Resolved Bugs
1196154 – libmspack: various flaws [fedora-all]
1196153 – libmspack: off-by-one(?) buffer under-read in mspack/lzxd.c
1196157 – libmspack: off-by-one buffer over-read in mspack/mszipd.c
1180177 – libmspack: pointer arithmetic overflow during CHM decompression
1180180 – libmspack: pointer arithmetic overflow during CHM decompression [fedora-all]
1180175 – libmspack: denial of service while processing crafted CHM file (floating point exception)
1180178 – libmspack: denial of service while processing crafted CHM file (floating point exception) [fedora-all]
1178867 – CVE-2014-9556 libmspack: buffer overflow causing denial of service in qtmd_decompress()
1179822 – CVE-2014-9556 libmspack: buffer overflow causing denial of service in qtmd_decompress() [fedora-all]<br
updated to bugfix release 0.5alpha
Monthly Archives: March 2015
Fedora 20 Security Update: dokuwiki-0-0.24.20140929c.fc20
Resolved Bugs
1197822 – CVE-2015-2172 dokuwiki: privilege escalation in RPC API
1064524 – Wrong SELinux type in dokuwiki-selinux package
1150134 – dokuwiki: various security flaws [epel-all]
1174333 – CVE-2014-9253 dokuwiki: XSS via SFW file upload [epel-6]
1061477 – wiki:syntax page requires php-xml to render
1150133 – dokuwiki: various security flaws [fedora-all]
1174331 – CVE-2014-9253 dokuwiki: XSS via SFW file upload [fedora-all]
1161816 – dokuwiki is 5 months out of date, 2 versions and 3 hotfixes behind
1174332 – CVE-2014-9253 dokuwiki: XSS via SFW file upload [epel-5]
1101095 – New release available – 2014-05-05 “Ponder Stibbons”
1164396 – dokuwiki requires apache
1166099 – CVE-2012-6662 dokuwiki: jquery-ui: XSS vulnerability in default content in Tooltip widget [fedora-all]
1164394 – Add dokuwiki to epel7<br
This update fixes CVE-2015-2172
* There’s a security hole in the ACL plugins remote API component. The plugin failes to check for superuser permissions before executing ACL addition or deletion. This means everybody with permissions to call the XMLRPC API also has permissions to set up their own ACL rules and thus circumventing any existing rules.
Update to the 2014-09-29b release which contains various fixes, notably:
Security:
* CVE-2014-9253 – XSS via SFW file upload
* CVE-2012-6662 – jquery-ui XSS vulnerability
Bugfixes:
* dokuwiki requires php-xml (RHBZ#1061477)
* wrong SELinux file context for writable files/directories (RHBZ#1064524)
* drop httpd requirement (RHBZ#1164396)
Update to the 2014-09-29b release which contains various fixes, notably:
Security:
* CVE-2014-9253 – XSS via SFW file upload
* CVE-2012-6662 – jquery-ui XSS vulnerability
Bugfixes:
* dokuwiki requires php-xml (RHBZ#1061477)
* wrong SELinux file context for writable files/directories (RHBZ#1064524)
* drop httpd requirement (RHBZ#1164396)
Update to the 2014-09-29b release which contains various fixes, notably:
Security:
* CVE-2014-9253 – XSS via SFW file upload
* CVE-2012-6662 – jquery-ui XSS vulnerability
Bugfixes:
* dokuwiki requires php-xml (RHBZ#1061477)
* wrong SELinux file context for writable files/directories (RHBZ#1064524)
* drop httpd requirement (RHBZ#1164396)
Update to the 2014-09-29b release which contains various fixes, notably:
Security:
* CVE-2014-9253 – XSS via SFW file upload
* CVE-2012-6662 – jquery-ui XSS vulnerability
Bugfixes:
* dokuwiki requires php-xml (RHBZ#1061477)
* wrong SELinux file context for writable files/directories (RHBZ#1064524)
* drop httpd requirement (RHBZ#1164396)
This update adds dokuwiki package to EPEL7
Fedora 21 Security Update: dokuwiki-0-0.24.20140929c.fc21
Resolved Bugs
1197822 – CVE-2015-2172 dokuwiki: privilege escalation in RPC API
1064524 – Wrong SELinux type in dokuwiki-selinux package
1150134 – dokuwiki: various security flaws [epel-all]
1174333 – CVE-2014-9253 dokuwiki: XSS via SFW file upload [epel-6]
1061477 – wiki:syntax page requires php-xml to render
1150133 – dokuwiki: various security flaws [fedora-all]
1174331 – CVE-2014-9253 dokuwiki: XSS via SFW file upload [fedora-all]
1161816 – dokuwiki is 5 months out of date, 2 versions and 3 hotfixes behind
1174332 – CVE-2014-9253 dokuwiki: XSS via SFW file upload [epel-5]
1101095 – New release available – 2014-05-05 “Ponder Stibbons”
1164396 – dokuwiki requires apache
1166099 – CVE-2012-6662 dokuwiki: jquery-ui: XSS vulnerability in default content in Tooltip widget [fedora-all]
1164394 – Add dokuwiki to epel7<br
This update fixes CVE-2015-2172
* There’s a security hole in the ACL plugins remote API component. The plugin failes to check for superuser permissions before executing ACL addition or deletion. This means everybody with permissions to call the XMLRPC API also has permissions to set up their own ACL rules and thus circumventing any existing rules.
