666 : Apple
CVE-2012-3667 : Trevor Squires of propaneapp.com
CVE-2012-3668 : Apple Product Security
CVE-2012-3669 : Apple Product Security
CVE-2012-3670 : Abhishek Arya (Inferno) of the Google Chrome Security
Team, Arthur Gerkis
CVE-2012-3671 : Skylined and Martin Barbella of the Google Chrome
Security Team
CVE-2012-3672 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3673 : Abhishek Arya (Inferno) of the Google Chrome Security
Team
CVE-2012-3674 : Skylined of Google Chrome Security Team
CVE-2012-3676 : Julien Chaffraix of the Chromium development
community
CVE-2012-3677 : Apple
CVE-2012-3678 : Apple Product Security
CVE-2012-3679 : Chris Leary of Mozilla
CVE-2012-3680 : Skylined of Google Chrome Security Team
CVE-2012-3681 : Apple
CVE-2012-3682 : Adam Barth of the Google Chrome Security Team
CVE-2012-3683 : wushi of team509 working with iDefense VCP
CVE-2012-3684 : kuzzcc
CVE-2012-3686 : Robin Cao of Torch Mobile (Beijing)
CVE-2012-3703 : Apple Product Security
CVE-2012-3704 : Skylined of the Google Chrome Security Team
CVE-2012-3706 : Apple Product Security
CVE-2012-3708 : Apple
CVE-2012-3710 : James Robinson of Google
CVE-2012-3747 : David Bloom of Cue
WebKit
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: Visiting a maliciously crafted website may lead to a cross-
site disclosure of information
Description: A cross-origin issue existed in the handling of CSS
property values. This issue was addressed through improved origin
tracking.
CVE-ID
CVE-2012-3691 : Apple
WebKit
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: A malicious website may be able to replace the contents of
an iframe on another site
Description: A cross-origin issue existed in the handling of iframes
in popup windows. This issue was addressed through improved origin
tracking.
CVE-ID
CVE-2011-3067 : Sergey Glazunov
WebKit
Available for: iPhone 3GS, iPhone 4, iPhone 4S,
iPod touch (3rd generation) and later, iPad, iPad 2
Impact: Visiting a maliciously crafted website may lead to a cross-
site disclosure of information
Description: A cross-origin issue existed in the handling of iframes
and fragment identifiers. This issue was addressed through improved
origin tracking.
CVE-ID
CVE-2012-2815 : Elie Bursztein, Baptiste Gourdin, Gustav Rydstedt,
and Dan Boneh of the Stanford University Security Laboratory
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Look-alike characters in a URL could be used to masquerade a
website
Description: The International Domain Name (IDN) support and Unicode
fonts embedded in Safari could have been used to create a URL which
contains look-alike characters. These could have been used in a
malicious website to direct the user to a spoofed site that visually
appears to be a legitimate domain. This issue was addressed by
supplementing WebKit's list of known look-alike characters. Look-
alike characters are rendered in Punycode in the address bar.
CVE-ID
CVE-2012-3693 : Matt Cooley of Symantec
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A canonicalization issue existed in the handling of
URLs. This may have led to cross-site scripting on sites which use
the location.href property. This issue was addressed through improved
canonicalization of URLs.
CVE-ID
CVE-2012-3695 : Masato Kinugawa
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to HTTP
request splitting
Description: An HTTP header injection issue existed in the handling
of WebSockets. This issue was addressed through improved WebSockets
URI sanitization.
CVE-ID
CVE-2012-3696 : David Belcher of the BlackBerry Security Incident
Response Team
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: A maliciously crafted website may be able to spoof the value
in the URL bar
Description: A state management issue existed in the handling of
session history. Navigations to a fragment on the current page may
cause Safari to display incorrect information in the URL bar. This
issue was addressed through improved session state tracking.
CVE-ID
CVE-2011-2845 : Jordi Chancel
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to the
disclosure of the disclosure of memory contents
Description: An uninitialized memory access issue existed in the
handling of SVG images. This issue was addressed through improved
memory initialization.
CVE-ID
CVE-2012-3650 : Apple
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update will be "6.0".
