Resolved Bugs
1200085 – CVE-2015-1783 lasso: use of uninitialized value leading to a crash [fedora-all]
1199925 – CVE-2015-1783 lasso: use of uninitialized value leading to a crash<br
Security fix for CVE-2015-1783
Monthly Archives: March 2015
Fedora 22 Security Update: lasso-2.4.1-3.fc22
Fedora 22 Security Update: tcpdump-4.7.3-1.fc22
Resolved Bugs
1201573 – tcpdump-4.7.3 is available
1201799 – CVE-2015-0261 CVE-2015-2154 CVE-2015-2153 CVE-2015-2155 tcpdump: various flaws [fedora-all]
1201792 – CVE-2015-0261 tcpdump: IPv6 mobility printer mobility_opt_print() typecastimg/signedness error
1201795 – CVE-2015-2153 tcpdump: tcp printer rpki_rtr_pdu_print() missing length check
1201797 – CVE-2015-2154 tcpdump: ethernet printer osi_print_cksum() missing sanity checks out-of-bounds read<br
Rebase to 4.7.3 (#1201573). Contains security fix for CVE-2015-0261, CVE-2015-2154, CVE-2015-2153, CVE-2015-2155.
Fedora 21 Security Update: lasso-2.4.1-1.fc21
Fedora 22 Security Update: setroubleshoot-3.2.22-1.fc22
Fedora 22 Security Update: freeipa-4.1.4-1.fc22,slapi-nis-0.54.2-1.fc22
Resolved Bugs
1195729 – CVE-2015-0283 slapi-nis: infinite loop in getgrnam_r() and getgrgid_r()
1206049 – CVE-2015-0283 slapi-nis: infinite loop in getgrnam_r() and getgrgid_r() [fedora-all]
1205200 – CVE-2015-1827 ipa: memory corruption when using get_user_grouplist()
1206047 – CVE-2015-1827 freeipa: ipa: memory corruption when using get_user_grouplist() [fedora-all]<br
CVE-2015-1827: It was discovered that the IPA extdom Directory Server plug-in did not correctly perform memory reallocation when handling user account information. A request for a list of groups for a user that belongs to a large number of groups would cause a Directory Server to crash.
CVE-2015-0283: It was discovered that the slapi-nis Directory Server plug-in did not correctly perform memory reallocation when handling user account information. A request for information about a group with many members, or a request for a user that belongs to a large number of groups, would cause a Directory Server to enter an infinite loop and consume an excessive amount of CPU time.
These issues were discovered by Sumit Bose of Red Hat.
Fedora 22 Security Update: seamonkey-2.33.1-1.fc22
Resolved Bugs
1204761 – seamonkey-2.33.1.source is available<br
Update to 2.33.1
Fixes various security issues, see http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html for more info.
Fedora 21 Security Update: freeipa-4.1.4-1.fc21,slapi-nis-0.54.2-1.fc21
Resolved Bugs
1195729 – CVE-2015-0283 slapi-nis: infinite loop in getgrnam_r() and getgrgid_r()
1206049 – CVE-2015-0283 slapi-nis: infinite loop in getgrnam_r() and getgrgid_r() [fedora-all]
1205200 – CVE-2015-1827 ipa: memory corruption when using get_user_grouplist()
1206047 – CVE-2015-1827 freeipa: ipa: memory corruption when using get_user_grouplist() [fedora-all]<br
CVE-2015-1827: It was discovered that the IPA extdom Directory Server plug-in did not correctly perform memory reallocation when handling user account information. A request for a list of groups for a user that belongs to a large number of groups would cause a Directory Server to crash.
CVE-2015-0283: It was discovered that the slapi-nis Directory Server plug-in did not correctly perform memory reallocation when handling user account information. A request for information about a group with many members, or a request for a user that belongs to a large number of groups, would cause a Directory Server to enter an infinite loop and consume an excessive amount of CPU time.
These issues were discovered by Sumit Bose of Red Hat.
Fedora 22 Security Update: firefox-36.0.4-1.fc22
Update to latest upstream – 36.0.4
MDVSA-2015:097: php-ZendFramework
Updated php-ZendFramework packages fix multiple vulnerabilities:
XML eXternal Entity (XXE) and XML Entity Expansion (XEE) flaws were
discovered in the Zend Framework. An attacker could use these flaws
to cause a denial of service, access files accessible to the server
process, or possibly perform other more advanced XML External Entity
(XXE) attacks (CVE-2014-2681, CVE-2014-2682, CVE-2014-2683).
Using the Consumer component of Zend_OpenId, it is possible to
login using an arbitrary OpenID account (without knowing any secret
information) by using a malicious OpenID Provider. That means OpenID it
is possible to login using arbitrary OpenID Identity (MyOpenID, Google,
etc), which are not under the control of our own OpenID Provider. Thus,
we are able to impersonate any OpenID Identity against the framework
(CVE-2014-2684, CVE-2014-2685).
The implementation of the ORDER BY SQL statement in Zend_Db_Select
of Zend Framework 1 contains a potential SQL injection when the query
string passed contains parentheses (CVE-2014-4914).
Due to a bug in PHP’s LDAP extension, when ZendFramework’s Zend_ldap
class is used for logins, an attacker can login as any user by
using a null byte to bypass the empty password check and perform an
unauthenticated LDAP bind (CVE-2014-8088).
The sqlsrv PHP extension, which provides the ability to connect to
Microsoft SQL Server from PHP, does not provide a built-in quoting
mechanism for manually quoting values to pass via SQL queries;
developers are encouraged to use prepared statements. Zend Framework
provides quoting mechanisms via Zend_Db_Adapter_Sqlsrv which uses
the recommended double single quote (”) as quoting delimiters. SQL
Server treats null bytes in a query as a string terminator, allowing
an attacker to add arbitrary SQL following a null byte, and thus
create a SQL injection (CVE-2014-8089).