VARIoT IoT vulnerabilities database

Brocade BigIron RX switches allow remote attackers to bypass ACL rules by using 179 as the source port of a packet. Brocade BigIron RX The switch has a port 179 There is a vulnerability in the processing of packets sent from, and there is a vulnerability that bypasses access control list restrictions.Access control list by remote third party (ACL) May be able to circumvent this limitation and allow intrusion of specially crafted packets into the network. The Brocade BigIron RX Series Switch is the first to handle 2.2 billion packets per second. Port 179 is generally used for BGP communication. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. ---------------------------------------------------------------------- The Secunia Vulnerability Intelligence Manager (VIM) enables you to handle vulnerability threats in a simple, cost effective way. Read more and request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Brocade BigIron RX Switches Access Control List Security Bypass Security Issue SECUNIA ADVISORY ID: SA45217 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45217/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45217 RELEASE DATE: 2011-07-14 DISCUSS ADVISORY: http://secunia.com/advisories/45217/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45217/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45217 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Brocade BigIron RX Switches, which can be exploited by malicious people to bypass certain security restrictions. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: An anonymous person via US-CERT. ORIGINAL ADVISORY: http://www.kb.cert.org/vuls/id/853246 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Adobe Flash Player before 10.3.181.26 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.23 and earlier on Android, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in June 2011. Adobe Flash Player Any code that could be executed or service disruption ( Memory corruption ) There is a vulnerability that becomes a condition.Arbitrary code is executed or service operation is interrupted by a third party ( Memory corruption ) There is a possibility of being put into a state. Adobe Flash Player is prone to a remote memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-10.3.183.10" References ========== [ 1 ] APSA11-01 http://www.adobe.com/support/security/advisories/apsa11-01.html [ 2 ] APSA11-02 http://www.adobe.com/support/security/advisories/apsa11-02.html [ 3 ] APSB11-02 http://www.adobe.com/support/security/bulletins/apsb11-02.html [ 4 ] APSB11-12 http://www.adobe.com/support/security/bulletins/apsb11-12.html [ 5 ] APSB11-13 http://www.adobe.com/support/security/bulletins/apsb11-13.html [ 6 ] APSB11-21 https://www.adobe.com/support/security/bulletins/apsb11-21.html [ 7 ] APSB11-26 https://www.adobe.com/support/security/bulletins/apsb11-26.html [ 8 ] CVE-2011-0558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0558 [ 9 ] CVE-2011-0559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0559 [ 10 ] CVE-2011-0560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0560 [ 11 ] CVE-2011-0561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0561 [ 12 ] CVE-2011-0571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0571 [ 13 ] CVE-2011-0572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0572 [ 14 ] CVE-2011-0573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0573 [ 15 ] CVE-2011-0574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0574 [ 16 ] CVE-2011-0575 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0575 [ 17 ] CVE-2011-0577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0577 [ 18 ] CVE-2011-0578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0578 [ 19 ] CVE-2011-0579 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0579 [ 20 ] CVE-2011-0589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589 [ 21 ] CVE-2011-0607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0607 [ 22 ] CVE-2011-0608 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0608 [ 23 ] CVE-2011-0609 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0609 [ 24 ] CVE-2011-0611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0611 [ 25 ] CVE-2011-0618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0618 [ 26 ] CVE-2011-0619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0619 [ 27 ] CVE-2011-0620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0620 [ 28 ] CVE-2011-0621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0621 [ 29 ] CVE-2011-0622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0622 [ 30 ] CVE-2011-0623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0623 [ 31 ] CVE-2011-0624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0624 [ 32 ] CVE-2011-0625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0625 [ 33 ] CVE-2011-0626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0626 [ 34 ] CVE-2011-0627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0627 [ 35 ] CVE-2011-0628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0628 [ 36 ] CVE-2011-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2107 [ 37 ] CVE-2011-2110 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2110 [ 38 ] CVE-2011-2125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135 [ 39 ] CVE-2011-2130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130 [ 40 ] CVE-2011-2134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134 [ 41 ] CVE-2011-2136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136 [ 42 ] CVE-2011-2137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137 [ 43 ] CVE-2011-2138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138 [ 44 ] CVE-2011-2139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139 [ 45 ] CVE-2011-2140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140 [ 46 ] CVE-2011-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414 [ 47 ] CVE-2011-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415 [ 48 ] CVE-2011-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416 [ 49 ] CVE-2011-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417 [ 50 ] CVE-2011-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424 [ 51 ] CVE-2011-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425 [ 52 ] CVE-2011-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426 [ 53 ] CVE-2011-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427 [ 54 ] CVE-2011-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428 [ 55 ] CVE-2011-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429 [ 56 ] CVE-2011-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430 [ 57 ] CVE-2011-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201110-11.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2011:0869-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0869.html Issue date: 2011-06-15 CVE Names: CVE-2011-2110 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This vulnerability is detailed on the Adobe security page APSB11-18, listed in the References section. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-10.3.181.26-1.el5.i386.rpm x86_64: flash-plugin-10.3.181.26-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-10.3.181.26-1.el5.i386.rpm x86_64: flash-plugin-10.3.181.26-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-10.3.181.26-1.el6.i686.rpm x86_64: flash-plugin-10.3.181.26-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-10.3.181.26-1.el6.i686.rpm x86_64: flash-plugin-10.3.181.26-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-10.3.181.26-1.el6.i686.rpm x86_64: flash-plugin-10.3.181.26-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2110.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb11-18.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFN+IXXXlSAg2UNWIIRAhnFAJ9IrNSil3fkgedUgNXd76jRxZeG0gCfXsgV a4/PC/6CrtYaJxO3Q+5sSrg= =vYEq -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote attackers to affect integrity via unknown vectors related to Networking. Exploiting this vulnerability could allow an attacker to exhaust all ephemeral ports on the system. This could impact the availability of networking and system resources on the computer. Other attacks are also possible. This vulnerability affects the following supported versions: JDK and JRE 7, 6 Update 27, 5.0 Update 31, 1.4.2_33. ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Hitachi Cosminexus Products Java Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46694 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46694/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46694 RELEASE DATE: 2011-11-08 DISCUSS ADVISORY: http://secunia.com/advisories/46694/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46694/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46694 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Hitachi has acknowledged multiple vulnerabilities in Hitachi Cosminexus products, which can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. The vulnerabilities are caused due to vulnerabilities in the bundled version of Cosminexus Developer's Kit for Java. For more information: SA46512 Please see the vendor's advisory for a list of affected products. Please see the vendor's advisory for details. ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-024/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . In a typical operating environment, these are of low security risk as the runtime is not used on untrusted applets. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201406-32 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: IcedTea JDK: Multiple vulnerabilities Date: June 29, 2014 Bugs: #312297, #330205, #340819, #346799, #352035, #353418, #354231, #355127, #370787, #387637, #404095, #421031, #429522, #433389, #438750, #442478, #457206, #458410, #461714, #466822, #477210, #489570, #508270 ID: 201406-32 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in the IcedTea JDK, the worst of which could lead to arbitrary code execution. Background ========== IcedTea is a distribution of the Java OpenJDK source code built with free build tools. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-java/icedtea-bin < 6.1.13.3 >= 6.1.13.3 Description =========== Multiple vulnerabilities have been discovered in the IcedTea JDK. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, bypass intended security policies, or have other unspecified impact. Workaround ========== There is no known workaround at this time. Resolution ========== All IcedTea JDK users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/icedtea-bin-6.1.13.3" References ========== [ 1 ] CVE-2009-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555 [ 2 ] CVE-2010-2548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2548 [ 3 ] CVE-2010-2783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2783 [ 4 ] CVE-2010-3541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541 [ 5 ] CVE-2010-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548 [ 6 ] CVE-2010-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549 [ 7 ] CVE-2010-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551 [ 8 ] CVE-2010-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553 [ 9 ] CVE-2010-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554 [ 10 ] CVE-2010-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557 [ 11 ] CVE-2010-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561 [ 12 ] CVE-2010-3562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562 [ 13 ] CVE-2010-3564 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3564 [ 14 ] CVE-2010-3565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565 [ 15 ] CVE-2010-3566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566 [ 16 ] CVE-2010-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567 [ 17 ] CVE-2010-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568 [ 18 ] CVE-2010-3569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569 [ 19 ] CVE-2010-3573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573 [ 20 ] CVE-2010-3574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574 [ 21 ] CVE-2010-3860 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3860 [ 22 ] CVE-2010-4351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4351 [ 23 ] CVE-2010-4448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448 [ 24 ] CVE-2010-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450 [ 25 ] CVE-2010-4465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465 [ 26 ] CVE-2010-4467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467 [ 27 ] CVE-2010-4469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469 [ 28 ] CVE-2010-4470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470 [ 29 ] CVE-2010-4471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471 [ 30 ] CVE-2010-4472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472 [ 31 ] CVE-2010-4476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476 [ 32 ] CVE-2011-0025 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0025 [ 33 ] CVE-2011-0706 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0706 [ 34 ] CVE-2011-0815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815 [ 35 ] CVE-2011-0822 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0822 [ 36 ] CVE-2011-0862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862 [ 37 ] CVE-2011-0864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864 [ 38 ] CVE-2011-0865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865 [ 39 ] CVE-2011-0868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868 [ 40 ] CVE-2011-0869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869 [ 41 ] CVE-2011-0870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0870 [ 42 ] CVE-2011-0871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871 [ 43 ] CVE-2011-0872 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872 [ 44 ] CVE-2011-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389 [ 45 ] CVE-2011-3521 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521 [ 46 ] CVE-2011-3544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544 [ 47 ] CVE-2011-3547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547 [ 48 ] CVE-2011-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548 [ 49 ] CVE-2011-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551 [ 50 ] CVE-2011-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552 [ 51 ] CVE-2011-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553 [ 52 ] CVE-2011-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554 [ 53 ] CVE-2011-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556 [ 54 ] CVE-2011-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557 [ 55 ] CVE-2011-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558 [ 56 ] CVE-2011-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560 [ 57 ] CVE-2011-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563 [ 58 ] CVE-2011-3571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3571 [ 59 ] CVE-2011-5035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035 [ 60 ] CVE-2012-0497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497 [ 61 ] CVE-2012-0501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501 [ 62 ] CVE-2012-0502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502 [ 63 ] CVE-2012-0503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503 [ 64 ] CVE-2012-0505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505 [ 65 ] CVE-2012-0506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506 [ 66 ] CVE-2012-0547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547 [ 67 ] CVE-2012-1711 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711 [ 68 ] CVE-2012-1713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713 [ 69 ] CVE-2012-1716 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716 [ 70 ] CVE-2012-1717 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717 [ 71 ] CVE-2012-1718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718 [ 72 ] CVE-2012-1719 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719 [ 73 ] CVE-2012-1723 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723 [ 74 ] CVE-2012-1724 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724 [ 75 ] CVE-2012-1725 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725 [ 76 ] CVE-2012-1726 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726 [ 77 ] CVE-2012-3216 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216 [ 78 ] CVE-2012-3422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3422 [ 79 ] CVE-2012-3423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3423 [ 80 ] CVE-2012-4416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416 [ 81 ] CVE-2012-4540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4540 [ 82 ] CVE-2012-5068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068 [ 83 ] CVE-2012-5069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069 [ 84 ] CVE-2012-5070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070 [ 85 ] CVE-2012-5071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071 [ 86 ] CVE-2012-5072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072 [ 87 ] CVE-2012-5073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073 [ 88 ] CVE-2012-5074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074 [ 89 ] CVE-2012-5075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075 [ 90 ] CVE-2012-5076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076 [ 91 ] CVE-2012-5077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077 [ 92 ] CVE-2012-5081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081 [ 93 ] CVE-2012-5084 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084 [ 94 ] CVE-2012-5085 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085 [ 95 ] CVE-2012-5086 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086 [ 96 ] CVE-2012-5087 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087 [ 97 ] CVE-2012-5089 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089 [ 98 ] CVE-2012-5979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5979 [ 99 ] CVE-2013-0169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169 [ 100 ] CVE-2013-0401 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401 [ 101 ] CVE-2013-0424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0424 [ 102 ] CVE-2013-0425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0425 [ 103 ] CVE-2013-0426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0426 [ 104 ] CVE-2013-0427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0427 [ 105 ] CVE-2013-0428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0428 [ 106 ] CVE-2013-0429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0429 [ 107 ] CVE-2013-0431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0431 [ 108 ] CVE-2013-0432 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0432 [ 109 ] CVE-2013-0433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0433 [ 110 ] CVE-2013-0434 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0434 [ 111 ] CVE-2013-0435 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0435 [ 112 ] CVE-2013-0440 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0440 [ 113 ] CVE-2013-0441 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0441 [ 114 ] CVE-2013-0442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0442 [ 115 ] CVE-2013-0443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0443 [ 116 ] CVE-2013-0444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0444 [ 117 ] CVE-2013-0450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0450 [ 118 ] CVE-2013-0809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809 [ 119 ] CVE-2013-1475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1475 [ 120 ] CVE-2013-1476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1476 [ 121 ] CVE-2013-1478 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1478 [ 122 ] CVE-2013-1480 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1480 [ 123 ] CVE-2013-1484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484 [ 124 ] CVE-2013-1485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485 [ 125 ] CVE-2013-1486 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486 [ 126 ] CVE-2013-1488 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488 [ 127 ] CVE-2013-1493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493 [ 128 ] CVE-2013-1500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500 [ 129 ] CVE-2013-1518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518 [ 130 ] CVE-2013-1537 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537 [ 131 ] CVE-2013-1557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557 [ 132 ] CVE-2013-1569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569 [ 133 ] CVE-2013-1571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571 [ 134 ] CVE-2013-2383 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383 [ 135 ] CVE-2013-2384 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384 [ 136 ] CVE-2013-2407 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407 [ 137 ] CVE-2013-2412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412 [ 138 ] CVE-2013-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415 [ 139 ] CVE-2013-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417 [ 140 ] CVE-2013-2419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419 [ 141 ] CVE-2013-2420 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420 [ 142 ] CVE-2013-2421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421 [ 143 ] CVE-2013-2422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422 [ 144 ] CVE-2013-2423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423 [ 145 ] CVE-2013-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424 [ 146 ] CVE-2013-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426 [ 147 ] CVE-2013-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429 [ 148 ] CVE-2013-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430 [ 149 ] CVE-2013-2431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431 [ 150 ] CVE-2013-2436 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436 [ 151 ] CVE-2013-2443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443 [ 152 ] CVE-2013-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444 [ 153 ] CVE-2013-2445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445 [ 154 ] CVE-2013-2446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446 [ 155 ] CVE-2013-2447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447 [ 156 ] CVE-2013-2448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448 [ 157 ] CVE-2013-2449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449 [ 158 ] CVE-2013-2450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450 [ 159 ] CVE-2013-2451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451 [ 160 ] CVE-2013-2452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452 [ 161 ] CVE-2013-2453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453 [ 162 ] CVE-2013-2454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454 [ 163 ] CVE-2013-2455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455 [ 164 ] CVE-2013-2456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456 [ 165 ] CVE-2013-2457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457 [ 166 ] CVE-2013-2458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458 [ 167 ] CVE-2013-2459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459 [ 168 ] CVE-2013-2460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460 [ 169 ] CVE-2013-2461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461 [ 170 ] CVE-2013-2463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463 [ 171 ] CVE-2013-2465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465 [ 172 ] CVE-2013-2469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469 [ 173 ] CVE-2013-2470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470 [ 174 ] CVE-2013-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471 [ 175 ] CVE-2013-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472 [ 176 ] CVE-2013-2473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473 [ 177 ] CVE-2013-3829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829 [ 178 ] CVE-2013-4002 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4002 [ 179 ] CVE-2013-5772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772 [ 180 ] CVE-2013-5774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774 [ 181 ] CVE-2013-5778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778 [ 182 ] CVE-2013-5780 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780 [ 183 ] CVE-2013-5782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782 [ 184 ] CVE-2013-5783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783 [ 185 ] CVE-2013-5784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784 [ 186 ] CVE-2013-5790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790 [ 187 ] CVE-2013-5797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797 [ 188 ] CVE-2013-5800 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800 [ 189 ] CVE-2013-5802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802 [ 190 ] CVE-2013-5803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803 [ 191 ] CVE-2013-5804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804 [ 192 ] CVE-2013-5805 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805 [ 193 ] CVE-2013-5806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806 [ 194 ] CVE-2013-5809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809 [ 195 ] CVE-2013-5814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814 [ 196 ] CVE-2013-5817 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817 [ 197 ] CVE-2013-5820 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820 [ 198 ] CVE-2013-5823 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823 [ 199 ] CVE-2013-5825 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825 [ 200 ] CVE-2013-5829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829 [ 201 ] CVE-2013-5830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830 [ 202 ] CVE-2013-5840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840 [ 203 ] CVE-2013-5842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842 [ 204 ] CVE-2013-5849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849 [ 205 ] CVE-2013-5850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850 [ 206 ] CVE-2013-5851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851 [ 207 ] CVE-2013-6629 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6629 [ 208 ] CVE-2013-6954 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6954 [ 209 ] CVE-2014-0429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0429 [ 210 ] CVE-2014-0446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0446 [ 211 ] CVE-2014-0451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0451 [ 212 ] CVE-2014-0452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0452 [ 213 ] CVE-2014-0453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0453 [ 214 ] CVE-2014-0456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0456 [ 215 ] CVE-2014-0457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0457 [ 216 ] CVE-2014-0458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0458 [ 217 ] CVE-2014-0459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0459 [ 218 ] CVE-2014-0460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0460 [ 219 ] CVE-2014-0461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0461 [ 220 ] CVE-2014-1876 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1876 [ 221 ] CVE-2014-2397 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2397 [ 222 ] CVE-2014-2398 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2398 [ 223 ] CVE-2014-2403 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2403 [ 224 ] CVE-2014-2412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2412 [ 225 ] CVE-2014-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2414 [ 226 ] CVE-2014-2421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2421 [ 227 ] CVE-2014-2423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2423 [ 228 ] CVE-2014-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2427 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201406-32.