Red Hat Enterprise Linux: An updated golang-github-gorilla-mux package that fixes several bugs and adds
various enhancements is now available for Red Hat Enterprise Linux 7.
Monthly Archives: January 2015
USN-2483-1: JasPer vulnerabilities
Ubuntu Security Notice USN-2483-1
26th January, 2015
jasper vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
JasPer could be made to crash or run programs as your login if it
opened a specially crafted file.
Software description
- jasper
– Library for manipulating JPEG-2000 files
Details
Jose Duart discovered that JasPer incorrectly handled ICC color profiles in
JPEG-2000 image files. If a user were tricked into opening a specially
crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash
or possibly execute arbitrary code with user privileges. (CVE-2014-8137)
Jose Duart discovered that JasPer incorrectly decoded certain malformed
JPEG-2000 image files. If a user were tricked into opening a specially
crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash
or possibly execute arbitrary code with user privileges. (CVE-2014-8138)
It was discovered that JasPer incorrectly handled certain malformed
JPEG-2000 image files. If a user were tricked into opening a specially
crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash
or possibly execute arbitrary code with user privileges. (CVE-2014-8157)
It was discovered that JasPer incorrectly handled memory when processing
JPEG-2000 image files. If a user were tricked into opening a specially
crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash
or possibly execute arbitrary code with user privileges. (CVE-2014-8158)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 14.10:
-
libjasper1
1.900.1-debian1-2ubuntu0.2
- Ubuntu 14.04 LTS:
-
libjasper1
1.900.1-14ubuntu3.2
- Ubuntu 12.04 LTS:
-
libjasper1
1.900.1-13ubuntu0.2
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
USN-2483-2: Ghostscript vulnerabilities
Ubuntu Security Notice USN-2483-2
26th January, 2015
ghostscript vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 10.04 LTS
Summary
Ghostscript could be made to crash or run programs as your login if it
opened a specially crafted file.
Software description
- ghostscript
– PostScript and PDF interpreter
Details
USN-2483-1 fixed vulnerabilities in JasPer. This update provides the
corresponding fix for the JasPer library embedded in the Ghostscript
package.
Original advisory details:
Jose Duart discovered that JasPer incorrectly handled ICC color profiles in
JPEG-2000 image files. If a user were tricked into opening a specially
crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash
or possibly execute arbitrary code with user privileges. (CVE-2014-8137)
Jose Duart discovered that JasPer incorrectly decoded certain malformed
JPEG-2000 image files. If a user were tricked into opening a specially
crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash
or possibly execute arbitrary code with user privileges. (CVE-2014-8138)
It was discovered that JasPer incorrectly handled certain malformed
JPEG-2000 image files. If a user were tricked into opening a specially
crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash
or possibly execute arbitrary code with user privileges. (CVE-2014-8157)
It was discovered that JasPer incorrectly handled memory when processing
JPEG-2000 image files. If a user were tricked into opening a specially
crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash
or possibly execute arbitrary code with user privileges. (CVE-2014-8158)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 10.04 LTS:
-
libgs8
8.71.dfsg.1-0ubuntu5.7
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
USN-2484-1: Unbound vulnerability
Ubuntu Security Notice USN-2484-1
26th January, 2015
unbound vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
Summary
Unbound could be made to consume resources if it received specially crafted
network traffic.
Software description
- unbound
– validating, recursive, caching DNS resolver
Details
Florian Maury discovered that Unbound incorrectly handled delegation. A
remote attacker could possibly use this issue to cause Unbound to consume
resources, resulting in a denial of service.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 14.10:
-
libunbound2
1.4.22-1ubuntu4.14.10.1
-
unbound
1.4.22-1ubuntu4.14.10.1
- Ubuntu 14.04 LTS:
-
libunbound2
1.4.22-1ubuntu4.14.04.1
-
unbound
1.4.22-1ubuntu4.14.04.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
USN-2476-1: Oxide vulnerabilities
Ubuntu Security Notice USN-2476-1
26th January, 2015
oxide-qt vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
Summary
Several security issues were fixed in Oxide.
Software description
- oxide-qt
– Web browser engine library for Qt (QML plugin)
Details
Several memory corruption bugs were discovered in ICU. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via renderer crash
or execute arbitrary code with the privileges of the sandboxed render
process. (CVE-2014-7923, CVE-2014-7926)
A use-after-free was discovered in the IndexedDB implementation. If a user
were tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via application
crash or execute arbitrary code with the privileges of the user invoking
the program. (CVE-2014-7924)
A use-after free was discovered in the WebAudio implementation in Blink.