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJQWeYHAAoJEPefwLHPlZEwFlwP/1Ib/2m8K7orlPb3zmsKTyjo
3T0rFqu1LbXNzwLRhan7E7KiJoQ7U6yVO4045o/19AYZM+zGVNnHsCkUc3+Vcpa5
TZIM9Rik2iXKMxzttFfc5tvhE1u18PstsDLU/jvyW+s3XxMVL54wnSmW1R+P0de0
8+Q++IANogUj+scJzQkTaFDNDN5v1p0BT0+cifCcqktXB4H/PoaQ7drIWiDGYB/9
n4IL5AjM0BJBzWkldfjPimZ0BseSA0BxdeVCopmAgdnigyB60G4cWGzkU7E35VnP
dWgdU9rnIIvGGe/vP912f7AoPtWs1b8n6DYCJgGRXvaRfPoHFUlXaRoVB6vJlMVs
JXyMrw/RSDfYEgJdNbFOSxyJXHUkTkt4+aNW4KcoMR6raI/W5zKDyMEICw1wpkwP
id6Dz4e6ncf+cfvAFqXpk02OC7iJqn71IJN2MvU/hC7797l++PINIoOHwJZolt+T
xL3wV8p3Lk8K6lZx3Q9Tu6Dd7GYkxtjLCgV1NgdHOwPKDUOJ47oG6RjZAd6hpicp
RqYXbk5bJpd3nZv+X6FrCZqGfeuwREWW7FJ0dI+/8ohlnisTz16f48W9FtuN3HIj
bmxFJ46P4LGxrizwDSdBngxf3Utkh+7hGLuMH51/jR8+tCqDIEgpKBA+2F+IOmyP
XtT4lS60xKz63YSg79dd
=LvMt
-----END PGP SIGNATURE-----
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201204-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Chromium: Multiple vulnerabilities
Date: April 10, 2012
Bugs: #410963
ID: 201204-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been reported in Chromium, some of which
may allow execution of arbitrary code.
Background
==========
Chromium is an open source web browser project.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 18.0.1025.151 >= 18.0.1025.151
Description
===========
Multiple vulnerabilities have been discovered in Chromium. Please
review the CVE identifiers and release notes referenced below for
details.
Impact
======
A remote attacker could entice a user to open a specially crafted web
site using Chromium, possibly resulting in the execution of arbitrary
code with the privileges of the process, a Denial of Service condition,
or bypass of the same origin policy.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-client/chromium-18.0.1025.151"
References
==========
[ 1 ] CVE-2011-3066
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3066
[ 2 ] CVE-2011-3067
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3067
[ 3 ] CVE-2011-3068
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3068
[ 4 ] CVE-2011-3069
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3069
[ 5 ] CVE-2011-3070
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3070
[ 6 ] CVE-2011-3071
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3071
[ 7 ] CVE-2011-3072
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3072
[ 8 ] CVE-2011-3073
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3073
[ 9 ] CVE-2011-3074
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3074
[ 10 ] CVE-2011-3075
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3075
[ 11 ] CVE-2011-3076
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3076
[ 12 ] CVE-2011-3077
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3077
[ 13 ] Release Notes 18.0.1025.151
http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-=
updates.html
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201204-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201004-0399 | CVE-2010-1528 | Uiga Proxy of include/template.php In PHP Remote file inclusion vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
PHP remote file inclusion vulnerability in include/template.php in Uiga Proxy, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the content parameter. \"Uiga Proxy is a proxy server that allows users behind a firewall/proxy server to access a restricted web site. To successfully exploit this vulnerability, you need to enable the \"\"register_globals\"\" option. \". Uiga Proxy is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. This may facilitate a compromise of the application and the underlying system; other attacks are also possible. ----------------------------------------------------------------------
Secunia CSI
+ Microsoft SCCM
-----------------------
= Extensive Patch Management
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
----------------------------------------------------------------------
TITLE:
Uiga Proxy "content" File Inclusion Vulnerability
SECUNIA ADVISORY ID:
SA39313
VERIFY ADVISORY:
http://secunia.com/advisories/39313/
DESCRIPTION:
A vulnerability has been discovered in Uiga Proxy, which can be
exploited by malicious people to compromise a vulnerable system.
Input passed to the "content" parameter in include/template.php is
not properly verified before being used to include files. This can be
exploited to include arbitrary files from local or external
resources.
Successful exploitation requires that "register_globals" is enabled
(discouraged for security reasons in README.txt).
SOLUTION:
Edit the source code to ensure that input is properly verified.
