VARIoT IoT vulnerabilities database
VAR-201206-0279 | CVE-2011-2495 | Linux Kernel ‘ fs/proc/base.c ’ Permissions and Access Control Vulnerability |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc/#####/io files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by discovering the length of another user's password. Hitachi JP1 products are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
The following products are affected:
JP1/IT Resource Management - Manager
JP1/IT Service Level Management - Manager. ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
----------------------------------------------------------------------
TITLE:
Hitachi JP1/IT Service Level Management Unspecified Cross-Site
Scripting Vulnerability
SECUNIA ADVISORY ID:
SA47804
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/47804/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=47804
RELEASE DATE:
2012-01-31
DISCUSS ADVISORY:
http://secunia.com/advisories/47804/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/47804/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47804
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Hitachi JP1/IT Service Level
Management, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Certain unspecified input is not properly sanitised before being
returned to the user.
The vulnerability is reported in version 09-50.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
Hitachi (English):
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-005/index.html
Hitachi (Japanese):
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-005/index.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: kernel security, bug fix, and enhancement update
Advisory ID: RHSA-2011:1189-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1189.html
Issue date: 2011-08-23
CVE Names: CVE-2011-1182 CVE-2011-1576 CVE-2011-1593
CVE-2011-1776 CVE-2011-1898 CVE-2011-2183
CVE-2011-2213 CVE-2011-2491 CVE-2011-2492
CVE-2011-2495 CVE-2011-2497 CVE-2011-2517
CVE-2011-2689 CVE-2011-2695
=====================================================================
1. Summary:
Updated kernel packages that fix several security issues, various bugs, and
add two enhancements are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64
3. Description:
Security issues:
* Using PCI passthrough without interrupt remapping support allowed KVM
guests to generate MSI interrupts and thus potentially inject traps. A
privileged guest user could use this flaw to crash the host or possibly
escalate their privileges on the host. The fix for this issue can prevent
PCI passthrough working and guests starting. Refer to Red Hat Bugzilla bug
715555 for details. (CVE-2011-1898, Important)
* Flaw in the client-side NLM implementation could allow a local,
unprivileged user to cause a denial of service. (CVE-2011-2491, Important)
* Integer underflow in the Bluetooth implementation could allow a remote
attacker to cause a denial of service or escalate their privileges by
sending a specially-crafted request to a target system via Bluetooth.
(CVE-2011-2497, Important)
* Buffer overflows in the netlink-based wireless configuration interface
implementation could allow a local user, who has the CAP_NET_ADMIN
capability, to cause a denial of service or escalate their privileges on
systems that have an active wireless interface. (CVE-2011-2517, Important)
* Flaw in the way the maximum file offset was handled for ext4 file systems
could allow a local, unprivileged user to cause a denial of service.
(CVE-2011-2695, Important)
* Flaw allowed napi_reuse_skb() to be called on VLAN packets. An attacker
on the local network could use this flaw to send crafted packets to a
target, possibly causing a denial of service. (CVE-2011-1576, Moderate)
* Integer signedness error in next_pidmap() could allow a local,
unprivileged user to cause a denial of service. (CVE-2011-1593, Moderate)
* Race condition in the memory merging support (KSM) could allow a local,
unprivileged user to cause a denial of service. KSM is off by default, but
on systems running VDSM, or on KVM hosts, it is likely turned on by the
ksm/ksmtuned services. (CVE-2011-2183, Moderate)
* Flaw in inet_diag_bc_audit() could allow a local, unprivileged user to
cause a denial of service. (CVE-2011-2213, Moderate)
* Flaw in the way space was allocated in the Global File System 2 (GFS2)
implementation. If the file system was almost full, and a local,
unprivileged user made an fallocate() request, it could result in a denial
of service. Setting quotas to prevent users from using all available disk
space would prevent exploitation of this flaw. (CVE-2011-2689, Moderate)
* Local, unprivileged users could send signals via the sigqueueinfo system
call, with si_code set to SI_TKILL and with spoofed process and user IDs,
to other processes. This flaw does not allow existing permission checks to
be bypassed; signals can only be sent if your privileges allow you to
already do so. (CVE-2011-1182, Low)
* Heap overflow in the EFI GUID Partition Table (GPT) implementation could
allow a local attacker to cause a denial of service by mounting a disk
containing crafted partition tables. (CVE-2011-1776, Low)
* Structure padding in two structures in the Bluetooth implementation was
not initialized properly before being copied to user-space, possibly
allowing local, unprivileged users to leak kernel stack memory to
user-space. (CVE-2011-2492, Low)
* /proc/[PID]/io is world-readable by default. Previously, these files
could be read without any further restrictions. A local, unprivileged user
could read these files, belonging to other, possibly privileged processes
to gather confidential information, such as the length of a password used
in a process. (CVE-2011-2495, Low)
Red Hat would like to thank Vasily Averin for reporting CVE-2011-2491; Dan
Rosenberg for reporting CVE-2011-2497 and CVE-2011-2213; Ryan Sweat for
reporting CVE-2011-1576; Robert Swiecki for reporting CVE-2011-1593; Andrea
Righi for reporting CVE-2011-2183; Julien Tinnes of the Google Security
Team for reporting CVE-2011-1182; Timo Warns for reporting CVE-2011-1776;
Marek Kroemeke and Filip Palian for reporting CVE-2011-2492; and Vasiliy
Kulikov of Openwall for reporting CVE-2011-2495.
4. Solution:
Refer to the Technical Notes, available shortly from the link in the
References, for bug fix and enhancement details.
Users should upgrade to these updated packages, which contain
backported patches to correct these issues, and fix the bugs and add
the enhancements noted in the Technical Notes. The system must be
rebooted for this update to take effect.
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.
5. Bugs fixed (http://bugzilla.redhat.com/):
690028 - CVE-2011-1182 kernel signal spoofing issue
695173 - CVE-2011-1576 kernel: net: Fix memory leak/corruption on VLAN GRO_DROP
697822 - CVE-2011-1593 kernel: proc: signedness issue in next_pidmap()
703019 - CVE-2011-2492 kernel: bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace
703026 - CVE-2011-1776 kernel: validate size of EFI GUID partition entries
709393 - CVE-2011-2491 kernel: rpc task leak after flock()ing NFS share
710338 - CVE-2011-2183 kernel: ksm: race between ksmd and exiting task
713827 - Parallel port issue in RHEL 6.0 server
714536 - CVE-2011-2213 kernel: inet_diag: insufficient validation
714982 - GFS2: Update to rhel6.1 broke dovecot writing to a gfs2 filesystem
715555 - CVE-2011-1898 virt: VT-d (PCI passthrough) MSI trap injection
716539 - bump domain memory limits [6.1.z]
716805 - CVE-2011-2497 kernel: bluetooth: buffer overflow in l2cap config request
716825 - CVE-2011-2495 kernel: /proc/PID/io infoleak
718152 - CVE-2011-2517 kernel: nl80211: missing check for valid SSID size in scan operations
720861 - CVE-2011-2689 kernel: gfs2: make sure fallocate bytes is a multiple of blksize
722557 - CVE-2011-2695 kernel: ext4: kernel panic when writing data to the last block of sparse file
6. Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-131.12.1.el6.src.rpm
i386:
kernel-2.6.32-131.12.1.el6.i686.rpm
kernel-debug-2.6.32-131.12.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-131.12.1.el6.i686.rpm
kernel-debug-devel-2.6.32-131.12.1.el6.i686.rpm
kernel-debuginfo-2.6.32-131.12.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-131.12.1.el6.i686.rpm
kernel-devel-2.6.32-131.12.1.el6.i686.rpm
kernel-headers-2.6.32-131.12.1.el6.i686.rpm
perf-2.6.32-131.12.1.el6.i686.rpm
perf-debuginfo-2.6.32-131.12.1.el6.i686.rpm
noarch:
kernel-doc-2.6.32-131.12.1.el6.noarch.rpm
kernel-firmware-2.6.32-131.12.1.el6.noarch.rpm
x86_64:
kernel-2.6.32-131.12.1.el6.x86_64.rpm
kernel-debug-2.6.32-131.12.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-131.12.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-131.12.1.el6.x86_64.rpm
kernel-devel-2.6.32-131.12.1.el6.x86_64.rpm
kernel-headers-2.6.32-131.12.1.el6.x86_64.rpm
perf-2.6.32-131.12.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-131.12.1.el6.src.rpm
noarch:
kernel-doc-2.6.32-131.12.1.el6.noarch.rpm
kernel-firmware-2.6.32-131.12.1.el6.noarch.rpm
x86_64:
kernel-2.6.32-131.12.1.el6.x86_64.rpm
kernel-debug-2.6.32-131.12.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-131.12.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-131.12.1.el6.x86_64.rpm
kernel-devel-2.6.32-131.12.1.el6.x86_64.rpm
kernel-headers-2.6.32-131.12.1.el6.x86_64.rpm
perf-2.6.32-131.12.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-131.12.1.el6.src.rpm
i386:
kernel-2.6.32-131.12.1.el6.i686.rpm
kernel-debug-2.6.32-131.12.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-131.12.1.el6.i686.rpm
kernel-debug-devel-2.6.32-131.12.1.el6.i686.rpm
kernel-debuginfo-2.6.32-131.12.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-131.12.1.el6.i686.rpm
kernel-devel-2.6.32-131.12.1.el6.i686.rpm
kernel-headers-2.6.32-131.12.1.el6.i686.rpm
perf-2.6.32-131.12.1.el6.i686.rpm
perf-debuginfo-2.6.32-131.12.1.el6.i686.rpm
noarch:
kernel-doc-2.6.32-131.12.1.el6.noarch.rpm
kernel-firmware-2.6.32-131.12.1.el6.noarch.rpm
ppc64:
kernel-2.6.32-131.12.1.el6.ppc64.rpm
kernel-bootwrapper-2.6.32-131.12.1.el6.ppc64.rpm
kernel-debug-2.6.32-131.12.1.el6.ppc64.rpm
kernel-debug-debuginfo-2.6.32-131.12.1.el6.ppc64.rpm
kernel-debug-devel-2.6.32-131.12.1.el6.ppc64.rpm
kernel-debuginfo-2.6.32-131.12.1.el6.ppc64.rpm
kernel-debuginfo-common-ppc64-2.6.32-131.12.1.el6.ppc64.rpm
kernel-devel-2.6.32-131.12.1.el6.ppc64.rpm
kernel-headers-2.6.32-131.12.1.el6.ppc64.rpm
perf-2.6.32-131.12.1.el6.ppc64.rpm
perf-debuginfo-2.6.32-131.12.1.el6.ppc64.rpm
s390x:
kernel-2.6.32-131.12.1.el6.s390x.rpm
kernel-debug-2.6.32-131.12.1.el6.s390x.rpm
kernel-debug-debuginfo-2.6.32-131.12.1.el6.s390x.rpm
kernel-debug-devel-2.6.32-131.12.1.el6.s390x.rpm
kernel-debuginfo-2.6.32-131.12.1.el6.s390x.rpm
kernel-debuginfo-common-s390x-2.6.32-131.12.1.el6.s390x.rpm
kernel-devel-2.6.32-131.12.1.el6.s390x.rpm
kernel-headers-2.6.32-131.12.1.el6.s390x.rpm
kernel-kdump-2.6.32-131.12.1.el6.s390x.rpm
kernel-kdump-debuginfo-2.6.32-131.12.1.el6.s390x.rpm
kernel-kdump-devel-2.6.32-131.12.1.el6.s390x.rpm
perf-2.6.32-131.12.1.el6.s390x.rpm
perf-debuginfo-2.6.32-131.12.1.el6.s390x.rpm
x86_64:
kernel-2.6.32-131.12.1.el6.x86_64.rpm
kernel-debug-2.6.32-131.12.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-131.12.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-131.12.1.el6.x86_64.rpm
kernel-devel-2.6.32-131.12.1.el6.x86_64.rpm
kernel-headers-2.6.32-131.12.1.el6.x86_64.rpm
perf-2.6.32-131.12.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-131.12.1.el6.src.rpm
i386:
kernel-2.6.32-131.12.1.el6.i686.rpm
kernel-debug-2.6.32-131.12.1.el6.i686.rpm
kernel-debug-debuginfo-2.6.32-131.12.1.el6.i686.rpm
kernel-debug-devel-2.6.32-131.12.1.el6.i686.rpm
kernel-debuginfo-2.6.32-131.12.1.el6.i686.rpm
kernel-debuginfo-common-i686-2.6.32-131.12.1.el6.i686.rpm
kernel-devel-2.6.32-131.12.1.el6.i686.rpm
kernel-headers-2.6.32-131.12.1.el6.i686.rpm
perf-2.6.32-131.12.1.el6.i686.rpm
perf-debuginfo-2.6.32-131.12.1.el6.i686.rpm
noarch:
kernel-doc-2.6.32-131.12.1.el6.noarch.rpm
kernel-firmware-2.6.32-131.12.1.el6.noarch.rpm
x86_64:
kernel-2.6.32-131.12.1.el6.x86_64.rpm
kernel-debug-2.6.32-131.12.1.el6.x86_64.rpm
kernel-debug-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm
kernel-debug-devel-2.6.32-131.12.1.el6.x86_64.rpm
kernel-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm
kernel-debuginfo-common-x86_64-2.6.32-131.12.1.el6.x86_64.rpm
kernel-devel-2.6.32-131.12.1.el6.x86_64.rpm
kernel-headers-2.6.32-131.12.1.el6.x86_64.rpm
perf-2.6.32-131.12.1.el6.x86_64.rpm
perf-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2011-1182.html
https://www.redhat.com/security/data/cve/CVE-2011-1576.html
https://www.redhat.com/security/data/cve/CVE-2011-1593.html
https://www.redhat.com/security/data/cve/CVE-2011-1776.html
https://www.redhat.com/security/data/cve/CVE-2011-1898.html
https://www.redhat.com/security/data/cve/CVE-2011-2183.html
https://www.redhat.com/security/data/cve/CVE-2011-2213.html
https://www.redhat.com/security/data/cve/CVE-2011-2491.html
https://www.redhat.com/security/data/cve/CVE-2011-2492.html
https://www.redhat.com/security/data/cve/CVE-2011-2495.html
https://www.redhat.com/security/data/cve/CVE-2011-2497.html
https://www.redhat.com/security/data/cve/CVE-2011-2517.html
https://www.redhat.com/security/data/cve/CVE-2011-2689.html
https://www.redhat.com/security/data/cve/CVE-2011-2695.html
https://access.redhat.com/security/updates/classification/#important
https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.1_Technical_Notes/kernel.html#RHSA-2011-1189
https://bugzilla.redhat.com/show_bug.cgi?id=715555
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2011 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFOU72NXlSAg2UNWIIRAvuvAJ0XW+pjVB73eYV6dyMHJAKRZqTyygCeIAtM
+72YbSFubpSk5fCdBrnH5XY=
=wVAB
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. Description:
These packages contain the Linux kernel. (CVE-2011-2482,
Important)
If you do not run applications that use SCTP, you can prevent the sctp
module from being loaded by adding the following to the end of the
"/etc/modprobe.d/blacklist.conf" file:
blacklist sctp
This way, the sctp module cannot be loaded accidentally, which may occur
if an application that requires SCTP is started. When using a
fully-virtualized guest on a host that does not use hardware assisted
paging (HAP), such as those running CPUs that do not have support for (or
those that have it disabled) Intel Extended Page Tables (EPT) or AMD
Virtualization (AMD-V) Rapid Virtualization Indexing (RVI), a privileged
guest user could trigger this flaw to cause the hypervisor to crash.
This update also fixes the following bugs:
* On Broadcom PCI cards that use the tg3 driver, the operational state of a
network device, represented by the value in
"/sys/class/net/ethX/operstate", was not initialized by default.
Consequently, the state was reported as "unknown" when the tg3 network
device was actually in the "up" state. This update modifies the tg3 driver
to properly set the operstate value. (BZ#744699)
* A KVM (Kernel-based Virtual Machine) guest can get preempted by the host,
when a higher priority process needs to run. When a guest is not running
for several timer interrupts in a row, ticks could be lost, resulting in
the jiffies timer advancing slower than expected and timeouts taking longer
than expected. To correct for the issue of lost ticks,
do_timer_tsc_timekeeping() checks a reference clock source (kvm-clock when
running as a KVM guest) to see if timer interrupts have been missed. If so,
jiffies is incremented by the number of missed timer interrupts, ensuring
that programs are woken up on time. (BZ#747874)
* When a block device object was allocated, the bd_super field was not
being explicitly initialized to NULL. Previously, users of the block device
object could set bd_super to NULL when the object was released by calling
the kill_block_super() function. Certain third-party file systems do not
always use this function, and bd_super could therefore become uninitialized
when the object was allocated again. This could cause a kernel panic in the
blkdev_releasepage() function, when the uninitialized bd_super field was
dereferenced. Now, bd_super is properly initialized in the bdget()
function, and the kernel panic no longer occurs. (BZ#751137)
4.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well. ==========================================================================
Ubuntu Security Notice USN-1244-1
October 25, 2011
linux-ti-omap4 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.10
Summary:
Several security issues were fixed in the kernel. A remote attacker could exploit this to
crash the kernel, leading to a denial of service. (CVE-2011-2183)
Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly
handled unlock requests. (CVE-2011-2491)
Vasiliy Kulikov discovered that taskstats did not enforce access
restrictions. A local attacker could exploit this to read certain
information, leading to a loss of privacy. (CVE-2011-2494)
Vasiliy Kulikov discovered that /proc/PID/io did not enforce access
restrictions. A local attacker could exploit this to read certain
information, leading to a loss of privacy. (CVE-2011-2495)
It was discovered that the wireless stack incorrectly verified SSID
lengths. (CVE-2011-2517)
It was discovered that the EXT4 filesystem contained multiple off-by-one
flaws. (CVE-2011-2695)
Christian Ohm discovered that the perf command looks for configuration
files in the current directory. If a privileged user were tricked into
running perf in a directory containing a malicious configuration file, an
attacker could run arbitrary commands and possibly gain privileges.
(CVE-2011-2905)
Vasiliy Kulikov discovered that the Comedi driver did not correctly clear
memory. A local attacker could exploit this to read kernel stack memory,
leading to a loss of privacy. (CVE-2011-2909)
Yogesh Sharma discovered that CIFS did not correctly handle UNCs that had
no prefixpaths.
(CVE-2011-3363)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 10.10:
linux-image-2.6.35-903-omap4 2.6.35-903.26
After a standard system update you need to reboot your computer to make
all the necessary changes
VAR-201206-0026 | CVE-2011-1078 | Linux Kernel of sco_sock_getsockopt_old Vulnerabilities that capture important information in functions |
CVSS V2: 1.9 CVSS V3: - Severity: LOW |
The sco_sock_getsockopt_old function in net/bluetooth/sco.c in the Linux kernel before 2.6.39 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via the SCO_CONNINFO option. Hitachi JP1 products are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
The following products are affected:
JP1/IT Resource Management - Manager
JP1/IT Service Level Management - Manager. ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
----------------------------------------------------------------------
TITLE:
Hitachi JP1/IT Service Level Management Unspecified Cross-Site
Scripting Vulnerability
SECUNIA ADVISORY ID:
SA47804
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/47804/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=47804
RELEASE DATE:
2012-01-31
DISCUSS ADVISORY:
http://secunia.com/advisories/47804/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/47804/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47804
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Hitachi JP1/IT Service Level
Management, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Certain unspecified input is not properly sanitised before being
returned to the user.
The vulnerability is reported in version 09-50.
SOLUTION:
Update to version 09-51.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
Hitachi (English):
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-005/index.html
Hitachi (Japanese):
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-005/index.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
----------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2012-0001
Synopsis: VMware ESXi and ESX updates to third party library
and ESX Service Console
Issue date: 2012-01-30
Updated on: 2012-01-30 (initial advisory)
CVE numbers: --- COS Kernel ---
CVE-2011-0726, CVE-2011-1078, CVE-2011-1079,
CVE-2011-1080, CVE-2011-1093, CVE-2011-1163,
CVE-2011-1166, CVE-2011-1170, CVE-2011-1171,
CVE-2011-1172, CVE-2011-1494, CVE-2011-1495,
CVE-2011-1577, CVE-2011-1763, CVE-2010-4649,
CVE-2011-0695, CVE-2011-0711, CVE-2011-1044,
CVE-2011-1182, CVE-2011-1573, CVE-2011-1576,
CVE-2011-1593, CVE-2011-1745, CVE-2011-1746,
CVE-2011-1776, CVE-2011-1936, CVE-2011-2022,
CVE-2011-2213, CVE-2011-2492, CVE-2011-1780,
CVE-2011-2525, CVE-2011-2689, CVE-2011-2482,
CVE-2011-2491, CVE-2011-2495, CVE-2011-2517,
CVE-2011-2519, CVE-2011-2901
--- COS cURL ---
CVE-2011-2192
--- COS rpm ---
CVE-2010-2059, CVE-2011-3378
--- COS samba ---
CVE-2010-0547, CVE-2010-0787, CVE-2011-1678,
CVE-2011-2522, CVE-2011-2694
--- COS python ---
CVE-2009-3720, CVE-2010-3493, CVE-2011-1015,
CVE-2011-1521
--- python library ---
CVE-2009-3560, CVE-2009-3720, CVE-2010-1634,
CVE-2010-2089, CVE-2011-1521
----------------------------------------------------------------------
1. Summary
VMware ESXi and ESX updates to third party library and ESX Service
Console address several security issues.
2. Relevant releases
ESXi 4.1 without patch ESXi410-201201401-SG
ESX 4.1 without patches ESX410-201201401-SG, ESX410-201201402-SG,
ESX410-201201404-SG, ESX410-201201405-SG,
ESX410-201201406-SG, ESX410-201201407-SG
3. Problem Description
a. ESX third party update for Service Console kernel
The ESX Service Console Operating System (COS) kernel is updated to
kernel-2.6.18-274.3.1.el5 to fix multiple security issues in the
COS kernel.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201201401-SG
ESX 4.0 ESX patch pending
ESX 3.5 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Fusion.
b. ESX third party update for Service Console cURL RPM
The ESX Service Console (COS) curl RPM is updated to cURL-7.15.5.9
resolving a security issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201201402-SG
ESX 4.0 ESX patch pending
ESX 3.5 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Fusion.
c. ESX third party update for Service Console nspr and nss RPMs
The ESX Service Console (COS) nspr and nss RPMs are updated to
nspr-4.8.8-1.el5_7 and nss-3.12.10-4.el5_7 respectively resolving
a security issues.
A Certificate Authority (CA) issued fraudulent SSL certificates and
Netscape Portable Runtime (NSPR) and Network Security Services (NSS)
contain the built-in tokens of this fraudulent Certificate
Authority. This update renders all SSL certificates signed by the
fraudulent CA as untrusted for all uses.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201201404-SG
ESX 4.0 ESX patch pending
ESX 3.5 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Fusion.
d. ESX third party update for Service Console rpm RPMs
The ESX Service Console Operating System (COS) rpm packages are
updated to popt-1.10.2.3-22.el5_7.2, rpm-4.4.2.3-22.el5_7.2,
rpm-libs-4.4.2.3-22.el5_7.2 and rpm-python-4.4.2.3-22.el5_7.2
which fixes multiple security issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201201406-SG
ESX 4.0 ESX patch pending
ESX 3.5 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Fusion.
e. ESX third party update for Service Console samba RPMs
The ESX Service Console Operating System (COS) samba packages are
updated to samba-client-3.0.33-3.29.el5_7.4,
samba-common-3.0.33-3.29.el5_7.4 and
libsmbclient-3.0.33-3.29.el5_7.4 which fixes multiple security
issues in the Samba client.
Note that ESX does not include the Samba Web Administration Tool
(SWAT) and therefore ESX COS is not affected by CVE-2011-2522 and
CVE-2011-2694.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201201407-SG
ESX 4.0 ESX patch pending
ESX 3.5 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Fusion.
f. ESX third party update for Service Console python package
The ESX Service Console (COS) python package is updated to
2.4.3-44 which fixes multiple security issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201201405-SG
ESX 4.0 ESX patch pending
ESX 3.5 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Fusion.
g. ESXi update to third party component python
The python third party library is updated to python 2.5.6 which
fixes multiple security issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi 5.0 ESXi patch pending
ESXi 4.1 ESXi ESXi410-201201401-SG
ESXi 4.0 ESXi patch pending
ESXi 3.5 ESXi patch pending
ESX 4.1 ESX not affected
ESX 4.0 ESX not affected
ESX 3.5 ESX not affected
* hosted products are VMware Workstation, Player, ACE, Fusion.
4. Solution
Please review the patch/release notes for your product and version
and verify the checksum of your downloaded file.
VMware ESXi 4.1
---------------
ESXi410-201201401
http://downloads.vmware.com/go/selfsupport-download
md5sum: BDF86F10A973346E26C9C2CD4C424E88
sha1sum: CC0B92869A9AAE4F5E0E5B81BEE109BCD7DA780F
http://kb.vmware.com/kb/2009143
ESXi410-201201401 contains ESXi410-201201401-SG
VMware ESX 4.1
--------------
ESX410-201201001
http://downloads.vmware.com/go/selfsupport-download
md5sum: 16DF9ACD3E74BCABC2494BC23AD0927F
sha1sum: 1066AE1436E1A75BA3D541AB65296CFB9AB7A5CC
http://kb.vmware.com/kb/2009142
ESX410-201201001 contains ESX410-201201401-SG, ESX410-201201402-SG,
ESX410-201201404-SG, ESX410-201201405-SG, ESX410-201201406-SG and
ESX410-201201407-SG
5. References
CVE numbers
--- COS Kernel ---
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0726
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1093
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1494
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1495
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1577
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1763
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0695
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0711
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1573
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1576
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1745
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1746
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1936
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2022
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2525
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2689
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2482
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2495
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2901
--- COS cURL ---
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2192
--- COS rpm ---
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2059
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3378
--- COS samba ---
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1678
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2522
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2694
--- COS python ---
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1015
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1521
--- python library ---
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1634
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1521
----------------------------------------------------------------------
6. Change log
2012-01-30 VMSA-2012-0001
Initial security advisory in conjunction with the release of patches
for ESX 4.1 and ESXi 4.1 on 2012-01-30.
