-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 intrigeri uploaded new packages for pidgin which fixed the following security problems: CVE-2013-6477 Jaime Breva Ribes discovered that a remote XMPP user can trigger a crash by sending a message with a timestamp in the distant future. CVE-2013-6478 Pidgin could be crashed through overly wide tooltip windows. CVE-2013-6479 Jacob Appelbaum discovered that a malicious server or a "man in the middle" could send a malformed HTTP header resulting in denial of service. CVE-2013-6481 Daniel Atallah discovered that Pidgin could be crashed through malformed Yahoo! P2P messages. CVE-2013-6482 Fabian Yamaguchi and Christian Wressnegger discovered that Pidgin could be crashed through malformed MSN messages. CVE-2013-6483 Fabian Yamaguchi and Christian Wressnegger discovered that Pidgin could be crashed through malformed XMPP messages. CVE-2013-6484 It was discovered that incorrect error handling when reading the response from a STUN server
Monthly Archives: February 2014
CVE-2014-0322 (internet_explorer)
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving crafted JavaScript code, CMarkup, and the onpropertychange attribute of a script element, as exploited in the wild in January and February 2014.
WatchGuard Technologies and KYOCERA Document Solutions Japan Partner to Integrate First UTM Security Platform and Multifunction Printer Solution
New integration allows SMBs to print WatchGuard UTM security reports directly from KYOCERA MFPs; streamlines management for companies with limited IT Staff
Access Bypass in extensions "Yet Another Gallery" (yag) and "Tools for Extbase development" (pt_extbase)
Release Date: February 12, 2014
Component Type: Third party extension. This extension is not a part of the TYPO3 default installation.
Affected Versions: yag: Version 3.0.0 and below, pt_extbase: Version 1.5.0 and below
Vulnerability Type: Access Bypass
Severity: High
Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:C/I:P/A:N/E:F/RL:O/RC:C (What’s that?)
CVE: CVE-2014-6289
Bulletin update: September 18, 2014 (added CVE)
Problem Description: The extension pt_extbase comes with an Ajax dispatcher for Extbase. Using this dispatcher it is possible to call every action in every controller of every Extbase extension installed on the system. The dispatcher failes to do access checks, thus it is possible to bypass access checks for Extbase Backend Modules like the backend user administration module. The extension yag also delivered an Ajax dispatcher, which was unused but vulnerable.
Important Note: The unused Ajax Dispatcher code in extension yag has been removed. If any other installed extensions made use of this dispatcher, it will stop working. Additionally the Ajax dispatcher in pt_extbase was modified to do access checks. Third party extensions using this dispatcher need to be added to the list of allowed actions.
Solution: Updated versions 3.0.1 and 1.5.1 are available from the TYPO3 extension manager and at http://typo3.org/extensions/repository/download/yag/3.0.1/t3x/ and http://typo3.org/extensions/repository/download/pt_extbase/1.5.1/t3x/. Users of the extension are advised to update the extension as soon as possible.
Credits: Credits go to Andrea Schmuttermair who discovered and reported this issue.
General advice: Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list to receive future Security Bulletins via E-mail.
Mass Assignment in extension Direct Mail Subscription (direct_mail_subscription)
Release Date: February 12, 2014
Component Type: Third party extension. This extension is not a part of the TYPO3 default installation.
Affected Versions: Version 2.0.0 and below
Vulnerability Type: Mass Assignment
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:F/RL:O/RC:C (What’s that?)
Problem Description: The extension Direct Mail Subscription bundles a vulnerable version of the old the feuser_adminLib.inc library. This means that any links for creating records generated by this library can be manipulated to fill any field in the configured database table with arbitrary values. An attack is not limited to the fields listed in the configuration or the link itself.
Related CVE: CVE-2013-7075
Solution: An updated version 2.0.1 is available from the TYPO3 extension manager and at http://typo3.org/extensions/repository/download/direct_mail_subscription/2.0.1/t3x/. Users of the extension are advised to update the extension as soon as possible.
General advice: Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list to receive future Security Bulletins via E-mail.
CVE-2010-4777
The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash. (CVSS:4.3) (Last Update:2014-02-10)
CVE-2013-2214
status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does not properly restrict access to certain users that are a contact for a service, which allows remote authenticated users to obtain sensitive information about hostnames via the servicegroup (1) overview, (2) summary, or (3) grid style in status.cgi. NOTE: this behavior is by design in most 3.x versions, but the upstream vendor “decided to change it for Nagios 4” and 3.5.1. (CVSS:4.0) (Last Update:2014-02-25)
[BSA-091] Security Update for nss
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 intrigeri uploaded new packages for nss which fixed the following security problems: CVE-2013-1739 (DSA-2790-1) A flaw was found in the way the Mozilla Network Security Service library (nss) read uninitialized data when there was a decryption failure. A remote attacker could use this flaw to cause a denial of service (application crash) for applications linked with the nss library. CVE-2013-5605 (DSA-2800-1) Andrew Tinits reported a potentially exploitable buffer overflow in the Mozilla Network Security Service library (nss). With a specially crafted request a remote attacker could cause a denial of service or possibly execute arbitrary code. For the squeeze-backports distribution the problems have been fixed in version 2:3.14.5-1~bpo60+1. For the oldstable distribution (squeeze), the problems have been fixed in version 3.12.8-1+squeeze7. For the stable distribution (wheezy), the problems have been fixed in version 2:3.14.5-1. For the tes
CVE-2014-0019 (fedora, opensuse, socat)
Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and 2.0.0-b1 through 2.0.0-b6 allows local users to cause a denial of service (segmentation fault) via a long server name in the PROXY-CONNECT address in the command line.