PROVIDED AND/OR DISCOVERED BY:
ItSecTeam
ORIGINAL ADVISORY:
http://www.exploit-db.com/exploits/12049
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201004-0304 | CVE-2010-1241 | Adobe Reader and Acrobat of custom heap management system Heap-based buffer overflow vulnerability |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Heap-based buffer overflow in the custom heap management system in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, aka FG-VD-10-005. Adobe Acrobat and Reader are prone to a remote code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
The following products are affected:
Adobe Reader 9.3.1 and prior for Windows, Macintosh, and UNIX
Adobe Acrobat 9.3.1 and prior for Windows and Macintosh
Adobe Reader 8.2.1 and prior for Windows and Macintosh
Acrobat 8.2.1 and prior for Windows and Macintosh
NOTE: This issue was originally documented in BID 39329 (Adobe Acrobat and Reader April 2010 Multiple Remote Vulnerabilities); it has been assigned its own BID to better document the vulnerability.
Impact:
Remote Code Execution.
Risk:
High. The vulnerable X3D component is a
plugin used to display 3D material, which when present in a PDF document,
can lead to exploitation (CVE-2010-0194).
* Memory corruption through heap overflow in "CoolType.dll"
(CVE-2010-1241).
The vulnerabilities are triggered when opening and rendering a PDF document.
A remote attacker could craft a malicious document which exploits either one
of these vulnerabilities, allowing them to compromise a system.
FortiGuard Labs released the following signatures to protect against these
vulnerabilities
* "Adobe.Reader.DeviceRGB.Subtype.Stream.Memory.Corruption", previously
released as "FG-VD-10-003-Adobe" (CVE-2010-0194).
* "Adobe.Reader.Acrobat.Pro.CFF.Encodings.Handling.Heap.Overflow",
previously released as "FG-VD-10-005-Adobe" (CVE-2010-1241).
References:
* Adobe Security Bulletin:
http://www.adobe.com/support/security/bulletins/apsb10-09.html
* CVE ID: CVE-2010-0194
* CVE ID: CVE-2010-1241
Acknowledgment:
* Bing Liu of Fortinet's FortiGuard Labs (CVE-2010-0194)
* Haifei Li of Fortinet's FortiGuard Labs (CVE-2010-1241)
.
I. These
vulnerabilities affect Reader and Acrobat 9.3.1 and earlier 9.x
versions, and 8.2.1 and earlier versions.
An attacker could exploit these vulnerabilities by convincing a
user to open a specially crafted PDF file. The Adobe Reader browser
plug-in is available for multiple web browsers and operating
systems, which can automatically open PDF documents hosted on a
website.
II.
III. For a fresh installation, first install
Adobe Reader 9.3.0 or 8.2.0 and then use the automatic update
feature or install the appropriate update referenced in APSB10-09. Acrobat JavaScript can be disabled using the
Preferences menu (Edit -> Preferences -> JavaScript; uncheck Enable
Acrobat JavaScript).
Adobe provides a framework to blacklist specific JavaScipt APIs. If
JavaScript must be enabled, this feature may be useful when
specific APIs are known to be vulnerable or used in attacks.
Prevent Internet Explorer from automatically opening PDF documents
The installer for Adobe Reader and Acrobat configures Internet
Explorer to automatically open PDF files without any user
interaction. This behavior can be reverted to a safer option that
prompts the user by importing the following as a .REG file:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\AcroExch.Document.7]
"EditFlags"=hex:00,00,00,00
Disable the display of PDF documents in the web browser
Preventing PDF documents from opening inside a web browser will
partially mitigate this vulnerability. If this workaround is
applied, it may also mitigate future vulnerabilities.
To prevent PDF documents from automatically being opened in a web
browser, do the following:
1.
2. Open the Edit menu.
3. Choose the Preferences option.
4. Choose the Internet section.
5. Uncheck the "Display PDF in browser" checkbox.
Do not access PDF documents from untrusted sources
Do not open unfamiliar or unexpected PDF documents, particularly
those hosted on websites or delivered as email attachments. Please
see Cyber Security Tip ST04-010.