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . This combines the two previous openjdk-6 advisories, DSA-2311-1 and DSA-2356-1. CVE-2011-0862 Integer overflow errors in the JPEG and font parser allow untrusted code (including applets) to elevate its privileges. CVE-2011-0864 Hotspot, the just-in-time compiler in OpenJDK, mishandled certain byte code instructions, allowing untrusted code (including applets) to crash the virtual machine. CVE-2011-0865 A race condition in signed object deserialization could allow untrusted code to modify signed content, apparently leaving its signature intact. CVE-2011-0867 Untrusted code (including applets) could access information about network interfaces which was not intended to be public. (Note that the interface MAC address is still available to untrusted code.) CVE-2011-0868 A float-to-long conversion could overflow, , allowing untrusted code (including applets) to crash the virtual machine. CVE-2011-0869 Untrusted code (including applets) could intercept HTTP requests by reconfiguring proxy settings through a SOAP connection. CVE-2011-0871 Untrusted code (including applets) could elevate its privileges through the Swing MediaTracker code. CVE-2011-3521 The CORBA implementation contains a deserialization vulnerability in the IIOP implementation, allowing untrusted Java code (such as applets) to elevate its privileges. CVE-2011-3544 The Java scripting engine lacks necessary security manager checks, allowing untrusted Java code (such as applets) to elevate its privileges. CVE-2011-3547 The skip() method in java.io.InputStream uses a shared buffer, allowing untrusted Java code (such as applets) to access data that is skipped by other code. CVE-2011-3553 JAX-WS enables stack traces for certain server responses by default, potentially leaking sensitive information. For the oldstable distribution (lenny), these problems have been fixed in version 6b18-1.8.10-0~lenny1. 6) - x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-11-08-1 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 are now available and address the following: Java Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, Mac OS X v10.7.2, Mac OS X Server v10.7.2 Impact: Multiple vulnerabilities in Java 1.6.0_26 Description: Multiple vulnerabilities exist in Java 1.6.0_26, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_29. Further information is available via the Java website at http://java.sun.com/javase/6/webnotes/ReleaseNotes.html CVE-ID CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3545 CVE-2011-3546 CVE-2011-3547 CVE-2011-3548 CVE-2011-3549 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 CVE-2011-3560 CVE-2011-3561 Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/ For Mac OS X v10.6 systems The download file is named: JavaForMacOSX10.6.dmg Its SHA-1 digest is: be0ac75b8bac967f1d39a94ebf9482a61fb7d70b For Mac OS X v10.7 systems The download file is named: JavaForMacOSX10.7.dmg Its SHA-1 digest is: 7768e6aeb5adaa638c74d4c04150517ed99fed20 Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) iQEcBAEBAgAGBQJOuZNKAAoJEGnF2JsdZQeece8H/1I98YQ1LF4iDD442zB+WjZP 2Vxd3euXYwySD6qDCYNLJ0hUKu90c/4nr5d5rRH3xYdBzAHuZG39m069lpN1UZIW t5ube+j9zjiejnXlPbAgq+vIAg22nu0EdxhOOZZeQOoEYqyoKhXNCt3fR+tzo3o4 mN/LWMO1NwrM0sGDPuUGs2TWdPZbC4QJJz4Z4S+FsTlujYh9MRd3dyxLBIg7BKCL wgnFdpFW8bPmVdiTj91pC0Gb3XtolQxexXGHsdI15KeFMbQ06nKV/AyvxMF8O5jS D089GEHE52NAQCZ0YJ6TJsisrGqTZZ77js55cPU259FogxEKKBuwfdFbn4qVeD8= =4KBF -----END PGP SIGNATURE----- . Release Date: 2012-05-15 Last Updated: 2012-05-15 - ----------------------------------------------------------------------------- Potential Security Impact: Remote Denial of service, unauthorized modification and disclosure of information Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities may allow remote Denial of Service (DoS), unauthorized modification and disclosure of information. References: CVE-2010-4447, CVE-2010-4448, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465, CVE-2010-4469, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476, CVE-2011-0802, CVE-2011-0814, CVE-2011-0815, CVE-2011-0862, CVE-2011-0864, CVE-2011-0865, CVE-2011-0867, CVE-2011-0871, CVE-2011-3389, CVE-2011-3545, CVE-2011-3547, CVE-2011-3548, CVE-2011-3549, CVE-2011-3552, CVE-2011-3556, CVE-2011-3557, CVE-2011-3560, CVE-2011-3563, CVE-2012-0499, CVE-2012-0502, CVE-2012-0503, CVE-2012-0505, CVE-2012-0506 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2010-4447 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2010-4448 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2010-4454 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2010-4462 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2010-4465 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2010-4469 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2010-4473 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2010-4475 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2010-4476 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2011-0802 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-0814 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-0815 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-0862 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-0864 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-0865 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2011-0867 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-0871 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3389 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3 CVE-2011-3545 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3547 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3548 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3549 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2011-3552 (AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6 CVE-2011-3556 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2011-3557 (AV:N/AC:M/Au:N/C:P/I:P/A:P) 6.8 CVE-2011-3560 (AV:N/AC:L/Au:N/C:P/I:P/A:N) 6.4 CVE-2011-3563 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2012-0499 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-0502 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2012-0503 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0505 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0506 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP is providing the following Java updates to resolve the vulnerabilities. PRODUCT SPECIFIC INFORMATION HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all HP-issued Security Bulletins and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa The following text is for use by the HP-UX Software Assistant. AFFECTED VERSIONS HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 =========== Jpi14.JPI14-COM Jpi14.JPI14-COM-DOC Jpi14.JPI14-IPF32 Jpi14.JPI14-PA11 Jdk14.JDK14-COM Jdk14.JDK14-DEMO Jdk14.JDK14-IPF32 Jdk14.JDK14-IPF64 Jdk14.JDK14-PA11 Jdk14.JDK14-PA20 Jdk14.JDK14-PA20W Jdk14.JDK14-PNV2 Jdk14.JDK14-PWV2 Jre14.JRE14-COM Jre14.JRE14-COM-DOC Jre14.JRE14-IPF32 Jre14.JRE14-IPF32-HS Jre14.JRE14-IPF64 Jre14.JRE14-IPF64-HS Jre14.JRE14-PA11 Jre14.JRE14-PA11-HS Jre14.JRE14-PA20 Jre14.JRE14-PA20-HS Jre14.JRE14-PA20W Jre14.JRE14-PA20W-HS Jre14.JRE14-PNV2 Jre14.JRE14-PNV2-H Jre14.JRE14-PWV2 Jre14.JRE14-PWV2-H action: install revision 1.4.2.28.00 or subsequent END AFFECTED VERSIONS HISTORY Version:1 (rev.1) - 15 May 2012 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: java-1.6.0-openjdk security update Advisory ID: RHSA-2011:1380-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1380.html Issue date: 2011-10-18 CVE Names: CVE-2011-3389 CVE-2011-3521 CVE-2011-3544 CVE-2011-3547 CVE-2011-3548 CVE-2011-3551 CVE-2011-3552 CVE-2011-3553 CVE-2011-3554 CVE-2011-3556 CVE-2011-3557 CVE-2011-3558 CVE-2011-3560 ===================================================================== 1. Summary: Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. A flaw was found in the Java RMI (Remote Method Invocation) registry implementation. A remote RMI client could use this flaw to execute arbitrary code on the RMI server running the registry. (CVE-2011-3556) A flaw was found in the Java RMI registry implementation. A remote RMI client could use this flaw to execute code on the RMI server with unrestricted privileges. (CVE-2011-3557) A flaw was found in the IIOP (Internet Inter-Orb Protocol) deserialization code. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions by deserializing specially-crafted input. (CVE-2011-3521) It was found that the Java ScriptingEngine did not properly restrict the privileges of sandboxed applications. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3544) A flaw was found in the AWTKeyStroke implementation. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3548) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the Java2D code used to perform transformations of graphic shapes and images. An untrusted Java application or applet running in a sandbox could use this flaw to bypass sandbox restrictions. (CVE-2011-3551) An insufficient error checking flaw was found in the unpacker for JAR files in pack200 format. A specially-crafted JAR file could use this flaw to crash the Java Virtual Machine (JVM) or, possibly, execute arbitrary code with JVM privileges. (CVE-2011-3554) It was found that HttpsURLConnection did not perform SecurityManager checks in the setSSLSocketFactory method. An untrusted Java application or applet running in a sandbox could use this flaw to bypass connection restrictions defined in the policy. (CVE-2011-3560) A flaw was found in the way the SSL 3 and TLS 1.0 protocols used block ciphers in cipher-block chaining (CBC) mode. An attacker able to perform a chosen plain text attack against a connection mixing trusted and untrusted data could use this flaw to recover portions of the trusted data sent over the connection. (CVE-2011-3389) Note: This update mitigates the CVE-2011-3389 issue by splitting the first application data record byte to a separate SSL/TLS protocol record. This mitigation may cause compatibility issues with some SSL/TLS implementations and can be disabled using the jsse.enableCBCProtection boolean property. This can be done on the command line by appending the flag "-Djsse.enableCBCProtection=false" to the java command. An information leak flaw was found in the InputStream.skip implementation. An untrusted Java application or applet could possibly use this flaw to obtain bytes skipped by other threads. (CVE-2011-3547) A flaw was found in the Java HotSpot virtual machine. An untrusted Java application or applet could use this flaw to disclose portions of the VM memory, or cause it to crash. (CVE-2011-3558) The Java API for XML Web Services (JAX-WS) implementation in OpenJDK was configured to include the stack trace in error messages sent to clients. A remote client could possibly use this flaw to obtain sensitive information. (CVE-2011-3553) It was found that Java applications running with SecurityManager restrictions were allowed to use too many UDP sockets by default. If multiple instances of a malicious application were started at the same time, they could exhaust all available UDP sockets on the system. (CVE-2011-3552) This erratum also upgrades the OpenJDK package to IcedTea6 1.9.10. Refer to the NEWS file, linked to in the References, for further information. All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 737506 - CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST) 745379 - CVE-2011-3560 OpenJDK: missing checkSetFactory calls in HttpsURLConnection (JSSE, 7096936) 745387 - CVE-2011-3547 OpenJDK: InputStream skip() information leak (Networking/IO, 7000600) 745391 - CVE-2011-3551 OpenJDK: Java2D TransformHelper integer overflow (2D, 7023640) 745397 - CVE-2011-3552 OpenJDK: excessive default UDP socket limit under SecurityManager (Networking, 7032417) 745399 - CVE-2011-3544 OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823) 745442 - CVE-2011-3521 OpenJDK: IIOP deserialization code execution (Deserialization, 7055902) 745447 - CVE-2011-3554 OpenJDK: insufficient pack200 JAR files uncompress error checks (Runtime, 7057857) 745459 - CVE-2011-3556 OpenJDK: RMI DGC server remote code execution (RMI, 7077466) 745464 - CVE-2011-3557 OpenJDK: RMI registry privileged code execution (RMI, 7083012) 745473 - CVE-2011-3548 OpenJDK: mutable static AWTKeyStroke.ctor (AWT, 7019773) 745476 - CVE-2011-3553 OpenJDK: JAX-WS stack-traces information leak (JAX-WS, 7046794) 745492 - CVE-2011-3558 OpenJDK: Hotspot unspecified issue (Hotspot, 7070134) 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.i386.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.23.1.9.10.el5_7.x86_64.rpm Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm i386: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm x86_64: java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.40.1.9.10.el6_1.src.rpm i386: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.i686.rpm x86_64: java-1.6.0-openjdk-debuginfo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.40.1.9.10.el6_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-3389.html https://www.redhat.com/security/data/cve/CVE-2011-3521.html https://www.redhat.com/security/data/cve/CVE-2011-3544.html https://www.redhat.com/security/data/cve/CVE-2011-3547.html https://www.redhat.com/security/data/cve/CVE-2011-3548.html https://www.redhat.com/security/data/cve/CVE-2011-3551.html https://www.redhat.com/security/data/cve/CVE-2011-3552.html https://www.redhat.com/security/data/cve/CVE-2011-3553.html https://www.redhat.com/security/data/cve/CVE-2011-3554.html https://www.redhat.com/security/data/cve/CVE-2011-3556.html https://www.redhat.com/security/data/cve/CVE-2011-3557.html https://www.redhat.com/security/data/cve/CVE-2011-3558.html https://www.redhat.com/security/data/cve/CVE-2011-3560.html https://access.redhat.com/security/updates/classification/#critical http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html http://icedtea.classpath.org/hg/release/icedtea6-1.9/file/328afd896e3e/NEWS 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOngvzXlSAg2UNWIIRArb8AKCaS923HYBco1E2eOOedT1aefjmyACgherU 1E1DMZpv3ExBmKhD4Emi2no= =sMXo -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

IBM Tivoli Security Information and Event Manager is an automated security management solution that enables customers to deploy real-time threat management and compliance management in the data center with user activity monitoring and log management. TSIEM has a cross-site scripting attack, and the input passed to the custom report lacks filtering before returning to the user, which can lead to cross-site scripting attacks, where an attacker can obtain sensitive information or hijack a user session. The IBM Tivoli Security Information and Event Manager is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. IBM Tivoli Security Information and Event Manager 2.0 is affected. ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: IBM Tivoli Security Information and Event Manager Custom Reports Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA45952 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45952/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45952 RELEASE DATE: 2011-09-13 DISCUSS ADVISORY: http://secunia.com/advisories/45952/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45952/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45952 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in IBM Tivoli Security Information and Event Manager, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain input passed to custom reports is not properly sanitised before being returned to the user. SOLUTION: Apply fix pack 2.0.0-TIV-TSIEM-FP006 or hot fix 2.0.0-TIV-TSIEM-FIX00614 when available. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc/#####/io files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by discovering the length of another user's password. Hitachi JP1 products are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. The following products are affected: JP1/IT Resource Management - Manager JP1/IT Service Level Management - Manager. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Hitachi JP1/IT Service Level Management Unspecified Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA47804 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47804/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47804 RELEASE DATE: 2012-01-31 DISCUSS ADVISORY: http://secunia.com/advisories/47804/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47804/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47804 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Hitachi JP1/IT Service Level Management, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised before being returned to the user. The vulnerability is reported in version 09-50. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Hitachi (English): http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-005/index.html Hitachi (Japanese): http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-005/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security, bug fix, and enhancement update Advisory ID: RHSA-2011:1189-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1189.html Issue date: 2011-08-23 CVE Names: CVE-2011-1182 CVE-2011-1576 CVE-2011-1593 CVE-2011-1776 CVE-2011-1898 CVE-2011-2183 CVE-2011-2213 CVE-2011-2491 CVE-2011-2492 CVE-2011-2495 CVE-2011-2497 CVE-2011-2517 CVE-2011-2689 CVE-2011-2695 ===================================================================== 1. Summary: Updated kernel packages that fix several security issues, various bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 3. Description: Security issues: * Using PCI passthrough without interrupt remapping support allowed KVM guests to generate MSI interrupts and thus potentially inject traps. A privileged guest user could use this flaw to crash the host or possibly escalate their privileges on the host. The fix for this issue can prevent PCI passthrough working and guests starting. Refer to Red Hat Bugzilla bug 715555 for details. (CVE-2011-1898, Important) * Flaw in the client-side NLM implementation could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2491, Important) * Integer underflow in the Bluetooth implementation could allow a remote attacker to cause a denial of service or escalate their privileges by sending a specially-crafted request to a target system via Bluetooth. (CVE-2011-2497, Important) * Buffer overflows in the netlink-based wireless configuration interface implementation could allow a local user, who has the CAP_NET_ADMIN capability, to cause a denial of service or escalate their privileges on systems that have an active wireless interface. (CVE-2011-2517, Important) * Flaw in the way the maximum file offset was handled for ext4 file systems could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2695, Important) * Flaw allowed napi_reuse_skb() to be called on VLAN packets. An attacker on the local network could use this flaw to send crafted packets to a target, possibly causing a denial of service. (CVE-2011-1576, Moderate) * Integer signedness error in next_pidmap() could allow a local, unprivileged user to cause a denial of service. (CVE-2011-1593, Moderate) * Race condition in the memory merging support (KSM) could allow a local, unprivileged user to cause a denial of service. KSM is off by default, but on systems running VDSM, or on KVM hosts, it is likely turned on by the ksm/ksmtuned services. (CVE-2011-2183, Moderate) * Flaw in inet_diag_bc_audit() could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2213, Moderate) * Flaw in the way space was allocated in the Global File System 2 (GFS2) implementation. If the file system was almost full, and a local, unprivileged user made an fallocate() request, it could result in a denial of service. Setting quotas to prevent users from using all available disk space would prevent exploitation of this flaw. (CVE-2011-2689, Moderate) * Local, unprivileged users could send signals via the sigqueueinfo system call, with si_code set to SI_TKILL and with spoofed process and user IDs, to other processes. This flaw does not allow existing permission checks to be bypassed; signals can only be sent if your privileges allow you to already do so. (CVE-2011-1182, Low) * Heap overflow in the EFI GUID Partition Table (GPT) implementation could allow a local attacker to cause a denial of service by mounting a disk containing crafted partition tables. (CVE-2011-1776, Low) * Structure padding in two structures in the Bluetooth implementation was not initialized properly before being copied to user-space, possibly allowing local, unprivileged users to leak kernel stack memory to user-space. (CVE-2011-2492, Low) * /proc/[PID]/io is world-readable by default. Previously, these files could be read without any further restrictions. A local, unprivileged user could read these files, belonging to other, possibly privileged processes to gather confidential information, such as the length of a password used in a process. (CVE-2011-2495, Low) Red Hat would like to thank Vasily Averin for reporting CVE-2011-2491; Dan Rosenberg for reporting CVE-2011-2497 and CVE-2011-2213; Ryan Sweat for reporting CVE-2011-1576; Robert Swiecki for reporting CVE-2011-1593; Andrea Righi for reporting CVE-2011-2183; Julien Tinnes of the Google Security Team for reporting CVE-2011-1182; Timo Warns for reporting CVE-2011-1776; Marek Kroemeke and Filip Palian for reporting CVE-2011-2492; and Vasiliy Kulikov of Openwall for reporting CVE-2011-2495. 4. Solution: Refer to the Technical Notes, available shortly from the link in the References, for bug fix and enhancement details. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs and add the enhancements noted in the Technical Notes. The system must be rebooted for this update to take effect. Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. 5. Bugs fixed (http://bugzilla.redhat.com/): 690028 - CVE-2011-1182 kernel signal spoofing issue 695173 - CVE-2011-1576 kernel: net: Fix memory leak/corruption on VLAN GRO_DROP 697822 - CVE-2011-1593 kernel: proc: signedness issue in next_pidmap() 703019 - CVE-2011-2492 kernel: bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace 703026 - CVE-2011-1776 kernel: validate size of EFI GUID partition entries 709393 - CVE-2011-2491 kernel: rpc task leak after flock()ing NFS share 710338 - CVE-2011-2183 kernel: ksm: race between ksmd and exiting task 713827 - Parallel port issue in RHEL 6.0 server 714536 - CVE-2011-2213 kernel: inet_diag: insufficient validation 714982 - GFS2: Update to rhel6.1 broke dovecot writing to a gfs2 filesystem 715555 - CVE-2011-1898 virt: VT-d (PCI passthrough) MSI trap injection 716539 - bump domain memory limits [6.1.z] 716805 - CVE-2011-2497 kernel: bluetooth: buffer overflow in l2cap config request 716825 - CVE-2011-2495 kernel: /proc/PID/io infoleak 718152 - CVE-2011-2517 kernel: nl80211: missing check for valid SSID size in scan operations 720861 - CVE-2011-2689 kernel: gfs2: make sure fallocate bytes is a multiple of blksize 722557 - CVE-2011-2695 kernel: ext4: kernel panic when writing data to the last block of sparse file 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/kernel-2.6.32-131.12.1.el6.src.rpm i386: kernel-2.6.32-131.12.1.el6.i686.rpm kernel-debug-2.6.32-131.12.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-131.12.1.el6.i686.rpm kernel-debug-devel-2.6.32-131.12.1.el6.i686.rpm kernel-debuginfo-2.6.32-131.12.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-131.12.1.el6.i686.rpm kernel-devel-2.6.32-131.12.1.el6.i686.rpm kernel-headers-2.6.32-131.12.1.el6.i686.rpm perf-2.6.32-131.12.1.el6.i686.rpm perf-debuginfo-2.6.32-131.12.1.el6.i686.rpm noarch: kernel-doc-2.6.32-131.12.1.el6.noarch.rpm kernel-firmware-2.6.32-131.12.1.el6.noarch.rpm x86_64: kernel-2.6.32-131.12.1.el6.x86_64.rpm kernel-debug-2.6.32-131.12.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-131.12.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-131.12.1.el6.x86_64.rpm kernel-devel-2.6.32-131.12.1.el6.x86_64.rpm kernel-headers-2.6.32-131.12.1.el6.x86_64.rpm perf-2.6.32-131.12.1.el6.x86_64.rpm perf-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/kernel-2.6.32-131.12.1.el6.src.rpm noarch: kernel-doc-2.6.32-131.12.1.el6.noarch.rpm kernel-firmware-2.6.32-131.12.1.el6.noarch.rpm x86_64: kernel-2.6.32-131.12.1.el6.x86_64.rpm kernel-debug-2.6.32-131.12.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-131.12.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-131.12.1.el6.x86_64.rpm kernel-devel-2.6.32-131.12.1.el6.x86_64.rpm kernel-headers-2.6.32-131.12.1.el6.x86_64.rpm perf-2.6.32-131.12.1.el6.x86_64.rpm perf-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/kernel-2.6.32-131.12.1.el6.src.rpm i386: kernel-2.6.32-131.12.1.el6.i686.rpm kernel-debug-2.6.32-131.12.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-131.12.1.el6.i686.rpm kernel-debug-devel-2.6.32-131.12.1.el6.i686.rpm kernel-debuginfo-2.6.32-131.12.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-131.12.1.el6.i686.rpm kernel-devel-2.6.32-131.12.1.el6.i686.rpm kernel-headers-2.6.32-131.12.1.el6.i686.rpm perf-2.6.32-131.12.1.el6.i686.rpm perf-debuginfo-2.6.32-131.12.1.el6.i686.rpm noarch: kernel-doc-2.6.32-131.12.1.el6.noarch.rpm kernel-firmware-2.6.32-131.12.1.el6.noarch.rpm ppc64: kernel-2.6.32-131.12.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-131.12.1.el6.ppc64.rpm kernel-debug-2.6.32-131.12.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-131.12.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-131.12.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-131.12.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-131.12.1.el6.ppc64.rpm kernel-devel-2.6.32-131.12.1.el6.ppc64.rpm kernel-headers-2.6.32-131.12.1.el6.ppc64.rpm perf-2.6.32-131.12.1.el6.ppc64.rpm perf-debuginfo-2.6.32-131.12.1.el6.ppc64.rpm s390x: kernel-2.6.32-131.12.1.el6.s390x.rpm kernel-debug-2.6.32-131.12.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-131.12.1.el6.s390x.rpm kernel-debug-devel-2.6.32-131.12.1.el6.s390x.rpm kernel-debuginfo-2.6.32-131.12.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-131.12.1.el6.s390x.rpm kernel-devel-2.6.32-131.12.1.el6.s390x.rpm kernel-headers-2.6.32-131.12.1.el6.s390x.rpm kernel-kdump-2.6.32-131.12.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-131.12.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-131.12.1.el6.s390x.rpm perf-2.6.32-131.12.1.el6.s390x.rpm perf-debuginfo-2.6.32-131.12.1.el6.s390x.rpm x86_64: kernel-2.6.32-131.12.1.el6.x86_64.rpm kernel-debug-2.6.32-131.12.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-131.12.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-131.12.1.el6.x86_64.rpm kernel-devel-2.6.32-131.12.1.el6.x86_64.rpm kernel-headers-2.6.32-131.12.1.el6.x86_64.rpm perf-2.6.32-131.12.1.el6.x86_64.rpm perf-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/kernel-2.6.32-131.12.1.el6.src.rpm i386: kernel-2.6.32-131.12.1.el6.i686.rpm kernel-debug-2.6.32-131.12.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-131.12.1.el6.i686.rpm kernel-debug-devel-2.6.32-131.12.1.el6.i686.rpm kernel-debuginfo-2.6.32-131.12.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-131.12.1.el6.i686.rpm kernel-devel-2.6.32-131.12.1.el6.i686.rpm kernel-headers-2.6.32-131.12.1.el6.i686.rpm perf-2.6.32-131.12.1.el6.i686.rpm perf-debuginfo-2.6.32-131.12.1.el6.i686.rpm noarch: kernel-doc-2.6.32-131.12.1.el6.noarch.rpm kernel-firmware-2.6.32-131.12.1.el6.noarch.rpm x86_64: kernel-2.6.32-131.12.1.el6.x86_64.rpm kernel-debug-2.6.32-131.12.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-131.12.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-131.12.1.el6.x86_64.rpm kernel-devel-2.6.32-131.12.1.el6.x86_64.rpm kernel-headers-2.6.32-131.12.1.el6.x86_64.rpm perf-2.6.32-131.12.1.el6.x86_64.rpm perf-debuginfo-2.6.32-131.12.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-1182.html https://www.redhat.com/security/data/cve/CVE-2011-1576.html https://www.redhat.com/security/data/cve/CVE-2011-1593.html https://www.redhat.com/security/data/cve/CVE-2011-1776.html https://www.redhat.com/security/data/cve/CVE-2011-1898.html https://www.redhat.com/security/data/cve/CVE-2011-2183.html https://www.redhat.com/security/data/cve/CVE-2011-2213.html https://www.redhat.com/security/data/cve/CVE-2011-2491.html https://www.redhat.com/security/data/cve/CVE-2011-2492.html https://www.redhat.com/security/data/cve/CVE-2011-2495.html https://www.redhat.com/security/data/cve/CVE-2011-2497.html https://www.redhat.com/security/data/cve/CVE-2011-2517.html https://www.redhat.com/security/data/cve/CVE-2011-2689.html https://www.redhat.com/security/data/cve/CVE-2011-2695.html https://access.redhat.com/security/updates/classification/#important https://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.1_Technical_Notes/kernel.html#RHSA-2011-1189 https://bugzilla.redhat.com/show_bug.cgi?id=715555 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOU72NXlSAg2UNWIIRAvuvAJ0XW+pjVB73eYV6dyMHJAKRZqTyygCeIAtM +72YbSFubpSk5fCdBrnH5XY= =wVAB -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description: These packages contain the Linux kernel. (CVE-2011-2482, Important) If you do not run applications that use SCTP, you can prevent the sctp module from being loaded by adding the following to the end of the "/etc/modprobe.d/blacklist.conf" file: blacklist sctp This way, the sctp module cannot be loaded accidentally, which may occur if an application that requires SCTP is started. When using a fully-virtualized guest on a host that does not use hardware assisted paging (HAP), such as those running CPUs that do not have support for (or those that have it disabled) Intel Extended Page Tables (EPT) or AMD Virtualization (AMD-V) Rapid Virtualization Indexing (RVI), a privileged guest user could trigger this flaw to cause the hypervisor to crash. This update also fixes the following bugs: * On Broadcom PCI cards that use the tg3 driver, the operational state of a network device, represented by the value in "/sys/class/net/ethX/operstate", was not initialized by default. Consequently, the state was reported as "unknown" when the tg3 network device was actually in the "up" state. This update modifies the tg3 driver to properly set the operstate value. (BZ#744699) * A KVM (Kernel-based Virtual Machine) guest can get preempted by the host, when a higher priority process needs to run. When a guest is not running for several timer interrupts in a row, ticks could be lost, resulting in the jiffies timer advancing slower than expected and timeouts taking longer than expected. To correct for the issue of lost ticks, do_timer_tsc_timekeeping() checks a reference clock source (kvm-clock when running as a KVM guest) to see if timer interrupts have been missed. If so, jiffies is incremented by the number of missed timer interrupts, ensuring that programs are woken up on time. (BZ#747874) * When a block device object was allocated, the bd_super field was not being explicitly initialized to NULL. Previously, users of the block device object could set bd_super to NULL when the object was released by calling the kill_block_super() function. Certain third-party file systems do not always use this function, and bd_super could therefore become uninitialized when the object was allocated again. This could cause a kernel panic in the blkdev_releasepage() function, when the uninitialized bd_super field was dereferenced. Now, bd_super is properly initialized in the bdget() function, and the kernel panic no longer occurs. (BZ#751137) 4. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well. ========================================================================== Ubuntu Security Notice USN-1244-1 October 25, 2011 linux-ti-omap4 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 10.10 Summary: Several security issues were fixed in the kernel. A remote attacker could exploit this to crash the kernel, leading to a denial of service. (CVE-2011-2183) Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. (CVE-2011-2491) Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2494) Vasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2495) It was discovered that the wireless stack incorrectly verified SSID lengths. (CVE-2011-2517) It was discovered that the EXT4 filesystem contained multiple off-by-one flaws. (CVE-2011-2695) Christian Ohm discovered that the perf command looks for configuration files in the current directory. If a privileged user were tricked into running perf in a directory containing a malicious configuration file, an attacker could run arbitrary commands and possibly gain privileges. (CVE-2011-2905) Vasiliy Kulikov discovered that the Comedi driver did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-2909) Yogesh Sharma discovered that CIFS did not correctly handle UNCs that had no prefixpaths. (CVE-2011-3363) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 10.10: linux-image-2.6.35-903-omap4 2.6.35-903.26 After a standard system update you need to reboot your computer to make all the necessary changes

The sco_sock_getsockopt_old function in net/bluetooth/sco.c in the Linux kernel before 2.6.39 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via the SCO_CONNINFO option. Hitachi JP1 products are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. The following products are affected: JP1/IT Resource Management - Manager JP1/IT Service Level Management - Manager. ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Hitachi JP1/IT Service Level Management Unspecified Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA47804 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47804/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47804 RELEASE DATE: 2012-01-31 DISCUSS ADVISORY: http://secunia.com/advisories/47804/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47804/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47804 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Hitachi JP1/IT Service Level Management, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised before being returned to the user. The vulnerability is reported in version 09-50. SOLUTION: Update to version 09-51. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Hitachi (English): http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-005/index.html Hitachi (Japanese): http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-005/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ---------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2012-0001 Synopsis: VMware ESXi and ESX updates to third party library and ESX Service Console Issue date: 2012-01-30 Updated on: 2012-01-30 (initial advisory) CVE numbers: --- COS Kernel --- CVE-2011-0726, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1093, CVE-2011-1163, CVE-2011-1166, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1494, CVE-2011-1495, CVE-2011-1577, CVE-2011-1763, CVE-2010-4649, CVE-2011-0695, CVE-2011-0711, CVE-2011-1044, CVE-2011-1182, CVE-2011-1573, CVE-2011-1576, CVE-2011-1593, CVE-2011-1745, CVE-2011-1746, CVE-2011-1776, CVE-2011-1936, CVE-2011-2022, CVE-2011-2213, CVE-2011-2492, CVE-2011-1780, CVE-2011-2525, CVE-2011-2689, CVE-2011-2482, CVE-2011-2491, CVE-2011-2495, CVE-2011-2517, CVE-2011-2519, CVE-2011-2901 --- COS cURL --- CVE-2011-2192 --- COS rpm --- CVE-2010-2059, CVE-2011-3378 --- COS samba --- CVE-2010-0547, CVE-2010-0787, CVE-2011-1678, CVE-2011-2522, CVE-2011-2694 --- COS python --- CVE-2009-3720, CVE-2010-3493, CVE-2011-1015, CVE-2011-1521 --- python library --- CVE-2009-3560, CVE-2009-3720, CVE-2010-1634, CVE-2010-2089, CVE-2011-1521 ---------------------------------------------------------------------- 1. Summary VMware ESXi and ESX updates to third party library and ESX Service Console address several security issues. 2. Relevant releases ESXi 4.1 without patch ESXi410-201201401-SG ESX 4.1 without patches ESX410-201201401-SG, ESX410-201201402-SG, ESX410-201201404-SG, ESX410-201201405-SG, ESX410-201201406-SG, ESX410-201201407-SG 3. Problem Description a. ESX third party update for Service Console kernel The ESX Service Console Operating System (COS) kernel is updated to kernel-2.6.18-274.3.1.el5 to fix multiple security issues in the COS kernel. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201201401-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. b. ESX third party update for Service Console cURL RPM The ESX Service Console (COS) curl RPM is updated to cURL-7.15.5.9 resolving a security issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201201402-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. c. ESX third party update for Service Console nspr and nss RPMs The ESX Service Console (COS) nspr and nss RPMs are updated to nspr-4.8.8-1.el5_7 and nss-3.12.10-4.el5_7 respectively resolving a security issues. A Certificate Authority (CA) issued fraudulent SSL certificates and Netscape Portable Runtime (NSPR) and Network Security Services (NSS) contain the built-in tokens of this fraudulent Certificate Authority. This update renders all SSL certificates signed by the fraudulent CA as untrusted for all uses. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201201404-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. d. ESX third party update for Service Console rpm RPMs The ESX Service Console Operating System (COS) rpm packages are updated to popt-1.10.2.3-22.el5_7.2, rpm-4.4.2.3-22.el5_7.2, rpm-libs-4.4.2.3-22.el5_7.2 and rpm-python-4.4.2.3-22.el5_7.2 which fixes multiple security issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201201406-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. e. ESX third party update for Service Console samba RPMs The ESX Service Console Operating System (COS) samba packages are updated to samba-client-3.0.33-3.29.el5_7.4, samba-common-3.0.33-3.29.el5_7.4 and libsmbclient-3.0.33-3.29.el5_7.4 which fixes multiple security issues in the Samba client. Note that ESX does not include the Samba Web Administration Tool (SWAT) and therefore ESX COS is not affected by CVE-2011-2522 and CVE-2011-2694. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201201407-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. f. ESX third party update for Service Console python package The ESX Service Console (COS) python package is updated to 2.4.3-44 which fixes multiple security issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201201405-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. g. ESXi update to third party component python The python third party library is updated to python 2.5.6 which fixes multiple security issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi 5.0 ESXi patch pending ESXi 4.1 ESXi ESXi410-201201401-SG ESXi 4.0 ESXi patch pending ESXi 3.5 ESXi patch pending ESX 4.1 ESX not affected ESX 4.0 ESX not affected ESX 3.5 ESX not affected * hosted products are VMware Workstation, Player, ACE, Fusion. 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. VMware ESXi 4.1 --------------- ESXi410-201201401 http://downloads.vmware.com/go/selfsupport-download md5sum: BDF86F10A973346E26C9C2CD4C424E88 sha1sum: CC0B92869A9AAE4F5E0E5B81BEE109BCD7DA780F http://kb.vmware.com/kb/2009143 ESXi410-201201401 contains ESXi410-201201401-SG VMware ESX 4.1 -------------- ESX410-201201001 http://downloads.vmware.com/go/selfsupport-download md5sum: 16DF9ACD3E74BCABC2494BC23AD0927F sha1sum: 1066AE1436E1A75BA3D541AB65296CFB9AB7A5CC http://kb.vmware.com/kb/2009142 ESX410-201201001 contains ESX410-201201401-SG, ESX410-201201402-SG, ESX410-201201404-SG, ESX410-201201405-SG, ESX410-201201406-SG and ESX410-201201407-SG 5. References CVE numbers --- COS Kernel --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0726 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1078 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1079 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1080 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1093 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1163 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1170 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1171 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1172 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1494 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1495 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1577 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1763 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4649 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0695 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0711 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1044 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1182 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1573 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1576 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1593 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1745 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1746 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1776 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1936 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2022 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2213 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2492 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2525 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2689 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2482 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2491 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2495 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2517 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2519 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2901 --- COS cURL --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2192 --- COS rpm --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2059 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3378 --- COS samba --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0547 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1678 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2522 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2694 --- COS python --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3493 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1015 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1521 --- python library --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1634 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2089 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1521 ---------------------------------------------------------------------- 6. Change log 2012-01-30 VMSA-2012-0001 Initial security advisory in conjunction with the release of patches for ESX 4.1 and ESXi 4.1 on 2012-01-30. ---------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2012 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Charset: utf-8 wj8DBQFPJ5DIDEcm8Vbi9kMRAnzCAKCmaAoDp49d61Mr1emzh/U0N8vbgACdFZk8 f2pLxi537s+ew4dvnYNWlJ8= =OAh4 -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-1256-1 November 09, 2011 linux-lts-backport-natty vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 10.04 LTS Summary: Several security issues were fixed in the kernel. Software Description: - linux-lts-backport-natty: Linux kernel backport from Natty Details: It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. (CVE-2011-1020) Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-1078) Vasiliy Kulikov discovered that the Bluetooth stack did not correctly check that device name strings were NULL terminated. A local attacker could exploit this to crash the system, leading to a denial of service, or leak contents of kernel stack memory, leading to a loss of privacy. (CVE-2011-1079) Vasiliy Kulikov discovered that bridge network filtering did not check that name fields were NULL terminated. A local attacker could exploit this to leak contents of kernel stack memory, leading to a loss of privacy. (CVE-2011-1080) Johan Hovold discovered that the DCCP network stack did not correctly handle certain packet combinations. A remote attacker could send specially crafted network traffic that would crash the system, leading to a denial of service. (CVE-2011-1093) Peter Huewe discovered that the TPM device did not correctly initialize memory. A local attacker could exploit this to read kernel heap memory contents, leading to a loss of privacy. (CVE-2011-1160) Dan Rosenberg discovered that the IRDA subsystem did not correctly check certain field sizes. If a system was using IRDA, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-1180) Ryan Sweat discovered that the GRO code did not correctly validate memory. In some configurations on systems using VLANs, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1478) It was discovered that the security fix for CVE-2010-4250 introduced a regression. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-1479) Dan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. (CVE-2011-1493) It was discovered that the Stream Control Transmission Protocol (SCTP) implementation incorrectly calculated lengths. If the net.sctp.addip_enable variable was turned on, a remote attacker could send specially crafted traffic to crash the system. (CVE-2011-1573) Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1576) Timo Warns discovered that the GUID partition parsing routines did not correctly validate certain structures. A local attacker with physical access could plug in a specially crafted block device to crash the system, leading to a denial of service. (CVE-2011-1577) Phil Oester discovered that the network bonding system did not correctly handle large queues. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. (CVE-2011-1581) It was discovered that CIFS incorrectly handled authentication. When a user had a CIFS share mounted that required authentication, a local user could mount the same share without knowing the correct password. (CVE-2011-1585) It was discovered that the GRE protocol incorrectly handled netns initialization. A remote attacker could send a packet while the ip_gre module was loading, and crash the system, leading to a denial of service. (CVE-2011-1767) It was discovered that the IP/IP protocol incorrectly handled netns initialization. A remote attacker could send a packet while the ipip module was loading, and crash the system, leading to a denial of service. (CVE-2011-1768) Ben Greear discovered that CIFS did not correctly handle direct I/O. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service. (CVE-2011-1771) Timo Warns discovered that the EFI GUID partition table was not correctly parsed. A physically local attacker that could insert mountable devices could exploit this to crash the system or possibly gain root privileges. (CVE-2011-1776) Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. (CVE-2011-1833) Andrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2183) Dan Rosenberg discovered that the IPv4 diagnostic routines did not correctly validate certain requests. A local attacker could exploit this to consume CPU resources, leading to a denial of service. (CVE-2011-2213) It was discovered that an mmap() call with the MAP_PRIVATE flag on "/dev/zero" was incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2479) Vasiliy Kulikov discovered that taskstats listeners were not correctly handled. A local attacker could expoit this to exhaust memory and CPU resources, leading to a denial of service. (CVE-2011-2484) Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. (CVE-2011-2491) It was discovered that Bluetooth l2cap and rfcomm did not correctly initialize structures. A local attacker could exploit this to read portions of the kernel stack, leading to a loss of privacy. (CVE-2011-2492) Sami Liedes discovered that ext4 did not correctly handle missing root inodes. A local attacker could trigger the mount of a specially crafted filesystem to cause the system to crash, leading to a denial of service. (CVE-2011-2493) Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2494) Vasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. (CVE-2011-2495) Robert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2496) Dan Rosenberg discovered that the Bluetooth stack incorrectly handled certain L2CAP requests. If a system was using Bluetooth, a remote attacker could send specially crafted traffic to crash the system or gain root privileges. (CVE-2011-2497) It was discovered that the wireless stack incorrectly verified SSID lengths. A local attacker could exploit this to cause a denial of service or gain root privileges. (CVE-2011-2517) Ben Pfaff discovered that Classless Queuing Disciplines (qdiscs) were being incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2525) It was discovered that GFS2 did not correctly check block sizes. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2689) It was discovered that the EXT4 filesystem contained multiple off-by-one flaws. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2695) Fernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. A remote attacker could exploit this to exhaust network resources, leading to a denial of service. (CVE-2011-2699) Mauro Carvalho Chehab discovered that the si4713 radio driver did not correctly check the length of memory copies. If this hardware was available, a local attacker could exploit this to crash the system or gain root privileges. (CVE-2011-2700) Herbert Xu discovered that certain fields were incorrectly handled when Generic Receive Offload (CVE-2011-2723) Christian Ohm discovered that the perf command looks for configuration files in the current directory. If a privileged user were tricked into running perf in a directory containing a malicious configuration file, an attacker could run arbitrary commands and possibly gain privileges. (CVE-2011-2905) Vasiliy Kulikov discovered that the Comedi driver did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. (CVE-2011-2909) The performance counter subsystem did not correctly handle certain counters. A local attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2918) Time Warns discovered that long symlinks were incorrectly handled on Be filesystems. A local attacker could exploit this with a malformed Be filesystem and crash the system, leading to a denial of service. (CVE-2011-2928) Qianfeng Zhang discovered that the bridge networking interface incorrectly handled certain network packets. A remote attacker could exploit this to crash the system, leading to a denial of service. (CVE-2011-2942) Dan Kaminsky discovered that the kernel incorrectly handled random sequence number generation. An attacker could use this flaw to possibly predict sequence numbers and inject packets. (CVE-2011-3188) Darren Lavender discovered that the CIFS client incorrectly handled certain large values. (CVE-2011-3191) Yasuaki Ishimatsu discovered a flaw in the kernel's clock implementation. A local unprivileged attacker could exploit this causing a denial of service. (CVE-2011-3209) Yogesh Sharma discovered that CIFS did not correctly handle UNCs that had no prefixpaths. A local attacker with access to a CIFS partition could exploit this to crash the system, leading to a denial of service. (CVE-2011-3363) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 10.04 LTS: linux-image-2.6.38-12-generic 2.6.38-12.51~lucid1 linux-image-2.6.38-12-generic-pae 2.6.38-12.51~lucid1 linux-image-2.6.38-12-server 2.6.38-12.51~lucid1 linux-image-2.6.38-12-virtual 2.6.38-12.51~lucid1 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well. References: http://www.ubuntu.com/usn/usn-1256-1 CVE-2011-1020, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1093, CVE-2011-1160, CVE-2011-1180, CVE-2011-1478, CVE-2011-1479, CVE-2011-1493, CVE-2011-1573, CVE-2011-1576, CVE-2011-1577, CVE-2011-1581, CVE-2011-1585, CVE-2011-1767, CVE-2011-1768, CVE-2011-1771, CVE-2011-1776, CVE-2011-1833, CVE-2011-2183, CVE-2011-2213, CVE-2011-2479, CVE-2011-2484, CVE-2011-2491, CVE-2011-2492, CVE-2011-2493, CVE-2011-2494, CVE-2011-2495, CVE-2011-2496, CVE-2011-2497, CVE-2011-2517, CVE-2011-2525, CVE-2011-2689, CVE-2011-2695, CVE-2011-2699, CVE-2011-2700, CVE-2011-2723, CVE-2011-2905, CVE-2011-2909, Package Information: https://launchpad.net/ubuntu/+source/linux-lts-backport-natty/2.6.38-12.51~lucid1 . (CVE-2010-4242) Brad Spengler discovered that the kernel did not correctly account for userspace memory allocations during exec() calls. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ---------------------------------------------------------------------- Debian Security Advisory DSA-2240-1 security@debian.org http://www.debian.org/security/ dann frazier May 24, 2011 http://www.debian.org/security/faq - ---------------------------------------------------------------------- Package : linux-2.6 Vulnerability : privilege escalation/denial of service/information leak Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2010-3875 CVE-2011-0695 CVE-2011-0711 CVE-2011-0726 CVE-2011-1016 CVE-2011-1078 CVE-2011-1079 CVE-2011-1080 CVE-2011-1090 CVE-2011-1160 CVE-2011-1163 CVE-2011-1170 CVE-2011-1171 CVE-2011-1172 CVE-2011-1173 CVE-2011-1180 CVE-2011-1182 CVE-2011-1476 CVE-2011-1477 CVE-2011-1478 CVE-2011-1493 CVE-2011-1494 CVE-2011-1495 CVE-2011-1585 CVE-2011-1593 CVE-2011-1598 CVE-2011-1745 CVE-2011-1746 CVE-2011-1748 CVE-2011-1759 CVE-2011-1767 CVE-2011-1770 CVE-2011-1776 CVE-2011-2022 Debian Bug(s) : Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-3875 Vasiliy Kulikov discovered an issue in the Linux implementation of the Amateur Radio AX.25 Level 2 protocol. CVE-2011-0695 Jens Kuehnel reported an issue in the InfiniBand stack. Local users could learn the text location of a process, defeating protections provided by address space layout randomization (ASLR). CVE-2011-1016 Marek Olšák discovered an issue in the driver for ATI/AMD Radeon video chips. Local users could pass arbitrary values to video memory and the graphics translation table, resulting in denial of service or escalated privileges. On default Debian installations, this is exploitable only by members of the 'video' group. CVE-2011-1080 Vasiliy Kulikov discovered an issue in the Netfilter subsystem. CVE-2011-1160 Peter Huewe reported an issue in the Linux kernel's support for TPM security chips. CVE-2011-1163 Timo Warns reported an issue in the kernel support for Alpha OSF format disk partitions. CVE-2011-1170 Vasiliy Kulikov reported an issue in the Netfilter arp table implementation. CVE-2011-1171 Vasiliy Kulikov reported an issue in the Netfilter IP table implementation. CVE-2011-1172 Vasiliy Kulikov reported an issue in the Netfilter IP6 table implementation. CVE-2011-1173 Vasiliy Kulikov reported an issue in the Acorn Econet protocol implementation. CVE-2011-1180 Dan Rosenberg reported a buffer overflow in the Information Access Service of the IrDA protocol, used for Infrared devices. CVE-2011-1182 Julien Tinnes reported an issue in the rt_sigqueueinfo interface. Local users can generate signals with falsified source pid and uid information. CVE-2011-1476 Dan Rosenberg reported issues in the Open Sound System MIDI interface that allow local users to cause a denial of service. This issue does not affect official Debian Linux image packages as they no longer provide support for OSS. However, custom kernels built from Debians linux-source-2.6.32 may have enabled this configuration and would therefore be vulnerable. CVE-2011-1477 Dan Rosenberg reported issues in the Open Sound System driver for cards that include a Yamaha FM synthesizer chip. This issue does not affect official Debian Linux image packages as they no longer provide support for OSS. However, custom kernels built from Debians linux-source-2.6.32 may have enabled this configuration and would therefore be vulnerable. CVE-2011-1478 Ryan Sweat reported an issue in the Generic Receive Offload (GRO) support in the Linux networking subsystem. CVE-2011-1493 Dan Rosenburg reported two issues in the Linux implementation of the Amateur Radio X.25 PLP (Rose) protocol. CVE-2011-1494 Dan Rosenberg reported an issue in the /dev/mpt2ctl interface provided by the driver for LSI MPT Fusion SAS 2.0 controllers. On default Debian installations this is not exploitable as this interface is only accessible to root. CVE-2011-1495 Dan Rosenberg reported two additional issues in the /dev/mpt2ctl interface provided by the driver for LSI MPT Fusion SAS 2.0 controllers. On default Debian installations this is not exploitable as this interface is only accessible to root. CVE-2011-1585 Jeff Layton reported an issue in the Common Internet File System (CIFS). CVE-2011-1598 Dave Jones reported an issue in the Broadcast Manager Controller Area Network (CAN/BCM) protocol that may allow local users to cause a NULL pointer dereference, resulting in a denial of service. CVE-2011-1745 Vasiliy Kulikov reported an issue in the Linux support for AGP devices. On default Debian installations, this is exploitable only by users in the video group. CVE-2011-1746 Vasiliy Kulikov reported an issue in the Linux support for AGP devices. On default Debian installations, this is exploitable only by users in the video group. CVE-2011-1748 Oliver Kartkopp reported an issue in the Controller Area Network (CAN) raw socket implementation which permits ocal users to cause a NULL pointer dereference, resulting in a denial of service. CVE-2011-1759 Dan Rosenberg reported an issue in the support for executing "old ABI" binaries on ARM processors. CVE-2011-1767 Alexecy Dobriyan reported an issue in the GRE over IP implementation. CVE-2011-2022 Vasiliy Kulikov reported an issue in the Linux support for AGP devices. On default Debian installations, this is exploitable only by users in the video group. This update also includes changes queued for the next point release of Debian 6.0, which also fix various non-security issues. These additional changes are described in the package changelog which can be viewed at: http://packages.debian.org/changelogs/pool/main/l/linux-2.6/linux-2.6_2.6.32-34/changelog For the stable distribution (squeeze), this problem has been fixed in version 2.6.32-34squeeze1. Updates for issues impacting the oldstable distribution (lenny) will be available soon. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 6.0 (squeeze) user-mode-linux 2.6.32-1um-4+34squeeze1 We recommend that you upgrade your linux-2.6 and user-mode-linux packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJN3I4aAAoJEBv4PF5U/IZAaa4P/j+l40Mp6naHByZt3jpwNWSA RN/jkkrYnYNDyT7crB+/DOdu84zalYa2KqfffOd/faV9+NSCBayjJ5c+FvVgeTay Il8elfcWP/uK0BXJn2xVb7YAsLpIe0HRlhxe72ZqcT4Yxo1/IBnEpUS56JRd2tlA k7x7dbj+smlzlM4qiXQy1F6LNyDqoGDUKNohQHUoyQ5dGq/gdi3C7EnUs4Nx9vjK RU1HUWLXB4qm7JpoK6o3u6Hpe0ynZm74tYvTi0XhayGXGevaBvIQuEWqhY6gZF1P v6a5gvBQC2pRIQXAVUbAhjoXpuF5jahTgicLdJanDqLfhefQ3qV11Ahvui2lzZuT iKbMVGzO/azPLzskH8YNBq6drFPX2ZqRsxGmrTdzEtLWnJCN6nBBe4kF6C3z5T1A 1ez4/F+OhNl2wnimq3CxiyfXun9WWs6IlULpqsKgJjE4bItg5a8+zTYGjkhQxX+X fPzO1xZCtQK4i+59Ejs5FwIfps0fA0m8c1Z5bnIaj4Q+0X5sJt2kwws8yrQKoOH1 eKGOgRqM70rOnyW/TQtXDGnTC4+vCCv89UjZUpG+sxZtWUxeh8CL2scUyceTeSNC IS2+EgvilN+a3hQlYJH4YNshmQCtJDp7qMTLaXLHM9hoV1L383nbJV4AtrFlcsCO KRI5f0ds95H6TsEoTSmO =gx2x -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

