Ubuntu

USN-2578-1: LibreOffice vulnerabilities

April 27, 2015 007admin

Ubuntu Security Notice USN-2578-1

27th April, 2015

libreoffice vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.10
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS

Summary

LibreOffice could be made to crash or run programs as your login if it
opened a specially crafted file.

Software description

libreoffice
– Office productivity suite

Details

Alexander Cherepanov discovered that LibreOffice incorrectly handled
certain RTF files. If a user were tricked into opening a specially crafted
RTF document, a remote attacker could cause LibreOffice to crash, and
possibly execute arbitrary code. (CVE-2014-9093)

It was discovered that LibreOffice incorrectly handled certain HWP files.
If a user were tricked into opening a specially crafted HWP document, a
remote attacker could cause LibreOffice to crash, and possibly execute
arbitrary code. (CVE-2015-1774)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:: libreoffice-core

1:4.3.7~rc2-0ubuntu1
Ubuntu 14.04 LTS:: libreoffice-core

1:4.2.8-0ubuntu2
Ubuntu 12.04 LTS:: libreoffice-core

1:3.5.7-0ubuntu8

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart LibreOffice to make all
the necessary changes.

References

CVE-2014-9093,

CVE-2015-1774

Ubuntu

USN-2579-1: autofs vulnerability

April 27, 2015 007admin

Ubuntu Security Notice USN-2579-1

27th April, 2015

autofs vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.10

Summary

autofs could be made to run programs as an administrator if program maps
were configured.

Software description

autofs
– kernel-based automounter for Linux

Details

It was discovered that autofs incorrectly filtered environment variables
when using program maps. When program maps were configured, a local user
could use this issue to escalate privileges.

This update changes the default behaviour by adding a prefix to environment
variables. Sites using program maps will need to adapt to the new variable
names, or revert to the previous names by using a new configuration option
called FORCE_STANDARD_PROGRAM_MAP_ENV.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:: autofs

5.0.8-1ubuntu1.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2014-8169

Ubuntu

USN-2580-1: tcpdump vulnerabilities

April 27, 2015 007admin

Ubuntu Security Notice USN-2580-1

27th April, 2015

tcpdump vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.10
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS

Summary

tcpdump could be made to crash or run programs if it received specially
crafted network traffic.

Software description

tcpdump
– command-line network traffic analyzer

Details

It was discovered that tcpdump incorrectly handled printing certain
packets. A remote attacker could use this issue to cause tcpdump to crash,
resulting in a denial of service, or possibly execute arbitrary code.

In the default installation, attackers would be isolated by the tcpdump
AppArmor profile.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:: tcpdump

4.6.2-1ubuntu1.2
Ubuntu 14.04 LTS:: tcpdump

4.5.1-2ubuntu1.2
Ubuntu 12.04 LTS:: tcpdump

4.2.1-1ubuntu2.2

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

Ubuntu

USN-2570-1: Oxide vulnerabilities

April 27, 2015 007admin

Ubuntu Security Notice USN-2570-1

27th April, 2015

oxide-qt vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu (vivid)
Ubuntu 14.10
Ubuntu 14.04 LTS

Summary

Several security issues were fixed in Oxide.

Software description

oxide-qt
– Web browser engine library for Qt (QML plugin)

Details

An issue was discovered in the HTML parser in Blink. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to bypass same-origin restrictions.
(CVE-2015-1235)

An issue was discovered in the Web Audio API implementation in Blink. If
a user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to bypass same-origin restrictions.
(CVE-2015-1236)

A use-after-free was discovered in Chromium. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to cause a denial of service via renderer crash, or execute arbitrary
code with the privileges of the sandboxed render process. (CVE-2015-1237)

An out-of-bounds write was discovered in Skia. If a user were tricked in
to opening a specially crafted website, an attacker could potentially
exploit this to cause a denial of service via application crash or execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2015-1238)

An out-of-bounds read was discovered in the WebGL implementation. If a
user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to cause a denial of service via renderer
crash. (CVE-2015-1240)

An issue was discovered with the interaction of page navigation and touch
event handling. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to conduct
“tap jacking” attacks. (CVE-2015-1241)

A type confusion bug was discovered in V8. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to cause a denial of service via renderer crash, or execute arbitrary
code with the privileges of the sandboxed render process. (CVE-2015-1242)

It was discovered that websocket connections were not upgraded whenever a
HSTS policy is active. A remote attacker could potentially exploit this
to conduct a man in the middle (MITM) attack. (CVE-2015-1244)

An out-of-bounds read was discovered in Blink. If a user were tricked in
to opening a specially crafted website, an attacker could potentially
exploit this to cause a denial of service via renderer crash.
(CVE-2015-1246)