IV. Please send
email to <cert@cert.org> with "TA10-103C Feedback VU#352598" in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2010 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
April 13, 2010: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBS8TuRj6pPKYJORa3AQJfzggAj8p3s/TrJT16ceFtRzLR31QBgRq6GxYr
h8WnsGlj2WR71XjH219XaWx9Mj3KBWVxbAsNPmK0tEir7KA+n4DwZCewTDYRqfYs
8N7G9MOI68Z87+7zBiZAo0j5/lQuxLWyTF9PqWbX8gCWLqJWW46cEZCqg7OGRbYt
w8coxdMXU6tM3WGoWAIKwLRtpQUdubcITPTrE7RATyLJ1422B9dkTSeSCuHHZs5d
eXSPYzTQ1EOwHpuA5/a/or2SjeRPLQcpxb/8WKelSqwW3hpK4zviEnPt4cYyeNqW
BQY06OQMTKch/nmniuEDuiwe69m0gTw7Tw2Dm6xrg6BLBy3A6GAwkQ==
=CQ6i
-----END PGP SIGNATURE-----
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201009-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Adobe Reader: Multiple vulnerabilities
Date: September 07, 2010
Bugs: #297385, #306429, #313343, #322857
ID: 201009-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities in Adobe Reader might result in the execution
of arbitrary code or other attacks.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/acroread-9.3.4"
References
==========
[ 1 ] APSA10-01
http://www.adobe.com/support/security/advisories/apsa10-01.html
[ 2 ] APSB10-02
http://www.adobe.com/support/security/bulletins/apsb10-02.html
[ 3 ] APSB10-07
http://www.adobe.com/support/security/bulletins/apsb10-07.html
[ 4 ] APSB10-09
http://www.adobe.com/support/security/bulletins/apsb10-09.html
[ 5 ] APSB10-14
http://www.adobe.com/support/security/bulletins/apsb10-14.html
[ 6 ] APSB10-16
http://www.adobe.com/support/security/bulletins/apsb10-16.html
[ 7 ] CVE-2009-3953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3953
[ 8 ] CVE-2009-4324
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4324
[ 9 ] CVE-2010-0186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0186
[ 10 ] CVE-2010-0188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0188
[ 11 ] CVE-2010-0190
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0190
[ 12 ] CVE-2010-0191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0191
[ 13 ] CVE-2010-0192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0192
[ 14 ] CVE-2010-0193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0193
[ 15 ] CVE-2010-0194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0194
[ 16 ] CVE-2010-0195
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0195
[ 17 ] CVE-2010-0196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0196
[ 18 ] CVE-2010-0197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0197
[ 19 ] CVE-2010-0198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0198
[ 20 ] CVE-2010-0199
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0199
[ 21 ] CVE-2010-0201
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0201
[ 22 ] CVE-2010-0202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0202
[ 23 ] CVE-2010-0203
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0203
[ 24 ] CVE-2010-0204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0204
[ 25 ] CVE-2010-1241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1241
[ 26 ] CVE-2010-1285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1285
[ 27 ] CVE-2010-1295
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1295
[ 28 ] CVE-2010-1297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1297
[ 29 ] CVE-2010-2168
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2168
[ 30 ] CVE-2010-2201
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2201
[ 31 ] CVE-2010-2202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2202
[ 32 ] CVE-2010-2203
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2203
[ 33 ] CVE-2010-2204
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2204
[ 34 ] CVE-2010-2205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2205
[ 35 ] CVE-2010-2206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2206
[ 36 ] CVE-2010-2207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2207
[ 37 ] CVE-2010-2208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2208
[ 38 ] CVE-2010-2209
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2209
[ 39 ] CVE-2010-2210
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2210
[ 40 ] CVE-2010-2211
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2211
[ 41 ] CVE-2010-2212
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2212
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201009-05.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2010 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201004-0058 | CVE-2009-2822 | AirPort Utility Vulnerable to access restrictions |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
AirPort Utility before 5.5.1 for Apple AirPort Base Station does not properly distribute MAC address ACLs to network extenders, which allows remote attackers to bypass intended access restrictions via an 802.11 authentication frame. AirPort Utility is an application software for AirPort series wireless routers. The MAC address ACL did not propagate the network extender correctly. Allow unauthorized users to access networks restricted by MAC address ACLs. Apple AirPort Base Station is prone to a security-bypass vulnerability. This may lead to other attacks. AirPort Utility has security bypass and access control vulnerabilities.
AirPort Utility 5.5.1 for Windows:
http://support.apple.com/kb/DL954
AirPort Utility 5.5.1 for Mac:
http://support.apple.com/kb/DL955
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Guido Lamberty.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT3958
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------