The do_replace function in net/bridge/netfilter/ebtables.c in the Linux kernel before 2.6.39 does not ensure that a certain name field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAP_NET_ADMIN capability to replace a table, and then reading a modprobe command line. The Linux kernel is prone to multiple local information-disclosure vulnerabilities. Local attackers can exploit these issues to obtain sensitive information that may lead to further attacks. Hitachi JP1 products are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. The following products are affected: JP1/IT Resource Management - Manager JP1/IT Service Level Management - Manager. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, noarch, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, noarch, x86_64 3. (CVE-2011-1093, Important) * Multiple buffer overflow flaws were found in the Linux kernel's Management Module Support for Message Passing Technology (MPT) based controllers. (CVE-2011-1079, Moderate) * Missing error checking in the way page tables were handled in the Xen hypervisor implementation could allow a privileged guest user to cause the host, and the guests, to lock up. (CVE-2011-1166, Moderate) * A flaw was found in the way the Xen hypervisor implementation checked for the upper boundary when getting a new event channel port. (CVE-2011-1763, Moderate) * The start_code and end_code values in "/proc/[pid]/stat" were not protected. (CVE-2011-1078, Low) * A missing validation of a null-terminated string data structure element in the do_replace() function could allow a local user who has the CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1080, Low) * A buffer overflow flaw in the DEC Alpha OSF partition implementation in the Linux kernel could allow a local attacker to cause an information leak by mounting a disk that contains specially-crafted partition tables. (CVE-2011-1163, Low) * Missing validations of null-terminated string data structure elements in the do_replace(), compat_do_replace(), do_ipt_get_ctl(), do_ip6t_get_ctl(), and do_arpt_get_ctl() functions could allow a local user who has the CAP_NET_ADMIN capability to cause an information leak. (CVE-2011-1577, Low) Red Hat would like to thank Dan Rosenberg for reporting CVE-2011-1494 and CVE-2011-1495; Vasiliy Kulikov for reporting CVE-2011-1079, CVE-2011-1078, CVE-2011-1080, CVE-2011-1170, CVE-2011-1171, and CVE-2011-1172; Kees Cook for reporting CVE-2011-0726; and Timo Warns for reporting CVE-2011-1163 and CVE-2011-1577. This update also fixes several bugs. Documentation for these bug fixes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. Bugs fixed (http://bugzilla.redhat.com/): 681259 - CVE-2011-1078 kernel: bt sco_conninfo infoleak 681260 - CVE-2011-1079 kernel: bnep device field missing NULL terminator 681262 - CVE-2011-1080 kernel: ebtables stack infoleak 682954 - CVE-2011-1093 kernel: dccp: fix oops on Reset after close 684569 - CVE-2011-0726 kernel: proc: protect mm start_code/end_code in /proc/pid/stat 688021 - CVE-2011-1163 kernel: fs/partitions: Corrupted OSF partition table infoleak 688156 - [5.6][REG]for some uses of 'nfsservctl' system call, the kernel crashes. [rhel-5.6.z] 688579 - CVE-2011-1166 kernel: xen: x86_64: fix error checking in arch_set_info_guest() 689321 - CVE-2011-1170 ipv4: netfilter: arp_tables: fix infoleak to userspace 689327 - CVE-2011-1171 ipv4: netfilter: ip_tables: fix infoleak to userspace 689345 - CVE-2011-1172 ipv6: netfilter: ip6_tables: fix infoleak to userspace 689699 - Deadlock between device driver attachment and device removal with a USB device [rhel-5.6.z] 689700 - [NetApp 5.6 Bug] QLogic 8G FC firmware dumps seen during IO [rhel-5.6.z] 690134 - Time runs too fast in a VM on processors with &gt; 4GHZ freq [rhel-5.6.z] 690239 - gfs2: creating large files suddenly slow to a crawl [rhel-5.6.z] 694021 - CVE-2011-1494 CVE-2011-1495 kernel: drivers/scsi/mpt2sas: prevent heap overflows 695976 - CVE-2011-1577 kernel: corrupted GUID partition tables can cause kernel oops 696136 - RHEL 5.6 (kernel -238) causes audio issues [rhel-5.6.z] 697448 - slab corruption after seeing some nfs-related BUG: warning [rhel-5.6.z] 699808 - dasd: fix race between open and offline [rhel-5.6.z] 701240 - CVE-2011-1763 kernel: xen: improper upper boundary check in get_free_port() function 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kernel-2.6.18-238.12.1.el5.src.rpm i386: kernel-2.6.18-238.12.1.el5.i686.rpm kernel-PAE-2.6.18-238.12.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-238.12.1.el5.i686.rpm kernel-PAE-devel-2.6.18-238.12.1.el5.i686.rpm kernel-debug-2.6.18-238.12.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-238.12.1.el5.i686.rpm kernel-debug-devel-2.6.18-238.12.1.el5.i686.rpm kernel-debuginfo-2.6.18-238.12.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-238.12.1.el5.i686.rpm kernel-devel-2.6.18-238.12.1.el5.i686.rpm kernel-headers-2.6.18-238.12.1.el5.i386.rpm kernel-xen-2.6.18-238.12.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-238.12.1.el5.i686.rpm kernel-xen-devel-2.6.18-238.12.1.el5.i686.rpm noarch: kernel-doc-2.6.18-238.12.1.el5.noarch.rpm x86_64: kernel-2.6.18-238.12.1.el5.x86_64.rpm kernel-debug-2.6.18-238.12.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-238.12.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-238.12.1.el5.x86_64.rpm kernel-devel-2.6.18-238.12.1.el5.x86_64.rpm kernel-headers-2.6.18-238.12.1.el5.x86_64.rpm kernel-xen-2.6.18-238.12.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-238.12.1.el5.x86_64.rpm Red Hat Enterprise Linux (v. 5 server): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kernel-2.6.18-238.12.1.el5.src.rpm i386: kernel-2.6.18-238.12.1.el5.i686.rpm kernel-PAE-2.6.18-238.12.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-238.12.1.el5.i686.rpm kernel-PAE-devel-2.6.18-238.12.1.el5.i686.rpm kernel-debug-2.6.18-238.12.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-238.12.1.el5.i686.rpm kernel-debug-devel-2.6.18-238.12.1.el5.i686.rpm kernel-debuginfo-2.6.18-238.12.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-238.12.1.el5.i686.rpm kernel-devel-2.6.18-238.12.1.el5.i686.rpm kernel-headers-2.6.18-238.12.1.el5.i386.rpm kernel-xen-2.6.18-238.12.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-238.12.1.el5.i686.rpm kernel-xen-devel-2.6.18-238.12.1.el5.i686.rpm ia64: kernel-2.6.18-238.12.1.el5.ia64.rpm kernel-debug-2.6.18-238.12.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-238.12.1.el5.ia64.rpm kernel-debug-devel-2.6.18-238.12.1.el5.ia64.rpm kernel-debuginfo-2.6.18-238.12.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-238.12.1.el5.ia64.rpm kernel-devel-2.6.18-238.12.1.el5.ia64.rpm kernel-headers-2.6.18-238.12.1.el5.ia64.rpm kernel-xen-2.6.18-238.12.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-238.12.1.el5.ia64.rpm kernel-xen-devel-2.6.18-238.12.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-238.12.1.el5.noarch.rpm ppc: kernel-2.6.18-238.12.1.el5.ppc64.rpm kernel-debug-2.6.18-238.12.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-238.12.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-238.12.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-238.12.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-238.12.1.el5.ppc64.rpm kernel-devel-2.6.18-238.12.1.el5.ppc64.rpm kernel-headers-2.6.18-238.12.1.el5.ppc.rpm kernel-headers-2.6.18-238.12.1.el5.ppc64.rpm kernel-kdump-2.6.18-238.12.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-238.12.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-238.12.1.el5.ppc64.rpm s390x: kernel-2.6.18-238.12.1.el5.s390x.rpm kernel-debug-2.6.18-238.12.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-238.12.1.el5.s390x.rpm kernel-debug-devel-2.6.18-238.12.1.el5.s390x.rpm kernel-debuginfo-2.6.18-238.12.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-238.12.1.el5.s390x.rpm kernel-devel-2.6.18-238.12.1.el5.s390x.rpm kernel-headers-2.6.18-238.12.1.el5.s390x.rpm kernel-kdump-2.6.18-238.12.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-238.12.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-238.12.1.el5.s390x.rpm x86_64: kernel-2.6.18-238.12.1.el5.x86_64.rpm kernel-debug-2.6.18-238.12.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-238.12.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-238.12.1.el5.x86_64.rpm kernel-devel-2.6.18-238.12.1.el5.x86_64.rpm kernel-headers-2.6.18-238.12.1.el5.x86_64.rpm kernel-xen-2.6.18-238.12.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-238.12.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-238.12.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. Contact: The Red Hat security contact is &lt;secalert@redhat.com&gt;. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2264-1 security@debian.org http://www.debian.org/security/ dann frazier June 18, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : linux-2.6 Vulnerability : privilege escalation/denial of service/information leak Problem type : local/remote Debian-specific: no CVE Id(s) : CVE-2010-2524 CVE-2010-3875 CVE-2010-4075 CVE-2010-4655 CVE-2011-0695 CVE-2011-0710 CVE-2011-0711 CVE-2011-0726 CVE-2011-1010 CVE-2011-1012 CVE-2011-1017 CVE-2011-1078 CVE-2011-1079 CVE-2011-1080 CVE-2011-1090 CVE-2011-1093 CVE-2011-1160 CVE-2011-1163 CVE-2011-1170 CVE-2011-1171 CVE-2011-1172 CVE-2011-1173 CVE-2011-1180 CVE-2011-1182 CVE-2011-1477 CVE-2011-1493 CVE-2011-1577 CVE-2011-1593 CVE-2011-1598 CVE-2011-1745 CVE-2011-1746 CVE-2011-1748 CVE-2011-1759 CVE-2011-1767 CVE-2011-1768 CVE-2011-1776 CVE-2011-2022 CVE-2011-2182 Debian Bug : 618485 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-2524 David Howells reported an issue in the Common Internet File System (CIFS). Local users could cause arbitrary CIFS shares to be mounted by introducing malicious redirects. CVE-2010-3875 Vasiliy Kulikov discovered an issue in the Linux implementation of the Amateur Radio AX.25 Level 2 protocol. CVE-2010-4075 Dan Rosenberg reported an issue in the tty layer that may allow local users to obtain access to sensitive kernel memory. CVE-2011-0695 Jens Kuehnel reported an issue in the InfiniBand stack. Remote attackers can exploit a race condition to cause a denial of service (kernel panic). CVE-2011-0710 Al Viro reported an issue in the /proc/<pid>/status interface on the s390 architecture. Local users could gain access to sensitive memory in processes they do not own via the task_show_regs entry. CVE-2011-0711 Dan Rosenberg reported an issue in the XFS filesystem. CVE-2011-0726 Kees Cook reported an issue in the /proc/pid/stat implementation. Local users could learn the text location of a process, defeating protections provided by address space layout randomization (ASLR). CVE-2011-1010 Timo Warns reported an issue in the Linux support for Mac partition tables. Local users with physical access could cause a denial of service (panic) by adding a storage device with a malicious map_count value. CVE-2011-1012 Timo Warns reported an issue in the Linux support for Mac partition tables. Local users with physical access could cause a denial of service (panic) by adding a storage device with a malicious map_count value. CVE-2011-1017 Timo Warns reported an issue in the Linux support for LDM partition tables. Users with physical access can gain access to sensitive kernel memory or gain elevated privileges by adding a storage device with a specially crafted LDM partition. CVE-2011-1078 Vasiliy Kulikov discovered an issue in the Bluetooth subsystem. CVE-2011-1079 Vasiliy Kulikov discovered an issue in the Bluetooth subsystem. Local users with the CAP_NET_ADMIN capability can cause a denial of service (kernel Oops). CVE-2011-1080 Vasiliy Kulikov discovered an issue in the Netfilter subsystem. CVE-2011-1090 Neil Horman discovered a memory leak in the setacl() call on NFSv4 filesystems. Local users can exploit this to cause a denial of service (Oops). CVE-2011-1093 Johan Hovold reported an issue in the Datagram Congestion Control Protocol (DCCP) implementation. Remote users could cause a denial of service by sending data after closing a socket. CVE-2011-1160 Peter Huewe reported an issue in the Linux kernel's support for TPM security chips. CVE-2011-1163 Timo Warns reported an issue in the kernel support for Alpha OSF format disk partitions. Users with physical access can gain access to sensitive kernel memory by adding a storage device with a specially crafted OSF partition. CVE-2011-1170 Vasiliy Kulikov reported an issue in the Netfilter arp table implementation. CVE-2011-1171 Vasiliy Kulikov reported an issue in the Netfilter IP table implementation. CVE-2011-1172 Vasiliy Kulikov reported an issue in the Netfilter IP6 table implementation. CVE-2011-1173 Vasiliy Kulikov reported an issue in the Acorn Econet protocol implementation. CVE-2011-1180 Dan Rosenberg reported a buffer overflow in the Information Access Service of the IrDA protocol, used for Infrared devices. Remote attackers within IR device range can cause a denial of service or possibly gain elevated privileges. CVE-2011-1182 Julien Tinnes reported an issue in the rt_sigqueueinfo interface. Local users can generate signals with falsified source pid and uid information. CVE-2011-1477 Dan Rosenberg reported issues in the Open Sound System driver for cards that include a Yamaha FM synthesizer chip. Local users can cause memory corruption resulting in a denial of service. This issue does not affect official Debian Linux image packages as they no longer provide support for OSS. However, custom kernels built from Debians linux-source-2.6.32 may have enabled this configuration and would therefore be vulnerable. CVE-2011-1493 Dan Rosenburg reported two issues in the Linux implementation of the Amateur Radio X.25 PLP (Rose) protocol. A remote user can cause a denial of service by providing specially crafted facilities fields. CVE-2011-1577 Timo Warns reported an issue in the Linux support for GPT partition tables. Local users with physical access could cause a denial of service (Oops) by adding a storage device with a malicious partition table header. CVE-2011-1593 Robert Swiecki reported a signednes issue in the next_pidmap() function, which can be exploited my local users to cause a denial of service. CVE-2011-1598 Dave Jones reported an issue in the Broadcast Manager Controller Area Network (CAN/BCM) protocol that may allow local users to cause a NULL pointer dereference, resulting in a denial of service. CVE-2011-1745 Vasiliy Kulikov reported an issue in the Linux support for AGP devices. Local users can obtain elevated privileges or cause a denial of service due to missing bounds checking in the AGPIOC_BIND ioctl. On default Debian installations, this is exploitable only by users in the video group. CVE-2011-1746 Vasiliy Kulikov reported an issue in the Linux support for AGP devices. Local users can obtain elevated privileges or cause a denial of service due to missing bounds checking in the agp_allocate_memory and agp_create_user_memory. On default Debian installations, this is exploitable only by users in the video group. CVE-2011-1748 Oliver Kartkopp reported an issue in the Controller Area Network (CAN) raw socket implementation which permits ocal users to cause a NULL pointer dereference, resulting in a denial of service. CVE-2011-1759 Dan Rosenberg reported an issue in the support for executing "old ABI" binaries on ARM processors. Local users can obtain elevated privileges due to insufficient bounds checking in the semtimedop system call. CVE-2011-1767 Alexecy Dobriyan reported an issue in the GRE over IP implementation. Remote users can cause a denial of service by sending a packet during module initialization. CVE-2011-1768 Alexecy Dobriyan reported an issue in the IP tunnels implementation. Remote users can cause a denial of service by sending a packet during module initialization. CVE-2011-1776 Timo Warns reported an issue in the Linux implementation for GUID partitions. Users with physical access can gain access to sensitive kernel memory by adding a storage device with a specially crafted corrupted invalid partition table. CVE-2011-2022 Vasiliy Kulikov reported an issue in the Linux support for AGP devices. Local users can obtain elevated privileges or cause a denial of service due to missing bounds checking in the AGPIOC_UNBIND ioctl. On default Debian installations, this is exploitable only by users in the video group. CVE-2011-2182 Ben Hutchings reported an issue with the fix for CVE-2011-1017 (see above) that made it insufficient to resolve the issue. For the oldstable distribution (lenny), this problem has been fixed in version 2.6.26-26lenny3. Updates for arm and hppa are not yet available, but will be released as soon as possible. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 5.0 (lenny) user-mode-linux 2.6.26-1um-2+26lenny3 We recommend that you upgrade your linux-2.6 and user-mode-linux packages. These updates will not become active until after your system is rebooted. Note: Debian carefully tracks all known security issues across every linux kernel package in all releases under active security support. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, updates for lower priority issues will normally not be released for all kernels at the same time. Rather, they will be released in a staggered or "leap-frog" fashion. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJN/Uv8AAoJEBv4PF5U/IZAp7QQAJmbSplvSgno69C0IFRzRgGI FS3B6uq5zNcvucQ4O2u5Zj/rPRef/M2Lxj4Vx/9FQ+4SlV/Ryazu3iknLL2iyc8a 3zZBbo6S/OvhK0Prfd88ItCxXviYJchY91qp7Pm5TOkE1rM43XLhDAi1T1W507tY 2rgqUfWkmN0Xq4Ykh3uySsIH6VkLqC5Ay7n5jXapdf3wJkyl1pg/iu0ndTnHaRTC ByQehIMbj4OOivOcy06lS89Aro+KkgPRaA0lp5enegxUZTs5S5AIo7h6v9U078xr bcUcfrOsiTpVuTRND1L7kQQhPjmIv+UlzFjYuGPbHQxfZRVnVIlB4Ny3jIyN1aBx DMqxGR+novsYIuXAZWlsF17UYQXW5CFe+7aeS06bdaWWemJGkV0Mkfb72fwa3uLz sXlLp6fju2N5RQW7WVfjx89X7SAjKmYwQnCMbo0mwdRfujBNgbkm2xCrDy+QIE23 5BnAY18kXpqaRbXPJB0sy8V99Wnl1ZSRRzX0kOZVecrhKAoCUGPJS2X+bDEtIzhB OWzxcC7P94hega5JYzteSZcyBkGRUj4604NCzD38OdPqqWvR3oWtwDRAKIR7gZ/L PRoDZucqfYV+BhXy/ib55qTo/va5gjmnlUFMP2G/TVQk9XQ/q8TxxefmnQc+Qy3A P/Hlaop/HijmZLuNpJB4 =dXCB -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ---------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2012-0001 Synopsis: VMware ESXi and ESX updates to third party library and ESX Service Console Issue date: 2012-01-30 Updated on: 2012-01-30 (initial advisory) CVE numbers: --- COS Kernel --- CVE-2011-0726, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1093, CVE-2011-1163, CVE-2011-1166, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1494, CVE-2011-1495, CVE-2011-1577, CVE-2011-1763, CVE-2010-4649, CVE-2011-0695, CVE-2011-0711, CVE-2011-1044, CVE-2011-1182, CVE-2011-1573, CVE-2011-1576, CVE-2011-1593, CVE-2011-1745, CVE-2011-1746, CVE-2011-1776, CVE-2011-1936, CVE-2011-2022, CVE-2011-2213, CVE-2011-2492, CVE-2011-1780, CVE-2011-2525, CVE-2011-2689, CVE-2011-2482, CVE-2011-2491, CVE-2011-2495, CVE-2011-2517, CVE-2011-2519, CVE-2011-2901 --- COS cURL --- CVE-2011-2192 --- COS rpm --- CVE-2010-2059, CVE-2011-3378 --- COS samba --- CVE-2010-0547, CVE-2010-0787, CVE-2011-1678, CVE-2011-2522, CVE-2011-2694 --- COS python --- CVE-2009-3720, CVE-2010-3493, CVE-2011-1015, CVE-2011-1521 --- python library --- CVE-2009-3560, CVE-2009-3720, CVE-2010-1634, CVE-2010-2089, CVE-2011-1521 ---------------------------------------------------------------------- 1. Summary VMware ESXi and ESX updates to third party library and ESX Service Console address several security issues. 2. Relevant releases ESXi 4.1 without patch ESXi410-201201401-SG ESX 4.1 without patches ESX410-201201401-SG, ESX410-201201402-SG, ESX410-201201404-SG, ESX410-201201405-SG, ESX410-201201406-SG, ESX410-201201407-SG 3. Problem Description a. ESX third party update for Service Console kernel The ESX Service Console Operating System (COS) kernel is updated to kernel-2.6.18-274.3.1.el5 to fix multiple security issues in the COS kernel. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201201401-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. b. ESX third party update for Service Console cURL RPM The ESX Service Console (COS) curl RPM is updated to cURL-7.15.5.9 resolving a security issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201201402-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. c. ESX third party update for Service Console nspr and nss RPMs The ESX Service Console (COS) nspr and nss RPMs are updated to nspr-4.8.8-1.el5_7 and nss-3.12.10-4.el5_7 respectively resolving a security issues. A Certificate Authority (CA) issued fraudulent SSL certificates and Netscape Portable Runtime (NSPR) and Network Security Services (NSS) contain the built-in tokens of this fraudulent Certificate Authority. This update renders all SSL certificates signed by the fraudulent CA as untrusted for all uses. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201201404-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. d. ESX third party update for Service Console rpm RPMs The ESX Service Console Operating System (COS) rpm packages are updated to popt-1.10.2.3-22.el5_7.2, rpm-4.4.2.3-22.el5_7.2, rpm-libs-4.4.2.3-22.el5_7.2 and rpm-python-4.4.2.3-22.el5_7.2 which fixes multiple security issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201201406-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. e. ESX third party update for Service Console samba RPMs The ESX Service Console Operating System (COS) samba packages are updated to samba-client-3.0.33-3.29.el5_7.4, samba-common-3.0.33-3.29.el5_7.4 and libsmbclient-3.0.33-3.29.el5_7.4 which fixes multiple security issues in the Samba client. Note that ESX does not include the Samba Web Administration Tool (SWAT) and therefore ESX COS is not affected by CVE-2011-2522 and CVE-2011-2694. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201201407-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. f. ESX third party update for Service Console python package The ESX Service Console (COS) python package is updated to 2.4.3-44 which fixes multiple security issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201201405-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. g. ESXi update to third party component python The python third party library is updated to python 2.5.6 which fixes multiple security issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi 5.0 ESXi patch pending ESXi 4.1 ESXi ESXi410-201201401-SG ESXi 4.0 ESXi patch pending ESXi 3.5 ESXi patch pending ESX 4.1 ESX not affected ESX 4.0 ESX not affected ESX 3.5 ESX not affected * hosted products are VMware Workstation, Player, ACE, Fusion. 