The Hierarchical Select module provides a “hierarchical_select” form element, which is a greatly enhanced way for letting the user select items in a taxonomy. The module does not sanitize some of the user-supplied data before displaying it, leading to two Cross Site Scripting (XSS) vulnerabilities that may lead to a malicious user gaining full administrative access.
The first vulnerability is mitigated by the fact that the attacker must have a role with the “administer taxonomy” permission; specifically the attacker must be able to create or modify taxonomy terms and then modify the term title. Only Hierarchical Select field instances with the “Save term lineage” option enabled in the widget settings are vulnerable.
The second vulnerability is mitigated by the fact that an attacker must have a permission to administer fields on an entity type, for example the “administer taxonomy” permission to manage fields on taxonomy terms, the “administer users” permission to manage fields on users or the “administer content type” permission to manage fields on comments or nodes.
CVE identifier(s) issued
A CVE identifier will be requested, and added upon issuance, in accordance
with Drupal Security Team processes.
Versions affected
Hierarchical Select 6.x versions prior to 6.x-3.9.
Drupal core is not affected. If you do not use the contributed Hierarchical Select module,
there is nothing you need to do.
Red Hat Security Advisory 2014-1948-01 – Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. This update adds support for the TLS Fallback Signaling Cipher Suite Value, which can be used to prevent protocol downgrade attacks against applications which re-connect using a lower SSL/TLS protocol version when the initial connection indicating the highest supported protocol version fails.
Red Hat Security Advisory 2014-1924-01 – Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the Alarm API, which could allow applications to schedule actions to be run in the future. A malicious web application could use this flaw to bypass the same-origin policy.
Red Hat Security Advisory 2014-1947-01 – The rhevm-log-collector utility allows users to easily collect log files from all systems in their Red Hat Enterprise Virtualization environment. It was found that rhevm-log-collector called sosreport with the PostgreSQL database password passed as a command line parameter. A local attacker could read this password by monitoring a process listing. The password would also be written to a log file, which could potentially be read by a local attacker. This issue was discovered by David Jorm of Red Hat Product Security.
Red Hat Security Advisory 2014-1919-01 – Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the Alarm API, which could allow applications to schedule actions to be run in the future. A malicious web application could use this flaw to bypass the same-origin policy.
Ubuntu Security Notice 2431-1 – It was discovered that mod_wsgi incorrectly handled errors when setting up the working directory and group access rights. A malicious application could possibly use this issue to cause a local privilege escalation when using daemon mode.
Red Hat Security Advisory 2014-1943-01 – The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. A denial of service flaw was found in the way the Linux kernel’s XFS file system implementation ordered directory hashes under certain conditions. A local attacker could use this flaw to corrupt the file system by creating directories with colliding hash values, potentially resulting in a system crash. An out-of-bounds memory access flaw was found in the syscall tracing functionality of the Linux kernel’s perf subsystem. A local, unprivileged user could use this flaw to crash the system.
Ubuntu Security Notice 2428-1 – Gary Kwong, Randell Jesup, Nils Ohlmeier, Jesse Ruderman, and Max Jonas Werner discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Joe Vennix discovered a crash when using XMLHttpRequest in some circumstances. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit this to cause a denial of service. Various other issues were also addressed.
Red Hat Security Advisory 2014-1941-01 – KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM, in environments managed by Red Hat Enterprise Linux OpenStack Platform. An information leak flaw was found in the way QEMU’s VGA emulator accessed frame buffer memory for high resolution displays. A privileged guest user could use this flaw to leak memory contents of the host to the guest by setting the display to use a high resolution in the guest. This issue was discovered by Laszlo Ersek of Red Hat.