Monthly Archives: February 2015

Ubuntu

USN-2504-1: NSS update

Ubuntu Security Notice USN-2504-1

19th February, 2015

nss update

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS

Summary

NSS was updated to refresh the CA certificates bundle.

Software description

  • nss
    – Network Security Service library

Details

The NSS package contained outdated CA certificates. This update refreshes
the NSS package to version 3.17.4 which includes the latest CA certificate
bundle.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:
libnss3

2:3.17.4-0ubuntu0.14.10.1
Ubuntu 14.04 LTS:
libnss3

2:3.17.4-0ubuntu0.14.04.1
Ubuntu 12.04 LTS:
libnss3

3.17.4-0ubuntu0.12.04.1
Ubuntu 10.04 LTS:
libnss3-1d

3.17.4-0ubuntu0.10.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use NSS, such as Evolution and Chromium, to make all the necessary
changes.

References

LP: 1423031

Checkpoint

SuperFish Adware Root Certificate

SuperFish Adware is a software that uses SSL man-in-the-middle (MitM) technique in order to intercept SSL sessions and inject its own content into the session. The certificate used by SuperFish has been decrypted, and therefore, attackers might exploit it to disclose confidential or private information passed over SuperFish SSL channel, or tamper with such information and change it.

Fedora

Fedora 21 Security Update: php-5.6.6-1.fc21

19 Feb 2015, PHP 5.6.6
Core:
* Removed support for multi-line headers, as the are deprecated by RFC 7230. (Stas)
* Fixed bug #67068 (getClosure returns somethings that’s not a closure). (Danack at basereality dot com)
* Fixed bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone). (CVE-2015-0273) (Stas)
* Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname buffer overflow). (Stas)
* Fixed Bug #67988 (htmlspecialchars() does not respect default_charset specified by ini_set) (Yasuo)
* Added NULL byte protection to exec, system and passthru. (Yasuo)
Dba:
* Fixed bug #68711 (useless comparisons). (bugreports at internot dot info)
Enchant:
* Fixed bug #68552 (heap buffer overflow in enchant_broker_request_dict()). (Antony)
Fileinfo:
* Fixed bug #68827 (Double free with disabled ZMM). (Joshua Rogers)
* Fixed bug #67647 (Bundled libmagic 5.17 does not detect quicktime files correctly). (Anatol)
* Fixed bug #68731 (finfo_buffer doesn’t extract the correct mime with some gifs). (Anatol)
FPM:
* Fixed bug #66479 (Wrong response to FCGI_GET_VALUES). (Frank Stolle)
* Fixed bug #68571 (core dump when webserver close the socket). (redfoxli069 at gmail dot com, Laruence)
LIBXML:
* Fixed bug #64938 (libxml_disable_entity_loader setting is shared between threads). (Martin Jansen)
Mysqli:
* Fixed bug #68114 (linker error on some OS X machines with fixed width decimal support) (Keyur Govande)
* Fixed bug #68657 (Reading 4 byte floats with Mysqli and libmysqlclient has rounding errors) (Keyur Govande)
Opcache:
* Fixed bug with try blocks being removed when extended_info opcode generation is turned on. (Laruence)
PDO_mysql:
* Fixed bug #68750 (PDOMysql with mysqlnd does not allow the usage of named pipes). (steffenb198 at aol dot com)
Phar:
* Fixed bug #68901 (use after free). (bugreports at internot dot info)
Pgsql:
* Fixed Bug #65199 (pg_copy_from() modifies input array variable) (Yasuo)
Session:
* Fixed bug #68941 (mod_files.sh is a bash-script) (bugzilla at ii.nl, Yasuo)
* Fixed Bug #66623 (no EINTR check on flock) (Yasuo)
* Fixed bug #68063 (Empty session IDs do still start sessions) (Yasuo)
Sqlite3:
* Fixed bug #68260 (SQLite3Result::fetchArray declares wrong required_num_args). (Julien)
Standard:
* Fixed bug #65272 (flock() out parameter not set correctly in windows). (Daniel Lowrey)
* Fixed bug #69033 (Request may get env. variables from previous requests if PHP works as FastCGI). (Anatol)
Streams:
* Fixed bug which caused call after final close on streams filter. (Bob)