----------------------------------------------------------------------
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories
http://www.vmware.com/security/advisories
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
General support life cycle policy
http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html
Copyright 2012 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8
wj8DBQFPJ5DIDEcm8Vbi9kMRAnzCAKCmaAoDp49d61Mr1emzh/U0N8vbgACdFZk8
f2pLxi537s+ew4dvnYNWlJ8=
=OAh4
-----END PGP SIGNATURE-----
. ==========================================================================
Ubuntu Security Notice USN-1256-1
November 09, 2011
linux-lts-backport-natty vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux-lts-backport-natty: Linux kernel backport from Natty
Details:
It was discovered that the /proc filesystem did not correctly handle
permission changes when programs executed. A local attacker could hold open
files to examine details about programs running with higher privileges,
potentially increasing the chances of exploiting additional
vulnerabilities. (CVE-2011-1020)
Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear
memory. A local attacker could exploit this to read kernel stack memory,
leading to a loss of privacy. (CVE-2011-1078)
Vasiliy Kulikov discovered that the Bluetooth stack did not correctly check
that device name strings were NULL terminated. A local attacker could
exploit this to crash the system, leading to a denial of service, or leak
contents of kernel stack memory, leading to a loss of privacy.
(CVE-2011-1079)
Vasiliy Kulikov discovered that bridge network filtering did not check that
name fields were NULL terminated. A local attacker could exploit this to
leak contents of kernel stack memory, leading to a loss of privacy.
(CVE-2011-1080)
Johan Hovold discovered that the DCCP network stack did not correctly
handle certain packet combinations. A remote attacker could send specially
crafted network traffic that would crash the system, leading to a denial of
service. (CVE-2011-1093)
Peter Huewe discovered that the TPM device did not correctly initialize
memory. A local attacker could exploit this to read kernel heap memory
contents, leading to a loss of privacy. (CVE-2011-1160)
Dan Rosenberg discovered that the IRDA subsystem did not correctly check
certain field sizes. If a system was using IRDA, a remote attacker could
send specially crafted traffic to crash the system or gain root privileges.
(CVE-2011-1180)
Ryan Sweat discovered that the GRO code did not correctly validate memory.
In some configurations on systems using VLANs, a remote attacker could send
specially crafted traffic to crash the system, leading to a denial of
service. (CVE-2011-1478)
It was discovered that the security fix for CVE-2010-4250 introduced a
regression. A remote attacker could exploit this to crash the system,
leading to a denial of service. (CVE-2011-1479)
Dan Rosenberg discovered that the X.25 Rose network stack did not correctly
handle certain fields. If a system was running with Rose enabled, a remote
attacker could send specially crafted traffic to gain root privileges.
(CVE-2011-1493)
It was discovered that the Stream Control Transmission Protocol (SCTP)
implementation incorrectly calculated lengths. If the net.sctp.addip_enable
variable was turned on, a remote attacker could send specially crafted
traffic to crash the system. (CVE-2011-1573)
Ryan Sweat discovered that the kernel incorrectly handled certain VLAN
packets. On some systems, a remote attacker could send specially crafted
traffic to crash the system, leading to a denial of service.
(CVE-2011-1576)
Timo Warns discovered that the GUID partition parsing routines did not
correctly validate certain structures. A local attacker with physical
access could plug in a specially crafted block device to crash the system,
leading to a denial of service. (CVE-2011-1577)
Phil Oester discovered that the network bonding system did not correctly
handle large queues. On some systems, a remote attacker could send
specially crafted traffic to crash the system, leading to a denial of
service. (CVE-2011-1581)
It was discovered that CIFS incorrectly handled authentication. When a user
had a CIFS share mounted that required authentication, a local user could
mount the same share without knowing the correct password. (CVE-2011-1585)
It was discovered that the GRE protocol incorrectly handled netns
initialization. A remote attacker could send a packet while the ip_gre
module was loading, and crash the system, leading to a denial of service.
(CVE-2011-1767)
It was discovered that the IP/IP protocol incorrectly handled netns
initialization. A remote attacker could send a packet while the ipip module
was loading, and crash the system, leading to a denial of service.
(CVE-2011-1768)
Ben Greear discovered that CIFS did not correctly handle direct I/O. A
local attacker with access to a CIFS partition could exploit this to crash
the system, leading to a denial of service. (CVE-2011-1771)
Timo Warns discovered that the EFI GUID partition table was not correctly
parsed. A physically local attacker that could insert mountable devices
could exploit this to crash the system or possibly gain root privileges.
(CVE-2011-1776)
Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not
correctly check the origin of mount points. A local attacker could exploit
this to trick the system into unmounting arbitrary mount points, leading to
a denial of service. (CVE-2011-1833)
Andrea Righi discovered a race condition in the KSM memory merging support.
If KSM was being used, a local attacker could exploit this to crash the
system, leading to a denial of service. (CVE-2011-2183)
Dan Rosenberg discovered that the IPv4 diagnostic routines did not
correctly validate certain requests. A local attacker could exploit this to
consume CPU resources, leading to a denial of service. (CVE-2011-2213)
It was discovered that an mmap() call with the MAP_PRIVATE flag on
"/dev/zero" was incorrectly handled. A local attacker could exploit this to
crash the system, leading to a denial of service. (CVE-2011-2479)
Vasiliy Kulikov discovered that taskstats listeners were not correctly
handled. A local attacker could expoit this to exhaust memory and CPU
resources, leading to a denial of service. (CVE-2011-2484)
Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly
handled unlock requests. A local attacker could exploit this to cause a
denial of service. (CVE-2011-2491)
It was discovered that Bluetooth l2cap and rfcomm did not correctly
initialize structures. A local attacker could exploit this to read portions
of the kernel stack, leading to a loss of privacy. (CVE-2011-2492)
Sami Liedes discovered that ext4 did not correctly handle missing root
inodes. A local attacker could trigger the mount of a specially crafted
filesystem to cause the system to crash, leading to a denial of service.
(CVE-2011-2493)
Vasiliy Kulikov discovered that taskstats did not enforce access
restrictions. A local attacker could exploit this to read certain
information, leading to a loss of privacy. (CVE-2011-2494)
Vasiliy Kulikov discovered that /proc/PID/io did not enforce access
restrictions. A local attacker could exploit this to read certain
information, leading to a loss of privacy. (CVE-2011-2495)
Robert Swiecki discovered that mapping extensions were incorrectly handled.
A local attacker could exploit this to crash the system, leading to a
denial of service. (CVE-2011-2496)
Dan Rosenberg discovered that the Bluetooth stack incorrectly handled
certain L2CAP requests. If a system was using Bluetooth, a remote attacker
could send specially crafted traffic to crash the system or gain root
privileges. (CVE-2011-2497)
It was discovered that the wireless stack incorrectly verified SSID
lengths. A local attacker could exploit this to cause a denial of service
or gain root privileges. (CVE-2011-2517)
Ben Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being
incorrectly handled. A local attacker could exploit this to crash the
system, leading to a denial of service. (CVE-2011-2525)
It was discovered that GFS2 did not correctly check block sizes. A local
attacker could exploit this to crash the system, leading to a denial of
service. (CVE-2011-2689)
It was discovered that the EXT4 filesystem contained multiple off-by-one
flaws. A local attacker could exploit this to crash the system, leading to
a denial of service. (CVE-2011-2695)
Fernando Gont discovered that the IPv6 stack used predictable fragment
identification numbers. A remote attacker could exploit this to exhaust
network resources, leading to a denial of service. (CVE-2011-2699)
Mauro Carvalho Chehab discovered that the si4713 radio driver did not
correctly check the length of memory copies. If this hardware was
available, a local attacker could exploit this to crash the system or gain
root privileges. (CVE-2011-2700)
Herbert Xu discovered that certain fields were incorrectly handled when
Generic Receive Offload (CVE-2011-2723)
Christian Ohm discovered that the perf command looks for configuration
files in the current directory. If a privileged user were tricked into
running perf in a directory containing a malicious configuration file, an
attacker could run arbitrary commands and possibly gain privileges.
(CVE-2011-2905)
Vasiliy Kulikov discovered that the Comedi driver did not correctly clear
memory. A local attacker could exploit this to read kernel stack memory,
leading to a loss of privacy. (CVE-2011-2909)
The performance counter subsystem did not correctly handle certain
counters. A local attacker could exploit this to crash the system, leading
to a denial of service. (CVE-2011-2918)
Time Warns discovered that long symlinks were incorrectly handled on Be
filesystems. A local attacker could exploit this with a malformed Be
filesystem and crash the system, leading to a denial of service.
(CVE-2011-2928)
Qianfeng Zhang discovered that the bridge networking interface incorrectly
handled certain network packets. A remote attacker could exploit this to
crash the system, leading to a denial of service. (CVE-2011-2942)
Dan Kaminsky discovered that the kernel incorrectly handled random sequence
number generation. An attacker could use this flaw to possibly predict
sequence numbers and inject packets. (CVE-2011-3188)
Darren Lavender discovered that the CIFS client incorrectly handled certain
large values.
(CVE-2011-3191)
Yasuaki Ishimatsu discovered a flaw in the kernel's clock implementation. A
local unprivileged attacker could exploit this causing a denial of service.
(CVE-2011-3209)
Yogesh Sharma discovered that CIFS did not correctly handle UNCs that had
no prefixpaths. A local attacker with access to a CIFS partition could
exploit this to crash the system, leading to a denial of service.
(CVE-2011-3363)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 10.04 LTS:
linux-image-2.6.38-12-generic 2.6.38-12.51~lucid1
linux-image-2.6.38-12-generic-pae 2.6.38-12.51~lucid1
linux-image-2.6.38-12-server 2.6.38-12.51~lucid1
linux-image-2.6.38-12-virtual 2.6.38-12.51~lucid1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References:
http://www.ubuntu.com/usn/usn-1256-1
CVE-2011-1020, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080,
CVE-2011-1093, CVE-2011-1160, CVE-2011-1180, CVE-2011-1478,
CVE-2011-1479, CVE-2011-1493, CVE-2011-1573, CVE-2011-1576,
CVE-2011-1577, CVE-2011-1581, CVE-2011-1585, CVE-2011-1767,
CVE-2011-1768, CVE-2011-1771, CVE-2011-1776, CVE-2011-1833,
CVE-2011-2183, CVE-2011-2213, CVE-2011-2479, CVE-2011-2484,
CVE-2011-2491, CVE-2011-2492, CVE-2011-2493, CVE-2011-2494,
CVE-2011-2495, CVE-2011-2496, CVE-2011-2497, CVE-2011-2517,
CVE-2011-2525, CVE-2011-2689, CVE-2011-2695, CVE-2011-2699,
CVE-2011-2700, CVE-2011-2723, CVE-2011-2905, CVE-2011-2909,
Package Information:
https://launchpad.net/ubuntu/+source/linux-lts-backport-natty/2.6.38-12.51~lucid1
. (CVE-2010-4242)
Brad Spengler discovered that the kernel did not correctly account for
userspace memory allocations during exec() calls. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ----------------------------------------------------------------------
Debian Security Advisory DSA-2240-1 security@debian.org
http://www.debian.org/security/ dann frazier
May 24, 2011 http://www.debian.org/security/faq
- ----------------------------------------------------------------------
Package : linux-2.6
Vulnerability : privilege escalation/denial of service/information leak
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2010-3875 CVE-2011-0695 CVE-2011-0711 CVE-2011-0726
CVE-2011-1016 CVE-2011-1078 CVE-2011-1079 CVE-2011-1080
CVE-2011-1090 CVE-2011-1160 CVE-2011-1163 CVE-2011-1170
CVE-2011-1171 CVE-2011-1172 CVE-2011-1173 CVE-2011-1180
CVE-2011-1182 CVE-2011-1476 CVE-2011-1477 CVE-2011-1478
CVE-2011-1493 CVE-2011-1494 CVE-2011-1495 CVE-2011-1585
CVE-2011-1593 CVE-2011-1598 CVE-2011-1745 CVE-2011-1746
CVE-2011-1748 CVE-2011-1759 CVE-2011-1767 CVE-2011-1770
CVE-2011-1776 CVE-2011-2022
Debian Bug(s) :
Several vulnerabilities have been discovered in the Linux kernel that may lead
to a denial of service or privilege escalation. The Common Vulnerabilities and
Exposures project identifies the following problems:
CVE-2010-3875
Vasiliy Kulikov discovered an issue in the Linux implementation of the
Amateur Radio AX.25 Level 2 protocol.
CVE-2011-0695
Jens Kuehnel reported an issue in the InfiniBand stack. Local
users could learn the text location of a process, defeating protections
provided by address space layout randomization (ASLR).
CVE-2011-1016
Marek Olšák discovered an issue in the driver for ATI/AMD Radeon video
chips. Local users could pass arbitrary values to video memory and the
graphics translation table, resulting in denial of service or escalated
privileges. On default Debian installations, this is exploitable only by
members of the 'video' group.
CVE-2011-1080
Vasiliy Kulikov discovered an issue in the Netfilter subsystem.
CVE-2011-1160
Peter Huewe reported an issue in the Linux kernel's support for TPM security
chips.
CVE-2011-1163
Timo Warns reported an issue in the kernel support for Alpha OSF format disk
partitions.
CVE-2011-1170
Vasiliy Kulikov reported an issue in the Netfilter arp table
implementation.
CVE-2011-1171
Vasiliy Kulikov reported an issue in the Netfilter IP table
implementation.
CVE-2011-1172
Vasiliy Kulikov reported an issue in the Netfilter IP6 table
implementation.
CVE-2011-1173
Vasiliy Kulikov reported an issue in the Acorn Econet protocol
implementation.
CVE-2011-1180
Dan Rosenberg reported a buffer overflow in the Information Access Service
of the IrDA protocol, used for Infrared devices.
CVE-2011-1182
Julien Tinnes reported an issue in the rt_sigqueueinfo interface. Local
users can generate signals with falsified source pid and uid information.
CVE-2011-1476
Dan Rosenberg reported issues in the Open Sound System MIDI interface that
allow local users to cause a denial of service. This issue does not affect
official Debian Linux image packages as they no longer provide support for
OSS. However, custom kernels built from Debians linux-source-2.6.32 may
have enabled this configuration and would therefore be vulnerable.
CVE-2011-1477
Dan Rosenberg reported issues in the Open Sound System driver for cards that
include a Yamaha FM synthesizer chip. This issue does not affect
official Debian Linux image packages as they no longer provide support for
OSS. However, custom kernels built from Debians linux-source-2.6.32 may
have enabled this configuration and would therefore be vulnerable.
CVE-2011-1478
Ryan Sweat reported an issue in the Generic Receive Offload (GRO) support in
the Linux networking subsystem.
CVE-2011-1493
Dan Rosenburg reported two issues in the Linux implementation of the Amateur
Radio X.25 PLP (Rose) protocol.
CVE-2011-1494
Dan Rosenberg reported an issue in the /dev/mpt2ctl interface provided by
the driver for LSI MPT Fusion SAS 2.0 controllers. On default Debian
installations this is not exploitable as this interface is only accessible
to root.
CVE-2011-1495
Dan Rosenberg reported two additional issues in the /dev/mpt2ctl interface
provided by the driver for LSI MPT Fusion SAS 2.0 controllers. On default Debian installations this is not
exploitable as this interface is only accessible to root.
CVE-2011-1585
Jeff Layton reported an issue in the Common Internet File System (CIFS).
CVE-2011-1598
Dave Jones reported an issue in the Broadcast Manager Controller Area
Network (CAN/BCM) protocol that may allow local users to cause a NULL
pointer dereference, resulting in a denial of service.
CVE-2011-1745
Vasiliy Kulikov reported an issue in the Linux support for AGP devices. On default Debian
installations, this is exploitable only by users in the video group.
CVE-2011-1746
Vasiliy Kulikov reported an issue in the Linux support for AGP devices. On default Debian installations, this is exploitable
only by users in the video group.
CVE-2011-1748
Oliver Kartkopp reported an issue in the Controller Area Network (CAN) raw
socket implementation which permits ocal users to cause a NULL pointer
dereference, resulting in a denial of service.
CVE-2011-1759
Dan Rosenberg reported an issue in the support for executing "old ABI"
binaries on ARM processors.
CVE-2011-1767
Alexecy Dobriyan reported an issue in the GRE over IP implementation.
CVE-2011-2022
Vasiliy Kulikov reported an issue in the Linux support for AGP devices. On default Debian
installations, this is exploitable only by users in the video group.
This update also includes changes queued for the next point release of
Debian 6.0, which also fix various non-security issues. These additional
changes are described in the package changelog which can be viewed at:
http://packages.debian.org/changelogs/pool/main/l/linux-2.6/linux-2.6_2.6.32-34/changelog
For the stable distribution (squeeze), this problem has been fixed in version
2.6.32-34squeeze1. Updates for issues impacting the oldstable distribution
(lenny) will be available soon.
The following matrix lists additional source packages that were rebuilt for
compatibility with or to take advantage of this update:
Debian 6.0 (squeeze)
user-mode-linux 2.6.32-1um-4+34squeeze1
We recommend that you upgrade your linux-2.6 and user-mode-linux packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBAgAGBQJN3I4aAAoJEBv4PF5U/IZAaa4P/j+l40Mp6naHByZt3jpwNWSA
RN/jkkrYnYNDyT7crB+/DOdu84zalYa2KqfffOd/faV9+NSCBayjJ5c+FvVgeTay
Il8elfcWP/uK0BXJn2xVb7YAsLpIe0HRlhxe72ZqcT4Yxo1/IBnEpUS56JRd2tlA
k7x7dbj+smlzlM4qiXQy1F6LNyDqoGDUKNohQHUoyQ5dGq/gdi3C7EnUs4Nx9vjK
RU1HUWLXB4qm7JpoK6o3u6Hpe0ynZm74tYvTi0XhayGXGevaBvIQuEWqhY6gZF1P
v6a5gvBQC2pRIQXAVUbAhjoXpuF5jahTgicLdJanDqLfhefQ3qV11Ahvui2lzZuT
iKbMVGzO/azPLzskH8YNBq6drFPX2ZqRsxGmrTdzEtLWnJCN6nBBe4kF6C3z5T1A
1ez4/F+OhNl2wnimq3CxiyfXun9WWs6IlULpqsKgJjE4bItg5a8+zTYGjkhQxX+X
fPzO1xZCtQK4i+59Ejs5FwIfps0fA0m8c1Z5bnIaj4Q+0X5sJt2kwws8yrQKoOH1
eKGOgRqM70rOnyW/TQtXDGnTC4+vCCv89UjZUpG+sxZtWUxeh8CL2scUyceTeSNC
IS2+EgvilN+a3hQlYJH4YNshmQCtJDp7qMTLaXLHM9hoV1L383nbJV4AtrFlcsCO
KRI5f0ds95H6TsEoTSmO
=gx2x
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
VAR-201206-0028 | CVE-2011-1080 | Hitachi JP1 Cross-site scripting vulnerability |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
The do_replace function in net/bridge/netfilter/ebtables.c in the Linux kernel before 2.6.39 does not ensure that a certain name field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability to replace a table, and then reading a modprobe command line. The Linux kernel is prone to multiple local information-disclosure vulnerabilities.
Local attackers can exploit these issues to obtain sensitive information that may lead to further attacks. Hitachi JP1 products are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
The following products are affected:
JP1/IT Resource Management - Manager
JP1/IT Service Level Management - Manager.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section. Relevant releases/architectures:
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64
3. (CVE-2011-1093, Important)
* Multiple buffer overflow flaws were found in the Linux kernel's
Management Module Support for Message Passing Technology (MPT) based
controllers. (CVE-2011-1079, Moderate)
* Missing error checking in the way page tables were handled in the Xen
hypervisor implementation could allow a privileged guest user to cause the
host, and the guests, to lock up. (CVE-2011-1166, Moderate)
* A flaw was found in the way the Xen hypervisor implementation checked for
the upper boundary when getting a new event channel port. (CVE-2011-1763, Moderate)
* The start_code and end_code values in "/proc/[pid]/stat" were not
protected.
(CVE-2011-1078, Low)
* A missing validation of a null-terminated string data structure element
in the do_replace() function could allow a local user who has the
CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1080, Low)
* A buffer overflow flaw in the DEC Alpha OSF partition implementation in
the Linux kernel could allow a local attacker to cause an information leak
by mounting a disk that contains specially-crafted partition tables.
(CVE-2011-1163, Low)
* Missing validations of null-terminated string data structure elements in
the do_replace(), compat_do_replace(), do_ipt_get_ctl(), do_ip6t_get_ctl(),
and do_arpt_get_ctl() functions could allow a local user who has the
CAP_NET_ADMIN capability to cause an information leak.
(CVE-2011-1577, Low)
Red Hat would like to thank Dan Rosenberg for reporting CVE-2011-1494 and
CVE-2011-1495; Vasiliy Kulikov for reporting CVE-2011-1079, CVE-2011-1078,
CVE-2011-1080, CVE-2011-1170, CVE-2011-1171, and CVE-2011-1172; Kees Cook
for reporting CVE-2011-0726; and Timo Warns for reporting CVE-2011-1163
and CVE-2011-1577.
This update also fixes several bugs. Documentation for these bug fixes will
be available shortly from the Technical Notes document linked to in the
References section.
