Ubuntu

USN-2600-1: Linux kernel vulnerability

May 6, 2015 007admin

Ubuntu Security Notice USN-2600-1

5th May, 2015

linux vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.10

Summary

The system could be made to run programs as an administrator.

Software description

linux
– Linux kernel

Details

A race condition between chown() and execve() was discovered in the Linux
kernel. A local attacker could exploit this race by using chown on a
setuid-user-binary to gain administrative privileges.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:: linux-image-3.16.0-37-generic

3.16.0-37.49; linux-image-3.16.0-37-lowlatency

3.16.0-37.49; linux-image-3.16.0-37-powerpc64-emb

3.16.0-37.49; linux-image-3.16.0-37-powerpc64-smp

3.16.0-37.49; linux-image-3.16.0-37-generic-lpae

3.16.0-37.49; linux-image-3.16.0-37-powerpc-smp

3.16.0-37.49; linux-image-3.16.0-37-powerpc-e500mc

3.16.0-37.49

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.

References

CVE-2015-3339

Ubuntu

USN-2601-1: Linux kernel vulnerability

May 6, 2015 007admin

Ubuntu Security Notice USN-2601-1

5th May, 2015

linux vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu (vivid)

Summary

The system could be made to run programs as an administrator.

Software description

linux
– Linux kernel

Details

A race condition between chown() and execve() was discovered in the Linux
kernel. A local attacker could exploit this race by using chown on a
setuid-user-binary to gain administrative privileges.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu (vivid):: linux-image-3.19.0-16-lowlatency

3.19.0-16.16; linux-image-3.19.0-16-powerpc64-smp

3.19.0-16.16; linux-image-3.19.0-16-generic

3.19.0-16.16; linux-image-3.19.0-16-powerpc-smp

3.19.0-16.16; linux-image-3.19.0-16-powerpc-e500mc

3.19.0-16.16; linux-image-3.19.0-16-generic-lpae

3.19.0-16.16; linux-image-3.19.0-16-powerpc64-emb

3.19.0-16.16

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2015-3339

Ubuntu

USN-2582-1: Oxide vulnerabilities

May 6, 2015 007admin

Ubuntu Security Notice USN-2582-1

6th May, 2015

oxide-qt vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu (vivid)
Ubuntu 14.10
Ubuntu 14.04 LTS

Summary

Several security issues were fixed in Oxide.

Software description

oxide-qt
– Web browser engine library for Qt (QML plugin)

Details

A use-after-free was discovered in the DOM implementation in Blink. If a
user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to cause a denial of service via renderer
crash, or execute arbitrary code with the privileges of the sandboxed
render process. (CVE-2015-1243)

Multiple security issues were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to read uninitialized memory, cause a denial
of service via application crash or execute arbitrary code with the
privileges of the user invoking the program. (CVE-2015-1250)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu (vivid):: liboxideqtcore0

1.6.6-0ubuntu0.15.04.1
Ubuntu 14.10:: liboxideqtcore0

1.6.6-0ubuntu0.14.10.1
Ubuntu 14.04 LTS:: liboxideqtcore0

1.6.6-0ubuntu0.14.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2015-1243,

CVE-2015-1250

Full Disclosure

[SE-2014-02] Some additional GAE Java security sandbox bypasses

May 6, 2015 007admin

Posted by Security Explorations on May 06

Hello All,

Security Explorations released technical details and POC codes for
additional security vulnerabilities found in Google App Engine for
Java. All relevant materials can be found at our SE-2014-02 project
details page:

http://www.security-explorations.com/en/SE-2014-02-details.html

The above link contains technical description of the following four
weaknesses discovered after initial 31 issues were patched by Google
in March 2015:
-…

Full Disclosure

Alienvault OSSIM/USM Multiple Vulnerabilities

May 6, 2015 007admin

Posted by Peter Lapp on May 06

Details
=======

Product: Alienvault OSSIM/USM
Vulnerability: Multiple Vulnerabilities (XSS, SQLi, Command Execution)
Author: Peter Lapp, lappsec () gmail com
CVE: None assigned
Vulnerable Versions: Tested on 4.14, 4.15, and 5.0. It likely affects
all previous versions as well.
Fixed Version: No fix has been released.

Summary
=======

Alienvault OSSIM is an open source SIEM solution designed to collect
and correlate log data. The vulnerability…

Drupal

Mobile sliding menu – Less Critical – Cross Site Scripting (XSS) – SA-CONTRIB-2015-108

May 6, 2015 007admin

Advisory ID: DRUPAL-SA-CONTRIB-2015-108
Project: Mobile sliding menu (third-party module)
Version: 7.x
Date: 2015-May-06
Security risk: 5/25 ( Less Critical) AC:Complex/A:Admin/CI:None/II:None/E:Theoretical/TD:Default
Vulnerability: Cross Site Scripting

Description

The mobile sliding menu module integrates the mmenu jQuery plugin for creating slick, app look-alike sliding menus for your mobile website.

The module doesn’t sufficiently sanitize user supplied text, thereby exposing a Cross Site Scripting vulnerability.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission “administer menu”.

CVE identifier(s) issued

A CVE identifier will be requested, and added upon issuance, in accordance
with Drupal Security Team processes.

Versions affected

Mobile sliding menu 7.x-2.x versions prior to 7.x-2.1.

Drupal core is not affected. If you do not use the contributed Mobile sliding menu module,
there is nothing you need to do.