Fedora

Fedora 20 Security Update: php-5.5.22-1.fc20

19 Feb 2015, PHP 5.5.22
Core:
* Fixed bug #67068 (getClosure returns somethings that’s not a closure). (Danack at basereality dot com)
* Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname buffer overflow). (Stas)
* Fixed bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone). (CVE-2015-0273) (Stas)
* Added NULL byte protection to exec, system and passthru. (Yasuo)
* Removed support for multi-line headers, as the are deprecated by RFC 7230. (Stas)
Date:
* Fixed bug #45081 (strtotime incorrectly interprets SGT time zone). (Derick)
Dba:
* Fixed bug #68711 (useless comparisons). (bugreports at internot dot info)
Enchant:
* Fixed bug #6855 (heap buffer overflow in enchant_broker_request_dict()). (Antony)
Fileinfo:
* Fixed bug #68827 (Double free with disabled ZMM). (Joshua Rogers)
FPM:
* Fixed bug #66479 (Wrong response to FCGI_GET_VALUES). (Frank Stolle)
* Fixed bug #68571 (core dump when webserver close the socket). (redfoxli069 at gmail dot com, Laruence)
Libxml:
* Fixed bug #64938 (libxml_disable_entity_loader setting is shared between threads). (Martin Jansen)
OpenSSL:
* Fixed bug #55618 (use case-insensitive cert name matching). (Daniel Lowrey)
PDO_mysql:
* Fixed bug #68750 (PDOMysql with mysqlnd does not allow the usage of named pipes). ([email protected])
Phar:
* Fixed bug #68901 (use after free). (bugreports at internot dot info)
Pgsql:
* Fixed Bug #65199 ‘pg_copy_from() modifies input array variable). (Yasuo)
Sqlite3:
* Fixed bug #68260 (SQLite3Result::fetchArray declares wrong required_num_args). (Julien)
Mysqli:
* Fixed bug #68114 (linker error on some OS X machines with fixed width decimal support) (Keyur Govande)
* Fixed bug #68657 (Reading 4 byte floats with Mysqli and libmysqlclient has rounding errors) (Keyur Govande)
Session:
* Fixed bug #68941 (mod_files.sh is a bash-script) (bugzilla at ii.nl, Yasuo)
* Fixed Bug #66623 (no EINTR check on flock) (Yasuo)
* Fixed bug #68063 (Empty session IDs do still start sessions) (Yasuo)
Standard:
* Fixed bug #65272 (flock() out parameter not set correctly in windows). (Daniel Lowrey)
* Fixed bug #69033 (Request may get env. variables from previous requests if PHP works as FastCGI)
Streams:
* Fixed bug which caused call after final close on streams filter. (Bob)

Fedora

Fedora 20 Security Update: nodejs-0.10.36-3.fc20,libuv-0.10.34-1.fc20,v8-3.14.5.10-17.fc20

Resolved Bugs
1194651 – CVE-2015-0278 libuv: incorrect revocation order while relinquishing privileges
1195457 – nodejs-0.10.36 causes undefined symbols
1194653 – libuv: incorrect revocation order while relinquishing privileges [fedora-all]<br
# nodejs
* tls: re-add 1024-bit SSL certs removed by f9456a2 (Chris Dickinson)
* timers: don’t close interval timers when unrefd (Julien Gilli)
* timers: don’t mutate unref list while iterating it (Julien Gilli)
* child_process: check execFile args is an array (Sam Roberts)
* child_process: check fork args is an array (Sam Roberts)
* crypto: update root certificates (Ben Noordhuis)
* domains: fix issues with abort on uncaught (Julien Gilli)
* timers: Avoid linear scan in _unrefActive. (Julien Gilli)
* timers: fix unref() memory leak (Trevor Norris)
* debugger: fix when using “use strict” (Julien Gilli)
# libuv
* linux: fix epoll_pwait() regression with < 2.6.19 (Ben Noordhuis)
* linux: fix epoll_pwait() sigmask size calculation (Ben Noordhuis)
* linux: fix sigmask size arg in epoll_pwait() call (Ben Noordhuis)
* linux: handle O_NONBLOCK != SOCK_NONBLOCK case (Helge Deller)
* doc: update project links (Ben Noordhuis)
* unix: add flag for blocking SIGPROF during poll (Ben Noordhuis)
* unix, windows: add uv_loop_configure() function (Ben Noordhuis)
# v8
* Fix debugger and strict mode regression (Julien Gilli)
* don’t busy loop in cpu profiler thread (Ben Noordhuis)
* add api for aborting on uncaught exception (Julien Gilli)

Fedora

Fedora 21 Security Update: nodejs-0.10.36-3.fc21,libuv-0.10.34-1.fc21,v8-3.14.5.10-17.fc21

Resolved Bugs
1194651 – CVE-2015-0278 libuv: incorrect revocation order while relinquishing privileges
1195457 – nodejs-0.10.36 causes undefined symbols
1194653 – libuv: incorrect revocation order while relinquishing privileges [fedora-all]<br
# nodejs
* tls: re-add 1024-bit SSL certs removed by f9456a2 (Chris Dickinson)
* timers: don’t close interval timers when unrefd (Julien Gilli)
* timers: don’t mutate unref list while iterating it (Julien Gilli)
* child_process: check execFile args is an array (Sam Roberts)
* child_process: check fork args is an array (Sam Roberts)
* crypto: update root certificates (Ben Noordhuis)
* domains: fix issues with abort on uncaught (Julien Gilli)
* timers: Avoid linear scan in _unrefActive. (Julien Gilli)
* timers: fix unref() memory leak (Trevor Norris)
* debugger: fix when using “use strict” (Julien Gilli)
# libuv
* linux: fix epoll_pwait() regression with < 2.6.19 (Ben Noordhuis)
* linux: fix epoll_pwait() sigmask size calculation (Ben Noordhuis)
* linux: fix sigmask size arg in epoll_pwait() call (Ben Noordhuis)
* linux: handle O_NONBLOCK != SOCK_NONBLOCK case (Helge Deller)
* doc: update project links (Ben Noordhuis)
* unix: add flag for blocking SIGPROF during poll (Ben Noordhuis)
* unix, windows: add uv_loop_configure() function (Ben Noordhuis)
# v8
* Fix debugger and strict mode regression (Julien Gilli)
* don’t busy loop in cpu profiler thread (Ben Noordhuis)
* add api for aborting on uncaught exception (Julien Gilli)