Users should upgrade to these updated packages, which contain backported
patches to correct these issues, and fix the bugs noted in the Technical
Notes. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system. Bugs fixed (http://bugzilla.redhat.com/):
681259 - CVE-2011-1078 kernel: bt sco_conninfo infoleak
681260 - CVE-2011-1079 kernel: bnep device field missing NULL terminator
681262 - CVE-2011-1080 kernel: ebtables stack infoleak
682954 - CVE-2011-1093 kernel: dccp: fix oops on Reset after close
684569 - CVE-2011-0726 kernel: proc: protect mm start_code/end_code in /proc/pid/stat
688021 - CVE-2011-1163 kernel: fs/partitions: Corrupted OSF partition table infoleak
688156 - [5.6][REG]for some uses of 'nfsservctl' system call, the kernel crashes. [rhel-5.6.z]
688579 - CVE-2011-1166 kernel: xen: x86_64: fix error checking in arch_set_info_guest()
689321 - CVE-2011-1170 ipv4: netfilter: arp_tables: fix infoleak to userspace
689327 - CVE-2011-1171 ipv4: netfilter: ip_tables: fix infoleak to userspace
689345 - CVE-2011-1172 ipv6: netfilter: ip6_tables: fix infoleak to userspace
689699 - Deadlock between device driver attachment and device removal with a USB device [rhel-5.6.z]
689700 - [NetApp 5.6 Bug] QLogic 8G FC firmware dumps seen during IO [rhel-5.6.z]
690134 - Time runs too fast in a VM on processors with > 4GHZ freq [rhel-5.6.z]
690239 - gfs2: creating large files suddenly slow to a crawl [rhel-5.6.z]
694021 - CVE-2011-1494 CVE-2011-1495 kernel: drivers/scsi/mpt2sas: prevent heap overflows
695976 - CVE-2011-1577 kernel: corrupted GUID partition tables can cause kernel oops
696136 - RHEL 5.6 (kernel -238) causes audio issues [rhel-5.6.z]
697448 - slab corruption after seeing some nfs-related BUG: warning [rhel-5.6.z]
699808 - dasd: fix race between open and offline [rhel-5.6.z]
701240 - CVE-2011-1763 kernel: xen: improper upper boundary check in get_free_port() function
6. Package List:
Red Hat Enterprise Linux Desktop (v. 5 client):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-238.12.1.el5.src.rpm
i386:
kernel-2.6.18-238.12.1.el5.i686.rpm
kernel-PAE-2.6.18-238.12.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-238.12.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-238.12.1.el5.i686.rpm
kernel-debug-2.6.18-238.12.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-238.12.1.el5.i686.rpm
kernel-debug-devel-2.6.18-238.12.1.el5.i686.rpm
kernel-debuginfo-2.6.18-238.12.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-238.12.1.el5.i686.rpm
kernel-devel-2.6.18-238.12.1.el5.i686.rpm
kernel-headers-2.6.18-238.12.1.el5.i386.rpm
kernel-xen-2.6.18-238.12.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-238.12.1.el5.i686.rpm
kernel-xen-devel-2.6.18-238.12.1.el5.i686.rpm
noarch:
kernel-doc-2.6.18-238.12.1.el5.noarch.rpm
x86_64:
kernel-2.6.18-238.12.1.el5.x86_64.rpm
kernel-debug-2.6.18-238.12.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-238.12.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-238.12.1.el5.x86_64.rpm
kernel-devel-2.6.18-238.12.1.el5.x86_64.rpm
kernel-headers-2.6.18-238.12.1.el5.x86_64.rpm
kernel-xen-2.6.18-238.12.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-238.12.1.el5.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-238.12.1.el5.src.rpm
i386:
kernel-2.6.18-238.12.1.el5.i686.rpm
kernel-PAE-2.6.18-238.12.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-238.12.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-238.12.1.el5.i686.rpm
kernel-debug-2.6.18-238.12.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-238.12.1.el5.i686.rpm
kernel-debug-devel-2.6.18-238.12.1.el5.i686.rpm
kernel-debuginfo-2.6.18-238.12.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-238.12.1.el5.i686.rpm
kernel-devel-2.6.18-238.12.1.el5.i686.rpm
kernel-headers-2.6.18-238.12.1.el5.i386.rpm
kernel-xen-2.6.18-238.12.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-238.12.1.el5.i686.rpm
kernel-xen-devel-2.6.18-238.12.1.el5.i686.rpm
ia64:
kernel-2.6.18-238.12.1.el5.ia64.rpm
kernel-debug-2.6.18-238.12.1.el5.ia64.rpm
kernel-debug-debuginfo-2.6.18-238.12.1.el5.ia64.rpm
kernel-debug-devel-2.6.18-238.12.1.el5.ia64.rpm
kernel-debuginfo-2.6.18-238.12.1.el5.ia64.rpm
kernel-debuginfo-common-2.6.18-238.12.1.el5.ia64.rpm
kernel-devel-2.6.18-238.12.1.el5.ia64.rpm
kernel-headers-2.6.18-238.12.1.el5.ia64.rpm
kernel-xen-2.6.18-238.12.1.el5.ia64.rpm
kernel-xen-debuginfo-2.6.18-238.12.1.el5.ia64.rpm
kernel-xen-devel-2.6.18-238.12.1.el5.ia64.rpm
noarch:
kernel-doc-2.6.18-238.12.1.el5.noarch.rpm
ppc:
kernel-2.6.18-238.12.1.el5.ppc64.rpm
kernel-debug-2.6.18-238.12.1.el5.ppc64.rpm
kernel-debug-debuginfo-2.6.18-238.12.1.el5.ppc64.rpm
kernel-debug-devel-2.6.18-238.12.1.el5.ppc64.rpm
kernel-debuginfo-2.6.18-238.12.1.el5.ppc64.rpm
kernel-debuginfo-common-2.6.18-238.12.1.el5.ppc64.rpm
kernel-devel-2.6.18-238.12.1.el5.ppc64.rpm
kernel-headers-2.6.18-238.12.1.el5.ppc.rpm
kernel-headers-2.6.18-238.12.1.el5.ppc64.rpm
kernel-kdump-2.6.18-238.12.1.el5.ppc64.rpm
kernel-kdump-debuginfo-2.6.18-238.12.1.el5.ppc64.rpm
kernel-kdump-devel-2.6.18-238.12.1.el5.ppc64.rpm
s390x:
kernel-2.6.18-238.12.1.el5.s390x.rpm
kernel-debug-2.6.18-238.12.1.el5.s390x.rpm
kernel-debug-debuginfo-2.6.18-238.12.1.el5.s390x.rpm
kernel-debug-devel-2.6.18-238.12.1.el5.s390x.rpm
kernel-debuginfo-2.6.18-238.12.1.el5.s390x.rpm
kernel-debuginfo-common-2.6.18-238.12.1.el5.s390x.rpm
kernel-devel-2.6.18-238.12.1.el5.s390x.rpm
kernel-headers-2.6.18-238.12.1.el5.s390x.rpm
kernel-kdump-2.6.18-238.12.1.el5.s390x.rpm
kernel-kdump-debuginfo-2.6.18-238.12.1.el5.s390x.rpm
kernel-kdump-devel-2.6.18-238.12.1.el5.s390x.rpm
x86_64:
kernel-2.6.18-238.12.1.el5.x86_64.rpm
kernel-debug-2.6.18-238.12.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-238.12.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-238.12.1.el5.x86_64.rpm
kernel-devel-2.6.18-238.12.1.el5.x86_64.rpm
kernel-headers-2.6.18-238.12.1.el5.x86_64.rpm
kernel-xen-2.6.18-238.12.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-238.12.1.el5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2264-1 security@debian.org
http://www.debian.org/security/ dann frazier
June 18, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : linux-2.6
Vulnerability : privilege escalation/denial of service/information leak
Problem type : local/remote
Debian-specific: no
CVE Id(s) : CVE-2010-2524 CVE-2010-3875 CVE-2010-4075 CVE-2010-4655
CVE-2011-0695 CVE-2011-0710 CVE-2011-0711 CVE-2011-0726
CVE-2011-1010 CVE-2011-1012 CVE-2011-1017 CVE-2011-1078
CVE-2011-1079 CVE-2011-1080 CVE-2011-1090 CVE-2011-1093
CVE-2011-1160 CVE-2011-1163 CVE-2011-1170 CVE-2011-1171
CVE-2011-1172 CVE-2011-1173 CVE-2011-1180 CVE-2011-1182
CVE-2011-1477 CVE-2011-1493 CVE-2011-1577 CVE-2011-1593
CVE-2011-1598 CVE-2011-1745 CVE-2011-1746 CVE-2011-1748
CVE-2011-1759 CVE-2011-1767 CVE-2011-1768 CVE-2011-1776
CVE-2011-2022 CVE-2011-2182
Debian Bug : 618485
Several vulnerabilities have been discovered in the Linux kernel that may lead
to a privilege escalation, denial of service or information leak. The Common
Vulnerabilities and Exposures project identifies the following problems:
CVE-2010-2524
David Howells reported an issue in the Common Internet File System (CIFS).
Local users could cause arbitrary CIFS shares to be mounted by introducing
malicious redirects.
CVE-2010-3875
Vasiliy Kulikov discovered an issue in the Linux implementation of the
Amateur Radio AX.25 Level 2 protocol.
CVE-2010-4075
Dan Rosenberg reported an issue in the tty layer that may allow local
users to obtain access to sensitive kernel memory.
CVE-2011-0695
Jens Kuehnel reported an issue in the InfiniBand stack. Remote attackers can
exploit a race condition to cause a denial of service (kernel panic).
CVE-2011-0710
Al Viro reported an issue in the /proc/<pid>/status interface on the
s390 architecture. Local users could gain access to sensitive memory
in processes they do not own via the task_show_regs entry.
CVE-2011-0711
Dan Rosenberg reported an issue in the XFS filesystem.
CVE-2011-0726
Kees Cook reported an issue in the /proc/pid/stat implementation. Local
users could learn the text location of a process, defeating protections
provided by address space layout randomization (ASLR).
CVE-2011-1010
Timo Warns reported an issue in the Linux support for Mac partition tables.
Local users with physical access could cause a denial of service (panic)
by adding a storage device with a malicious map_count value.
CVE-2011-1012
Timo Warns reported an issue in the Linux support for Mac partition tables.
Local users with physical access could cause a denial of service (panic)
by adding a storage device with a malicious map_count value.
CVE-2011-1017
Timo Warns reported an issue in the Linux support for LDM partition tables.
Users with physical access can gain access to sensitive kernel memory or
gain elevated privileges by adding a storage device with a specially
crafted LDM partition.
CVE-2011-1078
Vasiliy Kulikov discovered an issue in the Bluetooth subsystem.
CVE-2011-1079
Vasiliy Kulikov discovered an issue in the Bluetooth subsystem. Local users
with the CAP_NET_ADMIN capability can cause a denial of service (kernel
Oops).
CVE-2011-1080
Vasiliy Kulikov discovered an issue in the Netfilter subsystem.
CVE-2011-1090
Neil Horman discovered a memory leak in the setacl() call on NFSv4
filesystems. Local users can exploit this to cause a denial of service
(Oops).
CVE-2011-1093
Johan Hovold reported an issue in the Datagram Congestion Control Protocol
(DCCP) implementation. Remote users could cause a denial of service by
sending data after closing a socket.
CVE-2011-1160
Peter Huewe reported an issue in the Linux kernel's support for TPM security
chips. Local users with permission to open the device can gain access to
sensitive kernel memory.
CVE-2011-1163
Timo Warns reported an issue in the kernel support for Alpha OSF format disk
partitions. Users with physical access can gain access to sensitive kernel
memory by adding a storage device with a specially crafted OSF partition.
CVE-2011-1170
Vasiliy Kulikov reported an issue in the Netfilter arp table
implementation.
CVE-2011-1171
Vasiliy Kulikov reported an issue in the Netfilter IP table
implementation.
CVE-2011-1172
Vasiliy Kulikov reported an issue in the Netfilter IP6 table
implementation.
CVE-2011-1173
Vasiliy Kulikov reported an issue in the Acorn Econet protocol
implementation.
CVE-2011-1180
Dan Rosenberg reported a buffer overflow in the Information Access Service
of the IrDA protocol, used for Infrared devices. Remote attackers within IR
device range can cause a denial of service or possibly gain elevated
privileges.
CVE-2011-1182
Julien Tinnes reported an issue in the rt_sigqueueinfo interface. Local
users can generate signals with falsified source pid and uid information.
CVE-2011-1477
Dan Rosenberg reported issues in the Open Sound System driver for cards that
include a Yamaha FM synthesizer chip. Local users can cause memory
corruption resulting in a denial of service. This issue does not affect
official Debian Linux image packages as they no longer provide support for
OSS. However, custom kernels built from Debians linux-source-2.6.32 may
have enabled this configuration and would therefore be vulnerable.
CVE-2011-1493
Dan Rosenburg reported two issues in the Linux implementation of the
Amateur Radio X.25 PLP (Rose) protocol. A remote user can cause a denial of
service by providing specially crafted facilities fields.
CVE-2011-1577
Timo Warns reported an issue in the Linux support for GPT partition tables.
Local users with physical access could cause a denial of service (Oops)
by adding a storage device with a malicious partition table header.
CVE-2011-1593
Robert Swiecki reported a signednes issue in the next_pidmap() function,
which can be exploited my local users to cause a denial of service.
CVE-2011-1598
Dave Jones reported an issue in the Broadcast Manager Controller Area
Network (CAN/BCM) protocol that may allow local users to cause a NULL
pointer dereference, resulting in a denial of service.
CVE-2011-1745
Vasiliy Kulikov reported an issue in the Linux support for AGP devices.
Local users can obtain elevated privileges or cause a denial of service due
to missing bounds checking in the AGPIOC_BIND ioctl. On default Debian
installations, this is exploitable only by users in the video group.
CVE-2011-1746
Vasiliy Kulikov reported an issue in the Linux support for AGP devices.
Local users can obtain elevated privileges or cause a denial of service
due to missing bounds checking in the agp_allocate_memory and
agp_create_user_memory. On default Debian installations, this is
exploitable only by users in the video group.
CVE-2011-1748
Oliver Kartkopp reported an issue in the Controller Area Network (CAN) raw
socket implementation which permits ocal users to cause a NULL pointer
dereference, resulting in a denial of service.
CVE-2011-1759
Dan Rosenberg reported an issue in the support for executing "old ABI"
binaries on ARM processors. Local users can obtain elevated privileges due
to insufficient bounds checking in the semtimedop system call.
CVE-2011-1767
Alexecy Dobriyan reported an issue in the GRE over IP implementation.
Remote users can cause a denial of service by sending a packet during
module initialization.
CVE-2011-1768
Alexecy Dobriyan reported an issue in the IP tunnels implementation.
Remote users can cause a denial of service by sending a packet during
module initialization.
CVE-2011-1776
Timo Warns reported an issue in the Linux implementation for GUID
partitions. Users with physical access can gain access to sensitive kernel
memory by adding a storage device with a specially crafted corrupted
invalid partition table.
CVE-2011-2022
Vasiliy Kulikov reported an issue in the Linux support for AGP devices.
Local users can obtain elevated privileges or cause a denial of service due
to missing bounds checking in the AGPIOC_UNBIND ioctl. On default Debian
installations, this is exploitable only by users in the video group.
CVE-2011-2182
Ben Hutchings reported an issue with the fix for CVE-2011-1017 (see above)
that made it insufficient to resolve the issue.
For the oldstable distribution (lenny), this problem has been fixed in
version 2.6.26-26lenny3. Updates for arm and hppa are not yet available,
but will be released as soon as possible.
The following matrix lists additional source packages that were rebuilt for
compatibility with or to take advantage of this update:
Debian 5.0 (lenny)
user-mode-linux 2.6.26-1um-2+26lenny3
We recommend that you upgrade your linux-2.6 and user-mode-linux packages.
These updates will not become active until after your system is rebooted.
Note: Debian carefully tracks all known security issues across every
linux kernel package in all releases under active security support.
However, given the high frequency at which low-severity security
issues are discovered in the kernel and the resource requirements of
doing an update, updates for lower priority issues will normally not
be released for all kernels at the same time. Rather, they will be
released in a staggered or "leap-frog" fashion.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBAgAGBQJN/Uv8AAoJEBv4PF5U/IZAp7QQAJmbSplvSgno69C0IFRzRgGI
FS3B6uq5zNcvucQ4O2u5Zj/rPRef/M2Lxj4Vx/9FQ+4SlV/Ryazu3iknLL2iyc8a
3zZBbo6S/OvhK0Prfd88ItCxXviYJchY91qp7Pm5TOkE1rM43XLhDAi1T1W507tY
2rgqUfWkmN0Xq4Ykh3uySsIH6VkLqC5Ay7n5jXapdf3wJkyl1pg/iu0ndTnHaRTC
ByQehIMbj4OOivOcy06lS89Aro+KkgPRaA0lp5enegxUZTs5S5AIo7h6v9U078xr
bcUcfrOsiTpVuTRND1L7kQQhPjmIv+UlzFjYuGPbHQxfZRVnVIlB4Ny3jIyN1aBx
DMqxGR+novsYIuXAZWlsF17UYQXW5CFe+7aeS06bdaWWemJGkV0Mkfb72fwa3uLz
sXlLp6fju2N5RQW7WVfjx89X7SAjKmYwQnCMbo0mwdRfujBNgbkm2xCrDy+QIE23
5BnAY18kXpqaRbXPJB0sy8V99Wnl1ZSRRzX0kOZVecrhKAoCUGPJS2X+bDEtIzhB
OWzxcC7P94hega5JYzteSZcyBkGRUj4604NCzD38OdPqqWvR3oWtwDRAKIR7gZ/L
PRoDZucqfYV+BhXy/ib55qTo/va5gjmnlUFMP2G/TVQk9XQ/q8TxxefmnQc+Qy3A
P/Hlaop/HijmZLuNpJB4
=dXCB
-----END PGP SIGNATURE-----
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
----------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2012-0001
Synopsis: VMware ESXi and ESX updates to third party library
and ESX Service Console
Issue date: 2012-01-30
Updated on: 2012-01-30 (initial advisory)
CVE numbers: --- COS Kernel ---
CVE-2011-0726, CVE-2011-1078, CVE-2011-1079,
CVE-2011-1080, CVE-2011-1093, CVE-2011-1163,
CVE-2011-1166, CVE-2011-1170, CVE-2011-1171,
CVE-2011-1172, CVE-2011-1494, CVE-2011-1495,
CVE-2011-1577, CVE-2011-1763, CVE-2010-4649,
CVE-2011-0695, CVE-2011-0711, CVE-2011-1044,
CVE-2011-1182, CVE-2011-1573, CVE-2011-1576,
CVE-2011-1593, CVE-2011-1745, CVE-2011-1746,
CVE-2011-1776, CVE-2011-1936, CVE-2011-2022,
CVE-2011-2213, CVE-2011-2492, CVE-2011-1780,
CVE-2011-2525, CVE-2011-2689, CVE-2011-2482,
CVE-2011-2491, CVE-2011-2495, CVE-2011-2517,
CVE-2011-2519, CVE-2011-2901
--- COS cURL ---
CVE-2011-2192
--- COS rpm ---
CVE-2010-2059, CVE-2011-3378
--- COS samba ---
CVE-2010-0547, CVE-2010-0787, CVE-2011-1678,
CVE-2011-2522, CVE-2011-2694
--- COS python ---
CVE-2009-3720, CVE-2010-3493, CVE-2011-1015,
CVE-2011-1521
--- python library ---
CVE-2009-3560, CVE-2009-3720, CVE-2010-1634,
CVE-2010-2089, CVE-2011-1521
----------------------------------------------------------------------
1. Summary
VMware ESXi and ESX updates to third party library and ESX Service
Console address several security issues.
2. Relevant releases
ESXi 4.1 without patch ESXi410-201201401-SG
ESX 4.1 without patches ESX410-201201401-SG, ESX410-201201402-SG,
ESX410-201201404-SG, ESX410-201201405-SG,
ESX410-201201406-SG, ESX410-201201407-SG
3. Problem Description
a. ESX third party update for Service Console kernel
The ESX Service Console Operating System (COS) kernel is updated to
kernel-2.6.18-274.3.1.el5 to fix multiple security issues in the
COS kernel.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201201401-SG
ESX 4.0 ESX patch pending
ESX 3.5 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Fusion.
b. ESX third party update for Service Console cURL RPM
The ESX Service Console (COS) curl RPM is updated to cURL-7.15.5.9
resolving a security issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201201402-SG
ESX 4.0 ESX patch pending
ESX 3.5 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Fusion.
c. ESX third party update for Service Console nspr and nss RPMs
The ESX Service Console (COS) nspr and nss RPMs are updated to
nspr-4.8.8-1.el5_7 and nss-3.12.10-4.el5_7 respectively resolving
a security issues.
A Certificate Authority (CA) issued fraudulent SSL certificates and
Netscape Portable Runtime (NSPR) and Network Security Services (NSS)
contain the built-in tokens of this fraudulent Certificate
Authority. This update renders all SSL certificates signed by the
fraudulent CA as untrusted for all uses.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201201404-SG
ESX 4.0 ESX patch pending
ESX 3.5 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Fusion.
d. ESX third party update for Service Console rpm RPMs
The ESX Service Console Operating System (COS) rpm packages are
updated to popt-1.10.2.3-22.el5_7.2, rpm-4.4.2.3-22.el5_7.2,
rpm-libs-4.4.2.3-22.el5_7.2 and rpm-python-4.4.2.3-22.el5_7.2
which fixes multiple security issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201201406-SG
ESX 4.0 ESX patch pending
ESX 3.5 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Fusion.
e. ESX third party update for Service Console samba RPMs
The ESX Service Console Operating System (COS) samba packages are
updated to samba-client-3.0.33-3.29.el5_7.4,
samba-common-3.0.33-3.29.el5_7.4 and
libsmbclient-3.0.33-3.29.el5_7.4 which fixes multiple security
issues in the Samba client.
Note that ESX does not include the Samba Web Administration Tool
(SWAT) and therefore ESX COS is not affected by CVE-2011-2522 and
CVE-2011-2694.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201201407-SG
ESX 4.0 ESX patch pending
ESX 3.5 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Fusion.
f. ESX third party update for Service Console python package
The ESX Service Console (COS) python package is updated to
2.4.3-44 which fixes multiple security issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201201405-SG
ESX 4.0 ESX patch pending
ESX 3.5 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Fusion.
g. ESXi update to third party component python
The python third party library is updated to python 2.5.6 which
fixes multiple security issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi 5.0 ESXi patch pending
ESXi 4.1 ESXi ESXi410-201201401-SG
ESXi 4.0 ESXi patch pending
ESXi 3.5 ESXi patch pending
ESX 4.1 ESX not affected
ESX 4.0 ESX not affected
ESX 3.5 ESX not affected
* hosted products are VMware Workstation, Player, ACE, Fusion.
4. Solution
Please review the patch/release notes for your product and version
and verify the checksum of your downloaded file.
VMware ESXi 4.1
---------------
ESXi410-201201401
http://downloads.vmware.com/go/selfsupport-download
md5sum: BDF86F10A973346E26C9C2CD4C424E88
sha1sum: CC0B92869A9AAE4F5E0E5B81BEE109BCD7DA780F
http://kb.vmware.com/kb/2009143
ESXi410-201201401 contains ESXi410-201201401-SG
VMware ESX 4.1
--------------
ESX410-201201001
http://downloads.vmware.com/go/selfsupport-download
md5sum: 16DF9ACD3E74BCABC2494BC23AD0927F
sha1sum: 1066AE1436E1A75BA3D541AB65296CFB9AB7A5CC
http://kb.vmware.com/kb/2009142
ESX410-201201001 contains ESX410-201201401-SG, ESX410-201201402-SG,
ESX410-201201404-SG, ESX410-201201405-SG, ESX410-201201406-SG and
ESX410-201201407-SG
5. References
CVE numbers
--- COS Kernel ---
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0726
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1093
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1494
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1495
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1577
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1763
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0695
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0711
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1573
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1576
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1745
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1746
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1936
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2022
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2525
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2689
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2482
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2495
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2901
--- COS cURL ---
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2192
--- COS rpm ---
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2059
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3378
--- COS samba ---
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1678
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2522
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2694
--- COS python ---
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1015
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1521
--- python library ---
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1634
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1521
----------------------------------------------------------------------
6. Change log
2012-01-30 VMSA-2012-0001
Initial security advisory in conjunction with the release of patches
for ESX 4.1 and ESXi 4.1 on 2012-01-30.
----------------------------------------------------------------------
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories
http://www.vmware.com/security/advisories
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
General support life cycle policy
http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html
Copyright 2012 VMware Inc. All rights reserved. ==========================================================================
Ubuntu Security Notice USN-1204-1
September 13, 2011
linux-fsl-imx51 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
Multiple kernel flaws have been fixed.
Software Description:
- linux-fsl-imx51: Linux kernel for IMX51
Details:
Dan Rosenberg discovered that the Linux kernel TIPC implementation
contained multiple integer signedness errors. (CVE-2010-3859)
Dan Rosenberg discovered that multiple terminal ioctls did not correctly
initialize structure memory. A local attacker could exploit this to read
portions of kernel stack memory, leading to a loss of privacy.
(CVE-2010-4075, CVE-2010-4076, CVE-2010-4077)
Dan Rosenberg discovered that the socket filters did not correctly
initialize structure memory. A local attacker could create malicious
filters to read portions of kernel stack memory, leading to a loss of
privacy. (CVE-2010-4158)
Dan Rosenberg discovered that the Linux kernel L2TP implementation
contained multiple integer signedness errors.
(CVE-2010-4160)
Dan Rosenberg discovered that certain iovec operations did not calculate
page counts correctly. (CVE-2010-4163, CVE-2010-4668)
Dan Rosenberg discovered that the RDS protocol did not correctly check
ioctl arguments. (CVE-2010-4175)
Alan Cox discovered that the HCI UART driver did not correctly check if a
write operation was available. If the mmap_min-addr sysctl was changed from
the Ubuntu default to a value of 0, a local attacker could exploit this
flaw to gain root privileges. (CVE-2010-4242)
Brad Spengler discovered that the kernel did not correctly account for
userspace memory allocations during exec() calls.
(CVE-2010-4243)
Alex Shi and Eric Dumazet discovered that the network stack did not
correctly handle packet backlogs. (CVE-2010-4251, CVE-2010-4805)
It was discovered that the ICMP stack did not correctly handle certain
unreachable messages. (CVE-2010-4526)
Dan Carpenter discovered that the Infiniband driver did not correctly
handle certain requests. (CVE-2010-4649, CVE-2011-1044)
Kees Cook reported that /proc/pid/stat did not correctly filter certain
memory locations. (CVE-2011-1012)
Matthiew Herrb discovered that the drm modeset interface did not correctly
handle a signed comparison. (CVE-2011-1013)
It was discovered that the /proc filesystem did not correctly handle
permission changes when programs executed. A local attacker could hold open
files to examine details about programs running with higher privileges,
potentially increasing the chances of exploiting additional
vulnerabilities. (CVE-2011-1078)
Vasiliy Kulikov discovered that the Bluetooth stack did not correctly check
that device name strings were NULL terminated.
(CVE-2011-1079)
Vasiliy Kulikov discovered that bridge network filtering did not check that
name fields were NULL terminated.
(CVE-2011-1080)
Nelson Elhage discovered that the epoll subsystem did not correctly handle
certain structures. (CVE-2011-1082)
Neil Horman discovered that NFSv4 did not correctly handle certain orders
of operation with ACL data.
(CVE-2011-1090)
Johan Hovold discovered that the DCCP network stack did not correctly
handle certain packet combinations. (CVE-2011-1093)
Peter Huewe discovered that the TPM device did not correctly initialize
memory. (CVE-2011-1163)
Vasiliy Kulikov discovered that the netfilter code did not check certain
strings copied from userspace. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-2534)
Vasiliy Kulikov discovered that the Acorn Universal Networking driver did
not correctly initialize memory.
(CVE-2011-1173)
Dan Rosenberg discovered that the IRDA subsystem did not correctly check
certain field sizes.
