Webshop Hun version 1.062S suffers from a cross site scripting vulnerability.
Monthly Archives: March 2015
Mandriva Linux Security Advisory 2015-055
Mandriva Linux Security Advisory 2015-055 – The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted OpenType font. The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted TrueType font. The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted TrueType font. Various other issues have also been addressed.
MDVSA-2015:055: freetype2
Updated freetype2 packages fix security vulnerabilities:
The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType
before 2.5.4 does not properly check for an integer overflow, which
allows remote attackers to cause a denial of service (out-of-bounds
read) or possibly have unspecified other impact via a crafted OpenType
font (CVE-2014-9656).
The tt_face_load_hdmx function in truetype/ttpload.c in FreeType
before 2.5.4 does not establish a minimum record size, which allows
remote attackers to cause a denial of service (out-of-bounds read)
or possibly have unspecified other impact via a crafted TrueType font
(CVE-2014-9657).
The tt_face_load_kern function in sfnt/ttkern.c in FreeType before
2.5.4 enforces an incorrect minimum table length, which allows
remote attackers to cause a denial of service (out-of-bounds read)
or possibly have unspecified other impact via a crafted TrueType font
(CVE-2014-9658).
The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4
does not properly handle a missing ENDCHAR record, which allows remote
attackers to cause a denial of service (NULL pointer dereference)
or possibly have unspecified other impact via a crafted BDF font
(CVE-2014-9660).
type42/t42parse.c in FreeType before 2.5.4 does not consider that
scanning can be incomplete without triggering an error, which allows
remote attackers to cause a denial of service (use-after-free) or
possibly have unspecified other impact via a crafted Type42 font
(CVE-2014-9661).
The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before
2.5.4 validates a certain length field before that field’s value
is completely calculated, which allows remote attackers to cause a
denial of service (out-of-bounds read) or possibly have unspecified
other impact via a crafted cmap SFNT table (CVE-2014-9663).
FreeType before 2.5.4 does not check for the end of the data during
certain parsing actions, which allows remote attackers to cause a
denial of service (out-of-bounds read) or possibly have unspecified
other impact via a crafted Type42 font, related to type42/t42parse.c
and type1/t1load.c (CVE-2014-9664).
The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before
2.5.4 proceeds with a count-to-size association without restricting
the count value, which allows remote attackers to cause a denial of
service (integer overflow and out-of-bounds read) or possibly have
unspecified other impact via a crafted embedded bitmap (CVE-2014-9666).
sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length
calculations without restricting the values, which allows remote
attackers to cause a denial of service (integer overflow and
out-of-bounds read) or possibly have unspecified other impact via a
crafted SFNT table (CVE-2014-9667).
Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4
allow remote attackers to cause a denial of service (out-of-bounds
read or memory corruption) or possibly have unspecified other impact
via a crafted cmap SFNT table (CVE-2014-9669).
Multiple integer signedness errors in the pcf_get_encodings function
in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to
cause a denial of service (integer overflow, NULL pointer dereference,
and application crash) via a crafted PCF file that specifies negative
values for the first column and first row (CVE-2014-9670).
Off-by-one error in the pcf_get_properties function in pcf/pcfread.c
in FreeType before 2.5.4 allows remote attackers to cause a denial of
service (NULL pointer dereference and application crash) via a crafted
PCF file with a 0xffffffff size value that is improperly incremented
(CVE-2014-9671).
Array index error in the parse_fond function in base/ftmac.c in
FreeType before 2.5.4 allows remote attackers to cause a denial
of service (out-of-bounds read) or obtain sensitive information
from process memory via a crafted FOND resource in a Mac font file
(CVE-2014-9672).
Integer signedness error in the Mac_Read_POST_Resource function in
base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to
cause a denial of service (heap-based buffer overflow) or possibly
have unspecified other impact via a crafted Mac font (CVE-2014-9673).
The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before
2.5.4 proceeds with adding to length values without validating the
original values, which allows remote attackers to cause a denial of
service (integer overflow and heap-based buffer overflow) or possibly
have unspecified other impact via a crafted Mac font (CVE-2014-9674).
bdf/bdflib.c in FreeType before 2.5.4 identifies property names by
only verifying that an initial substring is present, which allows
remote attackers to discover heap pointer values and bypass the ASLR
protection mechanism via a crafted BDF font (CVE-2014-9675).
