Mandriva Linux Security Advisory 2015-220 – NTLM-authenticated connections could be wrongly reused for requests without any credentials set, leading to HTTP requests being sent over the connection authenticated as a different user. When doing HTTP requests using the Negotiate authentication method along with NTLM, the connection used would not be marked as authenticated, making it possible to reuse it and send requests for one user over the connection authenticated as a different user.
Monthly Archives: May 2015
Mandriva Linux Security Advisory 2015-219
Mandriva Linux Security Advisory 2015-219 – NTLM-authenticated connections could be wrongly reused for requests without any credentials set, leading to HTTP requests being sent over the connection authenticated as a different user. When parsing HTTP cookies, if the parsed cookie’s path element consists of a single double-quote, libcurl would try to write to an invalid heap memory address. This could allow remote attackers to cause a denial of service. When doing HTTP requests using the Negotiate authentication method along with NTLM, the connection used would not be marked as authenticated, making it possible to reuse it and send requests for one user over the connection authenticated as a different user.
Debian Security Advisory 3245-1
Debian Linux Security Advisory 3245-1 – It was discovered that the Ruby OpenSSL extension, part of the interpreter for the Ruby language, did not properly implement hostname matching, in violation of RFC 6125. This could allow remote attackers to perform a man-in-the-middle attack via crafted SSL certificates.
Debian Security Advisory 3246-1
Debian Linux Security Advisory 3246-1 – It was discovered that the Ruby OpenSSL extension, part of the interpreter for the Ruby language, did not properly implement hostname matching, in violation of RFC 6125. This could allow remote attackers to perform a man-in-the-middle attack via crafted SSL certificates.
Google Patches Clickjacking Bug
Google paid out a $1,337 bounty to a researcher who found a clickjacking vulnerability in Google API Explorer.
[ MDVSA-2015:226 ] fcgi
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:226 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : fcgi Date : May 4, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated fcgi packages fix security vulnerability: FCGI does not perform range checks for file descriptors before use of the FD_SET macro. This FD_SET macro could allow for more than 1024 total file descriptors to be monitored in the closing state. This may allow remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening many socket connections to the host and crashing the service (CVE-2012-6687). _______________________________________________________________________
[ MDVSA-2015:225 ] cherokee
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:225 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : cherokee Date : May 4, 2015 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Updated cherokee packages fix security vulnerability: The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password (CVE-2014-4668). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4668 http://advisories.mageia.org/MGASA-2015-0181.html _______
[ MDVSA-2015:224 ] ruby
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:224 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : ruby Date : May 4, 2015 Affected: Business Server 1.0, Business Server 2.0 _______________________________________________________________________ Problem Description: Updated ruby packages fix security vulnerability: Ruby OpenSSL hostname matching implementation violates RFC 6125 (CVE-2015-1855). The ruby packages for MBS2 has been updated to version 2.0.0-p645, which fixes this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1855 http://advisories.mageia.org/MGASA-2015-0178.html _______________________________________________________________________ Updated Package
[ MDVSA-2015:223 ] directfb
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:223 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : directfb Date : May 4, 2015 Affected: Business Server 1.0, Business Server 2.0 _______________________________________________________________________ Problem Description: Updated directfb packages fix security vulnerabilities: Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow (CVE-2014-2977). The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB allows remote attackers to cause a denial of s
[ MDVSA-2015:222 ] ppp
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2015:222 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : ppp Date : May 4, 2015 Affected: Business Server 1.0, Business Server 2.0 _______________________________________________________________________ Problem Description: Updated ppp packages fix security vulnerability: Emanuele Rocca discovered that ppp was subject to a buffer overflow when communicating with a RADIUS server. This would allow unauthenticated users to cause a denial-of-service by crashing the daemon (CVE-2015-3310). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3310 http://advisories.mageia.org/MGASA-2015-0173.html ________________________________________________