Monthly Archives: January 2015

Redhat

RHSA-2015:0052-1: Critical: flash-plugin security update

Red Hat Enterprise Linux: An updated Adobe Flash Player package that fixes multiple security issues
is now available for Red Hat Enterprise Linux 5 and 6 Supplementary.

Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2015-0301, CVE-2015-0302, CVE-2015-0303, CVE-2015-0304, CVE-2015-0305, CVE-2015-0306, CVE-2015-0307, CVE-2015-0308, CVE-2015-0309

Redhat

RHSA-2015:0028-1: Important: cfme security, bug fix, and enhancement update

Red Hat Enterprise Linux: Updated cfme packages that fix two security issues, several bugs, and add
various enhancements are now available for Red Hat CloudForms 3.1.

Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2014-3692, CVE-2014-7814

Ubuntu

USN-2471-1: GParted vulnerability

Ubuntu Security Notice USN-2471-1

14th January, 2015

gparted vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 12.04 LTS

Summary

GParted could be made to run programs as an administrator.

Software description

  • gparted
    – GNOME partition editor

Details

Wolfgang Ettlinger discovered that GParted incorrectly filtered shell
metacharacters when running external commands. A local attacker could use
this issue with a crafted filesystem label to run arbitrary commands as the
administrator.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:
gparted

0.11.0-2ubuntu0.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2014-7208

Ubuntu

USN-2472-1: unzip vulnerabilities

Ubuntu Security Notice USN-2472-1

14th January, 2015

unzip vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS

Summary

unzip could be made to crash or run programs if it opened a specially
crafted file.

Software description

  • unzip
    – De-archiver for .zip files

Details

Wolfgang Ettlinger discovered that unzip incorrectly handled certain
malformed zip archives. If a user or automated system were tricked into
processing a specially crafted zip archive, an attacker could possibly
execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:
unzip

6.0-12ubuntu1.1
Ubuntu 14.04 LTS:
unzip

6.0-9ubuntu1.1
Ubuntu 12.04 LTS:
unzip

6.0-4ubuntu2.1
Ubuntu 10.04 LTS:
unzip

6.0-1ubuntu0.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2014-8139,

CVE-2014-8140,

CVE-2014-8141

Ubuntu

USN-2458-1: Firefox vulnerabilities

Ubuntu Security Notice USN-2458-1

14th January, 2015

firefox vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Firefox could be made to crash or run programs as your login if it
opened a malicious website.

Software description

  • firefox
    – Mozilla Open Source web browser

Details

Christian Holler, Patrick McManus, Christoph Diehl, Gary Kwong, Jesse
Ruderman, Byron Campen, Terrence Cole, and Nils Ohlmeier discovered
multiple memory safety issues in Firefox. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
these to cause a denial of service via application crash, or execute
arbitrary code with the privileges of the user invoking Firefox.
(CVE-2014-8634, CVE-2014-8635)

Bobby Holley discovered that some DOM objects with certain properties
can bypass XrayWrappers in some circumstances. If a user were tricked in
to opening a specially crafted website, an attacker could potentially
exploit this to bypass security restrictions. (CVE-2014-8636)

Michal Zalewski discovered a use of uninitialized memory when rendering
malformed bitmap images on a canvas element. If a user were tricked in to
opening a specially crafted website, an attacker could potentially
exploit this to steal confidential information. (CVE-2014-8637)

Muneaki Nishimura discovered that requests from navigator.sendBeacon()
lack an origin header. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to conduct
cross-site request forgery (XSRF) attacks. (CVE-2014-8638)

Xiaofeng Zheng discovered that a web proxy returning a 407 response
could inject cookies in to the originally requested domain. If a user
connected to a malicious web proxy, an attacker could potentially exploit
this to conduct session-fixation attacks. (CVE-2014-8639)

Holger Fuhrmannek discovered a crash in Web Audio while manipulating
timelines. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial
of service. (CVE-2014-8640)

Mitchell Harper discovered a use-after-free in WebRTC. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2014-8641)

Brian Smith discovered that OCSP responses would fail to verify if signed
by a delegated OCSP responder certificate with the id-pkix-ocsp-nocheck
extension, potentially allowing a user to connect to a site with a revoked
certificate. (CVE-2014-8642)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:
firefox

35.0+build3-0ubuntu0.14.10.2
Ubuntu 14.04 LTS:
firefox

35.0+build3-0ubuntu0.14.04.2
Ubuntu 12.04 LTS:
firefox

35.0+build3-0ubuntu0.12.04.2

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make
all the necessary changes.

References

CVE-2014-8634,

CVE-2014-8635,

CVE-2014-8636,

CVE-2014-8637,

CVE-2014-8638,

CVE-2014-8639,

CVE-2014-8640,

CVE-2014-8641,

CVE-2014-8642

Ubuntu

USN-2458-2: Ubufox update

Ubuntu Security Notice USN-2458-2

14th January, 2015

ubufox update

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

This update provides compatible packages for Firefox 35.

Software description

  • ubufox
    – Ubuntu Firefox specific configuration defaults and apt support

Details

USN-2458-1 fixed vulnerabilities in Firefox. This update provides the
corresponding version of Ubufox.

Original advisory details:

Christian Holler, Patrick McManus, Christoph Diehl, Gary Kwong, Jesse
Ruderman, Byron Campen, Terrence Cole, and Nils Ohlmeier discovered
multiple memory safety issues in Firefox. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
these to cause a denial of service via application crash, or execute
arbitrary code with the privileges of the user invoking Firefox.
(CVE-2014-8634, CVE-2014-8635)

Bobby Holley discovered that some DOM objects with certain properties
can bypass XrayWrappers in some circumstances. If a user were tricked in
to opening a specially crafted website, an attacker could potentially
exploit this to bypass security restrictions. (CVE-2014-8636)

Michal Zalewski discovered a use of uninitialized memory when rendering
malformed bitmap images on a canvas element. If a user were tricked in to
opening a specially crafted website, an attacker could potentially
exploit this to steal confidential information. (CVE-2014-8637)

Muneaki Nishimura discovered that requests from navigator.sendBeacon()
lack an origin header. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to conduct
cross-site request forgery (XSRF) attacks. (CVE-2014-8638)

Xiaofeng Zheng discovered that a web proxy returning a 407 response
could inject cookies in to the originally requested domain. If a user
connected to a malicious web proxy, an attacker could potentially exploit
this to conduct session-fixation attacks. (CVE-2014-8639)

Holger Fuhrmannek discovered a crash in Web Audio while manipulating
timelines. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial
of service. (CVE-2014-8640)

Mitchell Harper discovered a use-after-free in WebRTC. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2014-8641)

Brian Smith discovered that OCSP responses would fail to verify if signed
by a delegated OCSP responder certificate with the id-pkix-ocsp-nocheck
extension, potentially allowing a user to connect to a site with a revoked
certificate. (CVE-2014-8642)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:
xul-ext-ubufox

3.0-0ubuntu0.14.10.1
Ubuntu 14.04 LTS:
xul-ext-ubufox

3.0-0ubuntu0.14.04.1
Ubuntu 12.04 LTS:
xul-ext-ubufox

3.0-0ubuntu0.12.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Firefox to make
all the necessary changes.