MDVSA-2015:054: bind
Updated bind packages fix security vulnerability:
Jan-Piet Mens discovered that the BIND DNS server would crash when
processing an invalid DNSSEC key rollover, either due to an error
on the zone operator’s part, or due to interference with network
traffic by an attacker. This issue affects configurations with the
directives “dnssec-lookaside auto;” (as enabled in the Mageia default
configuration) or “dnssec-validation auto;” (CVE-2015-1349).
RHSA-2015:0288-1: Important: foreman-proxy security update
Red Hat Enterprise Linux: Updated foreman-proxy packages that fix one security issue are now
available for Red Hat Enterprise Linux OpenStack Platform 4.0.
Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
CVE-2014-3691
RHSA-2015:0287-1: Important: foreman-proxy security update
Red Hat Enterprise Linux: Updated foreman-proxy packages that fix one security issue are now
available for Red Hat Enterprise Linux OpenStack Platform Foreman.
Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
CVE-2014-3691
RHSA-2015:0286-1: Low: Red Hat Enterprise Linux 6.4 Extended Update Support Retirement Notice
Red Hat Enterprise Linux: This is the final notification for the retirement of Red Hat Enterprise
Linux 6.4 Extended Update Support (EUS). This notification applies only to
those customers subscribed to the Extended Update Support (EUS) channel for
Red Hat Enterprise Linux 6.4.
Webshop Hun 1.062S SQL Injection
Webshop Hun version 1.062S suffers from a remote SQL injection vulnerability.
USN-2515-2: Linux kernel (Trusty HWE) vulnerabilities regression
Ubuntu Security Notice USN-2515-2
4th March, 2015
linux-lts-trusty vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 12.04 LTS
Summary
USN-2515-1 introduced a regression in the Linux kernel.
Software description
- linux-lts-trusty
– Linux hardware enablement kernel from Trusty
Details
USN-2515-1 fixed vulnerabilities in the Linux kernel. There was an unrelated
regression in the use of the virtual counter (CNTVCT) on arm64 architectures.
This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
A flaw was discovered in the Kernel Virtual Machine’s (KVM) emulation of
the SYSTENTER instruction when the guest OS does not initialize the
SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of
service of the guest OS (crash) or potentially gain privileges on the guest
OS. (CVE-2015-0239)
Andy Lutomirski discovered an information leak in the Linux kernel’s Thread
Local Storage (TLS) implementation allowing users to bypass the espfix to
obtain information that could be used to bypass the Address Space Layout
Randomization (ASLR) protection mechanism. A local user could exploit this
flaw to obtain potentially sensitive information from kernel memory.
(CVE-2014-8133)
A restriction bypass was discovered in iptables when conntrack rules are
specified and the conntrack protocol handler module is not loaded into the
Linux kernel. This flaw can cause the firewall rules on the system to be
bypassed when conntrack rules are used. (CVE-2014-8160)
A flaw was discovered with file renaming in the linux kernel. A local user
could exploit this flaw to cause a denial of service (deadlock and system
hang). (CVE-2014-8559)
A flaw was discovered in how supplemental group memberships are handled in
certain namespace scenarios. A local user could exploit this flaw to bypass
file permission restrictions. (CVE-2014-8989)
A flaw was discovered in how Thread Local Storage (TLS) is handled by the
task switching function in the Linux kernel for x86_64 based machines. A
local user could exploit this flaw to bypass the Address Space Layout
Radomization (ASLR) protection mechanism. (CVE-2014-9419)
Prasad J Pandit reported a flaw in the rock_continue function of the Linux
kernel’s ISO 9660 CDROM file system. A local user could exploit this flaw
to cause a denial of service (system crash or hang). (CVE-2014-9420)
A flaw was discovered in the fragment handling of the B.A.T.M.A.N. Advanced
Meshing Protocol in the Linux kernel. A remote attacker could exploit this
flaw to cause a denial of service (mesh-node system crash) via fragmented
packets. (CVE-2014-9428)
A race condition was discovered in the Linux kernel’s key ring. A local
user could cause a denial of service (memory corruption or panic) or
possibly have unspecified impact via the keyctl commands. (CVE-2014-9529)
A memory leak was discovered in the ISO 9660 CDROM file system when parsing
rock ridge ER records. A local user could exploit this flaw to obtain
sensitive information from kernel memory via a crafted iso9660 image.
(CVE-2014-9584)
A flaw was discovered in the Address Space Layout Randomization (ASLR) of
the Virtual Dynamically linked Shared Objects (vDSO) location. This flaw
makes it easier for a local user to bypass the ASLR protection mechanism.