(CVE-2011-1180)
Ryan Sweat discovered that the GRO code did not correctly validate memory. (CVE-2011-1478)
Dan Rosenberg discovered that the X.25 Rose network stack did not correctly
handle certain fields. If a system was running with Rose enabled, a remote
attacker could send specially crafted traffic to gain root privileges. (CVE-2011-1577)
Oliver Hartkopp and Dave Jones discovered that the CAN network driver did
not correctly validate certain socket structures. (CVE-2011-1598)
Dan Rosenberg discovered that the DCCP stack did not correctly handle
certain packet structures. (CVE-2011-1770)
Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not
correctly check the origin of mount points. (CVE-2011-1833)
Vasiliy Kulikov discovered that taskstats listeners were not correctly
handled. A local attacker could exploit this to read portions
of the kernel stack, leading to a loss of privacy. (CVE-2011-2492)
Fernando Gont discovered that the IPv6 stack used predictable fragment
identification numbers. (CVE-2011-2699)
The performance counter subsystem did not correctly handle certain
counters. (CVE-2011-2918)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 10.04 LTS:
linux-image-2.6.31-610-imx51 2.6.31-610.28
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References:
http://www.ubuntu.com/usn/usn-1204-1
CVE-2010-3859, CVE-2010-4075, CVE-2010-4076, CVE-2010-4077,
CVE-2010-4158, CVE-2010-4160, CVE-2010-4162, CVE-2010-4163,
CVE-2010-4175, CVE-2010-4242, CVE-2010-4243, CVE-2010-4251,
CVE-2010-4526, CVE-2010-4649, CVE-2010-4668, CVE-2010-4805,
CVE-2011-0726, CVE-2011-1010, CVE-2011-1012, CVE-2011-1013,
CVE-2011-1020, CVE-2011-1044, CVE-2011-1078, CVE-2011-1079,
CVE-2011-1080, CVE-2011-1082, CVE-2011-1090, CVE-2011-1093,
CVE-2011-1160, CVE-2011-1163, CVE-2011-1170, CVE-2011-1171,
CVE-2011-1172, CVE-2011-1173, CVE-2011-1180, CVE-2011-1478,
CVE-2011-1493, CVE-2011-1577, CVE-2011-1598, CVE-2011-1770,
Package Information:
https://launchpad.net/ubuntu/+source/linux-fsl-imx51/2.6.31-610.28
.
CVE-2011-1016
Marek Olšák discovered an issue in the driver for ATI/AMD Radeon video
chips.
This update also includes changes queued for the next point release of
Debian 6.0, which also fix various non-security issues.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
VAR-201310-0084 | CVE-2011-2901 | Xen of __addr_ok Service disruption in macro (DoS) Vulnerabilities |
CVSS V2: 5.5 CVSS V3: - Severity: MEDIUM |
Off-by-one error in the __addr_ok macro in Xen 3.3 and earlier allows local 64 bit PV guest administrators to cause a denial of service (host crash) via unspecified hypercalls that ignore virtual-address bits. Xen is prone to a denial-of-service vulnerability due to an off-by-one error.
An attacker with access to a guest operating system can exploit this issue to crash the host operating system, effectively denying service to legitimate users. Due to the nature of this issue arbitrary code-execution maybe possible; however this has not been confirmed,. Hitachi JP1 products are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
The following products are affected:
JP1/IT Resource Management - Manager
JP1/IT Service Level Management - Manager.
This update also fixes several bugs. Documentation for these bug fixes will
be available shortly from the Technical Notes document linked to in the
References section.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section. Relevant releases/architectures:
Red Hat Enterprise Linux EUS (v. 5.6 server) - i386, ia64, noarch, ppc, s390x, x86_64
3. Description:
These packages contain the Linux kernel.
This update fixes the following security issues:
* A flaw in the Stream Control Transmission Protocol (SCTP) implementation
could allow a remote attacker to cause a denial of service by sending a
specially-crafted SCTP packet to a target system. (CVE-2011-2482,
Important)
If you do not run applications that use SCTP, you can prevent the sctp
module from being loaded by adding the following to the end of the
"/etc/modprobe.d/blacklist.conf" file:
blacklist sctp
This way, the sctp module cannot be loaded accidentally, which may occur
if an application that requires SCTP is started. A reboot is not necessary
for this change to take effect.
* A flaw in the client-side NFS Lock Manager (NLM) implementation could
allow a local, unprivileged user to cause a denial of service.
(CVE-2011-2491, Important)
* Flaws in the netlink-based wireless configuration interface could allow
a local user, who has the CAP_NET_ADMIN capability, to cause a denial of
service or escalate their privileges on systems that have an active
wireless interface. (CVE-2011-2517, Important)
* A flaw was found in the way the Linux kernel's Xen hypervisor
implementation emulated the SAHF instruction. When using a
fully-virtualized guest on a host that does not use hardware assisted
paging (HAP), such as those running CPUs that do not have support for (or
those that have it disabled) Intel Extended Page Tables (EPT) or AMD
Virtualization (AMD-V) Rapid Virtualization Indexing (RVI), a privileged
guest user could trigger this flaw to cause the hypervisor to crash.
(CVE-2011-2519, Moderate)
* A flaw in the __addr_ok() macro in the Linux kernel's Xen hypervisor
implementation when running on 64-bit systems could allow a privileged
guest user to crash the hypervisor. (CVE-2011-2901, Moderate)
* /proc/[PID]/io is world-readable by default. Previously, these files
could be read without any further restrictions. A local, unprivileged user
could read these files, belonging to other, possibly privileged processes
to gather confidential information, such as the length of a password used
in a process. (CVE-2011-2495, Low)
Red Hat would like to thank Vasily Averin for reporting CVE-2011-2491, and
Vasiliy Kulikov of Openwall for reporting CVE-2011-2495.
This update also fixes the following bugs:
* On Broadcom PCI cards that use the tg3 driver, the operational state of a
network device, represented by the value in
"/sys/class/net/ethX/operstate", was not initialized by default.
Consequently, the state was reported as "unknown" when the tg3 network
device was actually in the "up" state. This update modifies the tg3 driver
to properly set the operstate value. (BZ#744699)
* A KVM (Kernel-based Virtual Machine) guest can get preempted by the host,
when a higher priority process needs to run. When a guest is not running
for several timer interrupts in a row, ticks could be lost, resulting in
the jiffies timer advancing slower than expected and timeouts taking longer
than expected. To correct for the issue of lost ticks,
do_timer_tsc_timekeeping() checks a reference clock source (kvm-clock when
running as a KVM guest) to see if timer interrupts have been missed. If so,
jiffies is incremented by the number of missed timer interrupts, ensuring
that programs are woken up on time. (BZ#747874)
* When a block device object was allocated, the bd_super field was not
being explicitly initialized to NULL. Previously, users of the block device
object could set bd_super to NULL when the object was released by calling
the kill_block_super() function. Certain third-party file systems do not
always use this function, and bd_super could therefore become uninitialized
when the object was allocated again. This could cause a kernel panic in the
blkdev_releasepage() function, when the uninitialized bd_super field was
dereferenced. Now, bd_super is properly initialized in the bdget()
function, and the kernel panic no longer occurs. (BZ#751137)
4. Solution:
Users should upgrade to these updated packages, which contain
backported patches to resolve these issues. The system must be
rebooted for this update to take effect.
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system. Bugs fixed (http://bugzilla.redhat.com/):
709393 - CVE-2011-2491 kernel: rpc task leak after flock()ing NFS share
714867 - CVE-2011-2482 kernel: sctp dos
716825 - CVE-2011-2495 kernel: /proc/PID/io infoleak
718152 - CVE-2011-2517 kernel: nl80211: missing check for valid SSID size in scan operations
718882 - CVE-2011-2519 kernel: xen: x86_emulate: fix SAHF emulation
728042 - CVE-2011-2901 kernel: xen: off-by-one shift in x86_64 __addr_ok()
6. Package List:
Red Hat Enterprise Linux EUS (v. 5.6 server):
Source:
kernel-2.6.18-238.31.1.el5.src.rpm
i386:
kernel-2.6.18-238.31.1.el5.i686.rpm
kernel-PAE-2.6.18-238.31.1.el5.i686.rpm
kernel-PAE-debuginfo-2.6.18-238.31.1.el5.i686.rpm
kernel-PAE-devel-2.6.18-238.31.1.el5.i686.rpm
kernel-debug-2.6.18-238.31.1.el5.i686.rpm
kernel-debug-debuginfo-2.6.18-238.31.1.el5.i686.rpm
kernel-debug-devel-2.6.18-238.31.1.el5.i686.rpm
kernel-debuginfo-2.6.18-238.31.1.el5.i686.rpm
kernel-debuginfo-common-2.6.18-238.31.1.el5.i686.rpm
kernel-devel-2.6.18-238.31.1.el5.i686.rpm
kernel-headers-2.6.18-238.31.1.el5.i386.rpm
kernel-xen-2.6.18-238.31.1.el5.i686.rpm
kernel-xen-debuginfo-2.6.18-238.31.1.el5.i686.rpm
kernel-xen-devel-2.6.18-238.31.1.el5.i686.rpm
ia64:
kernel-2.6.18-238.31.1.el5.ia64.rpm
kernel-debug-2.6.18-238.31.1.el5.ia64.rpm
kernel-debug-debuginfo-2.6.18-238.31.1.el5.ia64.rpm
kernel-debug-devel-2.6.18-238.31.1.el5.ia64.rpm
kernel-debuginfo-2.6.18-238.31.1.el5.ia64.rpm
kernel-debuginfo-common-2.6.18-238.31.1.el5.ia64.rpm
kernel-devel-2.6.18-238.31.1.el5.ia64.rpm
kernel-headers-2.6.18-238.31.1.el5.ia64.rpm
kernel-xen-2.6.18-238.31.1.el5.ia64.rpm
kernel-xen-debuginfo-2.6.18-238.31.1.el5.ia64.rpm
kernel-xen-devel-2.6.18-238.31.1.el5.ia64.rpm
noarch:
kernel-doc-2.6.18-238.31.1.el5.noarch.rpm
ppc:
kernel-2.6.18-238.31.1.el5.ppc64.rpm
kernel-debug-2.6.18-238.31.1.el5.ppc64.rpm
kernel-debug-debuginfo-2.6.18-238.31.1.el5.ppc64.rpm
kernel-debug-devel-2.6.18-238.31.1.el5.ppc64.rpm
kernel-debuginfo-2.6.18-238.31.1.el5.ppc64.rpm
kernel-debuginfo-common-2.6.18-238.31.1.el5.ppc64.rpm
kernel-devel-2.6.18-238.31.1.el5.ppc64.rpm
kernel-headers-2.6.18-238.31.1.el5.ppc.rpm
kernel-headers-2.6.18-238.31.1.el5.ppc64.rpm
kernel-kdump-2.6.18-238.31.1.el5.ppc64.rpm
kernel-kdump-debuginfo-2.6.18-238.31.1.el5.ppc64.rpm
kernel-kdump-devel-2.6.18-238.31.1.el5.ppc64.rpm
s390x:
kernel-2.6.18-238.31.1.el5.s390x.rpm
kernel-debug-2.6.18-238.31.1.el5.s390x.rpm
kernel-debug-debuginfo-2.6.18-238.31.1.el5.s390x.rpm
kernel-debug-devel-2.6.18-238.31.1.el5.s390x.rpm
kernel-debuginfo-2.6.18-238.31.1.el5.s390x.rpm
kernel-debuginfo-common-2.6.18-238.31.1.el5.s390x.rpm
kernel-devel-2.6.18-238.31.1.el5.s390x.rpm
kernel-headers-2.6.18-238.31.1.el5.s390x.rpm
kernel-kdump-2.6.18-238.31.1.el5.s390x.rpm
kernel-kdump-debuginfo-2.6.18-238.31.1.el5.s390x.rpm
kernel-kdump-devel-2.6.18-238.31.1.el5.s390x.rpm
x86_64:
kernel-2.6.18-238.31.1.el5.x86_64.rpm
kernel-debug-2.6.18-238.31.1.el5.x86_64.rpm
kernel-debug-debuginfo-2.6.18-238.31.1.el5.x86_64.rpm
kernel-debug-devel-2.6.18-238.31.1.el5.x86_64.rpm
kernel-debuginfo-2.6.18-238.31.1.el5.x86_64.rpm
kernel-debuginfo-common-2.6.18-238.31.1.el5.x86_64.rpm
kernel-devel-2.6.18-238.31.1.el5.x86_64.rpm
kernel-headers-2.6.18-238.31.1.el5.x86_64.rpm
kernel-xen-2.6.18-238.31.1.el5.x86_64.rpm
kernel-xen-debuginfo-2.6.18-238.31.1.el5.x86_64.rpm
kernel-xen-devel-2.6.18-238.31.1.el5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2011-2482.html
https://www.redhat.com/security/data/cve/CVE-2011-2491.html
https://www.redhat.com/security/data/cve/CVE-2011-2495.html
https://www.redhat.com/security/data/cve/CVE-2011-2517.html
https://www.redhat.com/security/data/cve/CVE-2011-2519.html
https://www.redhat.com/security/data/cve/CVE-2011-2901.html
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
----------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2012-0001
Synopsis: VMware ESXi and ESX updates to third party library
and ESX Service Console
Issue date: 2012-01-30
Updated on: 2012-01-30 (initial advisory)
CVE numbers: --- COS Kernel ---
CVE-2011-0726, CVE-2011-1078, CVE-2011-1079,
CVE-2011-1080, CVE-2011-1093, CVE-2011-1163,
CVE-2011-1166, CVE-2011-1170, CVE-2011-1171,
CVE-2011-1172, CVE-2011-1494, CVE-2011-1495,
CVE-2011-1577, CVE-2011-1763, CVE-2010-4649,
CVE-2011-0695, CVE-2011-0711, CVE-2011-1044,
CVE-2011-1182, CVE-2011-1573, CVE-2011-1576,
CVE-2011-1593, CVE-2011-1745, CVE-2011-1746,
CVE-2011-1776, CVE-2011-1936, CVE-2011-2022,
CVE-2011-2213, CVE-2011-2492, CVE-2011-1780,
CVE-2011-2525, CVE-2011-2689, CVE-2011-2482,
CVE-2011-2491, CVE-2011-2495, CVE-2011-2517,
CVE-2011-2519, CVE-2011-2901
--- COS cURL ---
CVE-2011-2192
--- COS rpm ---
CVE-2010-2059, CVE-2011-3378
--- COS samba ---
CVE-2010-0547, CVE-2010-0787, CVE-2011-1678,
CVE-2011-2522, CVE-2011-2694
--- COS python ---
CVE-2009-3720, CVE-2010-3493, CVE-2011-1015,
CVE-2011-1521
--- python library ---
CVE-2009-3560, CVE-2009-3720, CVE-2010-1634,
CVE-2010-2089, CVE-2011-1521
----------------------------------------------------------------------
1. Summary
VMware ESXi and ESX updates to third party library and ESX Service
Console address several security issues.
2. Relevant releases
ESXi 4.1 without patch ESXi410-201201401-SG
ESX 4.1 without patches ESX410-201201401-SG, ESX410-201201402-SG,
ESX410-201201404-SG, ESX410-201201405-SG,
ESX410-201201406-SG, ESX410-201201407-SG
3. Problem Description
a. ESX third party update for Service Console kernel
The ESX Service Console Operating System (COS) kernel is updated to
kernel-2.6.18-274.3.1.el5 to fix multiple security issues in the
COS kernel.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2011-0726, CVE-2011-1078, CVE-2011-1079,
CVE-2011-1080, CVE-2011-1093, CVE-2011-1163, CVE-2011-1166,
CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1494,
CVE-2011-1495, CVE-2011-1577, CVE-2011-1763, CVE-2010-4649,
CVE-2011-0695, CVE-2011-0711, CVE-2011-1044, CVE-2011-1182,
CVE-2011-1573, CVE-2011-1576, CVE-2011-1593, CVE-2011-1745,
CVE-2011-1746, CVE-2011-1776, CVE-2011-1936, CVE-2011-2022,
CVE-2011-2213, CVE-2011-2492, CVE-2011-1780, CVE-2011-2525,
CVE-2011-2689, CVE-2011-2482, CVE-2011-2491, CVE-2011-2495,
CVE-2011-2517, CVE-2011-2519, CVE-2011-2901 to these issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201201401-SG
ESX 4.0 ESX patch pending
ESX 3.5 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Fusion.
b. ESX third party update for Service Console cURL RPM
The ESX Service Console (COS) curl RPM is updated to cURL-7.15.5.9
resolving a security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2011-2192 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201201402-SG
ESX 4.0 ESX patch pending
ESX 3.5 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Fusion.
c. ESX third party update for Service Console nspr and nss RPMs
The ESX Service Console (COS) nspr and nss RPMs are updated to
nspr-4.8.8-1.el5_7 and nss-3.12.10-4.el5_7 respectively resolving
a security issues.
A Certificate Authority (CA) issued fraudulent SSL certificates and
Netscape Portable Runtime (NSPR) and Network Security Services (NSS)
contain the built-in tokens of this fraudulent Certificate
Authority. This update renders all SSL certificates signed by the
fraudulent CA as untrusted for all uses.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201201404-SG
ESX 4.0 ESX patch pending
ESX 3.5 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Fusion.
d. ESX third party update for Service Console rpm RPMs
The ESX Service Console Operating System (COS) rpm packages are
updated to popt-1.10.2.3-22.el5_7.2, rpm-4.4.2.3-22.el5_7.2,
rpm-libs-4.4.2.3-22.el5_7.2 and rpm-python-4.4.2.3-22.el5_7.2
which fixes multiple security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2010-2059 and CVE-2011-3378 to these issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201201406-SG
ESX 4.0 ESX patch pending
ESX 3.5 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Fusion.
e. ESX third party update for Service Console samba RPMs
The ESX Service Console Operating System (COS) samba packages are
updated to samba-client-3.0.33-3.29.el5_7.4,
samba-common-3.0.33-3.29.el5_7.4 and
libsmbclient-3.0.33-3.29.el5_7.4 which fixes multiple security
issues in the Samba client.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2010-0547, CVE-2010-0787, CVE-2011-1678,
CVE-2011-2522 and CVE-2011-2694 to these issues.
Note that ESX does not include the Samba Web Administration Tool
(SWAT) and therefore ESX COS is not affected by CVE-2011-2522 and
CVE-2011-2694.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201201407-SG
ESX 4.0 ESX patch pending
ESX 3.5 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Fusion.
f. ESX third party update for Service Console python package
The ESX Service Console (COS) python package is updated to
2.4.3-44 which fixes multiple security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2009-3720, CVE-2010-3493, CVE-2011-1015 and
CVE-2011-1521 to these issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.1 ESX ESX410-201201405-SG
ESX 4.0 ESX patch pending
ESX 3.5 ESX not applicable
* hosted products are VMware Workstation, Player, ACE, Fusion.
g. ESXi update to third party component python
The python third party library is updated to python 2.5.6 which
fixes multiple security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2009-3560, CVE-2009-3720, CVE-2010-1634,
CVE-2010-2089, and CVE-2011-1521 to these issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi 5.0 ESXi patch pending
ESXi 4.1 ESXi ESXi410-201201401-SG
ESXi 4.0 ESXi patch pending
ESXi 3.5 ESXi patch pending
ESX 4.1 ESX not affected
ESX 4.0 ESX not affected
ESX 3.5 ESX not affected
* hosted products are VMware Workstation, Player, ACE, Fusion.
4. Solution
Please review the patch/release notes for your product and version
and verify the checksum of your downloaded file.
VMware ESXi 4.1
---------------
ESXi410-201201401
http://downloads.vmware.com/go/selfsupport-download
md5sum: BDF86F10A973346E26C9C2CD4C424E88
sha1sum: CC0B92869A9AAE4F5E0E5B81BEE109BCD7DA780F
http://kb.vmware.com/kb/2009143
ESXi410-201201401 contains ESXi410-201201401-SG
VMware ESX 4.1
--------------
ESX410-201201001
http://downloads.vmware.com/go/selfsupport-download
md5sum: 16DF9ACD3E74BCABC2494BC23AD0927F
sha1sum: 1066AE1436E1A75BA3D541AB65296CFB9AB7A5CC
http://kb.vmware.com/kb/2009142
ESX410-201201001 contains ESX410-201201401-SG, ESX410-201201402-SG,
ESX410-201201404-SG, ESX410-201201405-SG, ESX410-201201406-SG and
ESX410-201201407-SG
5. References
CVE numbers
--- COS Kernel ---
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0726
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1093
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1171
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1172
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1494
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1495
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1577
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1763
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4649
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0695
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0711
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1573
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1576
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1745
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1746
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1936
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2022
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2525
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2689
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2482
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2495
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2517
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2901
--- COS cURL ---
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2192
--- COS rpm ---
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2059
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3378
--- COS samba ---
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1678
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2522
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2694
--- COS python ---
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3493
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1015
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1521
--- python library ---
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1634
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1521
----------------------------------------------------------------------
6. Change log
2012-01-30 VMSA-2012-0001
Initial security advisory in conjunction with the release of patches
for ESX 4.1 and ESXi 4.1 on 2012-01-30.
----------------------------------------------------------------------
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories
http://www.vmware.com/security/advisories
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
General support life cycle policy
http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html
Copyright 2012 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8
wj8DBQFPJ5DIDEcm8Vbi9kMRAnzCAKCmaAoDp49d61Mr1emzh/U0N8vbgACdFZk8
f2pLxi537s+ew4dvnYNWlJ8=
=OAh4
-----END PGP SIGNATURE-----
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201309-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Xen: Multiple vulnerabilities
Date: September 27, 2013
Bugs: #385319, #386371, #420875, #431156, #454314, #464724,
#472214, #482860
ID: 201309-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Xen, allowing attackers on
a Xen Virtual Machine to execute arbitrary code, cause Denial of
Service, or gain access to data on the host.
Background
==========
Xen is a bare-metal hypervisor.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-emulation/xen < 4.2.2-r1 >= 4.2.2-r1
2 app-emulation/xen-tools < 4.2.2-r3 >= 4.2.2-r3
3 app-emulation/xen-pvgrub
< 4.2.2-r1 >= 4.2.2-r1
-------------------------------------------------------------------
3 affected packages
Description
===========
Multiple vulnerabilities have been discovered in Xen. Please review the
CVE identifiers referenced below for details.
Impact
======
Guest domains could possibly gain privileges, execute arbitrary code,
or cause a Denial of Service on the host domain (Dom0). Additionally,
guest domains could gain information about other virtual machines
running on the same host or read arbitrary files on the host.
Workaround
==========
The CVEs listed below do not currently have fixes, but only apply to
Xen setups which have "tmem" specified on the hypervisor command line.
TMEM is not currently supported for use in production systems, and
administrators using tmem should disable it.
Relevant CVEs:
* CVE-2012-2497
* CVE-2012-6030
* CVE-2012-6031
* CVE-2012-6032
* CVE-2012-6033
* CVE-2012-6034
* CVE-2012-6035
* CVE-2012-6036
Resolution
==========
All Xen users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/xen-4.2.2-r1"
All Xen-tools users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=app-emulation/xen-tools-4.2.2-r3"
All Xen-pvgrub users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=app-emulation/xen-pvgrub-4.2.2-r1"
References
==========
[ 1 ] CVE-2011-2901
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2901
[ 2 ] CVE-2011-3262
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3262
[ 3 ] CVE-2011-3262
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3262
[ 4 ] CVE-2012-0217
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0217
[ 5 ] CVE-2012-0218
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0218
[ 6 ] CVE-2012-2934
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2934
[ 7 ] CVE-2012-3432
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3432
[ 8 ] CVE-2012-3433
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3433
[ 9 ] CVE-2012-3494
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3494
[ 10 ] CVE-2012-3495
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3495
[ 11 ] CVE-2012-3496
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3496
[ 12 ] CVE-2012-3497
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3497
[ 13 ] CVE-2012-3498
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3498
[ 14 ] CVE-2012-3515
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3515
[ 15 ] CVE-2012-4411
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4411
[ 16 ] CVE-2012-4535
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4535
[ 17 ] CVE-2012-4536
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4536
[ 18 ] CVE-2012-4537
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4537
[ 19 ] CVE-2012-4538
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4538
[ 20 ] CVE-2012-4539
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4539
[ 21 ] CVE-2012-5510
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5510
[ 22 ] CVE-2012-5511
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5511
[ 23 ] CVE-2012-5512
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5512
[ 24 ] CVE-2012-5513
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5513
[ 25 ] CVE-2012-5514
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5514
[ 26 ] CVE-2012-5515
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5515
[ 27 ] CVE-2012-5525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5525
[ 28 ] CVE-2012-5634
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5634
[ 29 ] CVE-2012-6030
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6030
[ 30 ] CVE-2012-6031
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6031
[ 31 ] CVE-2012-6032
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6032
[ 32 ] CVE-2012-6033
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6033
[ 33 ] CVE-2012-6034
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6034
[ 34 ] CVE-2012-6035
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6035
[ 35 ] CVE-2012-6036
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6036
[ 36 ] CVE-2012-6075
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6075
[ 37 ] CVE-2012-6333
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6333
[ 38 ] CVE-2013-0151
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0151
[ 39 ] CVE-2013-0152
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0152
[ 40 ] CVE-2013-0153
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0153
[ 41 ] CVE-2013-0154
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0154
[ 42 ] CVE-2013-0215
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0215
[ 43 ] CVE-2013-1432
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1432
[ 44 ] CVE-2013-1917
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1917
[ 45 ] CVE-2013-1918
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1918
[ 46 ] CVE-2013-1919
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1919
[ 47 ] CVE-2013-1920
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1920
[ 48 ] CVE-2013-1922
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1922
[ 49 ] CVE-2013-1952
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1952
[ 50 ] CVE-2013-1964
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1964
[ 51 ] CVE-2013-2076
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2076
[ 52 ] CVE-2013-2077
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2077
[ 53 ] CVE-2013-2078
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2078
[ 54 ] CVE-2013-2194
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2194
[ 55 ] CVE-2013-2195
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2195
[ 56 ] CVE-2013-2196
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2196
[ 57 ] CVE-2013-2211
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2211
[ 58 ] Xen TMEM
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.h=
tml
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201309-24.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
VAR-202002-0084 | CVE-2011-3336 |
regcomp of BSD implementation Resource exhaustion vulnerability in
Related entries in the VARIoT exploits database: VAR-E-201010-1183, VAR-E-201101-0760, VAR-E-201010-0031, VAR-E-201302-0650 |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion. PHP is prone to an 'open_basedir' restriction-bypass vulnerability because of a design error.
Successful exploits could allow an attacker to read and write files in unauthorized locations.
This vulnerability would be an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code. In such cases, 'open_basedir' restrictions are expected to isolate users from each other.
PHP 5.2.11 and 5.3.0 are vulnerable; other versions may also be affected.
Successful exploits will allow attackers to make the applications that use the affected library, unresponsive, denying service to legitimate users.
The libc library of the following platforms are affected:
NetBSD 5.1
OpenBSD 5.0
FreeBSD 8.2
Apple Mac OSX
Other versions may also be affected. NetBSD is a free and open source Unix-like operating system developed by the NetBSD Foundation
VAR-201802-0013 | CVE-2012-0941 | Fortinet FortiOS Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiGate UTM WAF appliances with FortiOS 4.3.x before 4.3.6 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Endpoint Monitor, (2) Dialup List, or (3) Log&Report Display modules, or the fields_sorted_opt parameter to (4) user/auth/list or (5) endpointcompliance/app_detect/predefined_sig_list. Fortinet FortiOS Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. Fortinet FortiGate UTM WAF appliances is a firewall device from Fortinet. FortiOS is an operating system that runs on it. Remote attackers can exploit this vulnerability to inject arbitrary Web scripts or HTML. Title:
======
Fortigate UTM WAF Appliance - Multiple Web Vulnerabilities
Date:
=====
2012-01-27
References:
===========
http://vulnerability-lab.com/get_content.php?id=144
VL-ID:
=====
144
Introduction:
=============
The FortiGate series of multi-threat security systems detect and eliminate the most damaging, content-based threats from email
and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading
network performance.
Ranging from the FortiGate-30 series for small offices to the FortiGate-5000 series for large enterprises, service providers and
carriers, the FortiGate line combines the FortiOS™ security operating system with FortiASIC processors and other hardware to provide
a comprehensive and high-performance array of security and networking functions including:
* Firewall, VPN, and Traffic Shaping
* Intrusion Prevention System (IPS)
* Antivirus/Antispyware/Antimalware
* Web Filtering
* Antispam
* Application Control (e.g., IM and P2P)
* VoIP Support (H.323. and SCCP)
* Layer 2/3 routing
* Multiple WAN interface options
FortiGate appliances provide cost-effective, comprehensive protection against network, content, and application-level threats - including
complex attacks favored by cybercriminals - without degrading network availability and uptime. FortiGate platforms incorporate sophisticated
networking features, such as high availability (active/active, active/passive) for maximum network uptime, and virtual domain (VDOM)
capabilities to separate various networks requiring different security policies.
(Copy from the Vendor Homepage: http://www.fortinet.com/products/fortigate/ && http://www.avfirewalls.com/)
Abstract:
=========
1.1
Vulnerability-Lab Team discovered multiple persistent Web Vulnerabilities on the FortiGate UTM Appliance Application.
1.2
Vulnerability-Lab Team discovered multiple non-persistent Web Vulnerabilities on the FortiGate UTM Appliance Application.
Report-Timeline:
================
2012-01-27: Public or Non-Public Disclosure
Status:
========
Published
Affected Products:
==================
Exploitation-Technique:
=======================
Remote
Severity:
=========
High
Details:
========
1.1
Multiple input validation vulnerabilities(persistent) are detected on FortGate UTM Appliance Series. Remote attacker can include (persistent)
malicious script code to manipulate specific customer/admin requests. The vulnerability allows an local low privileged attacker to manipulate
the appliance(application) via persistent script code inject.
It is also possible to hijack customer sessions via persistent script code execution on application side. Successful exploitation can also
result in content/module request manipulation, execution of persistent malicious script code, session hijacking, account steal & phishing.
Vulnerable Module(s): (Persistent)
[+] Endpoint => Monitor => Endpoint Monitor
[+] Dailup List
[+] Log&Report => Display
Picture(s):
../ive2.png
../ive3.png
1.2
Multiple input validation vulnerabilities(non-persistent) are detected on FortGate UTM Appliance Series. The vulnerability allows remote
attackers to hijack admin/customer sessions with required user inter action (client-side). Successful exploitation allows to phish user accounts,
redirect over client side requests or manipulate website context on client-side browser requests.
Vulnerable Module(s): (Non-Persistent)
[+] Endpoint -> NAC -> Application Database -> Listings
[+] List field sorted
Picture(s):
../ive1.png
Proof of Concept:
=================
The vulnerabilities can be exploited by remote attackers with or without user inter action. For demonstration or reproduce ...
poc: => http://www.vulnerability-lab.com/get_content.php?id=144
Solution:
=========
1.1
To fix/patch the persistent input validation vulnerabilities restrict the input fields & parse the input.
Locate the vulnerable area(s) reproduce the bugs & parse the output after a malicious(test) insert.
Setup a filter or restriction mask to prevent against future persistent input validation attacks.
1.2
To fix the client side input validation vulnerability parse the vulnerable request by filtering the input & cleanup the output.
Set a input restriction or configure whitelist/filter to stop client side requests and form a secure exception-handling around.
Risk:
=====
1.1
The security risk of the persistent vulnerabilities are estimated as high because of multiple persistent input validation vulnerabilities on different modules.
1.2
The security risk of the non-persistent cross site requests are estimated as low because of required user inter-action to hijack a not expired session.
Credits:
========
Vulnerability Research Laboratory - Benjamin Kunz Mejri (Rem0ve)
Disclaimer:
===========
The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties,
either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability-
Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business
profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some
states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation
may not apply. Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability-
Lab. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of
other media, are reserved by Vulnerability-Lab or its suppliers.
Copyright © 2012|Vulnerability-Lab
--
Website: www.vulnerability-lab.com ; vuln-lab.com or vuln-db.com
Contact: admin@vulnerability-lab.com or support@vulnerability-lab.com
. ----------------------------------------------------------------------
SC Magazine awards the Secunia CSI a 5-Star rating
Top-level rating for ease of use, performance, documentation, support, and value for money. Read more and get a free trial here: http://secunia.com/blog/296
----------------------------------------------------------------------
TITLE:
JBoss Multiple Products JMX Console Authentication Bypass
SECUNIA ADVISORY ID:
SA47850
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/47850/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=47850
RELEASE DATE:
2012-02-06
DISCUSS ADVISORY:
http://secunia.com/advisories/47850/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/47850/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47850
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A security issue has been reported in multiple JBoss products, which
can be exploited by malicious people to bypass certain security
restrictions.
The security issue is caused due to improper access restrictions to
the JMX Console.
For more information see vulnerability #1 in:
SA39563
The security issue is reported in the following products:
* JBoss Communications Platform 1.2
* JBoss Enterprise Application Platform 5.0 and 5.0.1
* JBoss Enterprise Portal Platform 4.3
* JBoss Enterprise Web Platform 5.0
* JBoss SOA-Platform 4.2, 4.3, and 5.0
SOLUTION:
Update to a fixed version.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
ORIGINAL ADVISORY:
JBPAPP-3952:
https://issues.jboss.org/browse/JBPAPP-3952
JBPAPP-4713:
https://issues.jboss.org/browse/JBPAPP-4713
Red Hat Doc#30741:
https://access.redhat.com/kb/docs/DOC-30741
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-201302-0005 | CVE-2011-5262 | SonicWALL Aventail In SQL Injection vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
SQL injection vulnerability in prodpage.cfm in SonicWALL Aventail allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter. SonicWALL Aventail is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
Further research conducted by the vendor indicates this issue may not be a vulnerability affecting the application. SonicWALL is a full-featured Internet security appliance designed specifically for large networks with ever-growing VPN needs
VAR-201212-0268 | CVE-2012-0841 | ibxml2 Service disruption in (CPU Resource consumption ) Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data. ibxml2 Does not properly limit the assumption of hash collisions, so it calculates the hash value, which may interfere with service operation. (CPU Resource consumption ) There is a vulnerability that becomes a condition.Crafted by attackers XML Service disruption through data (CPU Resource consumption ) There is a possibility of being put into a state. libxml2 is prone to a denial-of-service vulnerability.
An attacker can exploit this issue by sending specially crafted requests to the affected application that uses a hash table. It supports multiple encoding formats, XPath analysis, Well-formed and valid verification, etc. An
attacker with a privileged network position may inject arbitrary
contents. This issue was addressed by using an encrypted HTTPS
connection to retrieve tutorials. ============================================================================
Ubuntu Security Notice USN-1376-1
February 27, 2012
libxml2 vulnerability
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
libxml2 could be made to cause a denial of service by consuming excessive
CPU resources.
Software Description:
- libxml2: GNOME XML library
Details:
Juraj Somorovsky discovered that libxml2 was vulnerable to hash table
collisions.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.10:
libxml2 2.7.8.dfsg-4ubuntu0.2
Ubuntu 11.04:
libxml2 2.7.8.dfsg-2ubuntu0.3
Ubuntu 10.10:
libxml2 2.7.7.dfsg-4ubuntu0.4
Ubuntu 10.04 LTS:
libxml2 2.7.6.dfsg-1ubuntu1.4
Ubuntu 8.04 LTS:
libxml2 2.6.31.dfsg-2ubuntu1.8
After a standard system update you need to reboot your computer to make
all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2417-1 security@debian.org
http://www.debian.org/security/ Nico Golde
February 22, 2012 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : libxml2
Vulnerability : computational denial of service
Problem type : local/remote
Debian-specific: no
Debug bug : 660846
CVE ID : CVE-2012-0841
It was discovered that the internal hashing routine of libxml2,
a library providing an extensive API to handle XML data, is vulnerable to
predictable hash collisions. Given an attacker with knowledge of the
hashing algorithm, it is possible to craft input that creates a large
amount of collisions. As a result it is possible to perform denial of
service attacks against applications using libxml2 functionality because
of the computational overhead.
For the stable distribution (squeeze), this problem has been fixed in
version 2.7.8.dfsg-2+squeeze3.
For the testing (wheezy) and unstable (sid) distributions, this problem
will be fixed soon.
We recommend that you upgrade your libxml2 packages.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
.
Background
==========
libxml2 is the XML C parser and toolkit developed for the Gnome
project.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/libxml2 < 2.7.8-r5 >= 2.7.8-r5
Description
===========
libxml2 does not properly randomize hash functions to protect against
hash collision attacks.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All libxml2 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.7.8-r5"
References
==========
[ 1 ] CVE-2012-0841
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0841
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201203-04.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. Relevant releases
ESX 5.0 without patch ESXi500-201207101-SG
3. Problem Description
a. ESXi update to third party component libxml2
The libxml2 third party library has been updated which addresses
multiple security issues
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2010-4008, CVE-2010-4494, CVE-2011-0216,
CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3905,
CVE-2011-3919 and CVE-2012-0841 to these issues.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
========== ======== ======== =================
vCenter any Windows not affected
hosted * any any not affected
ESXi 5.0 any ESXi500-201207101-SG
ESXi 4.1 any patch pending
ESXi 4.0 any patch pending
ESXi 3.5 any patch pending
ESX any any not applicable
* hosted products are VMware Workstation, Player, ACE, Fusion.
Note: "patch pending" means that the product is affected,
but no patch is currently available. The advisory will be
updated when a patch is available. Solution
Please review the patch/release notes for your product and
version and verify the checksum of your downloaded file.
ESXi 5.0
--------
ESXi500-201207001
md5sum: 01196c5c1635756ff177c262cb69a848
sha1sum: 85936f5439100cd5fb55c7add574b5b3b937fe86
http://kb.vmware.com/kb/2020571
ESXi500-201207001 contains ESXi500-201207101-SG
5. Change log
2012-07-12 VMSA-2012-0012
Initial security advisory in conjunction with the release of a patch
for ESXi 5.0 on 2012-07-12. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
* security-announce at lists.vmware.com
* bugtraq at securityfocus.com
* full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories
http://www.vmware.com/security/advisories
VMware security response policy
http://www.vmware.com/support/policies/security_response.html
General support life cycle policy
http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy
http://www.vmware.com/support/policies/eos_vi.html
Copyright 2012 VMware Inc. All rights reserved. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Avaya Voice Portal Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50614
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50614/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50614
RELEASE DATE:
2012-09-21
DISCUSS ADVISORY:
http://secunia.com/advisories/50614/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50614/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50614
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Avaya has acknowledged a weakness and multiple vulnerabilities in
Avaya Voice Portal, which can be exploited by malicious, local users
to disclose system and sensitive information and by malicious people
to bypass certain security restrictions and cause a DoS (Denial of
Service).
For more information:
SA44490
SA46460
SA46958
SA48000
The weakness and vulnerabilities are reported in versions 5.0, 5.1,
5.1.1, and 5.1.2.
SOLUTION:
Update to Avaya Enterprise Linux for Voice Portal 5.1.3 and Voice
Portal 5.1.3.
ORIGINAL ADVISORY:
Avaya (ASA-2011-154, ASA-2012-137, ASA-2012-139, ASA-2012-166,
ASA-2012-207):
https://downloads.avaya.com/css/P8/documents/100141102
https://downloads.avaya.com/css/P8/documents/100160023
https://downloads.avaya.com/css/P8/documents/100160589
https://downloads.avaya.com/css/P8/documents/100160780
https://downloads.avaya.com/css/P8/documents/100162507
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. Summary:
Updated mingw32-libxml2 packages that fix several security issues are now
available for Red Hat Enterprise Linux 6. This advisory also contains
information about future updates for the mingw32 packages, as well as the
deprecation of the packages with the release of Red Hat
Enterprise Linux 6.4.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Optional (v. 6) - noarch
Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch
Red Hat Enterprise Linux Server Optional (v. 6) - noarch
Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch
3. Description:
These packages provide the libxml2 library, a development toolbox providing
the implementation of various XML standards, for users of MinGW (Minimalist
GNU for Windows).
IMPORTANT NOTE: The mingw32 packages in Red Hat Enterprise Linux 6 will no
longer be updated proactively and will be deprecated with the release of
Red Hat Enterprise Linux 6.4. These packages were provided to support other
capabilities in Red Hat Enterprise Linux and were not intended for direct
customer use. Customers are advised to not use these packages with
immediate effect. Future updates to these packages will be at Red Hat's
discretion and these packages may be removed in a future minor release.
A heap-based buffer overflow flaw was found in the way libxml2 decoded
entity references with long names. A remote attacker could provide a
specially-crafted XML file that, when opened in an application linked
against libxml2, would cause the application to crash or, potentially,
execute arbitrary code with the privileges of the user running the
application. (CVE-2011-3919)
A heap-based buffer underflow flaw was found in the way libxml2 decoded
certain entities. A remote attacker could provide a specially-crafted XML
file that, when opened in an application linked against libxml2, would
cause the application to crash or, potentially, execute arbitrary code with
the privileges of the user running the application. (CVE-2012-5134)
It was found that the hashing routine used by libxml2 arrays was
susceptible to predictable hash collisions. Sending a specially-crafted
message to an XML service could result in longer processing time, which
could lead to a denial of service. To mitigate this issue, randomization
has been added to the hashing function to reduce the chance of an attacker
successfully causing intentional collisions. (CVE-2012-0841)
Multiple flaws were found in the way libxml2 parsed certain XPath (XML Path
Language) expressions. If an attacker were able to supply a
specially-crafted XML file to an application using libxml2, as well as an
XPath expression for that application to run against the crafted file, it
could cause the application to crash. (CVE-2010-4008, CVE-2010-4494,
CVE-2011-2821, CVE-2011-2834)
Two heap-based buffer overflow flaws were found in the way libxml2 decoded
certain XML files. A remote attacker could provide a specially-crafted XML
file that, when opened in an application linked against libxml2, would
cause the application to crash or, potentially, execute arbitrary code with
the privileges of the user running the application. (CVE-2011-0216,
CVE-2011-3102)
An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the way libxml2 parsed certain XPath expressions. If an attacker
were able to supply a specially-crafted XML file to an application using
libxml2, as well as an XPath expression for that application to run against
the crafted file, it could cause the application to crash or, possibly,
execute arbitrary code. (CVE-2011-1944)
An out-of-bounds memory read flaw was found in libxml2. A remote attacker
could provide a specially-crafted XML file that, when opened in an
application linked against libxml2, would cause the application to crash. Upstream acknowledges Bui Quang Minh from Bkis as the
original reporter of CVE-2010-4008.
All users of mingw32-libxml2 are advised to upgrade to these updated
packages, which contain backported patches to correct these issues.
4.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
645341 - CVE-2010-4008 libxml2: Crash (stack frame overflow or NULL pointer dereference) by traversal of XPath axis
665963 - CVE-2010-4494 libxml2: double-free in XPath processing code
709747 - CVE-2011-1944 libxml, libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets
724906 - CVE-2011-0216 libxml2: Off-by-one error leading to heap-based buffer overflow in encoding
735712 - CVE-2011-2821 libxml2: double free caused by malformed XPath expression in XSLT
735751 - CVE-2011-2834 libxml2: double-free caused by malformed XPath expression in XSLT
767387 - CVE-2011-3905 libxml2 out of bounds read
771896 - CVE-2011-3919 libxml2: Heap-based buffer overflow when decoding an entity reference with a long name
787067 - CVE-2012-0841 libxml2: hash table collisions CPU usage DoS
822109 - CVE-2011-3102 libxml: An off-by-one out-of-bounds write by XPointer part evaluation
880466 - CVE-2012-5134 libxml2: Heap-buffer-underflow in xmlParseAttValueComplex
6. Package List:
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm
noarch:
mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm
mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm
mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm
noarch:
mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm
mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm
mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm
noarch:
mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm
mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm
mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm
noarch:
mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm
mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm
mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2010-4008.html
https://www.redhat.com/security/data/cve/CVE-2010-4494.html
https://www.redhat.com/security/data/cve/CVE-2011-0216.html
https://www.redhat.com/security/data/cve/CVE-2011-1944.html
https://www.redhat.com/security/data/cve/CVE-2011-2821.html
https://www.redhat.com/security/data/cve/CVE-2011-2834.html
https://www.redhat.com/security/data/cve/CVE-2011-3102.html
https://www.redhat.com/security/data/cve/CVE-2011-3905.html
https://www.redhat.com/security/data/cve/CVE-2011-3919.html
https://www.redhat.com/security/data/cve/CVE-2012-0841.html
https://www.redhat.com/security/data/cve/CVE-2012-5134.html
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2013-09-18-2 iOS 7
iOS 7 is now available and addresses the following:
Certificate Trust Policy
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Root certificates have been updated
Description: Several certificates were added to or removed from the
list of system roots.
CoreGraphics
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of JBIG2
encoded data in PDF files. This issue was addressed through
additional bounds checking.
CVE-ID
CVE-2013-1025 : Felix Groebert of the Google Security Team
CoreMedia
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Playing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of Sorenson
encoded movie files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2013-1019 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft)
working with HP's Zero Day Initiative
Data Protection
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Apps could bypass passcode-attempt restrictions
Description: A privilege separation issue existed in Data
Protection. An app within the third-party sandbox could repeatedly
attempt to determine the user's passcode regardless of the user's
"Erase Data" setting. This issue was addressed by requiring
additional entitlement checks.
CVE-ID
CVE-2013-0957 : Jin Han of the Institute for Infocomm Research
working with Qiang Yan and Su Mon Kywe of Singapore Management
University
Data Security
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may intercept
user credentials or other sensitive information
Description: TrustWave, a trusted root CA, has issued, and
subsequently revoked, a sub-CA certificate from one of its trusted
anchors. This sub-CA facilitated the interception of communications
secured by Transport Layer Security (TLS). This update added the
involved sub-CA certificate to OS X's list of untrusted certificates.
CVE-ID
CVE-2013-5134
dyld
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker who has arbitrary code execution on a device may
be able to persist code execution across reboots
Description: Multiple buffer overflows existed in dyld's
openSharedCacheFile() function. These issues were addressed through
improved bounds checking.
CVE-ID
CVE-2013-3950 : Stefan Esser
File Systems
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker who can mount a non-HFS filesystem may be able
to cause an unexpected system termination or arbitrary code execution
with kernel privileges
Description: A memory corruption issue existed in the handling of
AppleDouble files. This issue was addressed by removing support for
AppleDouble files.
CVE-ID
CVE-2013-3955 : Stefan Esser
ImageIO
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of JPEG2000
encoded data in PDF files. This issue was addressed through
additional bounds checking.
CVE-ID
CVE-2013-1026 : Felix Groebert of the Google Security Team
IOKit
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Background applications could inject user interface events
into the foreground app
Description: It was possible for background applications to inject
user interface events into the foreground application using the task
completion or VoIP APIs. This issue was addressed by enforcing access
controls on foreground and background processes that handle interface
events.
CVE-ID
CVE-2013-5137 : Mackenzie Straight at Mobile Labs
IOKitUser
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious local application could cause an unexpected
system termination
Description: A null pointer dereference existed in IOCatalogue.
The issue was addressed through additional type checking.
CVE-ID
CVE-2013-5138 : Will Estes
IOSerialFamily
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Executing a malicious application may result in arbitrary
code execution within the kernel
Description: An out of bounds array access existed in the
IOSerialFamily driver. This issue was addressed through additional
bounds checking.
CVE-ID
CVE-2013-5139 : @dent1zt
IPSec
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker may intercept data protected with IPSec Hybrid
Auth
Description: The DNS name of an IPSec Hybrid Auth server was not
being matched against the certificate, allowing an attacker with a
certificate for any server to impersonate any other. This issue was
addressed by improved certificate checking.
CVE-ID
CVE-2013-1028 : Alexander Traud of www.traud.de
Kernel
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A remote attacker can cause a device to unexpectedly restart
Description: Sending an invalid packet fragment to a device can
cause a kernel assert to trigger, leading to a device restart. The
issue was addressed through additional validation of packet
fragments.
CVE-ID
CVE-2013-5140 : Joonas Kuorilehto of Codenomicon, an anonymous
researcher working with CERT-FI, Antti LevomAki and Lauri Virtanen
of Vulnerability Analysis Group, Stonesoft
Kernel
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious local application could cause device hang
Description: An integer truncation vulnerability in the kernel
socket interface could be leveraged to force the CPU into an infinite
loop. The issue was addressed by using a larger sized variable.
CVE-ID
CVE-2013-5141 : CESG
Kernel
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker on a local network can cause a denial of service
Description: An attacker on a local network can send specially
crafted IPv6 ICMP packets and cause high CPU load. The issue was
addressed by rate limiting ICMP packets before verifying their
checksum.
CVE-ID
CVE-2011-2391 : Marc Heuse
Kernel
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Kernel stack memory may be disclosed to local users
Description: An information disclosure issue existed in the msgctl
and segctl APIs. This issue was addressed by initializing data
structures returned from the kernel.
CVE-ID
CVE-2013-5142 : Kenzley Alphonse of Kenx Technology, Inc
Kernel
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Unprivileged processes could get access to the contents of
kernel memory which could lead to privilege escalation
Description: An information disclosure issue existed in the
mach_port_space_info API. This issue was addressed by initializing
the iin_collision field in structures returned from the kernel.
CVE-ID
CVE-2013-3953 : Stefan Esser
Kernel
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Unprivileged processes may be able to cause an unexpected
system termination or arbitrary code execution in the kernel
Description: A memory corruption issue existed in the handling of
arguments to the posix_spawn API. This issue was addressed through
additional bounds checking.
CVE-ID
CVE-2013-3954 : Stefan Esser
Kext Management
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An unauthorized process may modify the set of loaded kernel
extensions
Description: An issue existed in kextd's handling of IPC messages
from unauthenticated senders. This issue was addressed by adding
additional authorization checks.
CVE-ID
CVE-2013-5145 : "Rainbow PRISM"
libxml
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted web page may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in libxml.
These issues were addressed by updating libxml to version 2.9.0.
CVE-ID
CVE-2011-3102 : Juri Aedla
CVE-2012-0841
CVE-2012-2807 : Juri Aedla
CVE-2012-5134 : Google Chrome Security Team (Juri Aedla)
libxslt
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted web page may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in libxslt.
These issues were addressed by updating libxslt to version 1.1.28.
CVE-ID
CVE-2012-2825 : Nicolas Gregoire
CVE-2012-2870 : Nicolas Gregoire
CVE-2012-2871 : Kai Lu of Fortinet's FortiGuard Labs, Nicolas
Gregoire
Passcode Lock
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to the device may be able to
bypass the screen lock
Description: A race condition issue existed in the handling of phone
calls and SIM card ejection at the lock screen. This issue was
addressed through improved lock state management.
CVE-ID
CVE-2013-5147 : videosdebarraquito
Personal Hotspot
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker may be able to join a Personal Hotspot network
Description: An issue existed in the generation of Personal Hotspot
passwords, resulting in passwords that could be predicted by an
attacker to join a user's Personal Hotspot. The issue was addressed
by generating passwords with higher entropy.
CVE-ID
CVE-2013-4616 : Andreas Kurtz of NESO Security Labs and Daniel Metz
of University Erlangen-Nuremberg
Push Notifications
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: The push notification token may be disclosed to an app
contrary to the user's decision
Description: An information disclosure issue existed in push
notification registration. Apps requesting access to the push
notification access received the token before the user approved the
app's use of push notifications. This issue was addressed by
withholding access to the token until the user has approved access.
CVE-ID
CVE-2013-5149 : Jack Flintermann of Grouper, Inc.
Safari
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
XML files. This issue was addressed through additional bounds
checking.