If a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service via
renderer crash or execute arbitrary code with the privileges of the
sandboxed render process. (CVE-2014-7925)
Several memory corruption bugs were discovered in V8. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via renderer crash
or execute arbitrary code with the privileges of the sandboxed render
process. (CVE-2014-7927, CVE-2014-7928, CVE-2014-7931)
Several use-after free bugs were discovered in the DOM implementation in
Blink. If a user were tricked in to opening a specially crafted website,
an attacker could potentially exploit these to cause a denial of service
via renderer crash or execute arbitrary code with the privileges of the
sandboxed render process. (CVE-2014-7929, CVE-2014-7930, CVE-2014-7932,
CVE-2014-7934)
A use-after free was discovered in FFmpeg. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to cause a denial of service via renderer crash or execute arbitrary
code with the privileges of the sandboxed render process. (CVE-2014-7933)
Multiple off-by-one errors were discovered in FFmpeg. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via renderer crash
or execute arbitrary code with the privileges of the sandboxed render
process. (CVE-2014-7937)
A memory corruption bug was discovered in the fonts implementation. If a
user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to cause a denial of service via renderer
crash or execute arbitrary code with the privileges of the sandboxed
render process. (CVE-2014-7938)
It was discovered that ICU did not initialize memory for a data structure
correctly. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via renderer crash or execute arbitrary code with the privileges
of the sandboxed render process. (CVE-2014-7940)
It was discovered that the fonts implementation did not initialize memory
for a data structure correctly. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
cause a denial of service via renderer crash or execute arbitrary code
with the privileges of the sandboxed render process. (CVE-2014-7942)
An out-of-bounds read was discovered in Skia. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to cause a denial of service via renderer crash. (CVE-2014-7943)
An out-of-bounds read was discovered in Blink. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to cause a denial of service via renderer crash. (CVE-2014-7946)
It was discovered that the AppCache proceeded with caching for SSL
sessions even if there is a certificate error. A remote attacker could
potentially exploit this by conducting a MITM attack to modify HTML
application content. (CVE-2014-7948)
Multiple security issues were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to read uninitialized memory, cause a denial
of service via application crash or execute arbitrary code with the
privileges of the user invoking the program. (CVE-2015-1205)
Multiple security issues were discovered in V8. If a user were tricked
in to opening a specially crafted website, an attacker could potentially
exploit these to read uninitialized memory, cause a denial of service via
renderer crash or execute arbitrary code with the privileges of the
sandboxed render process. (CVE-2015-1346)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 14.10:
-
liboxideqtcore0
1.4.2-0ubuntu0.14.10.1
-
oxideqt-codecs
1.4.2-0ubuntu0.14.10.1
-
oxideqt-codecs-extra
1.4.2-0ubuntu0.14.10.1
- Ubuntu 14.04 LTS:
-
liboxideqtcore0
1.4.2-0ubuntu0.14.04.1
-
oxideqt-codecs
1.4.2-0ubuntu0.14.04.1
-
oxideqt-codecs-extra
1.4.2-0ubuntu0.14.04.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
Fedora 20 Security Update: maradns-2.0.11-1.fc20
This upgrade fixes CERT VU#264212 (infinite referral loop) along with few other fixes. Full details at http://samiam.org/blog/2015-01-25.html
Fedora 21 Security Update: vorbis-tools-1.4.0-18.fc21
Fedora 20 Security Update: maradns-2.0.10-1.fc20
This upgrade fixes CERT VU#264212 (infinite referral loop) along with few other fixes. Full details at http://samiam.org/blog/2015-01-25.html
Fedora 20 Security Update: unzip-6.0-15.fc20
Fedora 21 Security Update: privoxy-3.0.23-1.fc21
Resolved Bugs
1185926 – privoxy: security fixes in 3.0.23 [epel-all]
1185925 – privoxy: security fixes in 3.0.23 [fedora-all]<br
It was reported [1] that Privoxy 3.0.23 contains fixes for the following security issues:
– Fixed a DoS issue in case of client requests with incorrect
chunk-encoded body. When compiled with assertions enabled
(the default) they could previously cause Privoxy to abort().
Reported by Matthew Daley.
http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/jcc.c?r1=1.433&r2=1.434
– Fixed multiple segmentation faults and memory leaks in the
pcrs code. This fix also increases the chances that an invalid
pcrs command is rejected as such. Previously some invalid commands
would be loaded without error. Note that Privoxy’s pcrs sources
(action and filter files) are considered trustworthy input and
should not be writable by untrusted third-parties.
http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/pcrs.c?r1=1.46&r2=1.47
– Fixed an ‘invalid read’ bug which could at least theoretically
cause Privoxy to crash.
http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.297&r2=1.298
[1]: http://seclists.org/oss-sec/2015/q1/259