Solution

Install the latest version:

If you use the Mobile sliding menu module for Drupal 7.x, upgrade to Mobile sliding menu 7.x-2.1

Also see the Mobile sliding menu project page.

Reported by

Mark Jayson Gruta

Fixed by

Mark Jayson Gruta
Jay Chen module maintainer

Coordinated by

Aaron Ott provisional member of the Drupal Security Team

Contact and More Information

The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.

Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.

Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity

Drupal version:

Drupal 7.x

Drupal

Webform Matrix Component – Moderately Critical – Cross Site Scripting (XSS) – SA-CONTRIB-2015-107

May 6, 2015 007admin

Advisory ID: DRUPAL-SA-CONTRIB-2015-107
Project: Webform Matrix Component (third-party module)
Version: 7.x
Date: 2015-May-06
Security risk: 13/25 ( Moderately Critical) AC:Basic/A:Admin/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

Description

The Webform Matrix Component module is an extension of the Webform module that adds Matrix and Table components.

The module doesn’t sufficiently sanitize user supplied text, thereby exposing a Cross Site Scripting vulnerability.

This vulnerability is mitigated by the fact that an attacker must have a role with permission to create/edit webform nodes.

CVE identifier(s) issued

A CVE identifier will be requested, and added upon issuance, in accordance with Drupal Security Team processes.

Versions affected

Webform Matrix Component 7.x-4.x versions prior to 7.x-4.13.

Drupal core is not affected. If you do not use the contributed Webform Matrix Component module, there is nothing you need to do.

Solution

Install the latest version:

If you use the Webform Matrix Component module for Drupal 7.x, upgrade to Webform Matrix Component 7.x-4.13

Also see the Webform Matrix Component project page.

Reported by

Matt Vance provisional member of the Drupal Security Team

Fixed by

drupal_rocker the module maintainer

Coordinated by

Rick Manelius of the Drupal Security Team
Pere Orga of the Drupal Security Team

Contact and More Information

The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.

Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.

Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity

Drupal version:

Drupal 7.x

Security

Lenovo Patches Vulnerabilities in System Update Service

May 6, 2015 007admin

IOActive researchers disclosed details on three patched vulnerabilities in Lenovo’s System Update mechanism.

Drupal

Entityform Block – Moderately Critical – Access Bypass – SA-CONTRIB-2015-106

May 6, 2015 007admin

Advisory ID: DRUPAL-SA-CONTRIB-2015-106
Project: Entityform block (third-party module)
Version: 7.x
Date: 2015-May-06
Security risk: 12/25 (Moderately Critical) AC:None/A:None/CI:None/II:None/E:Theoretical/TD:All
Vulnerability: Access bypass

Description

This module enables you to display an entityform as a block.

The module doesn’t sufficiently check permissions on the entityform under scenarios where the form is locked to a certain role.

CVE identifier(s) issued

A CVE identifier will be requested, and added upon issuance, in accordance
with Drupal Security Team processes.

Versions affected

Entityform Block 7.x-1.x versions prior to 7.x-1.3.

Drupal core is not affected. If you do not use the contributed Entityform block module,
there is nothing you need to do.

Solution

Install the latest version:

If you use the Entityform Block module for Drupal 7.x, upgrade to Entityform Block 7.x-1.3

Also see the Entityform block project page.

Reported by

Niels de Feyter

Fixed by

Tim Whitney the module maintainer

Coordinated by

Rick Manelius of the Drupal Security Team
Aaron Ott Provisional member of the Drupal Security Team

Contact and More Information

The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.

Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.

Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity

Drupal version:

Drupal 7.x

Drupal

Video Consultation – Moderately Critical – Cross Site Scripting (XSS) – Unsupported – SA-CONTRIB-2015-105

May 6, 2015 007admin

Advisory ID: DRUPAL-SA-CONTRIB-2015-105
Project: Video Consultation (third-party module)
Version: 6.x, 7.x
Date: 2015-May-06
Security risk: 14/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting

Description

Video Consultation module integrates VideoWhisper Video Consultation software with Drupal.

The module doesn’t sufficiently sanitize user supplied text, thereby exposing a Cross Site Scripting vulnerability.

CVE identifier(s) issued

A CVE identifier will be requested, and added upon issuance, in accordance with Drupal Security Team processes.

Versions affected

All versions of Video Consultation module.

Drupal core is not affected. If you do not use the contributed Video Consultation module, there is nothing you need to do.

Solution

If you use the Video Consultation module you should uninstall it.

Also see the Video Consultation project page.

Reported by

Michael Hess of the Drupal Security Team

Fixed by

Not applicable.

Coordinated by

Pere Orga of the Drupal Security Team

Contact and More Information

The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.

Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.

Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity

Drupal version:

Drupal 6.x

Drupal 7.x

Ubuntu Security Notice USN-2600-1

linux vulnerability

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2601-1

linux vulnerability

Summary

Software description

Details

Update instructions

References

Ubuntu Security Notice USN-2582-1

oxide-qt vulnerabilities

Summary

Software description

Details

Update instructions

References

Description

CVE identifier(s) issued

Versions affected

Solution

Reported by

Fixed by

Coordinated by

Contact and More Information

Description

CVE identifier(s) issued

Versions affected

Solution

Reported by

Fixed by

Coordinated by

Contact and More Information

Description

CVE identifier(s) issued

Versions affected

Solution

Reported by

Fixed by

Coordinated by

Contact and More Information

Description

CVE identifier(s) issued

Versions affected

Solution

Reported by

Fixed by

Coordinated by

Contact and More Information

Software and Security Information