CVE-ID
CVE-2013-1036 : Kai Lu of Fortinet's FortiGuard Labs
Safari
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: History of pages recently visited in an open tab may remain
after clearing of history
Description: Clearing Safari's history did not clear the
back/forward history for open tabs. This issue was addressed by
clearing the back/forward history.
CVE-ID
CVE-2013-5150
Safari
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Viewing files on a website may lead to script execution even
when the server sends a 'Content-Type: text/plain' header
Description: Mobile Safari sometimes treated files as HTML files
even when the server sent a 'Content-Type: text/plain' header. This
may lead to cross-site scripting on sites that allow users to upload
files. This issue was addressed through improved handling of files
when 'Content-Type: text/plain' is set.
CVE-ID
CVE-2013-5151 : Ben Toews of Github
Safari
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a malicious website may allow an arbitrary URL to
be displayed
Description: A URL bar spoofing issue existed in Mobile Safari. This
issue was addressed through improved URL tracking.
CVE-ID
CVE-2013-5152 : Keita Haga of keitahaga.com, Lukasz Pilorz of RBS
Sandbox
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Applications that are scripts were not sandboxed
Description: Third-party applications which used the #! syntax to
run a script were sandboxed based on the identity of the script
interpreter, not the script. The interpreter may not have a sandbox
defined, leading to the application being run unsandboxed. This issue
was addressed by creating the sandbox based on the identity of the
script.
CVE-ID
CVE-2013-5154 : evad3rs
Sandbox
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Applications can cause a system hang
Description: Malicious third-party applications that wrote specific
values to the /dev/random device could force the CPU to enter an
infinite loop. This issue was addressed by preventing third-party
applications from writing to /dev/random.
CVE-ID
CVE-2013-5155 : CESG
Social
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Users recent Twitter activity could be disclosed on devices
with no passcode.
Description: An issue existed where it was possible to determine
what Twitter accounts a user had recently interacted with. This issue
was resolved by restricting access to the Twitter icon cache.
CVE-ID
CVE-2013-5158 : Jonathan Zdziarski
Springboard
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to a device in Lost Mode may
be able to view notifications
Description: An issue existed in the handling of notifications when
a device is in Lost Mode. This update addresses the issue with
improved lock state management.
CVE-ID
CVE-2013-5153 : Daniel Stangroom
Telephony
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Malicious apps could interfere with or control telephony
functionality
Description: An access control issue existed in the telephony
subsystem. Bypassing supported APIs, sandboxed apps could make
requests directly to a system daemon interfering with or controlling
telephony functionality. This issue was addressed by enforcing access
controls on interfaces exposed by the telephony daemon.
CVE-ID
CVE-2013-5156 : Jin Han of the Institute for Infocomm Research
working with Qiang Yan and Su Mon Kywe of Singapore Management
University; Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke
Lee from the Georgia Institute of Technology
Twitter
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Sandboxed apps could send tweets without user interaction or
permission
Description: An access control issue existed in the Twitter
subsystem. Bypassing supported APIs, sandboxed apps could make
requests directly to a system daemon interfering with or controlling
Twitter functionality. This issue was addressed by enforcing access
controls on interfaces exposed by the Twitter daemon.
CVE-ID
CVE-2013-5157 : Jin Han of the Institute for Infocomm Research
working with Qiang Yan and Su Mon Kywe of Singapore Management
University; Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke
Lee from the Georgia Institute of Technology
WebKit
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2013-0879 : Atte Kettunen of OUSPG
CVE-2013-0991 : Jay Civelli of the Chromium development community
CVE-2013-0992 : Google Chrome Security Team (Martin Barbella)
CVE-2013-0993 : Google Chrome Security Team (Inferno)
CVE-2013-0994 : David German of Google
CVE-2013-0995 : Google Chrome Security Team (Inferno)
CVE-2013-0996 : Google Chrome Security Team (Inferno)
CVE-2013-0997 : Vitaliy Toropov working with HP's Zero Day Initiative
CVE-2013-0998 : pa_kt working with HP's Zero Day Initiative
CVE-2013-0999 : pa_kt working with HP's Zero Day Initiative
CVE-2013-1000 : Fermin J. Serna of the Google Security Team
CVE-2013-1001 : Ryan Humenick
CVE-2013-1002 : Sergey Glazunov
CVE-2013-1003 : Google Chrome Security Team (Inferno)
CVE-2013-1004 : Google Chrome Security Team (Martin Barbella)
CVE-2013-1005 : Google Chrome Security Team (Martin Barbella)
CVE-2013-1006 : Google Chrome Security Team (Martin Barbella)
CVE-2013-1007 : Google Chrome Security Team (Inferno)
CVE-2013-1008 : Sergey Glazunov
CVE-2013-1010 : miaubiz
CVE-2013-1037 : Google Chrome Security Team
CVE-2013-1038 : Google Chrome Security Team
CVE-2013-1039 : own-hero Research working with iDefense VCP
CVE-2013-1040 : Google Chrome Security Team
CVE-2013-1041 : Google Chrome Security Team
CVE-2013-1042 : Google Chrome Security Team
CVE-2013-1043 : Google Chrome Security Team
CVE-2013-1044 : Apple
CVE-2013-1045 : Google Chrome Security Team
CVE-2013-1046 : Google Chrome Security Team
CVE-2013-1047 : miaubiz
CVE-2013-2842 : Cyril Cattiaux
CVE-2013-5125 : Google Chrome Security Team
CVE-2013-5126 : Apple
CVE-2013-5127 : Google Chrome Security Team
CVE-2013-5128 : Apple
WebKit
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a malicious website may lead to information
disclosure
Description: An information disclosure issue existed in the handling
of the window.webkitRequestAnimationFrame() API. A maliciously
crafted website could use an iframe to determine if another site used
window.webkitRequestAnimationFrame(). This issue was addressed
through improved handling of window.webkitRequestAnimationFrame().
CVE-ID
CVE-2013-5159
WebKit
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Copying and pasting a malicious HTML snippet may lead to a
cross-site scripting attack
Description: A cross-site scripting issue existed in the handling of
copied and pasted data in HTML documents. This issue was addressed
through additional validation of pasted content.
CVE-ID
CVE-2013-0926 : Aditya Gupta, Subho Halder, and Dev Kar of xys3c
(xysec.com)
WebKit
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-site scripting issue existed in the handling of
iframes. This issue was addressed through improved origin tracking.
CVE-ID
CVE-2013-1012 : Subodh Iyengar and Erling Ellingsen of Facebook
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
information disclosure
Description: An information disclosure issue existed in XSSAuditor.
This issue was addressed through improved handling of URLs.
CVE-ID
CVE-2013-2848 : Egor Homakov
WebKit
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Dragging or pasting a selection may lead to a cross-site
scripting attack
Description: Dragging or pasting a selection from one site to
another may allow scripts contained in the selection to be executed
in the context of the new site. This issue is addressed through
additional validation of content before a paste or a drag and drop
operation.
CVE-ID
CVE-2013-5129 : Mario Heiderich
WebKit
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-site scripting issue existed in the handling of
URLs. This issue was addressed through improved origin tracking.
CVE-ID
CVE-2013-5131 : Erling A Ellingsen
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "7.0".
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJSOe4/AAoJEPefwLHPlZEwToUP/jUGETRBdUjwN/gMmQAtl6zN
0VUMbnsNH51Lhsr15p9EHYJUL97pajT0N1gdd8Q2l+2NHkQzQLJziXgsO6VFOX7e
GoLNvlbyfoE0Ac9dSm9w7yi2lVf8bjGZKmEH0DAXzZD5s0ThiqPZCjTo8rCODMH2
TyQgkYtcXtrAHYaFe0dceWe3Q0ORu24cuFg0xeqX+7QvzK9mSeJWiN8OtimMzDni
5Dvgn7emHiuI6f3huQ25bEXK4gjN+CGwXg2RhQ7fwm9IeBdLnH1qKrFrrMHIhbrK
ibvud5jLS0ltUH+XnfBkoCkBntOO11vYllti8oIGCgaa5NkVkEOKbHy9uh6riGHT
KXYU/LfM8tt8Ax6iknn4mYC2QYbv7OIyzSfu/scWbeawsJb4OMx71oJrROTArgQG
QthFQvFk7NSe5kQlNz+xQHI5LP/ZSHTKdwT69zPIzjWQBOdcZ+4GQvmMsbKIeZeY
I2oIull2C7XYav8B0o+l4WlyEewNCOHQ8znapZnjCRKT/FF/ueG/WO0J4SEWUbQz
Kf24sZtFtm51QekPS3vc1XHacqJLELD8ugtgYC3hh9vUqkLV3UxpLKvI8uoOPUDt
SCV3qSpaxgBQtJWUZPq0MWVTDJKzX4MEB8e1p4jZAggEzfx9AdT0s7XyGm9H/UsR
GowSVGG+cJtvrngVhy3E
=dNVy
-----END PGP SIGNATURE-----
VAR-201209-0587 | CVE-2011-5169 | SonicWall Viewpoint 'scheduleID' Parameter SQL Injection Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
SQL injection vulnerability in sgms/reports/scheduledreports/configure/scheduleProps.jsp in SonicWall ViewPoint 6.0 SP2 allows remote attackers to execute arbitrary SQL commands via the scheduleID parameter. SonicWall Viewpoint is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Viewpoint 6.0 SP2 is vulnerable; other versions may also be affected. SonicWALL is a full-featured Internet security appliance designed specifically for large networks with ever-growing VPN needs
VAR-201202-0247 | CVE-2012-0751 | Adobe Flash Player of ActiveX Vulnerability in arbitrary code execution in control |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
The ActiveX control in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Adobe Flash Player is prone to an unspecified remote memory-corruption vulnerability.
An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Google Chrome Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA48265
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48265/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48265
RELEASE DATE:
2012-03-05
DISCUSS ADVISORY:
http://secunia.com/advisories/48265/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48265/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48265
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Some vulnerabilities have been reported in Google Chrome, where one
has an unknown impact and others can be exploited by malicious people
to conduct cross-site scripting attacks, bypass certain security
restrictions, and compromise a user's system.
1) A use-after-free error exists within v8 element wrapper handling.
2) A use-after-free error exists within SVG value handling.
3) A buffer overflow exists within the Skia drawing library.
4) A use-after-free error exists within SVG document handling.
5) A use-after-free error exists within SVG use handling.
6) A casting error exists within line box handling.
7) A casting error exists within anonymous block splitting.
8) A use-after-free error exists within multi-column handling.
9) A use-after-free error exists within quote handling.
10) An out-of-bounds read error exists within text handling.
11) A use-after-free error exists within class attribute handling.
12) A use-after-free error exists within table section handling.
13) A use-after-free error exists within flexbox with floats
handling.
14) A use-after-free error exists within SVG animation elements
handling.
For more information:
SA48033
SOLUTION:
Update to version 17.0.963.65.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Chamal de Silva
2, 4, 5, 14) Arthur Gerkis
3) Aki Helin, OUSPG
6, 7, 8, 9, 10, 11, 12, 13) miaubiz
ORIGINAL ADVISORY:
http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
. ----------------------------------------------------------------------
Secunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March
Listen to our Chief Security Specialist, Research Analyst Director, and Director Product Management & Quality Assurance discuss the industry's key topics. Also, visit the Secunia stand #817.
1) An unspecified error in an ActiveX Control can be exploited to
corrupt memory.
2) A type confusion error can be exploited to corrupt memory.
3) An unspecified error related to MP4 parsing can be exploited to
corrupt memory.
4) An unspecified error can be exploited to corrupt memory.
5) An unspecified error can be exploited to bypass certain security
restrictions.
6) An unspecified error can be exploited to bypass certain security
restrictions.
Successful exploitation of the vulnerabilities #1 through #6 may
allow execution of arbitrary code.
7) Certain unspecified input is not properly sanitised before being
returned to the user.
NOTE: This vulnerability is reportedly being actively exploited in
targeted attacks
VAR-201202-0249 | CVE-2012-0753 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted MP4 data. Adobe Flash Player is prone to an unspecified remote memory-corruption vulnerability.
An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2012:0144-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0144.html
Issue date: 2012-02-17
CVE Names: CVE-2012-0752 CVE-2012-0753 CVE-2012-0754
CVE-2012-0755 CVE-2012-0756 CVE-2012-0767
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed on the Adobe security page APSB12-03, listed
in the References section.
Multiple security flaws were found in the way flash-plugin displayed
certain SWF content. An attacker could use these flaws to create a
specially-crafted SWF file that would cause flash-plugin to crash or,
potentially, execute arbitrary code when the victim loaded a page
containing the specially-crafted SWF content. (CVE-2012-0752,
CVE-2012-0753, CVE-2012-0754, CVE-2012-0755, CVE-2012-0756)
A flaw in flash-plugin could allow an attacker to conduct cross-site
scripting (XSS) attacks if a victim were tricked into visiting a
specially-crafted web page.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
5. Bugs fixed (http://bugzilla.redhat.com/):
791034 - CVE-2012-0752 CVE-2012-0753 CVE-2012-0754 CVE-2012-0755 CVE-2012-0756 flash-plugin: multiple code execution flaws (APSB12-03)
791035 - CVE-2012-0767 flash-plugin: universal cross-site scripting flaw (APSB12-03)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-10.3.183.15-1.el5.i386.rpm
x86_64:
flash-plugin-10.3.183.15-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-10.3.183.15-1.el5.i386.rpm
x86_64:
flash-plugin-10.3.183.15-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-10.3.183.15-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.15-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-10.3.183.15-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.15-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-10.3.183.15-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.15-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2012-0752.html
https://www.redhat.com/security/data/cve/CVE-2012-0753.html
https://www.redhat.com/security/data/cve/CVE-2012-0754.html
https://www.redhat.com/security/data/cve/CVE-2012-0755.html
https://www.redhat.com/security/data/cve/CVE-2012-0756.html
https://www.redhat.com/security/data/cve/CVE-2012-0767.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb12-03.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFPPj8uXlSAg2UNWIIRApwYAJ40DTytRRob5RU/qeWrOqIfFF4TywCbBsdq
2hfvaUbJyuTg8og5n/gSdGc=
=7NQZ
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Google Chrome Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA48265
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48265/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48265
RELEASE DATE:
2012-03-05
DISCUSS ADVISORY:
http://secunia.com/advisories/48265/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48265/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48265
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Some vulnerabilities have been reported in Google Chrome, where one
has an unknown impact and others can be exploited by malicious people
to conduct cross-site scripting attacks, bypass certain security
restrictions, and compromise a user's system.
1) A use-after-free error exists within v8 element wrapper handling.
2) A use-after-free error exists within SVG value handling.
3) A buffer overflow exists within the Skia drawing library.
4) A use-after-free error exists within SVG document handling.
5) A use-after-free error exists within SVG use handling.
6) A casting error exists within line box handling.
7) A casting error exists within anonymous block splitting.
8) A use-after-free error exists within multi-column handling.
9) A use-after-free error exists within quote handling.
10) An out-of-bounds read error exists within text handling.
11) A use-after-free error exists within class attribute handling.
12) A use-after-free error exists within table section handling.
13) A use-after-free error exists within flexbox with floats
handling.
14) A use-after-free error exists within SVG animation elements
handling.
For more information:
SA48033
SOLUTION:
Update to version 17.0.963.65.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Chamal de Silva
2, 4, 5, 14) Arthur Gerkis
3) Aki Helin, OUSPG
6, 7, 8, 9, 10, 11, 12, 13) miaubiz
ORIGINAL ADVISORY:
http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Furthermore, a remote attacker may be able to bypass intended access
restrictions, bypass cross-domain policy, inject arbitrary web script,
or obtain sensitive information.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.228"
References
==========
[ 1 ] CVE-2011-2445
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2445
[ 2 ] CVE-2011-2450
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2450
[ 3 ] CVE-2011-2451
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2451
[ 4 ] CVE-2011-2452
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2452
[ 5 ] CVE-2011-2453
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2453
[ 6 ] CVE-2011-2454
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2454
[ 7 ] CVE-2011-2455
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2455
[ 8 ] CVE-2011-2456
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2456
[ 9 ] CVE-2011-2457
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2457
[ 10 ] CVE-2011-2458
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2458
[ 11 ] CVE-2011-2459
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2459
[ 12 ] CVE-2011-2460
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2460
[ 13 ] CVE-2012-0752
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0752
[ 14 ] CVE-2012-0753
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0753
[ 15 ] CVE-2012-0754
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0754
[ 16 ] CVE-2012-0755
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0755
[ 17 ] CVE-2012-0756
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0756
[ 18 ] CVE-2012-0767
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0767
[ 19 ] CVE-2012-0768
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0768
[ 20 ] CVE-2012-0769
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0769
[ 21 ] CVE-2012-0773
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0773
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201204-07.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
Secunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March
Listen to our Chief Security Specialist, Research Analyst Director, and Director Product Management & Quality Assurance discuss the industry's key topics. Also, visit the Secunia stand #817.
1) An unspecified error in an ActiveX Control can be exploited to
corrupt memory.
2) A type confusion error can be exploited to corrupt memory.
3) An unspecified error related to MP4 parsing can be exploited to
corrupt memory.
4) An unspecified error can be exploited to corrupt memory.
5) An unspecified error can be exploited to bypass certain security
restrictions.
6) An unspecified error can be exploited to bypass certain security
restrictions.
Successful exploitation of the vulnerabilities #1 through #6 may
allow execution of arbitrary code.
7) Certain unspecified input is not properly sanitised before being
returned to the user.
NOTE: This vulnerability is reportedly being actively exploited in
targeted attacks. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
conduct cross-site scripting attacks, gain knowledge of potentially
sensitive information, bypass certain security restrictions, and
compromise a user's system
VAR-201202-0248 | CVE-2012-0752 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) by leveraging an unspecified "type confusion.". Adobe Flash Player is prone to an unspecified remote memory-corruption vulnerability.
An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2012:0144-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0144.html
Issue date: 2012-02-17
CVE Names: CVE-2012-0752 CVE-2012-0753 CVE-2012-0754
CVE-2012-0755 CVE-2012-0756 CVE-2012-0767
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed on the Adobe security page APSB12-03, listed
in the References section.
Multiple security flaws were found in the way flash-plugin displayed
certain SWF content. An attacker could use these flaws to create a
specially-crafted SWF file that would cause flash-plugin to crash or,
potentially, execute arbitrary code when the victim loaded a page
containing the specially-crafted SWF content. (CVE-2012-0752,
CVE-2012-0753, CVE-2012-0754, CVE-2012-0755, CVE-2012-0756)
A flaw in flash-plugin could allow an attacker to conduct cross-site
scripting (XSS) attacks if a victim were tricked into visiting a
specially-crafted web page.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
5. Bugs fixed (http://bugzilla.redhat.com/):
791034 - CVE-2012-0752 CVE-2012-0753 CVE-2012-0754 CVE-2012-0755 CVE-2012-0756 flash-plugin: multiple code execution flaws (APSB12-03)
791035 - CVE-2012-0767 flash-plugin: universal cross-site scripting flaw (APSB12-03)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-10.3.183.15-1.el5.i386.rpm
x86_64:
flash-plugin-10.3.183.15-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-10.3.183.15-1.el5.i386.rpm
x86_64:
flash-plugin-10.3.183.15-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-10.3.183.15-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.15-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-10.3.183.15-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.15-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-10.3.183.15-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.15-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2012-0752.html
https://www.redhat.com/security/data/cve/CVE-2012-0753.html
https://www.redhat.com/security/data/cve/CVE-2012-0754.html
https://www.redhat.com/security/data/cve/CVE-2012-0755.html
https://www.redhat.com/security/data/cve/CVE-2012-0756.html
https://www.redhat.com/security/data/cve/CVE-2012-0767.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb12-03.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFPPj8uXlSAg2UNWIIRApwYAJ40DTytRRob5RU/qeWrOqIfFF4TywCbBsdq
2hfvaUbJyuTg8og5n/gSdGc=
=7NQZ
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Google Chrome Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA48265
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48265/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48265
RELEASE DATE:
2012-03-05
DISCUSS ADVISORY:
http://secunia.com/advisories/48265/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48265/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48265
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Some vulnerabilities have been reported in Google Chrome, where one
has an unknown impact and others can be exploited by malicious people
to conduct cross-site scripting attacks, bypass certain security
restrictions, and compromise a user's system.
1) A use-after-free error exists within v8 element wrapper handling.
2) A use-after-free error exists within SVG value handling.
3) A buffer overflow exists within the Skia drawing library.
4) A use-after-free error exists within SVG document handling.
5) A use-after-free error exists within SVG use handling.
6) A casting error exists within line box handling.
7) A casting error exists within anonymous block splitting.
8) A use-after-free error exists within multi-column handling.
9) A use-after-free error exists within quote handling.
10) An out-of-bounds read error exists within text handling.
11) A use-after-free error exists within class attribute handling.
12) A use-after-free error exists within table section handling.
13) A use-after-free error exists within flexbox with floats
handling.
14) A use-after-free error exists within SVG animation elements
handling.
For more information:
SA48033
SOLUTION:
Update to version 17.0.963.65.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Chamal de Silva
2, 4, 5, 14) Arthur Gerkis
3) Aki Helin, OUSPG
6, 7, 8, 9, 10, 11, 12, 13) miaubiz
ORIGINAL ADVISORY:
http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Furthermore, a remote attacker may be able to bypass intended access
restrictions, bypass cross-domain policy, inject arbitrary web script,
or obtain sensitive information.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.228"
References
==========
[ 1 ] CVE-2011-2445
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2445
[ 2 ] CVE-2011-2450
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2450
[ 3 ] CVE-2011-2451
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2451
[ 4 ] CVE-2011-2452
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2452
[ 5 ] CVE-2011-2453
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2453
[ 6 ] CVE-2011-2454
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2454
[ 7 ] CVE-2011-2455
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2455
[ 8 ] CVE-2011-2456
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2456
[ 9 ] CVE-2011-2457
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2457
[ 10 ] CVE-2011-2458
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2458
[ 11 ] CVE-2011-2459
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2459
[ 12 ] CVE-2011-2460
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2460
[ 13 ] CVE-2012-0752
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0752
[ 14 ] CVE-2012-0753
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0753
[ 15 ] CVE-2012-0754
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0754
[ 16 ] CVE-2012-0755
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0755
[ 17 ] CVE-2012-0756
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0756
[ 18 ] CVE-2012-0767
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0767
[ 19 ] CVE-2012-0768
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0768
[ 20 ] CVE-2012-0769
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0769
[ 21 ] CVE-2012-0773
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0773
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201204-07.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
Secunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March
Listen to our Chief Security Specialist, Research Analyst Director, and Director Product Management & Quality Assurance discuss the industry's key topics. Also, visit the Secunia stand #817.
1) An unspecified error in an ActiveX Control can be exploited to
corrupt memory.
2) A type confusion error can be exploited to corrupt memory.
3) An unspecified error related to MP4 parsing can be exploited to
corrupt memory.
4) An unspecified error can be exploited to corrupt memory.
5) An unspecified error can be exploited to bypass certain security
restrictions.
6) An unspecified error can be exploited to bypass certain security
restrictions.
Successful exploitation of the vulnerabilities #1 through #6 may
allow execution of arbitrary code.
7) Certain unspecified input is not properly sanitised before being
returned to the user.
NOTE: This vulnerability is reportedly being actively exploited in
targeted attacks. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
conduct cross-site scripting attacks, gain knowledge of potentially
sensitive information, bypass certain security restrictions, and
compromise a user's system
VAR-201202-0246 | CVE-2012-0755 | Adobe Flash Player Vulnerable to access restrictions |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2012-0756. Adobe Flash Player Contains a vulnerability that prevents access restrictions. This vulnerability CVE-2012-0756 Is a different vulnerability.An attacker may be able to bypass access restrictions.
An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2012:0144-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0144.html
Issue date: 2012-02-17
CVE Names: CVE-2012-0752 CVE-2012-0753 CVE-2012-0754
CVE-2012-0755 CVE-2012-0756 CVE-2012-0767
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. These
vulnerabilities are detailed on the Adobe security page APSB12-03, listed
in the References section.
Multiple security flaws were found in the way flash-plugin displayed
certain SWF content. An attacker could use these flaws to create a
specially-crafted SWF file that would cause flash-plugin to crash or,
potentially, execute arbitrary code when the victim loaded a page
containing the specially-crafted SWF content. (CVE-2012-0752,
CVE-2012-0753, CVE-2012-0754, CVE-2012-0755, CVE-2012-0756)
A flaw in flash-plugin could allow an attacker to conduct cross-site
scripting (XSS) attacks if a victim were tricked into visiting a
specially-crafted web page.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
5. Bugs fixed (http://bugzilla.redhat.com/):
791034 - CVE-2012-0752 CVE-2012-0753 CVE-2012-0754 CVE-2012-0755 CVE-2012-0756 flash-plugin: multiple code execution flaws (APSB12-03)
791035 - CVE-2012-0767 flash-plugin: universal cross-site scripting flaw (APSB12-03)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-10.3.183.15-1.el5.i386.rpm
x86_64:
flash-plugin-10.3.183.15-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-10.3.183.15-1.el5.i386.rpm
x86_64:
flash-plugin-10.3.183.15-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-10.3.183.15-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.15-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-10.3.183.15-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.15-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-10.3.183.15-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.15-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2012-0752.html
https://www.redhat.com/security/data/cve/CVE-2012-0753.html
https://www.redhat.com/security/data/cve/CVE-2012-0754.html
https://www.redhat.com/security/data/cve/CVE-2012-0755.html
https://www.redhat.com/security/data/cve/CVE-2012-0756.html
https://www.redhat.com/security/data/cve/CVE-2012-0767.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb12-03.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFPPj8uXlSAg2UNWIIRApwYAJ40DTytRRob5RU/qeWrOqIfFF4TywCbBsdq
2hfvaUbJyuTg8og5n/gSdGc=
=7NQZ
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Google Chrome Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA48265
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48265/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48265
RELEASE DATE:
2012-03-05
DISCUSS ADVISORY:
http://secunia.com/advisories/48265/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48265/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48265
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Some vulnerabilities have been reported in Google Chrome, where one
has an unknown impact and others can be exploited by malicious people
to conduct cross-site scripting attacks, bypass certain security
restrictions, and compromise a user's system.
