It was discovered that the fix for
CVE-2013-4422 in quassel, a
distributed IRC client, was incomplete. This could allow remote
attackers to inject SQL queries after a database reconnection (e.g.
when the backend PostgreSQL server is restarted).
Monthly Archives: May 2015
USN-2604-1: Libtasn1 vulnerability
Ubuntu Security Notice USN-2604-1
11th May, 2015
libtasn1-3, libtasn1-6 vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu (vivid)
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
Libtasn1 could be made to crash or run programs if it processed specially
crafted data.
Software description
- libtasn1-3
– Library to manage ASN.1 structures - libtasn1-6
– Library to manage ASN.1 structures
Details
Hanno Böck discovered that Libtasn1 incorrectly handled certain ASN.1 data.
A remote attacker could possibly exploit this with specially crafted ASN.1
data and cause applications using Libtasn1 to crash, resulting in a denial
of service, or possibly execute arbitrary code.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu (vivid):
-
libtasn1-6
4.2-2ubuntu1.1
- Ubuntu 14.10:
-
libtasn1-6
4.0-2ubuntu0.2
- Ubuntu 14.04 LTS:
-
libtasn1-6
3.4-3ubuntu0.3
- Ubuntu 12.04 LTS:
-
libtasn1-3
2.10-1ubuntu1.4
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
USN-2605-1: ICU vulnerabilities
Ubuntu Security Notice USN-2605-1
11th May, 2015
icu vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu (vivid)
- Ubuntu 14.10
- Ubuntu 14.04 LTS
Summary
ICU could be made to crash or run programs as your login if it processed
specially crafted data.
Software description
- icu
– International Components for Unicode library
Details
Pedro Ribeiro discovered that ICU incorrectly handled certain memory
operations when processing data. If an application using ICU processed
crafted data, an attacker could cause it to crash or potentially execute
arbitrary code with the privileges of the user invoking the program.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu (vivid):
-
libicu52
52.1-8ubuntu0.1
- Ubuntu 14.10:
-
libicu52
52.1-6ubuntu0.3
- Ubuntu 14.04 LTS:
-
libicu52
52.1-3ubuntu0.3
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
SixApart MovableType Storable Perl Code Execution
This Metasploit module exploits a serialization flaw in MovableType before 5.2.12 to execute arbitrary code. The default nondestructive mode depends on the target server having the Object::MultiType and DateTime Perl modules installed in Perl’s @INC paths. The destructive mode of operation uses only required MovableType dependencies, but it will noticeably corrupt the MovableType installation.
HP Security Bulletin HPSBGN03329 1
HP Security Bulletin HPSBGN03329 1 – Potential security vulnerabilities have been identified with HP SDN VAN Controller. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or a Distributed Denial of Service (DDoS). Revision 1 of this advisory.
Ubuntu Security Notice USN-2598-2
Ubuntu Security Notice 2598-2 – USN-2598-1 fixed vulnerabilities in the Linux kernel, however an unrelated regression in the auditing of some path names was introduced. Due to the regression the system could crash under certain conditions. This update fixes the problem. Various other issues were also addressed.
Ubuntu Security Notice USN-2597-2
Ubuntu Security Notice 2597-2 – USN-2597-1 fixed vulnerabilities in the Linux kernel, however an unrelated regression in the auditing of some path names was introduced. Due to the regression the system could crash under certain conditions. This update fixes the problem. Various other issues were also addressed.
Ubuntu Security Notice USN-2599-2
Ubuntu Security Notice 2599-2 – USN-2599-1 fixed vulnerabilities in the Linux kernel, however an unrelated regression in the auditing of some path names was introduced. Due to the regression the system could crash under certain conditions. This update fixes the problem. Various other issues were also addressed.
Ubuntu Security Notice USN-2604-1
Ubuntu Security Notice 2604-1 – Hanno B=C3=B6ck discovered that Libtasn1 incorrectly handled certain ASN.1 data. A remote attacker could possibly exploit this with specially crafted ASN.1 data and cause applications using Libtasn1 to crash, resulting in a denial of service, or possibly execute arbitrary code.
Ubuntu Security Notice USN-2600-2
Ubuntu Security Notice 2600-2 – USN-2600-1 fixed vulnerabilities in the Linux kernel, however an unrelated regression in the auditing of some path names was introduced. Due to the regression the system could crash under certain conditions. This update fixes the problem. Various other issues were also addressed.