Monthly Archives: October 2014

Full Disclosure

SEC Consult SA-20141031-0 :: XML External Entity Injection (XXE) and Reflected XSS in Scalix Web Access

Posted by SEC Consult Vulnerability Lab on Oct 31

SEC Consult Vulnerability Lab Security Advisory < 20141031-0 >
=======================================================================
title: XML External Entity Injection (XXE) and Reflected XSS
product: Scalix Web Access
vulnerable version: 11.4.6.12377 and 12.2.0.14697
fixed version: –
impact: Critical
homepage: http://www.scalix.com/
found: 2014-08-27…

Fedora

Fedora 21 Security Update: qemu-2.1.2-6.fc21

Resolved Bugs
1157647 – CVE-2014-7815 qemu: vnc: insufficient bits_per_pixel from the client sanitization [fedora-all]
1157641 – CVE-2014-7815 qemu: vnc: insufficient bits_per_pixel from the client sanitization
1153038 – CVE-2014-3689 qemu: vmware_vga: insufficient parameter validation in rectangle functions [fedora-all]
1153035 – CVE-2014-3689 qemu: vmware_vga: insufficient parameter validation in rectangle functions<br
* CVE-2014-7815 vnc: insufficient bits_per_pixel from the client sanitization (bz #1157647, bz #1157641)
* CVE-2014-3689 vmware_vga: insufficient parameter validation in rectangle functions (bz #1153038, bz #1153035)
Fix dep on numactl-devel to be build time not install time

Fedora

Fedora 21 Security Update: fedup-0.9.0-1.fc21

Resolved Bugs
1038413 – fedup stage2 keymap will always be US again for F20-F21 due to anaconda not writing vconsole.keymap kernel parameter any more (#1035316)
1153816 – Fedup needs to support upgrading into a Productized Fedora 21
1066679 – CVE-2013-6494 fedup: /var/tmp/fedora-upgrade temporary directory creation vulnerability<br
* Adds `–product=PRODUCT` flag, required for upgrades to F21
* Uses host’s config files in `upgrade.img`, which should fix various upgrade problems (e.g. incorrect keyboard layout when unlocking disks due to missing `vconsole.conf`)
* Logging improvements: complete upgrade log should appear in system journal