1) A use-after-free error exists within v8 element wrapper handling.
2) A use-after-free error exists within SVG value handling.
3) A buffer overflow exists within the Skia drawing library.
4) A use-after-free error exists within SVG document handling.
5) A use-after-free error exists within SVG use handling.
6) A casting error exists within line box handling.
7) A casting error exists within anonymous block splitting.
8) A use-after-free error exists within multi-column handling.
9) A use-after-free error exists within quote handling.
10) An out-of-bounds read error exists within text handling.
11) A use-after-free error exists within class attribute handling.
12) A use-after-free error exists within table section handling.
13) A use-after-free error exists within flexbox with floats
handling.
14) A use-after-free error exists within SVG animation elements
handling.
For more information:
SA48033
SOLUTION:
Update to version 17.0.963.65.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Chamal de Silva
2, 4, 5, 14) Arthur Gerkis
3) Aki Helin, OUSPG
6, 7, 8, 9, 10, 11, 12, 13) miaubiz
ORIGINAL ADVISORY:
http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.228"
References
==========
[ 1 ] CVE-2011-2445
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2445
[ 2 ] CVE-2011-2450
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2450
[ 3 ] CVE-2011-2451
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2451
[ 4 ] CVE-2011-2452
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2452
[ 5 ] CVE-2011-2453
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2453
[ 6 ] CVE-2011-2454
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2454
[ 7 ] CVE-2011-2455
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2455
[ 8 ] CVE-2011-2456
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2456
[ 9 ] CVE-2011-2457
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2457
[ 10 ] CVE-2011-2458
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2458
[ 11 ] CVE-2011-2459
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2459
[ 12 ] CVE-2011-2460
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2460
[ 13 ] CVE-2012-0752
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0752
[ 14 ] CVE-2012-0753
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0753
[ 15 ] CVE-2012-0754
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0754
[ 16 ] CVE-2012-0755
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0755
[ 17 ] CVE-2012-0756
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0756
[ 18 ] CVE-2012-0767
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0767
[ 19 ] CVE-2012-0768
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0768
[ 20 ] CVE-2012-0769
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0769
[ 21 ] CVE-2012-0773
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0773
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201204-07.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
Secunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March
Listen to our Chief Security Specialist, Research Analyst Director, and Director Product Management & Quality Assurance discuss the industry's key topics. Also, visit the Secunia stand #817.
1) An unspecified error in an ActiveX Control can be exploited to
corrupt memory.
2) A type confusion error can be exploited to corrupt memory.
3) An unspecified error related to MP4 parsing can be exploited to
corrupt memory.
4) An unspecified error can be exploited to corrupt memory.
Successful exploitation of the vulnerabilities #1 through #6 may
allow execution of arbitrary code.
7) Certain unspecified input is not properly sanitised before being
returned to the user.
NOTE: This vulnerability is reportedly being actively exploited in
targeted attacks. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
conduct cross-site scripting attacks, gain knowledge of potentially
sensitive information, bypass certain security restrictions, and
compromise a user's system
VAR-201202-0147 | CVE-2011-3446 | Apple Mac OS X CoreText embedded font vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Apple Type Services (ATS) in Apple Mac OS X before 10.7.3 does not properly manage memory for data-font files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font that is accessed by Font Book.
Attackers can exploit this issue by enticing an unsuspecting user to open a malicious font file in the Font Book application.
An attacker could exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
This issue affects Mac OS X 10.6.8, Mac OS X Server 10.6.8, Mac OS X Lion 10.7 to 10.7.2 and
Mac OS X Lion Server 10.7 to 10.7.2. ----------------------------------------------------------------------
SC Magazine awards the Secunia CSI a 5-Star rating
Top-level rating for ease of use, performance, documentation, support, and value for money. Read more and get a free trial here: http://secunia.com/blog/296
----------------------------------------------------------------------
TITLE:
Apple Mac OS X Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA47843
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/47843/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=47843
RELEASE DATE:
2012-02-03
DISCUSS ADVISORY:
http://secunia.com/advisories/47843/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/47843/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47843
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) The Address Book component downgrades to an unencrypted connection
when an encrypted connection fails. This can be exploited to intercept
CardDAV data.
2) An error in the bundled version of Apache can be exploited to
cause a temporary DoS (Denial of Service).
For more information:
SA46013
3) A design error in Apache within the Secure Sockets Layer 3.0 (SSL)
and Transport Layer Security 1.0 (TLS) protocols when using a block
cipher in CBC mode can be exploited to decrypt data protected by
SSL.
5) An error in CFNetwork when handling URLs can be exploited to
disclose sensitive information via a specially crafted web page as a
request could be sent to an incorrect origin server.
6) An error in CFNetwork when handling URLs can be exploited to
disclose sensitive information via a specially crafted web page as
unexpected request headers could be sent.
7) An integer overflow error in ColorSync when handling images with
embedded ColorSync profiles can be exploited to cause a heap-based
buffer overflow via a specially crafted image.
8) An error in CoreAudio when handling AAC encoded audio streams can
be exploited to cause a buffer overflow when playing specially
crafted audio content.
9) An error in CoreMedia when handling H.264 encoded movies can be
exploited to cause a heap-based buffer overflow.
10) A use-after-free error in CoreText when handling documents
containing fonts can be exploited to dereference already freed memory
via a specially crafted font.
11) An error exists in CoreUI when handling long URLs and can be
exploited via a specially crafted website.
12) An error in curl can be exploited by remote servers to
impersonate clients via GSSAPI requests.
For more information:
SA45067
13) Two of the certificate authorities in the list of trusted root
certificates have issued intermediate certificates to DigiCert
Malaysia, who has issued certificates with weak keys that cannot be
revoked.
14) A design error in dovecot within the Secure Sockets Layer 3.0
(SSL) and Transport Layer Security 1.0 (TLS) protocols when using a
block cipher in CBC mode can be exploited to decrypt data protected
by SSL.
15) An error in the uncompress command line tool when decompressing
compressed files can be exploited to cause a buffer overflow.
For more information:
SA45544
16) An error in ImageIO when parsing TIFF images can be exploited to
cause a buffer overflow.
For more information see vulnerability #9:
SA45325
17) An error in ImageIO when handling ThunderScan encoded TIFF images
can be exploited to cause a buffer overflow.
For more information see vulnerability #2:
SA43593:
18) An error exists in the bundled version of libpng.
For more information:
SA46148
19) An error in Internet Sharing may cause the used Wi-Fi
configuration to revert to factory defaults (e.g. disabling the WEP
password) after a system update.
20) An error in Libinfo can be exploited to disclose sensitive
information via a specially crafted website.
For more information see vulnerability #4:
SA46747
21) An integer overflow error in libresolv when parsing DNS resource
records can be exploited to cause a heap-based buffer overflow.
22) An error in libsecurity may cause some EV certificates to be
trusted even when the corresponding root is marked untrusted.
23) Multiple errors in OpenGL when handling GLSL compilation can be
exploited to corrupt memory.
24) Multiple errors exist in the bundled version of PHP.
For more information:
SA44874
SA45678
25) Various errors in FreeType when handling Type 1 fonts can be
exploited to corrupt memory.
For more information:
SA46575
26) An error in QuickTime when parsing MP4 encoded files can be
exploited to access uninitialised memory.
27) A signedness error in QuickTime when handling font tables
embedded in movie files can be exploited to corrupt memory.
28) An off-by-one error in QuickTime when handling rdrf atoms in
movie files can be exploited to cause a single byte buffer overflow.
29) An error in QuickTime when parsing JPEG2000 images can be
exploited to cause a buffer overflow.
30) An error in QuickTime when parsing PNG images can be exploited to
cause a buffer overflow.
31) An error in QuickTime when handling FLC encoded movie files can
be exploited to cause a buffer overflow.
32) Multiple errors exists in the bundled version of SquirrelMail.
For more information:
SA40307
SA45197
33) Various errors exist in the bundled version of Subversion.
For more information:
SA44681
34) Time Machine does not verify that a designated remote AFP volume
or Time Capsule is used for subsequent backups. This can be exploited
to access backups by spoofing the remote volume.
35) Errors exist in the bundled version of Tomcat.
For more information:
SA44981
36) An error in WebDAV Sharing when handling user authentication can
be exploited by local users to gain escalated privileges.
37) An error exists in the bundled version of Webmail.
For more information:
SA45605
SOLUTION:
Update to OS X Lion version 10.7.3 or apply Security Update 2012-001.
PROVIDED AND/OR DISCOVERED BY:
4, 10) Will Dormann, CERT/CC
The vendor also credits:
1) Bernard Desruisseaux, Oracle Corporation
5, 6) Erling Ellingsen, Facebook
7) binaryproof via ZDI
8, 27, 28, 29, 30) Luigi Auriemma via ZDI
9) Scott Stender, iSEC Partners
11) Ben Syverson
19) An anonymous person
21) Ilja van Sprundel, IOActive
22) Alastair Houghton
23) Chris Evans, Google Chrome Security Team and Marc Schoenefeld,
Red Hat Security Response Team
26) Luigi Auriemma via ZDI and pa_kt via ZDI
31) Matt "j00ru" Jurczyk via ZDI
34) Michael Roitzsch, Technische Universit\xe4t Dresden
36) Gordon Davisson, Crywolf
ORIGINAL ADVISORY:
Apple Security Update 2012-001:
http://support.apple.com/kb/HT5130
US-CERT:
http://www.kb.cert.org/vuls/id/403593
http://www.kb.cert.org/vuls/id/410281
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-201202-0150 | CVE-2011-3449 | Apple Mac OS X CoreText embedded font vulnerability |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Use-after-free vulnerability in CoreText in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document.
Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts may cause denial-of-service conditions.
The issue affects Mac OS X and Mac OS X Server versions prior to 10.7.3.
NOTE: This issue was previously discussed in BID 51798 (Apple Mac OS X Prior to 10.7.3 Multiple Security Vulnerabilities) but has been given its own record to better document it. ----------------------------------------------------------------------
SC Magazine awards the Secunia CSI a 5-Star rating
Top-level rating for ease of use, performance, documentation, support, and value for money. Read more and get a free trial here: http://secunia.com/blog/296
----------------------------------------------------------------------
TITLE:
Apple Mac OS X Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA47843
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/47843/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=47843
RELEASE DATE:
2012-02-03
DISCUSS ADVISORY:
http://secunia.com/advisories/47843/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/47843/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47843
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
1) The Address Book component downgrades to an unencrypted connection
when an encrypted connection fails. This can be exploited to intercept
CardDAV data.
2) An error in the bundled version of Apache can be exploited to
cause a temporary DoS (Denial of Service).
For more information:
SA46013
3) A design error in Apache within the Secure Sockets Layer 3.0 (SSL)
and Transport Layer Security 1.0 (TLS) protocols when using a block
cipher in CBC mode can be exploited to decrypt data protected by
SSL.
4) An error in ATS when handling data-font files can be exploited to
corrupt memory via a specially crafted font opened by Font Book.
5) An error in CFNetwork when handling URLs can be exploited to
disclose sensitive information via a specially crafted web page as a
request could be sent to an incorrect origin server.
6) An error in CFNetwork when handling URLs can be exploited to
disclose sensitive information via a specially crafted web page as
unexpected request headers could be sent.
7) An integer overflow error in ColorSync when handling images with
embedded ColorSync profiles can be exploited to cause a heap-based
buffer overflow via a specially crafted image.
8) An error in CoreAudio when handling AAC encoded audio streams can
be exploited to cause a buffer overflow when playing specially
crafted audio content.
9) An error in CoreMedia when handling H.264 encoded movies can be
exploited to cause a heap-based buffer overflow.
10) A use-after-free error in CoreText when handling documents
containing fonts can be exploited to dereference already freed memory
via a specially crafted font.
11) An error exists in CoreUI when handling long URLs and can be
exploited via a specially crafted website.
12) An error in curl can be exploited by remote servers to
impersonate clients via GSSAPI requests.
For more information:
SA45067
13) Two of the certificate authorities in the list of trusted root
certificates have issued intermediate certificates to DigiCert
Malaysia, who has issued certificates with weak keys that cannot be
revoked.
14) A design error in dovecot within the Secure Sockets Layer 3.0
(SSL) and Transport Layer Security 1.0 (TLS) protocols when using a
block cipher in CBC mode can be exploited to decrypt data protected
by SSL.
15) An error in the uncompress command line tool when decompressing
compressed files can be exploited to cause a buffer overflow.
For more information:
SA45544
16) An error in ImageIO when parsing TIFF images can be exploited to
cause a buffer overflow.
For more information see vulnerability #9:
SA45325
17) An error in ImageIO when handling ThunderScan encoded TIFF images
can be exploited to cause a buffer overflow.
For more information see vulnerability #2:
SA43593:
18) An error exists in the bundled version of libpng.
For more information:
SA46148
19) An error in Internet Sharing may cause the used Wi-Fi
configuration to revert to factory defaults (e.g. disabling the WEP
password) after a system update.
20) An error in Libinfo can be exploited to disclose sensitive
information via a specially crafted website.
For more information see vulnerability #4:
SA46747
21) An integer overflow error in libresolv when parsing DNS resource
records can be exploited to cause a heap-based buffer overflow.
22) An error in libsecurity may cause some EV certificates to be
trusted even when the corresponding root is marked untrusted.
23) Multiple errors in OpenGL when handling GLSL compilation can be
exploited to corrupt memory.
24) Multiple errors exist in the bundled version of PHP.
For more information:
SA44874
SA45678
25) Various errors in FreeType when handling Type 1 fonts can be
exploited to corrupt memory.
For more information:
SA46575
26) An error in QuickTime when parsing MP4 encoded files can be
exploited to access uninitialised memory.
27) A signedness error in QuickTime when handling font tables
embedded in movie files can be exploited to corrupt memory.
28) An off-by-one error in QuickTime when handling rdrf atoms in
movie files can be exploited to cause a single byte buffer overflow.
29) An error in QuickTime when parsing JPEG2000 images can be
exploited to cause a buffer overflow.
30) An error in QuickTime when parsing PNG images can be exploited to
cause a buffer overflow.
31) An error in QuickTime when handling FLC encoded movie files can
be exploited to cause a buffer overflow.
32) Multiple errors exists in the bundled version of SquirrelMail.
For more information:
SA40307
SA45197
33) Various errors exist in the bundled version of Subversion.
For more information:
SA44681
34) Time Machine does not verify that a designated remote AFP volume
or Time Capsule is used for subsequent backups. This can be exploited
to access backups by spoofing the remote volume.
35) Errors exist in the bundled version of Tomcat.
For more information:
SA44981
36) An error in WebDAV Sharing when handling user authentication can
be exploited by local users to gain escalated privileges.
37) An error exists in the bundled version of Webmail.
For more information:
SA45605
SOLUTION:
Update to OS X Lion version 10.7.3 or apply Security Update 2012-001.
PROVIDED AND/OR DISCOVERED BY:
4, 10) Will Dormann, CERT/CC
The vendor also credits:
1) Bernard Desruisseaux, Oracle Corporation
5, 6) Erling Ellingsen, Facebook
7) binaryproof via ZDI
8, 27, 28, 29, 30) Luigi Auriemma via ZDI
9) Scott Stender, iSEC Partners
11) Ben Syverson
19) An anonymous person
21) Ilja van Sprundel, IOActive
22) Alastair Houghton
23) Chris Evans, Google Chrome Security Team and Marc Schoenefeld,
Red Hat Security Response Team
26) Luigi Auriemma via ZDI and pa_kt via ZDI
31) Matt "j00ru" Jurczyk via ZDI
34) Michael Roitzsch, Technische Universit\xe4t Dresden
36) Gordon Davisson, Crywolf
ORIGINAL ADVISORY:
Apple Security Update 2012-001:
http://support.apple.com/kb/HT5130
US-CERT:
http://www.kb.cert.org/vuls/id/403593
http://www.kb.cert.org/vuls/id/410281
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-201202-0245 | CVE-2012-0754 | Adobe Flash Player Vulnerable to arbitrary code execution |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of MP4 files. A size value is read from MP4 files and used for size calculation without proper validation. The arithmetic performed on the size value can cause integer overflows, resulting in undersized allocations. This undersized memory allocation can be subsequently overpopulated with data supplied by the input file which can be used to gain remote code execution under the context of the current process. If this function is called with id '2200' it will write a 0x01 byte to a user supplied address. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2012:0144-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0144.html
Issue date: 2012-02-17
CVE Names: CVE-2012-0752 CVE-2012-0753 CVE-2012-0754
CVE-2012-0755 CVE-2012-0756 CVE-2012-0767
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. These
vulnerabilities are detailed on the Adobe security page APSB12-03, listed
in the References section.
Multiple security flaws were found in the way flash-plugin displayed
certain SWF content. An attacker could use these flaws to create a
specially-crafted SWF file that would cause flash-plugin to crash or,
potentially, execute arbitrary code when the victim loaded a page
containing the specially-crafted SWF content. (CVE-2012-0752,
CVE-2012-0753, CVE-2012-0754, CVE-2012-0755, CVE-2012-0756)
A flaw in flash-plugin could allow an attacker to conduct cross-site
scripting (XSS) attacks if a victim were tricked into visiting a
specially-crafted web page.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
5. Bugs fixed (http://bugzilla.redhat.com/):
791034 - CVE-2012-0752 CVE-2012-0753 CVE-2012-0754 CVE-2012-0755 CVE-2012-0756 flash-plugin: multiple code execution flaws (APSB12-03)
791035 - CVE-2012-0767 flash-plugin: universal cross-site scripting flaw (APSB12-03)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-10.3.183.15-1.el5.i386.rpm
x86_64:
flash-plugin-10.3.183.15-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-10.3.183.15-1.el5.i386.rpm
x86_64:
flash-plugin-10.3.183.15-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-10.3.183.15-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.15-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-10.3.183.15-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.15-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-10.3.183.15-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.15-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2012-0752.html
https://www.redhat.com/security/data/cve/CVE-2012-0753.html
https://www.redhat.com/security/data/cve/CVE-2012-0754.html
https://www.redhat.com/security/data/cve/CVE-2012-0755.html
https://www.redhat.com/security/data/cve/CVE-2012-0756.html
https://www.redhat.com/security/data/cve/CVE-2012-0767.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb12-03.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFPPj8uXlSAg2UNWIIRApwYAJ40DTytRRob5RU/qeWrOqIfFF4TywCbBsdq
2hfvaUbJyuTg8og5n/gSdGc=
=7NQZ
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ZDI-12-080 : Adobe Flash Player MP4 Stream Decoding Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-12-080
June 6, 2012
- -- CVE ID:
CVE-2012-0754
- -- CVSS:
7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P
- -- Affected Vendors:
Adobe
- -- Affected Products:
Adobe Flash Player
- -- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 12273. More details can
be found at:
http://www.adobe.com/support/security/bulletins/apsb12-03.html
- -- Disclosure Timeline:
2012-01-12 - Vulnerability reported to vendor
2012-06-06 - Coordinated public release of advisory
- -- Credit:
This vulnerability was discovered by:
* Alexander Gavrun
- -- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Furthermore, a remote attacker may be able to bypass intended access
restrictions, bypass cross-domain policy, inject arbitrary web script,
or obtain sensitive information.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.228"
References
==========
[ 1 ] CVE-2011-2445
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2445
[ 2 ] CVE-2011-2450
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2450
[ 3 ] CVE-2011-2451
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2451
[ 4 ] CVE-2011-2452
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2452
[ 5 ] CVE-2011-2453
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2453
[ 6 ] CVE-2011-2454
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2454
[ 7 ] CVE-2011-2455
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2455
[ 8 ] CVE-2011-2456
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2456
[ 9 ] CVE-2011-2457
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2457
[ 10 ] CVE-2011-2458
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2458
[ 11 ] CVE-2011-2459
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2459
[ 12 ] CVE-2011-2460
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2460
[ 13 ] CVE-2012-0752
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0752
[ 14 ] CVE-2012-0753
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0753
[ 15 ] CVE-2012-0754
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0754
[ 16 ] CVE-2012-0755
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0755
[ 17 ] CVE-2012-0756
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0756
[ 18 ] CVE-2012-0767
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0767
[ 19 ] CVE-2012-0768
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0768
[ 20 ] CVE-2012-0769
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0769
[ 21 ] CVE-2012-0773
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0773
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201204-07.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
Secunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March
Listen to our Chief Security Specialist, Research Analyst Director, and Director Product Management & Quality Assurance discuss the industry's key topics. Also, visit the Secunia stand #817. Find out more: http://www.rsaconference.com/events/2012/usa/index.htm
----------------------------------------------------------------------
TITLE:
Adobe Flash Player Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA48033
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48033/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48033
RELEASE DATE:
2012-02-16
DISCUSS ADVISORY:
http://secunia.com/advisories/48033/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48033/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48033
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Adobe Flash Player,
which can be exploited by malicious people to conduct cross-site
scripting attacks, bypass certain security restrictions, and
compromise a user's system.
1) An unspecified error in an ActiveX Control can be exploited to
corrupt memory.
2) A type confusion error can be exploited to corrupt memory.
3) An unspecified error related to MP4 parsing can be exploited to
corrupt memory.
4) An unspecified error can be exploited to corrupt memory.
5) An unspecified error can be exploited to bypass certain security
restrictions.
6) An unspecified error can be exploited to bypass certain security
restrictions.
Successful exploitation of the vulnerabilities #1 through #6 may
allow execution of arbitrary code.
7) Certain unspecified input is not properly sanitised before being
returned to the user.
NOTE: This vulnerability is reportedly being actively exploited in
targeted attacks.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
6) Reported by the vendor
7) Reported as a 0-day. The vendor additionally credits Google
The vendor also credits:
1) Xu Liu, Fortinet's FortiGuard Labs
2) Bo Qu, Palo Alto Networks
3, 4) Alexander Gavrun via ZDI
5) Eduardo Vela Nava, Google Security Team
ORIGINAL ADVISORY:
http://www.adobe.com/support/security/bulletins/apsb12-03.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-201202-0241 | CVE-2012-0756 | Adobe Flash Player Vulnerable to access restrictions |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2012-0755. Adobe Flash Player Contains a vulnerability that prevents access restrictions. This vulnerability CVE-2012-0755 Is a different vulnerability.An attacker may be able to bypass access restrictions.
An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2012:0144-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0144.html
Issue date: 2012-02-17
CVE Names: CVE-2012-0752 CVE-2012-0753 CVE-2012-0754
CVE-2012-0755 CVE-2012-0756 CVE-2012-0767
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. These
vulnerabilities are detailed on the Adobe security page APSB12-03, listed
in the References section.
Multiple security flaws were found in the way flash-plugin displayed
certain SWF content. An attacker could use these flaws to create a
specially-crafted SWF file that would cause flash-plugin to crash or,
potentially, execute arbitrary code when the victim loaded a page
containing the specially-crafted SWF content. (CVE-2012-0752,
CVE-2012-0753, CVE-2012-0754, CVE-2012-0755, CVE-2012-0756)
A flaw in flash-plugin could allow an attacker to conduct cross-site
scripting (XSS) attacks if a victim were tricked into visiting a
specially-crafted web page.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
5. Bugs fixed (http://bugzilla.redhat.com/):
791034 - CVE-2012-0752 CVE-2012-0753 CVE-2012-0754 CVE-2012-0755 CVE-2012-0756 flash-plugin: multiple code execution flaws (APSB12-03)
791035 - CVE-2012-0767 flash-plugin: universal cross-site scripting flaw (APSB12-03)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-10.3.183.15-1.el5.i386.rpm
x86_64:
flash-plugin-10.3.183.15-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-10.3.183.15-1.el5.i386.rpm
x86_64:
flash-plugin-10.3.183.15-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-10.3.183.15-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.15-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-10.3.183.15-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.15-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-10.3.183.15-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.15-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2012-0752.html
https://www.redhat.com/security/data/cve/CVE-2012-0753.html
https://www.redhat.com/security/data/cve/CVE-2012-0754.html
https://www.redhat.com/security/data/cve/CVE-2012-0755.html
https://www.redhat.com/security/data/cve/CVE-2012-0756.html
https://www.redhat.com/security/data/cve/CVE-2012-0767.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb12-03.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFPPj8uXlSAg2UNWIIRApwYAJ40DTytRRob5RU/qeWrOqIfFF4TywCbBsdq
2hfvaUbJyuTg8og5n/gSdGc=
=7NQZ
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Google Chrome Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA48265
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48265/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48265
RELEASE DATE:
2012-03-05
DISCUSS ADVISORY:
http://secunia.com/advisories/48265/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48265/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48265
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Some vulnerabilities have been reported in Google Chrome, where one
has an unknown impact and others can be exploited by malicious people
to conduct cross-site scripting attacks, bypass certain security
restrictions, and compromise a user's system.
1) A use-after-free error exists within v8 element wrapper handling.
2) A use-after-free error exists within SVG value handling.