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. VMware ESXi 4.1 --------------- ESXi410-201201401 http://downloads.vmware.com/go/selfsupport-download md5sum: BDF86F10A973346E26C9C2CD4C424E88 sha1sum: CC0B92869A9AAE4F5E0E5B81BEE109BCD7DA780F http://kb.vmware.com/kb/2009143 ESXi410-201201401 contains ESXi410-201201401-SG VMware ESX 4.1 -------------- ESX410-201201001 http://downloads.vmware.com/go/selfsupport-download md5sum: 16DF9ACD3E74BCABC2494BC23AD0927F sha1sum: 1066AE1436E1A75BA3D541AB65296CFB9AB7A5CC http://kb.vmware.com/kb/2009142 ESX410-201201001 contains ESX410-201201401-SG, ESX410-201201402-SG, ESX410-201201404-SG, ESX410-201201405-SG, ESX410-201201406-SG and ESX410-201201407-SG 5. References CVE numbers --- COS Kernel --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0726 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1078 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1079 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1080 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1093 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1163 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1170 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1171 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1172 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1494 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1495 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1577 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1763 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4649 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0695 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0711 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1044 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1182 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1573 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1576 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1593 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1745 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1746 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1776 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1936 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2022 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2213 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2492 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2525 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2689 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2482 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2491 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2495 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2517 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2519 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2901 --- COS cURL --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2192 --- COS rpm --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2059 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3378 --- COS samba --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0547 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1678 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2522 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2694 --- COS python --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3493 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1015 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1521 --- python library --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1634 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2089 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1521 ---------------------------------------------------------------------- 6. Change log 2012-01-30 VMSA-2012-0001 Initial security advisory in conjunction with the release of patches for ESX 4.1 and ESXi 4.1 on 2012-01-30. ---------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2012 VMware Inc. All rights reserved. ========================================================================== Ubuntu Security Notice USN-1212-1 September 21, 2011 linux-ti-omap4 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.04 Summary: Multiple kernel flaws have been fixed. Software Description: - linux-ti-omap4: Linux kernel for OMAP4 Details: Goldwyn Rodrigues discovered that the OCFS2 filesystem did not correctly clear memory when writing certain file holes. A local attacker could exploit this to read uninitialized data from the disk, leading to a loss of privacy. (CVE-2011-1017) It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. (CVE-2011-1078) Vasiliy Kulikov discovered that the Bluetooth stack did not correctly check that device name strings were NULL terminated. (CVE-2011-1079) Vasiliy Kulikov discovered that bridge network filtering did not check that name fields were NULL terminated. (CVE-2011-1080) Peter Huewe discovered that the TPM device did not correctly initialize memory. (CVE-2011-1160) Vasiliy Kulikov discovered that the netfilter code did not check certain strings copied from userspace. (CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-2534) Vasiliy Kulikov discovered that the Acorn Universal Networking driver did not correctly initialize memory. (CVE-2011-1173) Dan Rosenberg discovered that the IRDA subsystem did not correctly check certain field sizes. (CVE-2011-1180) Julien Tinnes discovered that the kernel did not correctly validate the signal structure from tkill(). A local attacker could exploit this to send signals to arbitrary threads, possibly bypassing expected restrictions. (CVE-2011-1182) Dan Rosenberg discovered that the X.25 Rose network stack did not correctly handle certain fields. If a system was running with Rose enabled, a remote attacker could send specially crafted traffic to gain root privileges. (CVE-2011-1493) Dan Rosenberg discovered that MPT devices did not correctly validate certain values in ioctl calls. If these drivers were loaded, a local attacker could exploit this to read arbitrary kernel memory, leading to a loss of privacy. (CVE-2011-1577) Phil Oester discovered that the network bonding system did not correctly handle large queues. (CVE-2011-1581) Tavis Ormandy discovered that the pidmap function did not correctly handle large requests. (CVE-2011-1593) Oliver Hartkopp and Dave Jones discovered that the CAN network driver did not correctly validate certain socket structures. (CVE-2011-1598, CVE-2011-1748) Vasiliy Kulikov discovered that the AGP driver did not check certain ioctl values. (CVE-2011-1745, CVE-2011-2022) Vasiliy Kulikov discovered that the AGP driver did not check the size of certain memory allocations. (CVE-2011-1746) Dan Rosenberg discovered that the DCCP stack did not correctly handle certain packet structures. (CVE-2011-1770) Ben Greear discovered that CIFS did not correctly handle direct I/O. (CVE-2011-1771) Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. (CVE-2011-1833) Vasiliy Kulikov discovered that taskstats listeners were not correctly handled. A local attacker could exploit this to read portions of the kernel stack, leading to a loss of privacy. (CVE-2011-2492) Sami Liedes discovered that ext4 did not correctly handle missing root inodes. (CVE-2011-2493) It was discovered that GFS2 did not correctly check block sizes. (CVE-2011-2689) Fernando Gont discovered that the IPv6 stack used predictable fragment identification numbers. (CVE-2011-2699) The performance counter subsystem did not correctly handle certain counters. (CVE-2011-2918) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.04: linux-image-2.6.38-1209-omap4 2.6.38-1209.15 After a standard system update you need to reboot your computer to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1212-1 CVE-2011-0463, CVE-2011-1017, CVE-2011-1020, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1160, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1173, CVE-2011-1180, CVE-2011-1182, CVE-2011-1493, CVE-2011-1494, CVE-2011-1495, CVE-2011-1577, CVE-2011-1581, CVE-2011-1593, CVE-2011-1598, CVE-2011-1745, CVE-2011-1746, CVE-2011-1748, CVE-2011-1770, CVE-2011-1771, CVE-2011-1833, CVE-2011-2022, CVE-2011-2484, CVE-2011-2492, CVE-2011-2493, CVE-2011-2534, CVE-2011-2689, CVE-2011-2699, CVE-2011-2918 Package Information: https://launchpad.net/ubuntu/+source/linux-ti-omap4/2.6.38-1209.15

Off-by-one error in the __addr_ok macro in Xen 3.3 and earlier allows local 64 bit PV guest administrators to cause a denial of service (host crash) via unspecified hypercalls that ignore virtual-address bits. Xen is prone to a denial-of-service vulnerability due to an off-by-one error. An attacker with access to a guest operating system can exploit this issue to crash the host operating system, effectively denying service to legitimate users. Due to the nature of this issue arbitrary code-execution maybe possible; however this has not been confirmed,. Hitachi JP1 products are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. The following products are affected: JP1/IT Resource Management - Manager JP1/IT Service Level Management - Manager. This update also fixes several bugs. Documentation for these bug fixes will be available shortly from the Technical Notes document linked to in the References section. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Relevant releases/architectures: Red Hat Enterprise Linux EUS (v. 5.6 server) - i386, ia64, noarch, ppc, s390x, x86_64 3. Description: These packages contain the Linux kernel. This update fixes the following security issues: * A flaw in the Stream Control Transmission Protocol (SCTP) implementation could allow a remote attacker to cause a denial of service by sending a specially-crafted SCTP packet to a target system. (CVE-2011-2482, Important) If you do not run applications that use SCTP, you can prevent the sctp module from being loaded by adding the following to the end of the "/etc/modprobe.d/blacklist.conf" file: blacklist sctp This way, the sctp module cannot be loaded accidentally, which may occur if an application that requires SCTP is started. A reboot is not necessary for this change to take effect. * A flaw in the client-side NFS Lock Manager (NLM) implementation could allow a local, unprivileged user to cause a denial of service. (CVE-2011-2491, Important) * Flaws in the netlink-based wireless configuration interface could allow a local user, who has the CAP_NET_ADMIN capability, to cause a denial of service or escalate their privileges on systems that have an active wireless interface. (CVE-2011-2517, Important) * A flaw was found in the way the Linux kernel's Xen hypervisor implementation emulated the SAHF instruction. When using a fully-virtualized guest on a host that does not use hardware assisted paging (HAP), such as those running CPUs that do not have support for (or those that have it disabled) Intel Extended Page Tables (EPT) or AMD Virtualization (AMD-V) Rapid Virtualization Indexing (RVI), a privileged guest user could trigger this flaw to cause the hypervisor to crash. (CVE-2011-2519, Moderate) * A flaw in the __addr_ok() macro in the Linux kernel's Xen hypervisor implementation when running on 64-bit systems could allow a privileged guest user to crash the hypervisor. (CVE-2011-2901, Moderate) * /proc/[PID]/io is world-readable by default. Previously, these files could be read without any further restrictions. A local, unprivileged user could read these files, belonging to other, possibly privileged processes to gather confidential information, such as the length of a password used in a process. (CVE-2011-2495, Low) Red Hat would like to thank Vasily Averin for reporting CVE-2011-2491, and Vasiliy Kulikov of Openwall for reporting CVE-2011-2495. This update also fixes the following bugs: * On Broadcom PCI cards that use the tg3 driver, the operational state of a network device, represented by the value in "/sys/class/net/ethX/operstate", was not initialized by default. Consequently, the state was reported as "unknown" when the tg3 network device was actually in the "up" state. This update modifies the tg3 driver to properly set the operstate value. (BZ#744699) * A KVM (Kernel-based Virtual Machine) guest can get preempted by the host, when a higher priority process needs to run. When a guest is not running for several timer interrupts in a row, ticks could be lost, resulting in the jiffies timer advancing slower than expected and timeouts taking longer than expected. To correct for the issue of lost ticks, do_timer_tsc_timekeeping() checks a reference clock source (kvm-clock when running as a KVM guest) to see if timer interrupts have been missed. If so, jiffies is incremented by the number of missed timer interrupts, ensuring that programs are woken up on time. (BZ#747874) * When a block device object was allocated, the bd_super field was not being explicitly initialized to NULL. Previously, users of the block device object could set bd_super to NULL when the object was released by calling the kill_block_super() function. Certain third-party file systems do not always use this function, and bd_super could therefore become uninitialized when the object was allocated again. This could cause a kernel panic in the blkdev_releasepage() function, when the uninitialized bd_super field was dereferenced. Now, bd_super is properly initialized in the bdget() function, and the kernel panic no longer occurs. (BZ#751137) 4. Solution: Users should upgrade to these updated packages, which contain backported patches to resolve these issues. The system must be rebooted for this update to take effect. Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system. Bugs fixed (http://bugzilla.redhat.com/): 709393 - CVE-2011-2491 kernel: rpc task leak after flock()ing NFS share 714867 - CVE-2011-2482 kernel: sctp dos 716825 - CVE-2011-2495 kernel: /proc/PID/io infoleak 718152 - CVE-2011-2517 kernel: nl80211: missing check for valid SSID size in scan operations 718882 - CVE-2011-2519 kernel: xen: x86_emulate: fix SAHF emulation 728042 - CVE-2011-2901 kernel: xen: off-by-one shift in x86_64 __addr_ok() 6. Package List: Red Hat Enterprise Linux EUS (v. 5.6 server): Source: kernel-2.6.18-238.31.1.el5.src.rpm i386: kernel-2.6.18-238.31.1.el5.i686.rpm kernel-PAE-2.6.18-238.31.1.el5.i686.rpm kernel-PAE-debuginfo-2.6.18-238.31.1.el5.i686.rpm kernel-PAE-devel-2.6.18-238.31.1.el5.i686.rpm kernel-debug-2.6.18-238.31.1.el5.i686.rpm kernel-debug-debuginfo-2.6.18-238.31.1.el5.i686.rpm kernel-debug-devel-2.6.18-238.31.1.el5.i686.rpm kernel-debuginfo-2.6.18-238.31.1.el5.i686.rpm kernel-debuginfo-common-2.6.18-238.31.1.el5.i686.rpm kernel-devel-2.6.18-238.31.1.el5.i686.rpm kernel-headers-2.6.18-238.31.1.el5.i386.rpm kernel-xen-2.6.18-238.31.1.el5.i686.rpm kernel-xen-debuginfo-2.6.18-238.31.1.el5.i686.rpm kernel-xen-devel-2.6.18-238.31.1.el5.i686.rpm ia64: kernel-2.6.18-238.31.1.el5.ia64.rpm kernel-debug-2.6.18-238.31.1.el5.ia64.rpm kernel-debug-debuginfo-2.6.18-238.31.1.el5.ia64.rpm kernel-debug-devel-2.6.18-238.31.1.el5.ia64.rpm kernel-debuginfo-2.6.18-238.31.1.el5.ia64.rpm kernel-debuginfo-common-2.6.18-238.31.1.el5.ia64.rpm kernel-devel-2.6.18-238.31.1.el5.ia64.rpm kernel-headers-2.6.18-238.31.1.el5.ia64.rpm kernel-xen-2.6.18-238.31.1.el5.ia64.rpm kernel-xen-debuginfo-2.6.18-238.31.1.el5.ia64.rpm kernel-xen-devel-2.6.18-238.31.1.el5.ia64.rpm noarch: kernel-doc-2.6.18-238.31.1.el5.noarch.rpm ppc: kernel-2.6.18-238.31.1.el5.ppc64.rpm kernel-debug-2.6.18-238.31.1.el5.ppc64.rpm kernel-debug-debuginfo-2.6.18-238.31.1.el5.ppc64.rpm kernel-debug-devel-2.6.18-238.31.1.el5.ppc64.rpm kernel-debuginfo-2.6.18-238.31.1.el5.ppc64.rpm kernel-debuginfo-common-2.6.18-238.31.1.el5.ppc64.rpm kernel-devel-2.6.18-238.31.1.el5.ppc64.rpm kernel-headers-2.6.18-238.31.1.el5.ppc.rpm kernel-headers-2.6.18-238.31.1.el5.ppc64.rpm kernel-kdump-2.6.18-238.31.1.el5.ppc64.rpm kernel-kdump-debuginfo-2.6.18-238.31.1.el5.ppc64.rpm kernel-kdump-devel-2.6.18-238.31.1.el5.ppc64.rpm s390x: kernel-2.6.18-238.31.1.el5.s390x.rpm kernel-debug-2.6.18-238.31.1.el5.s390x.rpm kernel-debug-debuginfo-2.6.18-238.31.1.el5.s390x.rpm kernel-debug-devel-2.6.18-238.31.1.el5.s390x.rpm kernel-debuginfo-2.6.18-238.31.1.el5.s390x.rpm kernel-debuginfo-common-2.6.18-238.31.1.el5.s390x.rpm kernel-devel-2.6.18-238.31.1.el5.s390x.rpm kernel-headers-2.6.18-238.31.1.el5.s390x.rpm kernel-kdump-2.6.18-238.31.1.el5.s390x.rpm kernel-kdump-debuginfo-2.6.18-238.31.1.el5.s390x.rpm kernel-kdump-devel-2.6.18-238.31.1.el5.s390x.rpm x86_64: kernel-2.6.18-238.31.1.el5.x86_64.rpm kernel-debug-2.6.18-238.31.1.el5.x86_64.rpm kernel-debug-debuginfo-2.6.18-238.31.1.el5.x86_64.rpm kernel-debug-devel-2.6.18-238.31.1.el5.x86_64.rpm kernel-debuginfo-2.6.18-238.31.1.el5.x86_64.rpm kernel-debuginfo-common-2.6.18-238.31.1.el5.x86_64.rpm kernel-devel-2.6.18-238.31.1.el5.x86_64.rpm kernel-headers-2.6.18-238.31.1.el5.x86_64.rpm kernel-xen-2.6.18-238.31.1.el5.x86_64.rpm kernel-xen-debuginfo-2.6.18-238.31.1.el5.x86_64.rpm kernel-xen-devel-2.6.18-238.31.1.el5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2482.html https://www.redhat.com/security/data/cve/CVE-2011-2491.html https://www.redhat.com/security/data/cve/CVE-2011-2495.html https://www.redhat.com/security/data/cve/CVE-2011-2517.html https://www.redhat.com/security/data/cve/CVE-2011-2519.html https://www.redhat.com/security/data/cve/CVE-2011-2901.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ---------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2012-0001 Synopsis: VMware ESXi and ESX updates to third party library and ESX Service Console Issue date: 2012-01-30 Updated on: 2012-01-30 (initial advisory) CVE numbers: --- COS Kernel --- CVE-2011-0726, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1093, CVE-2011-1163, CVE-2011-1166, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1494, CVE-2011-1495, CVE-2011-1577, CVE-2011-1763, CVE-2010-4649, CVE-2011-0695, CVE-2011-0711, CVE-2011-1044, CVE-2011-1182, CVE-2011-1573, CVE-2011-1576, CVE-2011-1593, CVE-2011-1745, CVE-2011-1746, CVE-2011-1776, CVE-2011-1936, CVE-2011-2022, CVE-2011-2213, CVE-2011-2492, CVE-2011-1780, CVE-2011-2525, CVE-2011-2689, CVE-2011-2482, CVE-2011-2491, CVE-2011-2495, CVE-2011-2517, CVE-2011-2519, CVE-2011-2901 --- COS cURL --- CVE-2011-2192 --- COS rpm --- CVE-2010-2059, CVE-2011-3378 --- COS samba --- CVE-2010-0547, CVE-2010-0787, CVE-2011-1678, CVE-2011-2522, CVE-2011-2694 --- COS python --- CVE-2009-3720, CVE-2010-3493, CVE-2011-1015, CVE-2011-1521 --- python library --- CVE-2009-3560, CVE-2009-3720, CVE-2010-1634, CVE-2010-2089, CVE-2011-1521 ---------------------------------------------------------------------- 1. Summary VMware ESXi and ESX updates to third party library and ESX Service Console address several security issues. 2. Relevant releases ESXi 4.1 without patch ESXi410-201201401-SG ESX 4.1 without patches ESX410-201201401-SG, ESX410-201201402-SG, ESX410-201201404-SG, ESX410-201201405-SG, ESX410-201201406-SG, ESX410-201201407-SG 3. Problem Description a. ESX third party update for Service Console kernel The ESX Service Console Operating System (COS) kernel is updated to kernel-2.6.18-274.3.1.el5 to fix multiple security issues in the COS kernel. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-0726, CVE-2011-1078, CVE-2011-1079, CVE-2011-1080, CVE-2011-1093, CVE-2011-1163, CVE-2011-1166, CVE-2011-1170, CVE-2011-1171, CVE-2011-1172, CVE-2011-1494, CVE-2011-1495, CVE-2011-1577, CVE-2011-1763, CVE-2010-4649, CVE-2011-0695, CVE-2011-0711, CVE-2011-1044, CVE-2011-1182, CVE-2011-1573, CVE-2011-1576, CVE-2011-1593, CVE-2011-1745, CVE-2011-1746, CVE-2011-1776, CVE-2011-1936, CVE-2011-2022, CVE-2011-2213, CVE-2011-2492, CVE-2011-1780, CVE-2011-2525, CVE-2011-2689, CVE-2011-2482, CVE-2011-2491, CVE-2011-2495, CVE-2011-2517, CVE-2011-2519, CVE-2011-2901 to these issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201201401-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. b. ESX third party update for Service Console cURL RPM The ESX Service Console (COS) curl RPM is updated to cURL-7.15.5.9 resolving a security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2011-2192 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201201402-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. c. ESX third party update for Service Console nspr and nss RPMs The ESX Service Console (COS) nspr and nss RPMs are updated to nspr-4.8.8-1.el5_7 and nss-3.12.10-4.el5_7 respectively resolving a security issues. A Certificate Authority (CA) issued fraudulent SSL certificates and Netscape Portable Runtime (NSPR) and Network Security Services (NSS) contain the built-in tokens of this fraudulent Certificate Authority. This update renders all SSL certificates signed by the fraudulent CA as untrusted for all uses. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201201404-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. d. ESX third party update for Service Console rpm RPMs The ESX Service Console Operating System (COS) rpm packages are updated to popt-1.10.2.3-22.el5_7.2, rpm-4.4.2.3-22.el5_7.2, rpm-libs-4.4.2.3-22.el5_7.2 and rpm-python-4.4.2.3-22.el5_7.2 which fixes multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-2059 and CVE-2011-3378 to these issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201201406-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. e. ESX third party update for Service Console samba RPMs The ESX Service Console Operating System (COS) samba packages are updated to samba-client-3.0.33-3.29.el5_7.4, samba-common-3.0.33-3.29.el5_7.4 and libsmbclient-3.0.33-3.29.el5_7.4 which fixes multiple security issues in the Samba client. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0547, CVE-2010-0787, CVE-2011-1678, CVE-2011-2522 and CVE-2011-2694 to these issues. Note that ESX does not include the Samba Web Administration Tool (SWAT) and therefore ESX COS is not affected by CVE-2011-2522 and CVE-2011-2694. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201201407-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. f. ESX third party update for Service Console python package The ESX Service Console (COS) python package is updated to 2.4.3-44 which fixes multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3720, CVE-2010-3493, CVE-2011-1015 and CVE-2011-1521 to these issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi any ESXi not affected ESX 4.1 ESX ESX410-201201405-SG ESX 4.0 ESX patch pending ESX 3.5 ESX not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. g. ESXi update to third party component python The python third party library is updated to python 2.5.6 which fixes multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3560, CVE-2009-3720, CVE-2010-1634, CVE-2010-2089, and CVE-2011-1521 to these issues. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCenter any Windows not affected hosted * any any not affected ESXi 5.0 ESXi patch pending ESXi 4.1 ESXi ESXi410-201201401-SG ESXi 4.0 ESXi patch pending ESXi 3.5 ESXi patch pending ESX 4.1 ESX not affected ESX 4.0 ESX not affected ESX 3.5 ESX not affected * hosted products are VMware Workstation, Player, ACE, Fusion. 4. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. VMware ESXi 4.1 --------------- ESXi410-201201401 http://downloads.vmware.com/go/selfsupport-download md5sum: BDF86F10A973346E26C9C2CD4C424E88 sha1sum: CC0B92869A9AAE4F5E0E5B81BEE109BCD7DA780F http://kb.vmware.com/kb/2009143 ESXi410-201201401 contains ESXi410-201201401-SG VMware ESX 4.1 -------------- ESX410-201201001 http://downloads.vmware.com/go/selfsupport-download md5sum: 16DF9ACD3E74BCABC2494BC23AD0927F sha1sum: 1066AE1436E1A75BA3D541AB65296CFB9AB7A5CC http://kb.vmware.com/kb/2009142 ESX410-201201001 contains ESX410-201201401-SG, ESX410-201201402-SG, ESX410-201201404-SG, ESX410-201201405-SG, ESX410-201201406-SG and ESX410-201201407-SG 5. References CVE numbers --- COS Kernel --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0726 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1078 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1079 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1080 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1093 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1163 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1170 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1171 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1172 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1494 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1495 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1577 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1763 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4649 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0695 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0711 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1044 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1182 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1573 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1576 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1593 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1745 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1746 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1776 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1936 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2022 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2213 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2492 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2525 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2689 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2482 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2491 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2495 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2517 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2519 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2901 --- COS cURL --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2192 --- COS rpm --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2059 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3378 --- COS samba --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0547 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1678 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2522 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2694 --- COS python --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3493 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1015 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1521 --- python library --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1634 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2089 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1521 ---------------------------------------------------------------------- 6. Change log 2012-01-30 VMSA-2012-0001 Initial security advisory in conjunction with the release of patches for ESX 4.1 and ESXi 4.1 on 2012-01-30. ---------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2012 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Charset: utf-8 wj8DBQFPJ5DIDEcm8Vbi9kMRAnzCAKCmaAoDp49d61Mr1emzh/U0N8vbgACdFZk8 f2pLxi537s+ew4dvnYNWlJ8= =OAh4 -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201309-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Xen: Multiple vulnerabilities Date: September 27, 2013 Bugs: #385319, #386371, #420875, #431156, #454314, #464724, #472214, #482860 ID: 201309-24 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Xen, allowing attackers on a Xen Virtual Machine to execute arbitrary code, cause Denial of Service, or gain access to data on the host. Background ========== Xen is a bare-metal hypervisor. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-emulation/xen < 4.2.2-r1 >= 4.2.2-r1 2 app-emulation/xen-tools < 4.2.2-r3 >= 4.2.2-r3 3 app-emulation/xen-pvgrub < 4.2.2-r1 >= 4.2.2-r1 ------------------------------------------------------------------- 3 affected packages Description =========== Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact ====== Guest domains could possibly gain privileges, execute arbitrary code, or cause a Denial of Service on the host domain (Dom0). Additionally, guest domains could gain information about other virtual machines running on the same host or read arbitrary files on the host. Workaround ========== The CVEs listed below do not currently have fixes, but only apply to Xen setups which have "tmem" specified on the hypervisor command line. TMEM is not currently supported for use in production systems, and administrators using tmem should disable it. Relevant CVEs: * CVE-2012-2497 * CVE-2012-6030 * CVE-2012-6031 * CVE-2012-6032 * CVE-2012-6033 * CVE-2012-6034 * CVE-2012-6035 * CVE-2012-6036 Resolution ========== All Xen users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.2.2-r1" All Xen-tools users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-emulation/xen-tools-4.2.2-r3" All Xen-pvgrub users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-emulation/xen-pvgrub-4.2.2-r1" References ========== [ 1 ] CVE-2011-2901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2901 [ 2 ] CVE-2011-3262 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3262 [ 3 ] CVE-2011-3262 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3262 [ 4 ] CVE-2012-0217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0217 [ 5 ] CVE-2012-0218 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0218 [ 6 ] CVE-2012-2934 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2934 [ 7 ] CVE-2012-3432 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3432 [ 8 ] CVE-2012-3433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3433 [ 9 ] CVE-2012-3494 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3494 [ 10 ] CVE-2012-3495 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3495 [ 11 ] CVE-2012-3496 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3496 [ 12 ] CVE-2012-3497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3497 [ 13 ] CVE-2012-3498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3498 [ 14 ] CVE-2012-3515 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3515 [ 15 ] CVE-2012-4411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4411 [ 16 ] CVE-2012-4535 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4535 [ 17 ] CVE-2012-4536 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4536 [ 18 ] CVE-2012-4537 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4537 [ 19 ] CVE-2012-4538 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4538 [ 20 ] CVE-2012-4539 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4539 [ 21 ] CVE-2012-5510 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5510 [ 22 ] CVE-2012-5511 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5511 [ 23 ] CVE-2012-5512 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5512 [ 24 ] CVE-2012-5513 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5513 [ 25 ] CVE-2012-5514 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5514 [ 26 ] CVE-2012-5515 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5515 [ 27 ] CVE-2012-5525 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5525 [ 28 ] CVE-2012-5634 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5634 [ 29 ] CVE-2012-6030 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6030 [ 30 ] CVE-2012-6031 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6031 [ 31 ] CVE-2012-6032 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6032 [ 32 ] CVE-2012-6033 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6033 [ 33 ] CVE-2012-6034 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6034 [ 34 ] CVE-2012-6035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6035 [ 35 ] CVE-2012-6036 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6036 [ 36 ] CVE-2012-6075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6075 [ 37 ] CVE-2012-6333 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6333 [ 38 ] CVE-2013-0151 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0151 [ 39 ] CVE-2013-0152 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0152 [ 40 ] CVE-2013-0153 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0153 [ 41 ] CVE-2013-0154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0154 [ 42 ] CVE-2013-0215 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0215 [ 43 ] CVE-2013-1432 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1432 [ 44 ] CVE-2013-1917 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1917 [ 45 ] CVE-2013-1918 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1918 [ 46 ] CVE-2013-1919 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1919 [ 47 ] CVE-2013-1920 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1920 [ 48 ] CVE-2013-1922 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1922 [ 49 ] CVE-2013-1952 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1952 [ 50 ] CVE-2013-1964 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1964 [ 51 ] CVE-2013-2076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2076 [ 52 ] CVE-2013-2077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2077 [ 53 ] CVE-2013-2078 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2078 [ 54 ] CVE-2013-2194 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2194 [ 55 ] CVE-2013-2195 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2195 [ 56 ] CVE-2013-2196 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2196 [ 57 ] CVE-2013-2211 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2211 [ 58 ] Xen TMEM http://lists.xen.org/archives/html/xen-announce/2012-09/msg00006.h= tml Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201309-24.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion. PHP is prone to an 'open_basedir' restriction-bypass vulnerability because of a design error. Successful exploits could allow an attacker to read and write files in unauthorized locations. This vulnerability would be an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code. In such cases, 'open_basedir' restrictions are expected to isolate users from each other. PHP 5.2.11 and 5.3.0 are vulnerable; other versions may also be affected. Successful exploits will allow attackers to make the applications that use the affected library, unresponsive, denying service to legitimate users. The libc library of the following platforms are affected: NetBSD 5.1 OpenBSD 5.0 FreeBSD 8.2 Apple Mac OSX Other versions may also be affected. NetBSD is a free and open source Unix-like operating system developed by the NetBSD Foundation

Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiGate UTM WAF appliances with FortiOS 4.3.x before 4.3.6 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Endpoint Monitor, (2) Dialup List, or (3) Log&Report Display modules, or the fields_sorted_opt parameter to (4) user/auth/list or (5) endpointcompliance/app_detect/predefined_sig_list. Fortinet FortiOS Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. Fortinet FortiGate UTM WAF appliances is a firewall device from Fortinet. FortiOS is an operating system that runs on it. Remote attackers can exploit this vulnerability to inject arbitrary Web scripts or HTML. Title: ====== Fortigate UTM WAF Appliance - Multiple Web Vulnerabilities Date: ===== 2012-01-27 References: =========== http://vulnerability-lab.com/get_content.php?id=144 VL-ID: ===== 144 Introduction: ============= The FortiGate series of multi-threat security systems detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance. Ranging from the FortiGate-30 series for small offices to the FortiGate-5000 series for large enterprises, service providers and carriers, the FortiGate line combines the FortiOS™ security operating system with FortiASIC processors and other hardware to provide a comprehensive and high-performance array of security and networking functions including: * Firewall, VPN, and Traffic Shaping * Intrusion Prevention System (IPS) * Antivirus/Antispyware/Antimalware * Web Filtering * Antispam * Application Control (e.g., IM and P2P) * VoIP Support (H.323. and SCCP) * Layer 2/3 routing * Multiple WAN interface options FortiGate appliances provide cost-effective, comprehensive protection against network, content, and application-level threats - including complex attacks favored by cybercriminals - without degrading network availability and uptime. FortiGate platforms incorporate sophisticated networking features, such as high availability (active/active, active/passive) for maximum network uptime, and virtual domain (VDOM) capabilities to separate various networks requiring different security policies. (Copy from the Vendor Homepage: http://www.fortinet.com/products/fortigate/ && http://www.avfirewalls.com/) Abstract: ========= 1.1 Vulnerability-Lab Team discovered multiple persistent Web Vulnerabilities on the FortiGate UTM Appliance Application. 1.2 Vulnerability-Lab Team discovered multiple non-persistent Web Vulnerabilities on the FortiGate UTM Appliance Application. Report-Timeline: ================ 2012-01-27: Public or Non-Public Disclosure Status: ======== Published Affected Products: ================== Exploitation-Technique: ======================= Remote Severity: ========= High Details: ======== 1.1 Multiple input validation vulnerabilities(persistent) are detected on FortGate UTM Appliance Series. Remote attacker can include (persistent) malicious script code to manipulate specific customer/admin requests. The vulnerability allows an local low privileged attacker to manipulate the appliance(application) via persistent script code inject. It is also possible to hijack customer sessions via persistent script code execution on application side. Successful exploitation can also result in content/module request manipulation, execution of persistent malicious script code, session hijacking, account steal & phishing. Vulnerable Module(s): (Persistent) [+] Endpoint => Monitor => Endpoint Monitor [+] Dailup List [+] Log&Report => Display Picture(s): ../ive2.png ../ive3.png 1.2 Multiple input validation vulnerabilities(non-persistent) are detected on FortGate UTM Appliance Series. The vulnerability allows remote attackers to hijack admin/customer sessions with required user inter action (client-side). Successful exploitation allows to phish user accounts, redirect over client side requests or manipulate website context on client-side browser requests. Vulnerable Module(s): (Non-Persistent) [+] Endpoint -> NAC -> Application Database -> Listings [+] List field sorted Picture(s): ../ive1.png Proof of Concept: ================= The vulnerabilities can be exploited by remote attackers with or without user inter action. For demonstration or reproduce ... poc: => http://www.vulnerability-lab.com/get_content.php?id=144 Solution: ========= 1.1 To fix/patch the persistent input validation vulnerabilities restrict the input fields & parse the input. Locate the vulnerable area(s) reproduce the bugs & parse the output after a malicious(test) insert. Setup a filter or restriction mask to prevent against future persistent input validation attacks. 1.2 To fix the client side input validation vulnerability parse the vulnerable request by filtering the input & cleanup the output. Set a input restriction or configure whitelist/filter to stop client side requests and form a secure exception-handling around. Risk: ===== 1.1 The security risk of the persistent vulnerabilities are estimated as high because of multiple persistent input validation vulnerabilities on different modules. 1.2 The security risk of the non-persistent cross site requests are estimated as low because of required user inter-action to hijack a not expired session. Credits: ======== Vulnerability Research Laboratory - Benjamin Kunz Mejri (Rem0ve) Disclaimer: =========== The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability- Lab. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab or its suppliers. Copyright © 2012|Vulnerability-Lab -- Website: www.vulnerability-lab.com ; vuln-lab.com or vuln-db.com Contact: admin@vulnerability-lab.com or support@vulnerability-lab.com . ---------------------------------------------------------------------- SC Magazine awards the Secunia CSI a 5-Star rating Top-level rating for ease of use, performance, documentation, support, and value for money. Read more and get a free trial here: http://secunia.com/blog/296 ---------------------------------------------------------------------- TITLE: JBoss Multiple Products JMX Console Authentication Bypass SECUNIA ADVISORY ID: SA47850 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47850/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47850 RELEASE DATE: 2012-02-06 DISCUSS ADVISORY: http://secunia.com/advisories/47850/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47850/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47850 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in multiple JBoss products, which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to improper access restrictions to the JMX Console. For more information see vulnerability #1 in: SA39563 The security issue is reported in the following products: * JBoss Communications Platform 1.2 * JBoss Enterprise Application Platform 5.0 and 5.0.1 * JBoss Enterprise Portal Platform 4.3 * JBoss Enterprise Web Platform 5.0 * JBoss SOA-Platform 4.2, 4.3, and 5.0 SOLUTION: Update to a fixed version. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: JBPAPP-3952: https://issues.jboss.org/browse/JBPAPP-3952 JBPAPP-4713: https://issues.jboss.org/browse/JBPAPP-4713 Red Hat Doc#30741: https://access.redhat.com/kb/docs/DOC-30741 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

SQL injection vulnerability in prodpage.cfm in SonicWALL Aventail allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter. SonicWALL Aventail is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database. Further research conducted by the vendor indicates this issue may not be a vulnerability affecting the application. SonicWALL is a full-featured Internet security appliance designed specifically for large networks with ever-growing VPN needs

libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data. It supports multiple encoding formats, XPath analysis, Well-formed and valid verification, etc. There is a vulnerability in libxml2 versions prior to 2.8.0. The vulnerability is caused by the program calculating the hash value without pre-limiting the hash collision. An attacker with a privileged network position may inject arbitrary contents. This issue was addressed by using an encrypted HTTPS connection to retrieve tutorials. ============================================================================ Ubuntu Security Notice USN-1376-1 February 27, 2012 libxml2 vulnerability ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: libxml2 could be made to cause a denial of service by consuming excessive CPU resources. Software Description: - libxml2: GNOME XML library Details: Juraj Somorovsky discovered that libxml2 was vulnerable to hash table collisions. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: libxml2 2.7.8.dfsg-4ubuntu0.2 Ubuntu 11.04: libxml2 2.7.8.dfsg-2ubuntu0.3 Ubuntu 10.10: libxml2 2.7.7.dfsg-4ubuntu0.4 Ubuntu 10.04 LTS: libxml2 2.7.6.dfsg-1ubuntu1.4 Ubuntu 8.04 LTS: libxml2 2.6.31.dfsg-2ubuntu1.8 After a standard system update you need to reboot your computer to make all the necessary changes. Given an attacker with knowledge of the hashing algorithm, it is possible to craft input that creates a large amount of collisions. As a result it is possible to perform denial of service attacks against applications using libxml2 functionality because of the computational overhead. For the stable distribution (squeeze), this problem has been fixed in version 2.7.8.dfsg-2+squeeze3. For the testing (wheezy) and unstable (sid) distributions, this problem will be fixed soon. We recommend that you upgrade your libxml2 packages. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . The verification of md5 checksums and GPG signatures is performed automatically for you. Relevant releases ESX 5.0 without patch ESXi500-201207101-SG 3. Problem Description a. ESXi update to third party component libxml2 The libxml2 third party library has been updated which addresses multiple security issues The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-4008, CVE-2010-4494, CVE-2011-0216, CVE-2011-1944, CVE-2011-2821, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919 and CVE-2012-0841 to these issues. The following table lists what action remediates the vulnerability (column 4) if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ========== ======== ======== ================= vCenter any Windows not affected hosted * any any not affected ESXi 5.0 any ESXi500-201207101-SG ESXi 4.1 any patch pending ESXi 4.0 any patch pending ESXi 3.5 any patch pending ESX any any not applicable * hosted products are VMware Workstation, Player, ACE, Fusion. Note: "patch pending" means that the product is affected, but no patch is currently available. The advisory will be updated when a patch is available. Solution Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. ESXi 5.0 -------- ESXi500-201207001 md5sum: 01196c5c1635756ff177c262cb69a848 sha1sum: 85936f5439100cd5fb55c7add574b5b3b937fe86 http://kb.vmware.com/kb/2020571 ESXi500-201207001 contains ESXi500-201207101-SG 5. Change log 2012-07-12 VMSA-2012-0012 Initial security advisory in conjunction with the release of a patch for ESXi 5.0 on 2012-07-12. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2012 VMware Inc. All rights reserved. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Avaya Voice Portal Multiple Vulnerabilities SECUNIA ADVISORY ID: SA50614 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50614/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50614 RELEASE DATE: 2012-09-21 DISCUSS ADVISORY: http://secunia.com/advisories/50614/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50614/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50614 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Avaya has acknowledged a weakness and multiple vulnerabilities in Avaya Voice Portal, which can be exploited by malicious, local users to disclose system and sensitive information and by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service). For more information: SA44490 SA46460 SA46958 SA48000 The weakness and vulnerabilities are reported in versions 5.0, 5.1, 5.1.1, and 5.1.2. SOLUTION: Update to Avaya Enterprise Linux for Voice Portal 5.1.3 and Voice Portal 5.1.3. ORIGINAL ADVISORY: Avaya (ASA-2011-154, ASA-2012-137, ASA-2012-139, ASA-2012-166, ASA-2012-207): https://downloads.avaya.com/css/P8/documents/100141102 https://downloads.avaya.com/css/P8/documents/100160023 https://downloads.avaya.com/css/P8/documents/100160589 https://downloads.avaya.com/css/P8/documents/100160780 https://downloads.avaya.com/css/P8/documents/100162507 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Summary: Updated mingw32-libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 6. This advisory also contains information about future updates for the mingw32 packages, as well as the deprecation of the packages with the release of Red Hat Enterprise Linux 6.4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Optional (v. 6) - noarch Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch Red Hat Enterprise Linux Server Optional (v. 6) - noarch Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch 3. Description: These packages provide the libxml2 library, a development toolbox providing the implementation of various XML standards, for users of MinGW (Minimalist GNU for Windows). IMPORTANT NOTE: The mingw32 packages in Red Hat Enterprise Linux 6 will no longer be updated proactively and will be deprecated with the release of Red Hat Enterprise Linux 6.4. These packages were provided to support other capabilities in Red Hat Enterprise Linux and were not intended for direct customer use. Customers are advised to not use these packages with immediate effect. Future updates to these packages will be at Red Hat's discretion and these packages may be removed in a future minor release. A heap-based buffer overflow flaw was found in the way libxml2 decoded entity references with long names. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3919) A heap-based buffer underflow flaw was found in the way libxml2 decoded certain entities. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5134) It was found that the hashing routine used by libxml2 arrays was susceptible to predictable hash collisions. Sending a specially-crafted message to an XML service could result in longer processing time, which could lead to a denial of service. To mitigate this issue, randomization has been added to the hashing function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2012-0841) Multiple flaws were found in the way libxml2 parsed certain XPath (XML Path Language) expressions. If an attacker were able to supply a specially-crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash. (CVE-2010-4008, CVE-2010-4494, CVE-2011-2821, CVE-2011-2834) Two heap-based buffer overflow flaws were found in the way libxml2 decoded certain XML files. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2011-0216, CVE-2011-3102) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way libxml2 parsed certain XPath expressions. If an attacker were able to supply a specially-crafted XML file to an application using libxml2, as well as an XPath expression for that application to run against the crafted file, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2011-1944) An out-of-bounds memory read flaw was found in libxml2. A remote attacker could provide a specially-crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash. Upstream acknowledges Bui Quang Minh from Bkis as the original reporter of CVE-2010-4008. All users of mingw32-libxml2 are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 645341 - CVE-2010-4008 libxml2: Crash (stack frame overflow or NULL pointer dereference) by traversal of XPath axis 665963 - CVE-2010-4494 libxml2: double-free in XPath processing code 709747 - CVE-2011-1944 libxml, libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets 724906 - CVE-2011-0216 libxml2: Off-by-one error leading to heap-based buffer overflow in encoding 735712 - CVE-2011-2821 libxml2: double free caused by malformed XPath expression in XSLT 735751 - CVE-2011-2834 libxml2: double-free caused by malformed XPath expression in XSLT 767387 - CVE-2011-3905 libxml2 out of bounds read 771896 - CVE-2011-3919 libxml2: Heap-based buffer overflow when decoding an entity reference with a long name 787067 - CVE-2012-0841 libxml2: hash table collisions CPU usage DoS 822109 - CVE-2011-3102 libxml: An off-by-one out-of-bounds write by XPointer part evaluation 880466 - CVE-2012-5134 libxml2: Heap-buffer-underflow in xmlParseAttValueComplex 6. Package List: Red Hat Enterprise Linux Desktop Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm noarch: mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm noarch: mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm Red Hat Enterprise Linux Server Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm noarch: mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/mingw32-libxml2-2.7.6-6.el6_3.src.rpm noarch: mingw32-libxml2-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-debuginfo-2.7.6-6.el6_3.noarch.rpm mingw32-libxml2-static-2.7.6-6.el6_3.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2010-4008.html https://www.redhat.com/security/data/cve/CVE-2010-4494.html https://www.redhat.com/security/data/cve/CVE-2011-0216.html https://www.redhat.com/security/data/cve/CVE-2011-1944.html https://www.redhat.com/security/data/cve/CVE-2011-2821.html https://www.redhat.com/security/data/cve/CVE-2011-2834.html https://www.redhat.com/security/data/cve/CVE-2011-3102.html https://www.redhat.com/security/data/cve/CVE-2011-3905.html https://www.redhat.com/security/data/cve/CVE-2011-3919.html https://www.redhat.com/security/data/cve/CVE-2012-0841.html https://www.redhat.com/security/data/cve/CVE-2012-5134.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2013-09-18-2 iOS 7 iOS 7 is now available and addresses the following: Certificate Trust Policy Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Root certificates have been updated Description: Several certificates were added to or removed from the list of system roots. CoreGraphics Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of JBIG2 encoded data in PDF files. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-1025 : Felix Groebert of the Google Security Team CoreMedia Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of Sorenson encoded movie files. This issue was addressed through improved bounds checking. CVE-ID CVE-2013-1019 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft) working with HP's Zero Day Initiative Data Protection Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Apps could bypass passcode-attempt restrictions Description: A privilege separation issue existed in Data Protection. An app within the third-party sandbox could repeatedly attempt to determine the user's passcode regardless of the user's "Erase Data" setting. This issue was addressed by requiring additional entitlement checks. CVE-ID CVE-2013-0957 : Jin Han of the Institute for Infocomm Research working with Qiang Yan and Su Mon Kywe of Singapore Management University Data Security Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker with a privileged network position may intercept user credentials or other sensitive information Description: TrustWave, a trusted root CA, has issued, and subsequently revoked, a sub-CA certificate from one of its trusted anchors. This sub-CA facilitated the interception of communications secured by Transport Layer Security (TLS). This update added the involved sub-CA certificate to OS X's list of untrusted certificates. CVE-ID CVE-2013-5134 dyld Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker who has arbitrary code execution on a device may be able to persist code execution across reboots Description: Multiple buffer overflows existed in dyld's openSharedCacheFile() function. These issues were addressed through improved bounds checking. CVE-ID CVE-2013-3950 : Stefan Esser File Systems Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker who can mount a non-HFS filesystem may be able to cause an unexpected system termination or arbitrary code execution with kernel privileges Description: A memory corruption issue existed in the handling of AppleDouble files. This issue was addressed by removing support for AppleDouble files. CVE-ID CVE-2013-3955 : Stefan Esser ImageIO Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow existed in the handling of JPEG2000 encoded data in PDF files. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-1026 : Felix Groebert of the Google Security Team IOKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Background applications could inject user interface events into the foreground app Description: It was possible for background applications to inject user interface events into the foreground application using the task completion or VoIP APIs. This issue was addressed by enforcing access controls on foreground and background processes that handle interface events. CVE-ID CVE-2013-5137 : Mackenzie Straight at Mobile Labs IOKitUser Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious local application could cause an unexpected system termination Description: A null pointer dereference existed in IOCatalogue. The issue was addressed through additional type checking. CVE-ID CVE-2013-5138 : Will Estes IOSerialFamily Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Executing a malicious application may result in arbitrary code execution within the kernel Description: An out of bounds array access existed in the IOSerialFamily driver. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-5139 : @dent1zt IPSec Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker may intercept data protected with IPSec Hybrid Auth Description: The DNS name of an IPSec Hybrid Auth server was not being matched against the certificate, allowing an attacker with a certificate for any server to impersonate any other. This issue was addressed by improved certificate checking. CVE-ID CVE-2013-1028 : Alexander Traud of www.traud.de Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A remote attacker can cause a device to unexpectedly restart Description: Sending an invalid packet fragment to a device can cause a kernel assert to trigger, leading to a device restart. The issue was addressed through additional validation of packet fragments. CVE-ID CVE-2013-5140 : Joonas Kuorilehto of Codenomicon, an anonymous researcher working with CERT-FI, Antti LevomAki and Lauri Virtanen of Vulnerability Analysis Group, Stonesoft Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A malicious local application could cause device hang Description: An integer truncation vulnerability in the kernel socket interface could be leveraged to force the CPU into an infinite loop. The issue was addressed by using a larger sized variable. CVE-ID CVE-2013-5141 : CESG Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker on a local network can cause a denial of service Description: An attacker on a local network can send specially crafted IPv6 ICMP packets and cause high CPU load. The issue was addressed by rate limiting ICMP packets before verifying their checksum. CVE-ID CVE-2011-2391 : Marc Heuse Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Kernel stack memory may be disclosed to local users Description: An information disclosure issue existed in the msgctl and segctl APIs. This issue was addressed by initializing data structures returned from the kernel. CVE-ID CVE-2013-5142 : Kenzley Alphonse of Kenx Technology, Inc Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Unprivileged processes could get access to the contents of kernel memory which could lead to privilege escalation Description: An information disclosure issue existed in the mach_port_space_info API. This issue was addressed by initializing the iin_collision field in structures returned from the kernel. CVE-ID CVE-2013-3953 : Stefan Esser Kernel Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Unprivileged processes may be able to cause an unexpected system termination or arbitrary code execution in the kernel Description: A memory corruption issue existed in the handling of arguments to the posix_spawn API. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-3954 : Stefan Esser Kext Management Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An unauthorized process may modify the set of loaded kernel extensions Description: An issue existed in kextd's handling of IPC messages from unauthenticated senders. This issue was addressed by adding additional authorization checks. CVE-ID CVE-2013-5145 : "Rainbow PRISM" libxml Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in libxml. These issues were addressed by updating libxml to version 2.9.0. CVE-ID CVE-2011-3102 : Juri Aedla CVE-2012-0841 CVE-2012-2807 : Juri Aedla CVE-2012-5134 : Google Chrome Security Team (Juri Aedla) libxslt Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in libxslt. These issues were addressed by updating libxslt to version 1.1.28. CVE-ID CVE-2012-2825 : Nicolas Gregoire CVE-2012-2870 : Nicolas Gregoire CVE-2012-2871 : Kai Lu of Fortinet's FortiGuard Labs, Nicolas Gregoire Passcode Lock Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to the device may be able to bypass the screen lock Description: A race condition issue existed in the handling of phone calls and SIM card ejection at the lock screen. This issue was addressed through improved lock state management. CVE-ID CVE-2013-5147 : videosdebarraquito Personal Hotspot Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: An attacker may be able to join a Personal Hotspot network Description: An issue existed in the generation of Personal Hotspot passwords, resulting in passwords that could be predicted by an attacker to join a user's Personal Hotspot. The issue was addressed by generating passwords with higher entropy. CVE-ID CVE-2013-4616 : Andreas Kurtz of NESO Security Labs and Daniel Metz of University Erlangen-Nuremberg Push Notifications Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: The push notification token may be disclosed to an app contrary to the user's decision Description: An information disclosure issue existed in push notification registration. Apps requesting access to the push notification access received the token before the user approved the app's use of push notifications. This issue was addressed by withholding access to the token until the user has approved access. CVE-ID CVE-2013-5149 : Jack Flintermann of Grouper, Inc. Safari Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the handling of XML files. This issue was addressed through additional bounds checking. CVE-ID CVE-2013-1036 : Kai Lu of Fortinet's FortiGuard Labs Safari Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: History of pages recently visited in an open tab may remain after clearing of history Description: Clearing Safari's history did not clear the back/forward history for open tabs. This issue was addressed by clearing the back/forward history. CVE-ID CVE-2013-5150 Safari Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Viewing files on a website may lead to script execution even when the server sends a 'Content-Type: text/plain' header Description: Mobile Safari sometimes treated files as HTML files even when the server sent a 'Content-Type: text/plain' header. This may lead to cross-site scripting on sites that allow users to upload files. This issue was addressed through improved handling of files when 'Content-Type: text/plain' is set. CVE-ID CVE-2013-5151 : Ben Toews of Github Safari Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may allow an arbitrary URL to be displayed Description: A URL bar spoofing issue existed in Mobile Safari. This issue was addressed through improved URL tracking. CVE-ID CVE-2013-5152 : Keita Haga of keitahaga.com, Lukasz Pilorz of RBS Sandbox Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Applications that are scripts were not sandboxed Description: Third-party applications which used the #! syntax to run a script were sandboxed based on the identity of the script interpreter, not the script. The interpreter may not have a sandbox defined, leading to the application being run unsandboxed. This issue was addressed by creating the sandbox based on the identity of the script. CVE-ID CVE-2013-5154 : evad3rs Sandbox Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Applications can cause a system hang Description: Malicious third-party applications that wrote specific values to the /dev/random device could force the CPU to enter an infinite loop. This issue was addressed by preventing third-party applications from writing to /dev/random. CVE-ID CVE-2013-5155 : CESG Social Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Users recent Twitter activity could be disclosed on devices with no passcode. Description: An issue existed where it was possible to determine what Twitter accounts a user had recently interacted with. This issue was resolved by restricting access to the Twitter icon cache. CVE-ID CVE-2013-5158 : Jonathan Zdziarski Springboard Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: A person with physical access to a device in Lost Mode may be able to view notifications Description: An issue existed in the handling of notifications when a device is in Lost Mode. This update addresses the issue with improved lock state management. CVE-ID CVE-2013-5153 : Daniel Stangroom Telephony Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Malicious apps could interfere with or control telephony functionality Description: An access control issue existed in the telephony subsystem. Bypassing supported APIs, sandboxed apps could make requests directly to a system daemon interfering with or controlling telephony functionality. This issue was addressed by enforcing access controls on interfaces exposed by the telephony daemon. CVE-ID CVE-2013-5156 : Jin Han of the Institute for Infocomm Research working with Qiang Yan and Su Mon Kywe of Singapore Management University; Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke Lee from the Georgia Institute of Technology Twitter Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Sandboxed apps could send tweets without user interaction or permission Description: An access control issue existed in the Twitter subsystem. Bypassing supported APIs, sandboxed apps could make requests directly to a system daemon interfering with or controlling Twitter functionality. This issue was addressed by enforcing access controls on interfaces exposed by the Twitter daemon. CVE-ID CVE-2013-5157 : Jin Han of the Institute for Infocomm Research working with Qiang Yan and Su Mon Kywe of Singapore Management University; Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke Lee from the Georgia Institute of Technology WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2013-0879 : Atte Kettunen of OUSPG CVE-2013-0991 : Jay Civelli of the Chromium development community CVE-2013-0992 : Google Chrome Security Team (Martin Barbella) CVE-2013-0993 : Google Chrome Security Team (Inferno) CVE-2013-0994 : David German of Google CVE-2013-0995 : Google Chrome Security Team (Inferno) CVE-2013-0996 : Google Chrome Security Team (Inferno) CVE-2013-0997 : Vitaliy Toropov working with HP's Zero Day Initiative CVE-2013-0998 : pa_kt working with HP's Zero Day Initiative CVE-2013-0999 : pa_kt working with HP's Zero Day Initiative CVE-2013-1000 : Fermin J. Serna of the Google Security Team CVE-2013-1001 : Ryan Humenick CVE-2013-1002 : Sergey Glazunov CVE-2013-1003 : Google Chrome Security Team (Inferno) CVE-2013-1004 : Google Chrome Security Team (Martin Barbella) CVE-2013-1005 : Google Chrome Security Team (Martin Barbella) CVE-2013-1006 : Google Chrome Security Team (Martin Barbella) CVE-2013-1007 : Google Chrome Security Team (Inferno) CVE-2013-1008 : Sergey Glazunov CVE-2013-1010 : miaubiz CVE-2013-1037 : Google Chrome Security Team CVE-2013-1038 : Google Chrome Security Team CVE-2013-1039 : own-hero Research working with iDefense VCP CVE-2013-1040 : Google Chrome Security Team CVE-2013-1041 : Google Chrome Security Team CVE-2013-1042 : Google Chrome Security Team CVE-2013-1043 : Google Chrome Security Team CVE-2013-1044 : Apple CVE-2013-1045 : Google Chrome Security Team CVE-2013-1046 : Google Chrome Security Team CVE-2013-1047 : miaubiz CVE-2013-2842 : Cyril Cattiaux CVE-2013-5125 : Google Chrome Security Team CVE-2013-5126 : Apple CVE-2013-5127 : Google Chrome Security Team CVE-2013-5128 : Apple WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a malicious website may lead to information disclosure Description: An information disclosure issue existed in the handling of the window.webkitRequestAnimationFrame() API. A maliciously crafted website could use an iframe to determine if another site used window.webkitRequestAnimationFrame(). This issue was addressed through improved handling of window.webkitRequestAnimationFrame(). CVE-ID CVE-2013-5159 WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Copying and pasting a malicious HTML snippet may lead to a cross-site scripting attack Description: A cross-site scripting issue existed in the handling of copied and pasted data in HTML documents. This issue was addressed through additional validation of pasted content. CVE-ID CVE-2013-0926 : Aditya Gupta, Subho Halder, and Dev Kar of xys3c (xysec.com) WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A cross-site scripting issue existed in the handling of iframes. This issue was addressed through improved origin tracking. CVE-ID CVE-2013-1012 : Subodh Iyengar and Erling Ellingsen of Facebook WebKit Available for: iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to an information disclosure Description: An information disclosure issue existed in XSSAuditor. This issue was addressed through improved handling of URLs. CVE-ID CVE-2013-2848 : Egor Homakov WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Dragging or pasting a selection may lead to a cross-site scripting attack Description: Dragging or pasting a selection from one site to another may allow scripts contained in the selection to be executed in the context of the new site. This issue is addressed through additional validation of content before a paste or a drag and drop operation. CVE-ID CVE-2013-5129 : Mario Heiderich WebKit Available for: iPhone 4 and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may lead to a cross- site scripting attack Description: A cross-site scripting issue existed in the handling of URLs. This issue was addressed through improved origin tracking. CVE-ID CVE-2013-5131 : Erling A Ellingsen Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "7.0". Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJSOe4/AAoJEPefwLHPlZEwToUP/jUGETRBdUjwN/gMmQAtl6zN 0VUMbnsNH51Lhsr15p9EHYJUL97pajT0N1gdd8Q2l+2NHkQzQLJziXgsO6VFOX7e GoLNvlbyfoE0Ac9dSm9w7yi2lVf8bjGZKmEH0DAXzZD5s0ThiqPZCjTo8rCODMH2 TyQgkYtcXtrAHYaFe0dceWe3Q0ORu24cuFg0xeqX+7QvzK9mSeJWiN8OtimMzDni 5Dvgn7emHiuI6f3huQ25bEXK4gjN+CGwXg2RhQ7fwm9IeBdLnH1qKrFrrMHIhbrK ibvud5jLS0ltUH+XnfBkoCkBntOO11vYllti8oIGCgaa5NkVkEOKbHy9uh6riGHT KXYU/LfM8tt8Ax6iknn4mYC2QYbv7OIyzSfu/scWbeawsJb4OMx71oJrROTArgQG QthFQvFk7NSe5kQlNz+xQHI5LP/ZSHTKdwT69zPIzjWQBOdcZ+4GQvmMsbKIeZeY I2oIull2C7XYav8B0o+l4WlyEewNCOHQ8znapZnjCRKT/FF/ueG/WO0J4SEWUbQz Kf24sZtFtm51QekPS3vc1XHacqJLELD8ugtgYC3hh9vUqkLV3UxpLKvI8uoOPUDt SCV3qSpaxgBQtJWUZPq0MWVTDJKzX4MEB8e1p4jZAggEzfx9AdT0s7XyGm9H/UsR GowSVGG+cJtvrngVhy3E =dNVy -----END PGP SIGNATURE-----

SQL injection vulnerability in sgms/reports/scheduledreports/configure/scheduleProps.jsp in SonicWall ViewPoint 6.0 SP2 allows remote attackers to execute arbitrary SQL commands via the scheduleID parameter. SonicWall Viewpoint is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Viewpoint 6.0 SP2 is vulnerable; other versions may also be affected. SonicWALL is a full-featured Internet security appliance designed specifically for large networks with ever-growing VPN needs

The ActiveX control in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Adobe Flash Player is prone to an unspecified remote memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Google Chrome Multiple Vulnerabilities SECUNIA ADVISORY ID: SA48265 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48265/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48265 RELEASE DATE: 2012-03-05 DISCUSS ADVISORY: http://secunia.com/advisories/48265/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48265/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48265 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Google Chrome, where one has an unknown impact and others can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system. 1) A use-after-free error exists within v8 element wrapper handling. 2) A use-after-free error exists within SVG value handling. 3) A buffer overflow exists within the Skia drawing library. 4) A use-after-free error exists within SVG document handling. 5) A use-after-free error exists within SVG use handling. 6) A casting error exists within line box handling. 7) A casting error exists within anonymous block splitting. 8) A use-after-free error exists within multi-column handling. 9) A use-after-free error exists within quote handling. 10) An out-of-bounds read error exists within text handling. 11) A use-after-free error exists within class attribute handling. 12) A use-after-free error exists within table section handling. 13) A use-after-free error exists within flexbox with floats handling. 14) A use-after-free error exists within SVG animation elements handling. For more information: SA48033 SOLUTION: Update to version 17.0.963.65. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Chamal de Silva 2, 4, 5, 14) Arthur Gerkis 3) Aki Helin, OUSPG 6, 7, 8, 9, 10, 11, 12, 13) miaubiz ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ---------------------------------------------------------------------- Secunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March Listen to our Chief Security Specialist, Research Analyst Director, and Director Product Management & Quality Assurance discuss the industry's key topics. Also, visit the Secunia stand #817. 1) An unspecified error in an ActiveX Control can be exploited to corrupt memory. 2) A type confusion error can be exploited to corrupt memory. 3) An unspecified error related to MP4 parsing can be exploited to corrupt memory. 4) An unspecified error can be exploited to corrupt memory. 5) An unspecified error can be exploited to bypass certain security restrictions. 6) An unspecified error can be exploited to bypass certain security restrictions. Successful exploitation of the vulnerabilities #1 through #6 may allow execution of arbitrary code. 7) Certain unspecified input is not properly sanitised before being returned to the user. NOTE: This vulnerability is reportedly being actively exploited in targeted attacks

Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted MP4 data. Adobe Flash Player is prone to an unspecified remote memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2012:0144-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0144.html Issue date: 2012-02-17 CVE Names: CVE-2012-0752 CVE-2012-0753 CVE-2012-0754 CVE-2012-0755 CVE-2012-0756 CVE-2012-0767 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed on the Adobe security page APSB12-03, listed in the References section. Multiple security flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content. (CVE-2012-0752, CVE-2012-0753, CVE-2012-0754, CVE-2012-0755, CVE-2012-0756) A flaw in flash-plugin could allow an attacker to conduct cross-site scripting (XSS) attacks if a victim were tricked into visiting a specially-crafted web page. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 791034 - CVE-2012-0752 CVE-2012-0753 CVE-2012-0754 CVE-2012-0755 CVE-2012-0756 flash-plugin: multiple code execution flaws (APSB12-03) 791035 - CVE-2012-0767 flash-plugin: universal cross-site scripting flaw (APSB12-03) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-10.3.183.15-1.el5.i386.rpm x86_64: flash-plugin-10.3.183.15-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-10.3.183.15-1.el5.i386.rpm x86_64: flash-plugin-10.3.183.15-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-10.3.183.15-1.el6.i686.rpm x86_64: flash-plugin-10.3.183.15-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-10.3.183.15-1.el6.i686.rpm x86_64: flash-plugin-10.3.183.15-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-10.3.183.15-1.el6.i686.rpm x86_64: flash-plugin-10.3.183.15-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-0752.html https://www.redhat.com/security/data/cve/CVE-2012-0753.html https://www.redhat.com/security/data/cve/CVE-2012-0754.html https://www.redhat.com/security/data/cve/CVE-2012-0755.html https://www.redhat.com/security/data/cve/CVE-2012-0756.html https://www.redhat.com/security/data/cve/CVE-2012-0767.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb12-03.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPPj8uXlSAg2UNWIIRApwYAJ40DTytRRob5RU/qeWrOqIfFF4TywCbBsdq 2hfvaUbJyuTg8og5n/gSdGc= =7NQZ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Google Chrome Multiple Vulnerabilities SECUNIA ADVISORY ID: SA48265 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48265/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48265 RELEASE DATE: 2012-03-05 DISCUSS ADVISORY: http://secunia.com/advisories/48265/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48265/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48265 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Google Chrome, where one has an unknown impact and others can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system. 1) A use-after-free error exists within v8 element wrapper handling. 2) A use-after-free error exists within SVG value handling. 3) A buffer overflow exists within the Skia drawing library. 4) A use-after-free error exists within SVG document handling. 5) A use-after-free error exists within SVG use handling. 6) A casting error exists within line box handling. 7) A casting error exists within anonymous block splitting. 8) A use-after-free error exists within multi-column handling. 9) A use-after-free error exists within quote handling. 10) An out-of-bounds read error exists within text handling. 11) A use-after-free error exists within class attribute handling. 12) A use-after-free error exists within table section handling. 13) A use-after-free error exists within flexbox with floats handling. 14) A use-after-free error exists within SVG animation elements handling. For more information: SA48033 SOLUTION: Update to version 17.0.963.65. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Chamal de Silva 2, 4, 5, 14) Arthur Gerkis 3) Aki Helin, OUSPG 6, 7, 8, 9, 10, 11, 12, 13) miaubiz ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Furthermore, a remote attacker may be able to bypass intended access restrictions, bypass cross-domain policy, inject arbitrary web script, or obtain sensitive information. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.228" References ========== [ 1 ] CVE-2011-2445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2445 [ 2 ] CVE-2011-2450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2450 [ 3 ] CVE-2011-2451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2451 [ 4 ] CVE-2011-2452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2452 [ 5 ] CVE-2011-2453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2453 [ 6 ] CVE-2011-2454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2454 [ 7 ] CVE-2011-2455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2455 [ 8 ] CVE-2011-2456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2456 [ 9 ] CVE-2011-2457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2457 [ 10 ] CVE-2011-2458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2458 [ 11 ] CVE-2011-2459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2459 [ 12 ] CVE-2011-2460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2460 [ 13 ] CVE-2012-0752 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0752 [ 14 ] CVE-2012-0753 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0753 [ 15 ] CVE-2012-0754 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0754 [ 16 ] CVE-2012-0755 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0755 [ 17 ] CVE-2012-0756 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0756 [ 18 ] CVE-2012-0767 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0767 [ 19 ] CVE-2012-0768 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0768 [ 20 ] CVE-2012-0769 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0769 [ 21 ] CVE-2012-0773 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0773 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201204-07.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- Secunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March Listen to our Chief Security Specialist, Research Analyst Director, and Director Product Management & Quality Assurance discuss the industry's key topics. Also, visit the Secunia stand #817. 1) An unspecified error in an ActiveX Control can be exploited to corrupt memory. 2) A type confusion error can be exploited to corrupt memory. 3) An unspecified error related to MP4 parsing can be exploited to corrupt memory. 4) An unspecified error can be exploited to corrupt memory. 5) An unspecified error can be exploited to bypass certain security restrictions. 6) An unspecified error can be exploited to bypass certain security restrictions. Successful exploitation of the vulnerabilities #1 through #6 may allow execution of arbitrary code. 7) Certain unspecified input is not properly sanitised before being returned to the user. NOTE: This vulnerability is reportedly being actively exploited in targeted attacks. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, gain knowledge of potentially sensitive information, bypass certain security restrictions, and compromise a user's system

Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) by leveraging an unspecified "type confusion.". Adobe Flash Player is prone to an unspecified remote memory-corruption vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2012:0144-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0144.html Issue date: 2012-02-17 CVE Names: CVE-2012-0752 CVE-2012-0753 CVE-2012-0754 CVE-2012-0755 CVE-2012-0756 CVE-2012-0767 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed on the Adobe security page APSB12-03, listed in the References section. Multiple security flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content. (CVE-2012-0752, CVE-2012-0753, CVE-2012-0754, CVE-2012-0755, CVE-2012-0756) A flaw in flash-plugin could allow an attacker to conduct cross-site scripting (XSS) attacks if a victim were tricked into visiting a specially-crafted web page. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 791034 - CVE-2012-0752 CVE-2012-0753 CVE-2012-0754 CVE-2012-0755 CVE-2012-0756 flash-plugin: multiple code execution flaws (APSB12-03) 791035 - CVE-2012-0767 flash-plugin: universal cross-site scripting flaw (APSB12-03) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-10.3.183.15-1.el5.i386.rpm x86_64: flash-plugin-10.3.183.15-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-10.3.183.15-1.el5.i386.rpm x86_64: flash-plugin-10.3.183.15-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-10.3.183.15-1.el6.i686.rpm x86_64: flash-plugin-10.3.183.15-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-10.3.183.15-1.el6.i686.rpm x86_64: flash-plugin-10.3.183.15-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-10.3.183.15-1.el6.i686.rpm x86_64: flash-plugin-10.3.183.15-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-0752.html https://www.redhat.com/security/data/cve/CVE-2012-0753.html https://www.redhat.com/security/data/cve/CVE-2012-0754.html https://www.redhat.com/security/data/cve/CVE-2012-0755.html https://www.redhat.com/security/data/cve/CVE-2012-0756.html https://www.redhat.com/security/data/cve/CVE-2012-0767.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb12-03.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPPj8uXlSAg2UNWIIRApwYAJ40DTytRRob5RU/qeWrOqIfFF4TywCbBsdq 2hfvaUbJyuTg8og5n/gSdGc= =7NQZ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Google Chrome Multiple Vulnerabilities SECUNIA ADVISORY ID: SA48265 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48265/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48265 RELEASE DATE: 2012-03-05 DISCUSS ADVISORY: http://secunia.com/advisories/48265/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48265/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48265 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Google Chrome, where one has an unknown impact and others can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system. 1) A use-after-free error exists within v8 element wrapper handling. 2) A use-after-free error exists within SVG value handling. 3) A buffer overflow exists within the Skia drawing library. 4) A use-after-free error exists within SVG document handling. 5) A use-after-free error exists within SVG use handling. 6) A casting error exists within line box handling. 7) A casting error exists within anonymous block splitting. 8) A use-after-free error exists within multi-column handling. 9) A use-after-free error exists within quote handling. 10) An out-of-bounds read error exists within text handling. 11) A use-after-free error exists within class attribute handling. 12) A use-after-free error exists within table section handling. 13) A use-after-free error exists within flexbox with floats handling. 14) A use-after-free error exists within SVG animation elements handling. For more information: SA48033 SOLUTION: Update to version 17.0.963.65. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Chamal de Silva 2, 4, 5, 14) Arthur Gerkis 3) Aki Helin, OUSPG 6, 7, 8, 9, 10, 11, 12, 13) miaubiz ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Furthermore, a remote attacker may be able to bypass intended access restrictions, bypass cross-domain policy, inject arbitrary web script, or obtain sensitive information. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.228" References ========== [ 1 ] CVE-2011-2445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2445 [ 2 ] CVE-2011-2450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2450 [ 3 ] CVE-2011-2451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2451 [ 4 ] CVE-2011-2452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2452 [ 5 ] CVE-2011-2453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2453 [ 6 ] CVE-2011-2454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2454 [ 7 ] CVE-2011-2455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2455 [ 8 ] CVE-2011-2456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2456 [ 9 ] CVE-2011-2457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2457 [ 10 ] CVE-2011-2458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2458 [ 11 ] CVE-2011-2459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2459 [ 12 ] CVE-2011-2460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2460 [ 13 ] CVE-2012-0752 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0752 [ 14 ] CVE-2012-0753 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0753 [ 15 ] CVE-2012-0754 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0754 [ 16 ] CVE-2012-0755 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0755 [ 17 ] CVE-2012-0756 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0756 [ 18 ] CVE-2012-0767 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0767 [ 19 ] CVE-2012-0768 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0768 [ 20 ] CVE-2012-0769 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0769 [ 21 ] CVE-2012-0773 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0773 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201204-07.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- Secunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March Listen to our Chief Security Specialist, Research Analyst Director, and Director Product Management & Quality Assurance discuss the industry's key topics. Also, visit the Secunia stand #817. 1) An unspecified error in an ActiveX Control can be exploited to corrupt memory. 2) A type confusion error can be exploited to corrupt memory. 3) An unspecified error related to MP4 parsing can be exploited to corrupt memory. 4) An unspecified error can be exploited to corrupt memory. 5) An unspecified error can be exploited to bypass certain security restrictions. 6) An unspecified error can be exploited to bypass certain security restrictions. Successful exploitation of the vulnerabilities #1 through #6 may allow execution of arbitrary code. 7) Certain unspecified input is not properly sanitised before being returned to the user. NOTE: This vulnerability is reportedly being actively exploited in targeted attacks. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, gain knowledge of potentially sensitive information, bypass certain security restrictions, and compromise a user's system

Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2012-0756. Adobe Flash Player Contains a vulnerability that prevents access restrictions. This vulnerability CVE-2012-0756 Is a different vulnerability.An attacker may be able to bypass access restrictions. An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2012:0144-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0144.html Issue date: 2012-02-17 CVE Names: CVE-2012-0752 CVE-2012-0753 CVE-2012-0754 CVE-2012-0755 CVE-2012-0756 CVE-2012-0767 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. These vulnerabilities are detailed on the Adobe security page APSB12-03, listed in the References section. Multiple security flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content. (CVE-2012-0752, CVE-2012-0753, CVE-2012-0754, CVE-2012-0755, CVE-2012-0756) A flaw in flash-plugin could allow an attacker to conduct cross-site scripting (XSS) attacks if a victim were tricked into visiting a specially-crafted web page. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 791034 - CVE-2012-0752 CVE-2012-0753 CVE-2012-0754 CVE-2012-0755 CVE-2012-0756 flash-plugin: multiple code execution flaws (APSB12-03) 791035 - CVE-2012-0767 flash-plugin: universal cross-site scripting flaw (APSB12-03) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-10.3.183.15-1.el5.i386.rpm x86_64: flash-plugin-10.3.183.15-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-10.3.183.15-1.el5.i386.rpm x86_64: flash-plugin-10.3.183.15-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-10.3.183.15-1.el6.i686.rpm x86_64: flash-plugin-10.3.183.15-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-10.3.183.15-1.el6.i686.rpm x86_64: flash-plugin-10.3.183.15-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-10.3.183.15-1.el6.i686.rpm x86_64: flash-plugin-10.3.183.15-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-0752.html https://www.redhat.com/security/data/cve/CVE-2012-0753.html https://www.redhat.com/security/data/cve/CVE-2012-0754.html https://www.redhat.com/security/data/cve/CVE-2012-0755.html https://www.redhat.com/security/data/cve/CVE-2012-0756.html https://www.redhat.com/security/data/cve/CVE-2012-0767.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb12-03.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPPj8uXlSAg2UNWIIRApwYAJ40DTytRRob5RU/qeWrOqIfFF4TywCbBsdq 2hfvaUbJyuTg8og5n/gSdGc= =7NQZ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Google Chrome Multiple Vulnerabilities SECUNIA ADVISORY ID: SA48265 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48265/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48265 RELEASE DATE: 2012-03-05 DISCUSS ADVISORY: http://secunia.com/advisories/48265/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48265/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48265 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Google Chrome, where one has an unknown impact and others can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system. 1) A use-after-free error exists within v8 element wrapper handling. 2) A use-after-free error exists within SVG value handling. 3) A buffer overflow exists within the Skia drawing library. 4) A use-after-free error exists within SVG document handling. 5) A use-after-free error exists within SVG use handling. 6) A casting error exists within line box handling. 7) A casting error exists within anonymous block splitting. 8) A use-after-free error exists within multi-column handling. 9) A use-after-free error exists within quote handling. 10) An out-of-bounds read error exists within text handling. 11) A use-after-free error exists within class attribute handling. 12) A use-after-free error exists within table section handling. 13) A use-after-free error exists within flexbox with floats handling. 14) A use-after-free error exists within SVG animation elements handling. For more information: SA48033 SOLUTION: Update to version 17.0.963.65. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Chamal de Silva 2, 4, 5, 14) Arthur Gerkis 3) Aki Helin, OUSPG 6, 7, 8, 9, 10, 11, 12, 13) miaubiz ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2012/03/chrome-stable-update.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.228" References ========== [ 1 ] CVE-2011-2445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2445 [ 2 ] CVE-2011-2450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2450 [ 3 ] CVE-2011-2451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2451 [ 4 ] CVE-2011-2452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2452 [ 5 ] CVE-2011-2453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2453 [ 6 ] CVE-2011-2454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2454 [ 7 ] CVE-2011-2455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2455 [ 8 ] CVE-2011-2456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2456 [ 9 ] CVE-2011-2457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2457 [ 10 ] CVE-2011-2458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2458 [ 11 ] CVE-2011-2459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2459 [ 12 ] CVE-2011-2460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2460 [ 13 ] CVE-2012-0752 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0752 [ 14 ] CVE-2012-0753 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0753 [ 15 ] CVE-2012-0754 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0754 [ 16 ] CVE-2012-0755 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0755 [ 17 ] CVE-2012-0756 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0756 [ 18 ] CVE-2012-0767 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0767 [ 19 ] CVE-2012-0768 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0768 [ 20 ] CVE-2012-0769 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0769 [ 21 ] CVE-2012-0773 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0773 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201204-07.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- Secunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March Listen to our Chief Security Specialist, Research Analyst Director, and Director Product Management & Quality Assurance discuss the industry's key topics. Also, visit the Secunia stand #817. 1) An unspecified error in an ActiveX Control can be exploited to corrupt memory. 2) A type confusion error can be exploited to corrupt memory. 3) An unspecified error related to MP4 parsing can be exploited to corrupt memory. 4) An unspecified error can be exploited to corrupt memory. Successful exploitation of the vulnerabilities #1 through #6 may allow execution of arbitrary code. 7) Certain unspecified input is not properly sanitised before being returned to the user. NOTE: This vulnerability is reportedly being actively exploited in targeted attacks. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, gain knowledge of potentially sensitive information, bypass certain security restrictions, and compromise a user's system

Apple Type Services (ATS) in Apple Mac OS X before 10.7.3 does not properly manage memory for data-font files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font that is accessed by Font Book. Attackers can exploit this issue by enticing an unsuspecting user to open a malicious font file in the Font Book application. An attacker could exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. This issue affects Mac OS X 10.6.8, Mac OS X Server 10.6.8, Mac OS X Lion 10.7 to 10.7.2 and Mac OS X Lion Server 10.7 to 10.7.2. ---------------------------------------------------------------------- SC Magazine awards the Secunia CSI a 5-Star rating Top-level rating for ease of use, performance, documentation, support, and value for money. Read more and get a free trial here: http://secunia.com/blog/296 ---------------------------------------------------------------------- TITLE: Apple Mac OS X Multiple Vulnerabilities SECUNIA ADVISORY ID: SA47843 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47843/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47843 RELEASE DATE: 2012-02-03 DISCUSS ADVISORY: http://secunia.com/advisories/47843/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47843/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47843 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 1) The Address Book component downgrades to an unencrypted connection when an encrypted connection fails. This can be exploited to intercept CardDAV data. 2) An error in the bundled version of Apache can be exploited to cause a temporary DoS (Denial of Service). For more information: SA46013 3) A design error in Apache within the Secure Sockets Layer 3.0 (SSL) and Transport Layer Security 1.0 (TLS) protocols when using a block cipher in CBC mode can be exploited to decrypt data protected by SSL. 5) An error in CFNetwork when handling URLs can be exploited to disclose sensitive information via a specially crafted web page as a request could be sent to an incorrect origin server. 6) An error in CFNetwork when handling URLs can be exploited to disclose sensitive information via a specially crafted web page as unexpected request headers could be sent. 7) An integer overflow error in ColorSync when handling images with embedded ColorSync profiles can be exploited to cause a heap-based buffer overflow via a specially crafted image. 8) An error in CoreAudio when handling AAC encoded audio streams can be exploited to cause a buffer overflow when playing specially crafted audio content. 9) An error in CoreMedia when handling H.264 encoded movies can be exploited to cause a heap-based buffer overflow. 10) A use-after-free error in CoreText when handling documents containing fonts can be exploited to dereference already freed memory via a specially crafted font. 11) An error exists in CoreUI when handling long URLs and can be exploited via a specially crafted website. 12) An error in curl can be exploited by remote servers to impersonate clients via GSSAPI requests. For more information: SA45067 13) Two of the certificate authorities in the list of trusted root certificates have issued intermediate certificates to DigiCert Malaysia, who has issued certificates with weak keys that cannot be revoked. 14) A design error in dovecot within the Secure Sockets Layer 3.0 (SSL) and Transport Layer Security 1.0 (TLS) protocols when using a block cipher in CBC mode can be exploited to decrypt data protected by SSL. 15) An error in the uncompress command line tool when decompressing compressed files can be exploited to cause a buffer overflow. For more information: SA45544 16) An error in ImageIO when parsing TIFF images can be exploited to cause a buffer overflow. For more information see vulnerability #9: SA45325 17) An error in ImageIO when handling ThunderScan encoded TIFF images can be exploited to cause a buffer overflow. For more information see vulnerability #2: SA43593: 18) An error exists in the bundled version of libpng. For more information: SA46148 19) An error in Internet Sharing may cause the used Wi-Fi configuration to revert to factory defaults (e.g. disabling the WEP password) after a system update. 20) An error in Libinfo can be exploited to disclose sensitive information via a specially crafted website. For more information see vulnerability #4: SA46747 21) An integer overflow error in libresolv when parsing DNS resource records can be exploited to cause a heap-based buffer overflow. 22) An error in libsecurity may cause some EV certificates to be trusted even when the corresponding root is marked untrusted. 23) Multiple errors in OpenGL when handling GLSL compilation can be exploited to corrupt memory. 24) Multiple errors exist in the bundled version of PHP. For more information: SA44874 SA45678 25) Various errors in FreeType when handling Type 1 fonts can be exploited to corrupt memory. For more information: SA46575 26) An error in QuickTime when parsing MP4 encoded files can be exploited to access uninitialised memory. 27) A signedness error in QuickTime when handling font tables embedded in movie files can be exploited to corrupt memory. 28) An off-by-one error in QuickTime when handling rdrf atoms in movie files can be exploited to cause a single byte buffer overflow. 29) An error in QuickTime when parsing JPEG2000 images can be exploited to cause a buffer overflow. 30) An error in QuickTime when parsing PNG images can be exploited to cause a buffer overflow. 31) An error in QuickTime when handling FLC encoded movie files can be exploited to cause a buffer overflow. 32) Multiple errors exists in the bundled version of SquirrelMail. For more information: SA40307 SA45197 33) Various errors exist in the bundled version of Subversion. For more information: SA44681 34) Time Machine does not verify that a designated remote AFP volume or Time Capsule is used for subsequent backups. This can be exploited to access backups by spoofing the remote volume. 35) Errors exist in the bundled version of Tomcat. For more information: SA44981 36) An error in WebDAV Sharing when handling user authentication can be exploited by local users to gain escalated privileges. 37) An error exists in the bundled version of Webmail. For more information: SA45605 SOLUTION: Update to OS X Lion version 10.7.3 or apply Security Update 2012-001. PROVIDED AND/OR DISCOVERED BY: 4, 10) Will Dormann, CERT/CC The vendor also credits: 1) Bernard Desruisseaux, Oracle Corporation 5, 6) Erling Ellingsen, Facebook 7) binaryproof via ZDI 8, 27, 28, 29, 30) Luigi Auriemma via ZDI 9) Scott Stender, iSEC Partners 11) Ben Syverson 19) An anonymous person 21) Ilja van Sprundel, IOActive 22) Alastair Houghton 23) Chris Evans, Google Chrome Security Team and Marc Schoenefeld, Red Hat Security Response Team 26) Luigi Auriemma via ZDI and pa_kt via ZDI 31) Matt "j00ru" Jurczyk via ZDI 34) Michael Roitzsch, Technische Universit\xe4t Dresden 36) Gordon Davisson, Crywolf ORIGINAL ADVISORY: Apple Security Update 2012-001: http://support.apple.com/kb/HT5130 US-CERT: http://www.kb.cert.org/vuls/id/403593 http://www.kb.cert.org/vuls/id/410281 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Use-after-free vulnerability in CoreText in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document. Successful exploits may allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts may cause denial-of-service conditions. The issue affects Mac OS X and Mac OS X Server versions prior to 10.7.3. NOTE: This issue was previously discussed in BID 51798 (Apple Mac OS X Prior to 10.7.3 Multiple Security Vulnerabilities) but has been given its own record to better document it. ---------------------------------------------------------------------- SC Magazine awards the Secunia CSI a 5-Star rating Top-level rating for ease of use, performance, documentation, support, and value for money. Read more and get a free trial here: http://secunia.com/blog/296 ---------------------------------------------------------------------- TITLE: Apple Mac OS X Multiple Vulnerabilities SECUNIA ADVISORY ID: SA47843 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47843/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47843 RELEASE DATE: 2012-02-03 DISCUSS ADVISORY: http://secunia.com/advisories/47843/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47843/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47843 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 1) The Address Book component downgrades to an unencrypted connection when an encrypted connection fails. This can be exploited to intercept CardDAV data. 2) An error in the bundled version of Apache can be exploited to cause a temporary DoS (Denial of Service). For more information: SA46013 3) A design error in Apache within the Secure Sockets Layer 3.0 (SSL) and Transport Layer Security 1.0 (TLS) protocols when using a block cipher in CBC mode can be exploited to decrypt data protected by SSL. 4) An error in ATS when handling data-font files can be exploited to corrupt memory via a specially crafted font opened by Font Book. 5) An error in CFNetwork when handling URLs can be exploited to disclose sensitive information via a specially crafted web page as a request could be sent to an incorrect origin server. 6) An error in CFNetwork when handling URLs can be exploited to disclose sensitive information via a specially crafted web page as unexpected request headers could be sent. 7) An integer overflow error in ColorSync when handling images with embedded ColorSync profiles can be exploited to cause a heap-based buffer overflow via a specially crafted image. 8) An error in CoreAudio when handling AAC encoded audio streams can be exploited to cause a buffer overflow when playing specially crafted audio content. 9) An error in CoreMedia when handling H.264 encoded movies can be exploited to cause a heap-based buffer overflow. 10) A use-after-free error in CoreText when handling documents containing fonts can be exploited to dereference already freed memory via a specially crafted font. 11) An error exists in CoreUI when handling long URLs and can be exploited via a specially crafted website. 12) An error in curl can be exploited by remote servers to impersonate clients via GSSAPI requests. For more information: SA45067 13) Two of the certificate authorities in the list of trusted root certificates have issued intermediate certificates to DigiCert Malaysia, who has issued certificates with weak keys that cannot be revoked. 14) A design error in dovecot within the Secure Sockets Layer 3.0 (SSL) and Transport Layer Security 1.0 (TLS) protocols when using a block cipher in CBC mode can be exploited to decrypt data protected by SSL. 15) An error in the uncompress command line tool when decompressing compressed files can be exploited to cause a buffer overflow. For more information: SA45544 16) An error in ImageIO when parsing TIFF images can be exploited to cause a buffer overflow. For more information see vulnerability #9: SA45325 17) An error in ImageIO when handling ThunderScan encoded TIFF images can be exploited to cause a buffer overflow. For more information see vulnerability #2: SA43593: 18) An error exists in the bundled version of libpng. For more information: SA46148 19) An error in Internet Sharing may cause the used Wi-Fi configuration to revert to factory defaults (e.g. disabling the WEP password) after a system update. 20) An error in Libinfo can be exploited to disclose sensitive information via a specially crafted website. For more information see vulnerability #4: SA46747 21) An integer overflow error in libresolv when parsing DNS resource records can be exploited to cause a heap-based buffer overflow. 22) An error in libsecurity may cause some EV certificates to be trusted even when the corresponding root is marked untrusted. 23) Multiple errors in OpenGL when handling GLSL compilation can be exploited to corrupt memory. 24) Multiple errors exist in the bundled version of PHP. For more information: SA44874 SA45678 25) Various errors in FreeType when handling Type 1 fonts can be exploited to corrupt memory. For more information: SA46575 26) An error in QuickTime when parsing MP4 encoded files can be exploited to access uninitialised memory. 27) A signedness error in QuickTime when handling font tables embedded in movie files can be exploited to corrupt memory. 28) An off-by-one error in QuickTime when handling rdrf atoms in movie files can be exploited to cause a single byte buffer overflow. 29) An error in QuickTime when parsing JPEG2000 images can be exploited to cause a buffer overflow. 30) An error in QuickTime when parsing PNG images can be exploited to cause a buffer overflow. 31) An error in QuickTime when handling FLC encoded movie files can be exploited to cause a buffer overflow. 32) Multiple errors exists in the bundled version of SquirrelMail. For more information: SA40307 SA45197 33) Various errors exist in the bundled version of Subversion. For more information: SA44681 34) Time Machine does not verify that a designated remote AFP volume or Time Capsule is used for subsequent backups. This can be exploited to access backups by spoofing the remote volume. 35) Errors exist in the bundled version of Tomcat. For more information: SA44981 36) An error in WebDAV Sharing when handling user authentication can be exploited by local users to gain escalated privileges. 37) An error exists in the bundled version of Webmail. For more information: SA45605 SOLUTION: Update to OS X Lion version 10.7.3 or apply Security Update 2012-001. PROVIDED AND/OR DISCOVERED BY: 4, 10) Will Dormann, CERT/CC The vendor also credits: 1) Bernard Desruisseaux, Oracle Corporation 5, 6) Erling Ellingsen, Facebook 7) binaryproof via ZDI 8, 27, 28, 29, 30) Luigi Auriemma via ZDI 9) Scott Stender, iSEC Partners 11) Ben Syverson 19) An anonymous person 21) Ilja van Sprundel, IOActive 22) Alastair Houghton 23) Chris Evans, Google Chrome Security Team and Marc Schoenefeld, Red Hat Security Response Team 26) Luigi Auriemma via ZDI and pa_kt via ZDI 31) Matt "j00ru" Jurczyk via ZDI 34) Michael Roitzsch, Technische Universit\xe4t Dresden 36) Gordon Davisson, Crywolf ORIGINAL ADVISORY: Apple Security Update 2012-001: http://support.apple.com/kb/HT5130 US-CERT: http://www.kb.cert.org/vuls/id/403593 http://www.kb.cert.org/vuls/id/410281 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of MP4 files. A size value is read from MP4 files and used for size calculation without proper validation. The arithmetic performed on the size value can cause integer overflows, resulting in undersized allocations. This undersized memory allocation can be subsequently overpopulated with data supplied by the input file which can be used to gain remote code execution under the context of the current process. If this function is called with id '2200' it will write a 0x01 byte to a user supplied address. Failed exploit attempts will likely result in denial-of-service conditions. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2012:0144-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0144.html Issue date: 2012-02-17 CVE Names: CVE-2012-0752 CVE-2012-0753 CVE-2012-0754 CVE-2012-0755 CVE-2012-0756 CVE-2012-0767 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed on the Adobe security page APSB12-03, listed in the References section. Multiple security flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially-crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the specially-crafted SWF content. (CVE-2012-0752, CVE-2012-0753, CVE-2012-0754, CVE-2012-0755, CVE-2012-0756) A flaw in flash-plugin could allow an attacker to conduct cross-site scripting (XSS) attacks if a victim were tricked into visiting a specially-crafted web page. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 791034 - CVE-2012-0752 CVE-2012-0753 CVE-2012-0754 CVE-2012-0755 CVE-2012-0756 flash-plugin: multiple code execution flaws (APSB12-03) 791035 - CVE-2012-0767 flash-plugin: universal cross-site scripting flaw (APSB12-03) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-10.3.183.15-1.el5.i386.rpm x86_64: flash-plugin-10.3.183.15-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-10.3.183.15-1.el5.i386.rpm x86_64: flash-plugin-10.3.183.15-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-10.3.183.15-1.el6.i686.rpm x86_64: flash-plugin-10.3.183.15-1.el6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-10.3.183.15-1.el6.i686.rpm x86_64: flash-plugin-10.3.183.15-1.el6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-10.3.183.15-1.el6.i686.rpm x86_64: flash-plugin-10.3.183.15-1.el6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2012-0752.html https://www.redhat.com/security/data/cve/CVE-2012-0753.html https://www.redhat.com/security/data/cve/CVE-2012-0754.html https://www.redhat.com/security/data/cve/CVE-2012-0755.html https://www.redhat.com/security/data/cve/CVE-2012-0756.html https://www.redhat.com/security/data/cve/CVE-2012-0767.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb12-03.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFPPj8uXlSAg2UNWIIRApwYAJ40DTytRRob5RU/qeWrOqIfFF4TywCbBsdq 2hfvaUbJyuTg8og5n/gSdGc= =7NQZ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-080 : Adobe Flash Player MP4 Stream Decoding Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-080 June 6, 2012 - -- CVE ID: CVE-2012-0754 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors: Adobe - -- Affected Products: Adobe Flash Player - -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 12273. More details can be found at: http://www.adobe.com/support/security/bulletins/apsb12-03.html - -- Disclosure Timeline: 2012-01-12 - Vulnerability reported to vendor 2012-06-06 - Coordinated public release of advisory - -- Credit: This vulnerability was discovered by: * Alexander Gavrun - -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Furthermore, a remote attacker may be able to bypass intended access restrictions, bypass cross-domain policy, inject arbitrary web script, or obtain sensitive information. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.228" References ========== [ 1 ] CVE-2011-2445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2445 [ 2 ] CVE-2011-2450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2450 [ 3 ] CVE-2011-2451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2451 [ 4 ] CVE-2011-2452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2452 [ 5 ] CVE-2011-2453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2453 [ 6 ] CVE-2011-2454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2454 [ 7 ] CVE-2011-2455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2455 [ 8 ] CVE-2011-2456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2456 [ 9 ] CVE-2011-2457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2457 [ 10 ] CVE-2011-2458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2458 [ 11 ] CVE-2011-2459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2459 [ 12 ] CVE-2011-2460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2460 [ 13 ] CVE-2012-0752 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0752 [ 14 ] CVE-2012-0753 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0753 [ 15 ] CVE-2012-0754 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0754 [ 16 ] CVE-2012-0755 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0755 [ 17 ] CVE-2012-0756 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0756 [ 18 ] CVE-2012-0767 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0767 [ 19 ] CVE-2012-0768 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0768 [ 20 ] CVE-2012-0769 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0769 [ 21 ] CVE-2012-0773 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0773 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201204-07.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- Secunia presentations @ RSA Conference 2012, San Francisco, USA, 27 Feb-02 March Listen to our Chief Security Specialist, Research Analyst Director, and Director Product Management & Quality Assurance discuss the industry's key topics. Also, visit the Secunia stand #817. Find out more: http://www.rsaconference.com/events/2012/usa/index.htm ---------------------------------------------------------------------- TITLE: Adobe Flash Player Multiple Vulnerabilities SECUNIA ADVISORY ID: SA48033 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48033/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48033 RELEASE DATE: 2012-02-16 DISCUSS ADVISORY: http://secunia.com/advisories/48033/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48033/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48033 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system. 1) An unspecified error in an ActiveX Control can be exploited to corrupt memory. 2) A type confusion error can be exploited to corrupt memory. 3) An unspecified error related to MP4 parsing can be exploited to corrupt memory. 4) An unspecified error can be exploited to corrupt memory. 5) An unspecified error can be exploited to bypass certain security restrictions. 6) An unspecified error can be exploited to bypass certain security restrictions. Successful exploitation of the vulnerabilities #1 through #6 may allow execution of arbitrary code. 7) Certain unspecified input is not properly sanitised before being returned to the user. NOTE: This vulnerability is reportedly being actively exploited in targeted attacks. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: 6) Reported by the vendor 7) Reported as a 0-day. The vendor additionally credits Google The vendor also credits: 1) Xu Liu, Fortinet's FortiGuard Labs 2) Bo Qu, Palo Alto Networks 3, 4) Alexander Gavrun via ZDI 5) Eduardo Vela Nava, Google Security Team ORIGINAL ADVISORY: http://www.adobe.com/support/security/bulletins/apsb12-03.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------