(CVE-2014-9585)
Dmitry Chernenkov discovered a buffer overflow in eCryptfs’ encrypted file
name decoding. A local unprivileged user could exploit this flaw to cause a
denial of service (system crash) or potentially gain administrative
privileges. (CVE-2014-9683)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 12.04 LTS:
-
linux-image-3.13.0-46-generic-lpae
3.13.0-46.77~precise1
-
linux-image-3.13.0-46-generic
3.13.0-46.77~precise1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References
USN-2516-3: Linux kernel vulnerabilities regression
Ubuntu Security Notice USN-2516-3
4th March, 2015
linux vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 14.04 LTS
Summary
USN-2516-1 introduced a regression in the Linux kernel.
Software description
- linux
– Linux kernel
Details
USN-2516-1 fixed vulnerabilities in the Linux kernel, and the fix in
USN-2516-2 was incomplete. There was an unrelated regression in the use of
the virtual counter (CNTVCT) on arm64 architectures.
This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
A flaw was discovered in the Kernel Virtual Machine’s (KVM) emulation of
the SYSTENTER instruction when the guest OS does not initialize the
SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of
service of the guest OS (crash) or potentially gain privileges on the guest
OS. (CVE-2015-0239)
Andy Lutomirski discovered an information leak in the Linux kernel’s Thread
Local Storage (TLS) implementation allowing users to bypass the espfix to
obtain information that could be used to bypass the Address Space Layout
Randomization (ASLR) protection mechanism. A local user could exploit this
flaw to obtain potentially sensitive information from kernel memory.
(CVE-2014-8133)
A restriction bypass was discovered in iptables when conntrack rules are
specified and the conntrack protocol handler module is not loaded into the
Linux kernel. This flaw can cause the firewall rules on the system to be
bypassed when conntrack rules are used. (CVE-2014-8160)
A flaw was discovered with file renaming in the linux kernel. A local user
could exploit this flaw to cause a denial of service (deadlock and system
hang). (CVE-2014-8559)
A flaw was discovered in how supplemental group memberships are handled in
certain namespace scenarios. A local user could exploit this flaw to bypass
file permission restrictions. (CVE-2014-8989)
A flaw was discovered in how Thread Local Storage (TLS) is handled by the
task switching function in the Linux kernel for x86_64 based machines. A
local user could exploit this flaw to bypass the Address Space Layout
Radomization (ASLR) protection mechanism. (CVE-2014-9419)
Prasad J Pandit reported a flaw in the rock_continue function of the Linux
kernel’s ISO 9660 CDROM file system. A local user could exploit this flaw
to cause a denial of service (system crash or hang). (CVE-2014-9420)
A flaw was discovered in the fragment handling of the B.A.T.M.A.N. Advanced
Meshing Protocol in the Linux kernel. A remote attacker could exploit this
flaw to cause a denial of service (mesh-node system crash) via fragmented
packets. (CVE-2014-9428)
A race condition was discovered in the Linux kernel’s key ring. A local
user could cause a denial of service (memory corruption or panic) or
possibly have unspecified impact via the keyctl commands. (CVE-2014-9529)
A memory leak was discovered in the ISO 9660 CDROM file system when parsing
rock ridge ER records. A local user could exploit this flaw to obtain
sensitive information from kernel memory via a crafted iso9660 image.
(CVE-2014-9584)
A flaw was discovered in the Address Space Layout Randomization (ASLR) of
the Virtual Dynamically linked Shared Objects (vDSO) location. This flaw
makes it easier for a local user to bypass the ASLR protection mechanism.
(CVE-2014-9585)
Dmitry Chernenkov discovered a buffer overflow in eCryptfs’ encrypted file
name decoding. A local unprivileged user could exploit this flaw to cause a
denial of service (system crash) or potentially gain administrative
privileges. (CVE-2014-9683)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 14.04 LTS:
-
linux-image-3.13.0-46-generic-lpae
3.13.0-46.77
-
linux-image-3.13.0-46-generic
3.13.0-46.77
-
linux-image-3.13.0-46-powerpc-e500mc
3.13.0-46.77
-
linux-image-3.13.0-46-powerpc-smp
3.13.0-46.77
-
linux-image-3.13.0-46-powerpc64-emb
3.13.0-46.77
-
linux-image-3.13.0-46-powerpc-e500
3.13.0-46.77
-
linux-image-3.13.0-46-powerpc64-smp
3.13.0-46.77
-
linux-image-3.13.0-46-lowlatency
3.13.0-46.77
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make
all the necessary changes.