Multiple security issues were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to read uninitialized memory, cause a denial
of service via application crash or execute arbitrary code with the
privileges of the user invoking the program. (CVE-2015-1249)

A use-after-free was discovered in the file picker implementation. If a
user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to cause a denial of service via
application crash or execute arbitrary code with the privileges of the
user invoking the program. (CVE-2015-1321)

Multiple security issues were discovered in V8. If a user were tricked
in to opening a specially crafted website, an attacker could potentially
exploit these to read uninitialized memory, cause a denial of service via
renderer crash or execute arbitrary code with the privileges of the
sandboxed render process. (CVE-2015-3333)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu (vivid):: liboxideqtcore0

1.6.5-0ubuntu0.15.04.1; oxideqt-codecs

1.6.5-0ubuntu0.15.04.1; oxideqt-codecs-extra

1.6.5-0ubuntu0.15.04.1
Ubuntu 14.10:: liboxideqtcore0

1.6.5-0ubuntu0.14.10.1; oxideqt-codecs

1.6.5-0ubuntu0.14.10.1; oxideqt-codecs-extra

1.6.5-0ubuntu0.14.10.1
Ubuntu 14.04 LTS:: liboxideqtcore0

1.6.5-0ubuntu0.14.04.1; oxideqt-codecs

1.6.5-0ubuntu0.14.04.1; oxideqt-codecs-extra

1.6.5-0ubuntu0.14.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

Full Disclosure

Re: WordPress 4.2 stored XSS

April 27, 2015 007admin

Posted by Scott Arciszewski on Apr 27

The author added a note on his page: http://klikki.fi/adv/wordpress2.html

Also, searching HackerOne does not reveal a public WordPress program, only
WP-API. Does this mean that WordPress was privately participating in
HackerOne for select hackers? If so, revealing that publicly is kind of
rude. 🙁

Full Disclosure

Re: WordPress 4.2 stored XSS

April 27, 2015 007admin

Posted by Fyodor on Apr 27

On Mon, Apr 27, 2015 at 8:55 AM, Anthony Ferrara <ircmaxell () gmail com>
wrote:

Apparently WordPress completely ignored all of their notification attempts.
Klikki just added this paragraph to the online version of their advisory (
http://klikki.fi/adv/wordpress2.html):

“WordPress has refused all communication attempts about our ongoing
security vulnerability cases since November 2014. We have tried to reach
them by email, via the…

Full Disclosure

Re: WordPress 4.2 stored XSS

April 27, 2015 007admin

Posted by Anthony Ferrara on Apr 27

Just for clarification, was the project given a chance to fix this or
notified in any way prior to public announcement?

Full Disclosure

Re: WordPress 4.2 stored XSS

April 27, 2015 007admin

Posted by Hanno Böck on Apr 27

As there is still no fix from upstream I created a quick’n’dirty fix
for it:
https://gist.github.com/hannob/a07f7b7e196c75c4c1a8
https://files.hboeck.de/wordpress-4.2-emergency-fix-xss.diff

It certainly doesn’t comply with any coding style or anything 🙂 but it
should protect you for now.

Full Disclosure

[CORE-2015-0008] – InFocus IN3128HD Projector Multiple Vulnerabilities

April 27, 2015 007admin

Posted by CORE Advisories Team on Apr 27

1. Advisory Information

Title: InFocus IN3128HD Projector Multiple Vulnerabilities
Advisory ID: CORE-2015-0008
Advisory URL: http://www.coresecurity.com/advisories/infocus-in3128hd-projector-multiple-vulnerabilities
Date published: 2015-04-27
Date of last update: 2015-04-22
Vendors contacted: InFocus
Release mode: User release

2. Vulnerability Information

Class: Authentication Bypass Using an Alternate Path or Channel [CWE-288], Missing…

Wordpress

WordPress 4.2.1 Security Release

April 27, 2015 007admin

WordPress 4.2.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.

A few hours ago, the WordPress team was made aware of a cross-site scripting vulnerability, which could enable commenters to compromise a site. The vulnerability was discovered by Jouko Pynnönen.

WordPress 4.2.1 has begun to roll out as an automatic background update, for sites that support those.

For more information, see the release notes or consult the list of changes.

Download WordPress 4.2.1 or venture over to Dashboard → Updates and simply click “Update Now”.

Ubuntu Security Notice USN-2578-1

libreoffice vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2579-1

autofs vulnerability

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2580-1

tcpdump vulnerabilities

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2570-1

oxide-qt vulnerabilities

Summary

Software description

Details

Update instructions

References

Software and Security Information