3) A buffer overflow exists within the Skia drawing library.
4) A use-after-free error exists within SVG document handling.
5) A use-after-free error exists within SVG use handling.
6) A casting error exists within line box handling.
7) A casting error exists within anonymous block splitting.
8) A use-after-free error exists within multi-column handling.
9) A use-after-free error exists within quote handling.
10) An out-of-bounds read error exists within text handling.
11) A use-after-free error exists within class attribute handling.
12) A use-after-free error exists within table section handling.
13) A use-after-free error exists within flexbox with floats
handling.
14) A use-after-free error exists within SVG animation elements
handling.
For more information:
SA48033
SOLUTION:
Update to version 17.0.963.65.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Chamal de Silva
2, 4, 5, 14) Arthur Gerkis
3) Aki Helin, OUSPG
6, 7, 8, 9, 10, 11, 12, 13) miaubiz
ORIGINAL ADVISORY:
http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.228"
References
==========
[ 1 ] CVE-2011-2445
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2445
[ 2 ] CVE-2011-2450
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2450
[ 3 ] CVE-2011-2451
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2451
[ 4 ] CVE-2011-2452
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2452
[ 5 ] CVE-2011-2453
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2453
[ 6 ] CVE-2011-2454
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2454
[ 7 ] CVE-2011-2455
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2455
[ 8 ] CVE-2011-2456
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2456
[ 9 ] CVE-2011-2457
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2457
[ 10 ] CVE-2011-2458
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2458
[ 11 ] CVE-2011-2459
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2459
[ 12 ] CVE-2011-2460
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2460
[ 13 ] CVE-2012-0752
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0752
[ 14 ] CVE-2012-0753
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0753
[ 15 ] CVE-2012-0754
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0754
[ 16 ] CVE-2012-0755
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0755
[ 17 ] CVE-2012-0756
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0756
[ 18 ] CVE-2012-0767
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0767
[ 19 ] CVE-2012-0768
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0768
[ 20 ] CVE-2012-0769
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0769
[ 21 ] CVE-2012-0773
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0773
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201204-07.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
Secunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March
Listen to our Chief Security Specialist, Research Analyst Director, and Director Product Management & Quality Assurance discuss the industry's key topics. Also, visit the Secunia stand #817.
1) An unspecified error in an ActiveX Control can be exploited to
corrupt memory.
2) A type confusion error can be exploited to corrupt memory.
3) An unspecified error related to MP4 parsing can be exploited to
corrupt memory.
4) An unspecified error can be exploited to corrupt memory.
Successful exploitation of the vulnerabilities #1 through #6 may
allow execution of arbitrary code.
7) Certain unspecified input is not properly sanitised before being
returned to the user.
NOTE: This vulnerability is reportedly being actively exploited in
targeted attacks. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
conduct cross-site scripting attacks, gain knowledge of potentially
sensitive information, bypass certain security restrictions, and
compromise a user's system
VAR-201202-0174 | CVE-2012-0767 | Adobe Flash Player Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)," as exploited in the wild in February 2012. Adobe Flash Player Contains a cross-site scripting vulnerability.By any third party Web Script or HTML May be inserted.
An attacker could exploit this vulnerability to execute arbitrary script code in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The product enables viewing of applications, content and video across screens and browsers. Remote attackers can use this vulnerability to inject arbitrary web scripts or HTML with unknown vectors, also known as \"Universal XSS (UXSS)\". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2012:0144-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0144.html
Issue date: 2012-02-17
CVE Names: CVE-2012-0752 CVE-2012-0753 CVE-2012-0754
CVE-2012-0755 CVE-2012-0756 CVE-2012-0767
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3.
This update fixes multiple vulnerabilities in Adobe Flash Player. These
vulnerabilities are detailed on the Adobe security page APSB12-03, listed
in the References section.
Multiple security flaws were found in the way flash-plugin displayed
certain SWF content. An attacker could use these flaws to create a
specially-crafted SWF file that would cause flash-plugin to crash or,
potentially, execute arbitrary code when the victim loaded a page
containing the specially-crafted SWF content. (CVE-2012-0752,
CVE-2012-0753, CVE-2012-0754, CVE-2012-0755, CVE-2012-0756)
A flaw in flash-plugin could allow an attacker to conduct cross-site
scripting (XSS) attacks if a victim were tricked into visiting a
specially-crafted web page. (CVE-2012-0767)
All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 10.3.183.15.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
5. Bugs fixed (http://bugzilla.redhat.com/):
791034 - CVE-2012-0752 CVE-2012-0753 CVE-2012-0754 CVE-2012-0755 CVE-2012-0756 flash-plugin: multiple code execution flaws (APSB12-03)
791035 - CVE-2012-0767 flash-plugin: universal cross-site scripting flaw (APSB12-03)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
flash-plugin-10.3.183.15-1.el5.i386.rpm
x86_64:
flash-plugin-10.3.183.15-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
flash-plugin-10.3.183.15-1.el5.i386.rpm
x86_64:
flash-plugin-10.3.183.15-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-10.3.183.15-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.15-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-10.3.183.15-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.15-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-10.3.183.15-1.el6.i686.rpm
x86_64:
flash-plugin-10.3.183.15-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2012-0752.html
https://www.redhat.com/security/data/cve/CVE-2012-0753.html
https://www.redhat.com/security/data/cve/CVE-2012-0754.html
https://www.redhat.com/security/data/cve/CVE-2012-0755.html
https://www.redhat.com/security/data/cve/CVE-2012-0756.html
https://www.redhat.com/security/data/cve/CVE-2012-0767.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb12-03.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFPPj8uXlSAg2UNWIIRApwYAJ40DTytRRob5RU/qeWrOqIfFF4TywCbBsdq
2hfvaUbJyuTg8og5n/gSdGc=
=7NQZ
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester!
Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface.
Download it here!
http://secunia.com/psi_30_beta_launch
----------------------------------------------------------------------
TITLE:
Google Chrome Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA48265
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/48265/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=48265
RELEASE DATE:
2012-03-05
DISCUSS ADVISORY:
http://secunia.com/advisories/48265/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/48265/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48265
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Some vulnerabilities have been reported in Google Chrome, where one
has an unknown impact and others can be exploited by malicious people
to conduct cross-site scripting attacks, bypass certain security
restrictions, and compromise a user's system.
1) A use-after-free error exists within v8 element wrapper handling.
2) A use-after-free error exists within SVG value handling.
3) A buffer overflow exists within the Skia drawing library.
4) A use-after-free error exists within SVG document handling.
5) A use-after-free error exists within SVG use handling.
6) A casting error exists within line box handling.
7) A casting error exists within anonymous block splitting.
8) A use-after-free error exists within multi-column handling.
9) A use-after-free error exists within quote handling.
10) An out-of-bounds read error exists within text handling.
11) A use-after-free error exists within class attribute handling.
12) A use-after-free error exists within table section handling.
13) A use-after-free error exists within flexbox with floats
handling.
14) A use-after-free error exists within SVG animation elements
handling.
For more information:
SA48033
SOLUTION:
Update to version 17.0.963.65.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Chamal de Silva
2, 4, 5, 14) Arthur Gerkis
3) Aki Helin, OUSPG
6, 7, 8, 9, 10, 11, 12, 13) miaubiz
ORIGINAL ADVISORY:
http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites.
Please review the CVE identifiers referenced below for details.
Furthermore, a remote attacker may be able to bypass intended access
restrictions, bypass cross-domain policy, inject arbitrary web script,
or obtain sensitive information.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.228"
References
==========
[ 1 ] CVE-2011-2445
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2445
[ 2 ] CVE-2011-2450
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2450
[ 3 ] CVE-2011-2451
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2451
[ 4 ] CVE-2011-2452
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2452
[ 5 ] CVE-2011-2453
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2453
[ 6 ] CVE-2011-2454
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2454
[ 7 ] CVE-2011-2455
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2455
[ 8 ] CVE-2011-2456
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2456
[ 9 ] CVE-2011-2457
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2457
[ 10 ] CVE-2011-2458
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2458
[ 11 ] CVE-2011-2459
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2459
[ 12 ] CVE-2011-2460
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2460
[ 13 ] CVE-2012-0752
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0752
[ 14 ] CVE-2012-0753
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0753
[ 15 ] CVE-2012-0754
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0754
[ 16 ] CVE-2012-0755
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0755
[ 17 ] CVE-2012-0756
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0756
[ 18 ] CVE-2012-0767
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0767
[ 19 ] CVE-2012-0768
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0768
[ 20 ] CVE-2012-0769
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0769
[ 21 ] CVE-2012-0773
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0773
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201204-07.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
Secunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March
Listen to our Chief Security Specialist, Research Analyst Director, and Director Product Management & Quality Assurance discuss the industry's key topics. Also, visit the Secunia stand #817.
1) An unspecified error in an ActiveX Control can be exploited to
corrupt memory.
2) A type confusion error can be exploited to corrupt memory.
3) An unspecified error related to MP4 parsing can be exploited to
corrupt memory.
4) An unspecified error can be exploited to corrupt memory.
5) An unspecified error can be exploited to bypass certain security
restrictions.
6) An unspecified error can be exploited to bypass certain security
restrictions.
Successful exploitation of the vulnerabilities #1 through #6 may
allow execution of arbitrary code.
7) Certain unspecified input is not properly sanitised before being
returned to the user.
NOTE: This vulnerability is reportedly being actively exploited in
targeted attacks. This fixes multiple
vulnerabilities, which can be exploited by malicious people to
conduct cross-site scripting attacks, gain knowledge of potentially
sensitive information, bypass certain security restrictions, and
compromise a user's system
VAR-201112-0167 | CVE-2011-2462 | Adobe Acrobat and Reader U3D memory corruption vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011. ( Memory corruption ) A state vulnerability exists.Arbitrary code execution or denial of service by a third party ( Memory corruption ) It may be in a state. Adobe Acrobat and Reader are prone to a remote memory corruption vulnerability.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. Acrobat is a series of products aimed at enterprises, technicians and creative professionals launched in 1993, making the transmission and collaboration of intelligent documents more flexible, reliable and secure. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: acroread security update
Advisory ID: RHSA-2012:0011-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0011.html
Issue date: 2012-01-10
CVE Names: CVE-2011-2462 CVE-2011-4369
=====================================================================
1. Summary:
Updated acroread packages that fix two security issues are now available
for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 and 6
Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section. Relevant releases/architectures:
Red Hat Desktop version 4 Extras - i386, x86_64
Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
Adobe Reader allows users to view and print documents in Portable Document
Format (PDF). These flaws are
detailed on the Adobe security page APSB11-30, listed in the References
section. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259
5. Package List:
Red Hat Enterprise Linux AS version 4 Extras:
i386:
acroread-9.4.7-1.el4.i386.rpm
acroread-plugin-9.4.7-1.el4.i386.rpm
x86_64:
acroread-9.4.7-1.el4.i386.rpm
Red Hat Desktop version 4 Extras:
i386:
acroread-9.4.7-1.el4.i386.rpm
acroread-plugin-9.4.7-1.el4.i386.rpm
x86_64:
acroread-9.4.7-1.el4.i386.rpm
Red Hat Enterprise Linux ES version 4 Extras:
i386:
acroread-9.4.7-1.el4.i386.rpm
acroread-plugin-9.4.7-1.el4.i386.rpm
x86_64:
acroread-9.4.7-1.el4.i386.rpm
Red Hat Enterprise Linux WS version 4 Extras:
i386:
acroread-9.4.7-1.el4.i386.rpm
acroread-plugin-9.4.7-1.el4.i386.rpm
x86_64:
acroread-9.4.7-1.el4.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
acroread-9.4.7-1.el5.i386.rpm
acroread-plugin-9.4.7-1.el5.i386.rpm
x86_64:
acroread-9.4.7-1.el5.i386.rpm
acroread-plugin-9.4.7-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
acroread-9.4.7-1.el5.i386.rpm
acroread-plugin-9.4.7-1.el5.i386.rpm
x86_64:
acroread-9.4.7-1.el5.i386.rpm
acroread-plugin-9.4.7-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
acroread-9.4.7-1.el6.i686.rpm
acroread-plugin-9.4.7-1.el6.i686.rpm
x86_64:
acroread-9.4.7-1.el6.i686.rpm
acroread-plugin-9.4.7-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
acroread-9.4.7-1.el6.i686.rpm
acroread-plugin-9.4.7-1.el6.i686.rpm
x86_64:
acroread-9.4.7-1.el6.i686.rpm
acroread-plugin-9.4.7-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
acroread-9.4.7-1.el6.i686.rpm
acroread-plugin-9.4.7-1.el6.i686.rpm
x86_64:
acroread-9.4.7-1.el6.i686.rpm
acroread-plugin-9.4.7-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2011-2462.html
https://www.redhat.com/security/data/cve/CVE-2011-4369.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb11-30.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc. Please
review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/acroread-9.4.7"
References
==========
[ 1 ] CVE-2010-4091
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4091
[ 2 ] CVE-2011-0562
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0562
[ 3 ] CVE-2011-0563
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0563
[ 4 ] CVE-2011-0565
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0565
[ 5 ] CVE-2011-0566
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0566
[ 6 ] CVE-2011-0567
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0567
[ 7 ] CVE-2011-0570
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0570
[ 8 ] CVE-2011-0585
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0585
[ 9 ] CVE-2011-0586
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0586
[ 10 ] CVE-2011-0587
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0587
[ 11 ] CVE-2011-0588
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0588
[ 12 ] CVE-2011-0589
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589
[ 13 ] CVE-2011-0590
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0590
[ 14 ] CVE-2011-0591
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0591
[ 15 ] CVE-2011-0592
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0592
[ 16 ] CVE-2011-0593
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0593
[ 17 ] CVE-2011-0594
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0594
[ 18 ] CVE-2011-0595
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0595
[ 19 ] CVE-2011-0596
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0596
[ 20 ] CVE-2011-0598
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0598
[ 21 ] CVE-2011-0599
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0599
[ 22 ] CVE-2011-0600
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0600
[ 23 ] CVE-2011-0602
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0602
[ 24 ] CVE-2011-0603
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0603
[ 25 ] CVE-2011-0604
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0604
[ 26 ] CVE-2011-0605
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0605
[ 27 ] CVE-2011-0606
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0606
[ 28 ] CVE-2011-2130
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130
[ 29 ] CVE-2011-2134
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134
[ 30 ] CVE-2011-2135
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135
[ 31 ] CVE-2011-2136
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136
[ 32 ] CVE-2011-2137
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137
[ 33 ] CVE-2011-2138
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138
[ 34 ] CVE-2011-2139
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139
[ 35 ] CVE-2011-2140
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140
[ 36 ] CVE-2011-2414
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414
[ 37 ] CVE-2011-2415
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415
[ 38 ] CVE-2011-2416
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416
[ 39 ] CVE-2011-2417
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417
[ 40 ] CVE-2011-2424
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424
[ 41 ] CVE-2011-2425
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425
[ 42 ] CVE-2011-2431
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2431
[ 43 ] CVE-2011-2432
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2432
[ 44 ] CVE-2011-2433
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2433
[ 45 ] CVE-2011-2434
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2434
[ 46 ] CVE-2011-2435
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2435
[ 47 ] CVE-2011-2436
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2436
[ 48 ] CVE-2011-2437
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2437
[ 49 ] CVE-2011-2438
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2438
[ 50 ] CVE-2011-2439
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2439
[ 51 ] CVE-2011-2440
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2440
[ 52 ] CVE-2011-2441
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2441
[ 53 ] CVE-2011-2442
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2442
[ 54 ] CVE-2011-2462
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2462
[ 55 ] CVE-2011-4369
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4369
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201201-19.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
I. Description
Adobe Security Bulletin APSB11-30 and Adobe Security Advisory
APSA11-04 describe a number of vulnerabilities affecting Adobe
Reader and Acrobat. These vulnerabilities affect Reader and Acrobat
9.4.6 and earlier 9.x versions. These vulnerabilities also affect
Reader X and Acrobat X 10.1.1 and earlier 10.x versions.
An attacker could exploit these vulnerabilities by convincing a
user to open a specially crafted PDF file. The Adobe Reader browser
plug-in, which can automatically open PDF documents hosted on a
website, is available for multiple web browsers and operating
systems.
Adobe Reader X and Adobe Acrobat X will be patched in the next
quarterly update scheduled for January 10, 2012.
II. Impact
These vulnerabilities could allow a remote attacker to execute
arbitrary code, write arbitrary files or folders to the file
system, escalate local privileges, or cause a denial of service on
an affected system as the result of a user opening a malicious PDF
file.
III. Solution
Update Reader
Adobe has released updates to address this issue. Users are
encouraged to read Adobe Security Bulletin APSB11-30 and update
vulnerable versions of Adobe Reader and Acrobat.
In addition to updating, please consider the following mitigations.
Disable Flash in Adobe Reader and Acrobat
Disabling Flash in Adobe Reader will mitigate attacks that rely on
Flash content embedded in a PDF file. Disabling 3D & Multimedia
support does not directly address the vulnerability, but it does
provide additional mitigation and results in a more user-friendly
error message instead of a crash. To disable Flash and 3D &
Multimedia support in Adobe Reader 9, delete, rename, or remove
access to these files:
Microsoft Windows
"%ProgramFiles%\Adobe\Reader 9.0\Reader\authplay.dll"
"%ProgramFiles%\Adobe\Reader 9.0\Reader\rt3d.dll"
Apple Mac OS X
"/Applications/Adobe Reader 9/Adobe
Reader.app/Contents/Frameworks/AuthPlayLib.bundle"
"/Applications/Adobe Reader 9/Adobe
Reader.app/Contents/Frameworks/Adobe3D.framework"
GNU/Linux (locations may vary among distributions)
"/opt/Adobe/Reader9/Reader/intellinux/lib/libauthplay.so"
"/opt/Adobe/Reader9/Reader/intellinux/lib/librt3d.so"
File locations may be different for Adobe Acrobat or other Adobe
products that include Flash and 3D & Multimedia support. Disabling
these plugins will reduce functionality and will not protect
against Flash content that is hosted on websites. Depending on the
update schedule for products other than Flash Player, consider
leaving Flash and 3D & Multimedia support disabled unless they are
absolutely required. Acrobat JavaScript can be disabled using the
Preferences menu (Edit -> Preferences -> JavaScript; uncheck Enable
Acrobat JavaScript).
Adobe provides a framework to blacklist specific JavaScipt APIs. If
JavaScript must be enabled, this framework may be useful when
specific APIs are known to be vulnerable or used in attacks.
Prevent Internet Explorer from automatically opening PDF files
The installer for Adobe Reader and Acrobat configures Internet
Explorer to automatically open PDF files without any user
interaction. This behavior can be reverted to a safer option that
prompts the user by importing the following as a .REG file:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\AcroExch.Document.7]
"EditFlags"=hex:00,00,00,00
Disable the display of PDF files in the web browser
Preventing PDF files from opening inside a web browser will
partially mitigate this vulnerability. If this workaround is
applied, it may also mitigate future vulnerabilities.
To prevent PDF files from automatically being opened in a web
browser, do the following:
1.
2. Open the Edit menu.
3. Choose the Preferences option.
4. Choose the Internet section.
5. Uncheck the "Display PDF in browser" checkbox. PDF documents that use the PRC format
for 3D content will continue to function on Windows and Linux
platforms.
To disable U3D support in Adobe Reader 9 on Microsoft Windows,
delete or rename this file:
"%ProgramFiles%\Adobe\Reader 9.0\Reader\plug_ins3d\3difr.x3d"
For Apple Mac OS X, delete or rename this directory:
"/Applications/Adobe Reader 9/Adobe
Reader.app/Contents/Frameworks/Adobe3D.framework"
For GNU/Linux, delete or rename this file (locations may vary among
distributions):
"/opt/Adobe/Reader9/Reader/intellinux/plug_ins3d/3difr.x3d"
File locations may be different for Adobe Acrobat or other Adobe
products or versions.
Do not access PDF files from untrusted sources
Do not open unfamiliar or unexpected PDF files, particularly those
hosted on websites or delivered as email attachments. Please see
Cyber Security Tip ST04-010.
IV. Please send
email to <cert@cert.org> with "TA11-350A Feedback VU#759307" in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2011 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
December 16, 2011: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBTuuZnz/GkGVXE7GMAQIN8ggAjjQO8LOasl98uasGZW2J5SHfkKr675Mf
ymRzBagFqO9QuId2RvFG2b9nuq5zdqETsrcG1t668wtYLUhBaoLmFXPe/KsDQ9n+
/p9PctVJFmJpV92S3kAHw+u4t1n/Aa/4IdK0oXNBDhkyXrp41F27LY+aQ8FWWuxZ
lL4jXSUQ/gLgb6hOhLjRCsQtEhAcPbX/mPNxl6bACXZaOVZT88fz9M7JXryDiJWO
uuFi3O2GT0Bd3fEsL57U/TSbq8SynadObMSj4/+Q1HmOHcD0L5gzd9/N4M3D1Emg
y7aeUpgycY5eFefY3LVVkb7JkTUbEZHbuNHydFKIJDRlaXBAo+D0QQ==
=rKM4
-----END PGP SIGNATURE-----
VAR-201112-0114 | CVE-2011-5046 | Microsoft Windows 7 Professional 64-bit Service disruption in (DoS) Vulnerabilities |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability.". Microsoft Windows 7 Professional 64-bit of kernel-mode Driver win32k.sys Is Apple Safari Service disruption when using ( Memory corruption ) A vulnerability exists that could lead to state and arbitrary code execution.By a third party IFRAME Excessively large height Service operation disruption via attributes ( Memory corruption ) Could be put into a state and execute arbitrary code. Microsoft Windows is prone to a remote memory-corruption vulnerability.
Successful exploits will result in the execution of arbitrary code in the kernel-mode. Failed attempts will cause a denial-of-service condition. ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
----------------------------------------------------------------------
TITLE:
Microsoft Windows win32k.sys Memory Corruption Vulnerability
SECUNIA ADVISORY ID:
SA47237
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/47237/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=47237
RELEASE DATE:
2011-12-19
DISCUSS ADVISORY:
http://secunia.com/advisories/47237/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/47237/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47237
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been discovered in Microsoft Windows, which can
be exploited by malicious people to potentially compromise a user's
system.
The vulnerability is caused due to an error in win32k.sys and can be
exploited to corrupt memory via e.g. a specially crafted web page
containing an IFRAME with an overly large "height" attribute viewed
using the Apple Safari browser.
The vulnerability is confirmed on a fully patched Windows 7
Professional 64-bit. Other versions may also be affected.
SOLUTION:
No effective solution is currently available.
PROVIDED AND/OR DISCOVERED BY:
webDEViL
ORIGINAL ADVISORY:
https://twitter.com/#!/w3bd3vil/status/148454992989261824
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA12-045A
Microsoft Updates for Multiple Vulnerabilities
Original release date: February 14, 2012
Last revised: --
Source: US-CERT
Systems Affected
* Microsoft Windows
* Microsoft Internet Explorer
* Microsoft .NET Framework
* Microsoft Silverlight
* Microsoft Office
* Microsoft Server Software
Overview
There are multiple vulnerabilities in Microsoft Windows, Internet
Explorer, Microsoft .NET Framework, Silverlight, Office, and
Microsoft Server Software. Microsoft has released updates to
address these vulnerabilities.
I. Description
The Microsoft Security Bulletin Summary for February 2012 describes
multiple vulnerabilities in Microsoft Windows. Microsoft has
released updates to address the vulnerabilities.
II. Impact
A remote, unauthenticated attacker could execute arbitrary code,
cause a denial of service, or gain unauthorized access to your
files or system.
III. Solution
Apply updates
Microsoft has provided updates for these vulnerabilities in the
Microsoft Security Bulletin Summary for February 2012, which
describes any known issues related to the updates. Administrators
are encouraged to note these issues and test for any potentially
adverse effects. In addition, administrators should consider using
an automated update distribution system such as Windows Server
Update Services (WSUS). Home users are encouraged to enable
automatic updates.
IV. References
* Microsoft Security Bulletin Summary for February 2012 -
<https://technet.microsoft.com/en-us/security/bulletin/ms12-feb>
* Microsoft Windows Server Update Services -
<http://technet.microsoft.com/en-us/wsus/default.aspx>
* Microsoft Update - <https://www.update.microsoft.com/>
* Microsoft Update Overview -
<http://www.microsoft.com/security/updates/mu.aspx>
* Turn Automatic Updating On or Off -
<http://windows.microsoft.com/en-us/windows-vista/Turn-automatic-updating-on-or-off>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA12-045A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA12-045A Feedback VU#752838" in
the subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2012 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
February 14, 2012: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBTzqp2T/GkGVXE7GMAQKh6wgAg9gjZ3sCu3eepRZEyFy4PkGhC4A1jzgw
2soH7tPOimgpzlLVbkJ7/RQYylCYixzEa9PbL9v/RzXh/TVVeXrPU97SqmLOAXr7
gtgcapZBGSHBmqYF5BWRnXVRVOQv+JpmdA5AJHO89qQl4okr9VVTCTnQkrAFyzfP
40uf/Nr0DrTRI9dmEjsLTzvOhh0G2HKnBmbpybGaOqoQao67ih/HEOkp6bsCUBwK
joX4C3nK9EdMPNK8YAzrHNbM0ANR5DfieGXBsCwNi6/3zZvGB+PKhAu6bikbQrXW
iRpyS3IirvDB59KNlmQp3jdaodNHSLOg5JuF7kOdQ1m8qa+DjwSvJQ==
=E3Fg
-----END PGP SIGNATURE-----