Update to the 2014-09-29b release which contains various fixes, notably:
Security:
* CVE-2014-9253 – XSS via SFW file upload
* CVE-2012-6662 – jquery-ui XSS vulnerability
Bugfixes:
* dokuwiki requires php-xml (RHBZ#1061477)
* wrong SELinux file context for writable files/directories (RHBZ#1064524)
* drop httpd requirement (RHBZ#1164396)
Update to the 2014-09-29b release which contains various fixes, notably:
Security:
* CVE-2014-9253 – XSS via SFW file upload
* CVE-2012-6662 – jquery-ui XSS vulnerability
Bugfixes:
* dokuwiki requires php-xml (RHBZ#1061477)
* wrong SELinux file context for writable files/directories (RHBZ#1064524)
* drop httpd requirement (RHBZ#1164396)
Update to the 2014-09-29b release which contains various fixes, notably:
Security:
* CVE-2014-9253 – XSS via SFW file upload
* CVE-2012-6662 – jquery-ui XSS vulnerability
Bugfixes:
* dokuwiki requires php-xml (RHBZ#1061477)
* wrong SELinux file context for writable files/directories (RHBZ#1064524)
* drop httpd requirement (RHBZ#1164396)
Update to the 2014-09-29b release which contains various fixes, notably:
Security:
* CVE-2014-9253 – XSS via SFW file upload
* CVE-2012-6662 – jquery-ui XSS vulnerability
Bugfixes:
* dokuwiki requires php-xml (RHBZ#1061477)
* wrong SELinux file context for writable files/directories (RHBZ#1064524)
* drop httpd requirement (RHBZ#1164396)
This update adds dokuwiki package to EPEL7
Fedora 21 Security Update: putty-0.64-1.fc21
OpenSSL TLS Export Cipher Suite Downgrade (CVE-2015-0204)
A vulnerability has been detected in the way OpenSSL handles TLS handshakes that use weak, legacy cipher suites. An attacker might leverage this vulnerability to intercept secure communications.
SSL Export Cipher Suite
Communication with SSL servers using weak, legacy “export-grade” cipher suites might be prone to attacks trying to intercept secure communications.
3046015 – Vulnerability in Schannel Could Allow Security Feature Bypass – Version: 1.1
Severity Rating: Important
Revision Note: V1.1 (March 5, 2015): Advisory revised to clarify the reason why no workaround exists for systems running Windows Server 2003. See the Advisory FAQ for more information.
Summary: Microsoft is aware of a security feature bypass vulnerability in Secure Channel (Schannel) that affects all supported releases of Microsoft Windows. Our investigation of the vulnerability has verified that the vulnerability could allow an attacker to force the downgrading of the cipher suites used in an SSL/TLS connection on a Windows client system. The vulnerability facilitates exploitation of the publicly disclosed FREAK technique, which is an industry-wide issue that is not specific to Windows operating systems. When this security advisory was originally issued, Microsoft had not received any information to indicate that this issue had been publicly used to attack customers. Technologies and best practices that protect against man-in-the-middle (MiTM) attacks similarly mitigate the risks associated with the vulnerability.
Wireshark Analyzer 1.12.4
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
HP Data Protector 8.10 Remote Command Execution
This Metasploit module exploits a remote command execution on HP Data Protector 8.10. Arbitrary commands can be execute by sending crafted requests with opcode 28 to the OmniInet service listening on the TCP/5555 port. Since there is an strict length limitation on the command, rundll32.exe is executed, and the payload is provided through a DLL by a fake SMB server. This Metasploit module has been tested successfully on HP Data Protector 8.1 on Windows 7 SP1.