Red Hat Enterprise Linux: Updated libcgroup packages that fix one bug are now available for Red Hat
Enterprise Linux 6.
Monthly Archives: October 2014
RHBA-2014:1639-1: net-snmp bug fix update
Red Hat Enterprise Linux: Updated net-snmp packages that fix one bug are now available for Red Hat
Enterprise Linux 5.
RHBA-2014:1638-1: at bug fix update
Red Hat Enterprise Linux: Updated at packages that fix one bug are now available for Red Hat Enterprise
Linux 6.
RHBA-2014:1637-1: at bug fix update
Red Hat Enterprise Linux: Updated at packages that fix one bug are now available for Red Hat Enterprise
Linux 6.
USN-2382-1: Requests vulnerabilities
Ubuntu Security Notice USN-2382-1
14th October, 2014
requests vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 14.04 LTS
Summary
Requests could be made to expose authentication credentials over the
network.
Software description
- requests
– elegant and simple HTTP library for Python
Details
Jakub Wilk discovered that Requests incorrectly reused authentication
credentials after being redirected. An attacker could possibly use this
issue to obtain authentication credentials intended for another site.
(CVE-2014-1829, CVE-2014-1830)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 14.04 LTS:
-
python3-requests
2.2.1-1ubuntu0.1
-
python-requests
2.2.1-1ubuntu0.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
USN-2345-1: Oxide vulnerabilities
Ubuntu Security Notice USN-2345-1
14th October, 2014
oxide-qt vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 14.04 LTS
Summary
Several security issues were fixed in Oxide.
Software description
- oxide-qt
– Web browser engine library for Qt (QML plugin)
Details
Multiple use-after-free issues were discovered in Blink. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via renderer crash,
or execute arbitrary code with the privileges of the sandboxed render
process. (CVE-2014-3178, CVE-2014-3190, CVE-2014-3191, CVE-2014-3192)
Multiple security issues were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to read uninitialized memory, cause a denial of
service via application crash or execute arbitrary code with the
privileges of the user invoking the program. (CVE-2014-3179,
CVE-2014-3200)
It was discovered that Chromium did not properly handle the interaction of
IPC and V8. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to execute arbitrary
code with the privileges of the user invoking the program. (CVE-2014-3188)
A use-after-free was discovered in the web workers implementation in
Chromium. If a user were tricked in to opening a specially crafted website,
an attacker could potentially exploit this to cause a denial of service
via applicatin crash or execute arbitrary code with the privileges of the
user invoking the program. (CVE-2014-3194)
It was discovered that V8 did not correctly handle Javascript heap
allocations in some circumstances. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
steal sensitive information. (CVE-2014-3195)
It was discovered that Blink did not properly provide substitute data for
pages blocked by the XSS auditor. If a user were tricked in to opening a
specially crafter website, an attacker could potentially exploit this to
steal sensitive information. (CVE-2014-3197)
It was discovered that the wrap function for Event’s in the V8 bindings
in Blink produced an erroneous result in some circumstances. If a user
were tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service by stopping a worker
process that was handling an Event object. (CVE-2014-3199)
Multiple security issues were discovered in V8. If a user were tricked in
to opening a specially crafted website, an attacker could potentially
exploit these to read uninitialized memory, cause a denial of service via
renderer crash or execute arbitrary code with the privileges of the
sandboxed render process. (CVE-2014-7967)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 14.04 LTS:
-
liboxideqtcore0
1.2.5-0ubuntu0.14.04.1
-
oxideqt-codecs
1.2.5-0ubuntu0.14.04.1
-
oxideqt-codecs-extra
1.2.5-0ubuntu0.14.04.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
USN-2372-1: Firefox vulnerabilities
Ubuntu Security Notice USN-2372-1
14th October, 2014
firefox vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Software description
- firefox
– Mozilla Open Source web browser
Details
Bobby Holley, Christian Holler, David Bolter, Byron Campen, Jon Coppeard,
Carsten Book, Martijn Wargers, Shih-Chiang Chien, Terrence Cole and
Jeff Walden discovered multiple memory safety issues in Firefox. If a user
were tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2014-1574, CVE-2014-1575)
Atte Kettunen discovered a buffer overflow during CSS manipulation. If a
user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to cause a denial of service via
application crash or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2014-1576)
Holger Fuhrmannek discovered an out-of-bounds read with Web Audio. If a
user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to steal sensitive information.
(CVE-2014-1577)
Abhishek Arya discovered an out-of-bounds write when buffering WebM video
in some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash or execute arbitrary code with
the privileges of the user invoking Firefox. (CVE-2014-1578)
Michal Zalewski discovered that memory may not be correctly initialized
when rendering a malformed GIF in to a canvas in some circumstances. If
a user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to steal sensitive information.
(CVE-2014-1580)
A use-after-free was discovered during text layout in some circumstances.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service via
application crash or execute arbitrary code with the privileges of the
user invoking Firefox. (CVE-2014-1581)
Patrick McManus and David Keeler discovered 2 issues that could result
in certificate pinning being bypassed in some circumstances. An attacker
with a fraudulent certificate could potentially exploit this conduct a
man in the middle attack. (CVE-2014-1582, CVE-2014-1584)
Eric Shepherd and Jan-Ivar Bruaroey discovered issues with video sharing
via WebRTC in iframes, where video continues to be shared after being
stopped and navigating to a new site doesn’t turn off the camera. An
attacker could potentially exploit this to access the camera without the
user being aware. (CVE-2014-1585, CVE-2014-1586)
Boris Zbarsky discovered that webapps could use the Alarm API to read the
values of cross-origin references. If a user were tricked in to installing
a specially crafter webapp, an attacker could potentially exploit this to
bypass same-origin restrictions. (CVE-2014-1583)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 14.04 LTS:
-
firefox
33.0+build2-0ubuntu0.14.04.1
- Ubuntu 12.04 LTS:
-
firefox
33.0+build2-0ubuntu0.12.04.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart Firefox to make
all the necessary changes.
References
USN-2383-1: wpa_supplicant vulnerability
Ubuntu Security Notice USN-2383-1
14th October, 2014
wpa, wpasupplicant vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary
wpa_supplicant could be made to run programs if it received specially
crafted network traffic.
Software description
- wpa
– client support for WPA and WPA2 - wpasupplicant
– client support for WPA and WPA2
Details
Jouni Malinen discovered that the wpa_cli tool incorrectly sanitized
strings when being used with action scripts. A remote attacker could
possibly use this issue to execute arbitrary commands.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 14.04 LTS:
-
wpasupplicant
2.1-0ubuntu1.1
- Ubuntu 12.04 LTS:
-
wpasupplicant
0.7.3-6ubuntu2.3
- Ubuntu 10.04 LTS:
-
wpasupplicant
0.6.9-3ubuntu3.2
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make all
the necessary changes.
References
Drupal Fixes Highly Critical SQL Injection Flaw
Drupal has patched a critical SQL injection vulnerability in version 7.x of the content management system that can allow arbitrary code execution.
SA-CONTRIB-2014-099 – Open Atrium Core – Access bypass
- Advisory ID: DRUPAL-SA-CONTRIB-2014-099
- Project: Open Atrium (third-party module)
- Version: 7.x
- Date: 2014-10-15
- Security risk: 10/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:None/E:Theoretical/TD:Default
- Vulnerability: Access bypass
Description
The oa_core module contains the base access control mechanism for the Open Atrium distribution (OA2). In OA2, file attachments are given the same access permission as the node they are attached to.
The vulnerability is when an attachment is removed from a node that has Revisions enabled. It allows anonymous users to view the file that is still attached to the previous revision.
This vulnerability is mitigated by the fact that it requires using Revisions and removing files attached to revisions. If revisions are disabled or files are not removed from nodes then access works as designed.
CVE identifier(s) issued
- A CVE identifier will be requested, and added upon issuance, in accordance
with Drupal Security Team processes.
Versions affected
- oa_core 7.x-2.x versions prior to 7.x-2.22.
Drupal core is not affected. If you do not use the contributed Open Atrium module,
there is nothing you need to do.
Solution
Install the latest version:
- If you use the oa_core module for Drupal 7.x, upgrade to oa_core 7.x-2.22.
Also see the Open Atrium project page.
Reported by
Fixed by
- Mike Potter the module maintainer
Coordinated by
- Hunter Fox of the Drupal Security Team
- Greg Knaddison of the Drupal Security Team
Contact and More Information
The Drupal security team can be reached at security at drupal.org or via the contact form at
https://www.drupal.org/contact.
Learn more about the Drupal Security team and their policies,
writing secure code for Drupal, and
securing your site.
Drupal version: