CollabNet Subversion Edge insecure password change

June 29, 2015 007admin

Posted by Oliver-Tobias Ripka on Jun 29

# Vuln Title: The CollabNet Subversion Edge management frontend does not require
# current password upon password change
#
# Date: 28.06.2015
# Author: otr
# Software Link: https://www.open.collab.net/downloads/svnedge
# Vendor: CollabNet
# Version: 4.0.11
# Tested on: Fedora Linux
# Type: Insecure password change

# Risk: Medium
# Status: public/fixed
# Fixed version: 5.0

Timeline:

2014-10-09 Flaw Discovered
2014-10-20 Vendor contacted…

Fedora

Fedora EPEL 7 Security Update: cryptopp-5.6.2-9.el7

June 29, 2015 007admin

– Fix for CVE-2015-2141

Fedora

Fedora EPEL 6 Security Update: cryptopp-5.6.2-9.el6

June 29, 2015 007admin

– Fix for CVE-2015-2141

CentOS

CESA-2015:1193 Moderate CentOS 7 xerces-cSecurity Update

June 29, 2015 007admin

CentOS Errata and Security Advisory 2015:1193 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1193.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
afe38236b7958205c190007679893aa52681defb42cec67e07a40222c0344ffd  xerces-c-3.1.1-7.el7_1.i686.rpm
2978ee1ec27642b6233228ba6bb21dff81609aeded24f66ab348a5d2caf2bfb0  xerces-c-3.1.1-7.el7_1.x86_64.rpm
cb5dfd0d635477caeab441417dc1310301661a5b366d845c060104824221f4a8  xerces-c-devel-3.1.1-7.el7_1.i686.rpm
48d763429c615c60c5153aa8b1e22149f056948f99cd5291dcbadc602fe34c7e  xerces-c-devel-3.1.1-7.el7_1.x86_64.rpm
db2116d626c0c82271a06e14ec8b067fdba3f12594d5d543092f7908e386b800  xerces-c-doc-3.1.1-7.el7_1.noarch.rpm

Source:
69ab23c4a875ed4cd10a77b8e310032108569d047d6f323e7573ad146e8798c1  xerces-c-3.1.1-7.el7_1.src.rpm

CentOS

CESA-2015:1194 Moderate CentOS 7 postgresqlSecurity Update

June 29, 2015 007admin

CentOS Errata and Security Advisory 2015:1194 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1194.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
68f75a380fb35cbf47d27a27884116cea350e1d8fbf2f566bebb8b58d34bf4a1  postgresql-9.2.13-1.el7_1.i686.rpm
9e301e4212c06695f095b2bee281baf3435608cd63ad70be94e181de341d81c5  postgresql-9.2.13-1.el7_1.x86_64.rpm
981c31541f67bd4b110df1371f9ca313698a97810c38274b0f924459079e7e39  postgresql-contrib-9.2.13-1.el7_1.x86_64.rpm
d9e577eb24b8d45803e7c33b320f0880879444c057928dc04a091c4af1cda292  postgresql-devel-9.2.13-1.el7_1.i686.rpm
c6dc3e9f24d0b3fb1405506854e7815bd72c9b49c0e5df8498ce558c0001efc8  postgresql-devel-9.2.13-1.el7_1.x86_64.rpm
7995e777b8133a67d72a1b225560ce0f63d41bc064a469dce6b455dbe1a308c6  postgresql-docs-9.2.13-1.el7_1.x86_64.rpm
371b3f5c4adb28366fcce85191dc70455ec7383c1097b0202c4e761743dbea0e  postgresql-libs-9.2.13-1.el7_1.i686.rpm
eabcc29979df894bc6196447e440e11a5d85f0bac616e1250b6f8930ebc74300  postgresql-libs-9.2.13-1.el7_1.x86_64.rpm
f539cb95191a69dd107feaa183ff31cc5f4159b8bad0262fd5449187716f63b7  postgresql-plperl-9.2.13-1.el7_1.x86_64.rpm
7373870c1833da0ca1671ed0cd7c311175967d397b59c2c1ba20ad8e39b9c6ec  postgresql-plpython-9.2.13-1.el7_1.x86_64.rpm
d036fc72f2c89a661c82cbab8023df4d16704f8a375ecec00cda512b0d2a930b  postgresql-pltcl-9.2.13-1.el7_1.x86_64.rpm
392ca0e1accf6883e2b36f39cc9b203e991e48a340d8895b24f02118948c6cd0  postgresql-server-9.2.13-1.el7_1.x86_64.rpm
c698baa54a3062dfd6e860c138cf2eef4aa87eea1ea8cbe659f4fe816c9e0a27  postgresql-test-9.2.13-1.el7_1.x86_64.rpm
b4d4f0ac450076857682566e4b19dbb0a5362052de181854e13a3d9ad5a59e9f  postgresql-upgrade-9.2.13-1.el7_1.x86_64.rpm

Source:
efa4a7c335d023956ac1d6adfd067921c46ea7bb6aecc15fe04634590f38ef28  postgresql-9.2.13-1.el7_1.src.rpm

Security

libpcap 1.7.4

June 29, 2015 007admin

Libpcap is a portable packet capture library which is used in many packet sniffers, including Tcpdump.

Security

GetSimple CMS 5.7.3.1 Cross Site Scripting

June 29, 2015 007admin

GetSimple CMS version 5.7.3.1 suffers from a persistent cross site scripting vulnerability.

Security

MODX Revolution 2.3.3-pl Cross Site Scripting

June 29, 2015 007admin

MODX Revolution version 2.3.3-pl suffers from multiple cross site scripting vulnerabilities.

Security

Fiyo CMS 2.0_1.9.1 SQL Injection

June 29, 2015 007admin

Fiyo CMS version 2.0_1.9.1 suffers from multiple remote SQL injection vulnerabilities.

CentOS

CESA-2015:1194 Moderate CentOS 6 postgresqlSecurity Update

June 29, 2015 007admin

CentOS Errata and Security Advisory 2015:1194 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1194.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
38011c1a69aac2d06e4309c0fa4cf17d8fa3f6393d9b99116365d277bf9df8a4  postgresql-8.4.20-3.el6_6.i686.rpm
75b8c97fbcc379ff002cc3ec6a9e65c3163966add47d9cc51a09ee8526ba31c7  postgresql-contrib-8.4.20-3.el6_6.i686.rpm
392b1251aab447568fbb76fd8c4997ff331246061db197b0cd13574a18cd4415  postgresql-devel-8.4.20-3.el6_6.i686.rpm
dea73d52e9d5185a49ab859220cdecca739c8c7d85f7a51fba49d6dd7bfaa012  postgresql-docs-8.4.20-3.el6_6.i686.rpm
292276c6e567d46ef194cdd9fff8cb0fb11b7e924d418ad75cc3be1555634aeb  postgresql-libs-8.4.20-3.el6_6.i686.rpm
e570c1313bfe0e7502299d0af4696feb56f7d8847165896913e2baa3a198ea94  postgresql-plperl-8.4.20-3.el6_6.i686.rpm
ae287231ae774f9aba82085551e38447eb4a611e2af5cf16887d666de6de0581  postgresql-plpython-8.4.20-3.el6_6.i686.rpm
dd785db4e8c9f57a86907ac5abab40af293019afbfc731d9801083eaa3ad64ff  postgresql-pltcl-8.4.20-3.el6_6.i686.rpm
110719e3176139a68fb8a6867b6183feee528b1a56fb45bc23ce8b4e5a3eb072  postgresql-server-8.4.20-3.el6_6.i686.rpm
d02ede44f9cbd547693b9de880f3aed6583f390c9f478a53df6e25430804dd47  postgresql-test-8.4.20-3.el6_6.i686.rpm

x86_64:
38011c1a69aac2d06e4309c0fa4cf17d8fa3f6393d9b99116365d277bf9df8a4  postgresql-8.4.20-3.el6_6.i686.rpm
449c2c72585adb94d9fbfcae049e2bcd3ef329b273c36e55c5a1f6a9f3da1e94  postgresql-8.4.20-3.el6_6.x86_64.rpm
19ee23df9fd054b6b748b6a91bd1d07a24e14e56eab91c8587e703daaea544ff  postgresql-contrib-8.4.20-3.el6_6.x86_64.rpm
392b1251aab447568fbb76fd8c4997ff331246061db197b0cd13574a18cd4415  postgresql-devel-8.4.20-3.el6_6.i686.rpm
5afb7ab33f153c23ec0414273d02e1d0c801bd90878069dbd294873fbcbc5c16  postgresql-devel-8.4.20-3.el6_6.x86_64.rpm
fff82d8f6ed8594ab0a2ac856cf555175520f03eb02b1227fe46810cf68df140  postgresql-docs-8.4.20-3.el6_6.x86_64.rpm
292276c6e567d46ef194cdd9fff8cb0fb11b7e924d418ad75cc3be1555634aeb  postgresql-libs-8.4.20-3.el6_6.i686.rpm
79cbf9ab217cfbea6ac19785803e9ef5ed6e8f47a07f8c058ba7da2ae1713913  postgresql-libs-8.4.20-3.el6_6.x86_64.rpm
49b8fc43b5b0fb238135aa8c70dfddd6f8ef712b8e5051ae64543493ef3bf17b  postgresql-plperl-8.4.20-3.el6_6.x86_64.rpm
e3f840e38086a8df5bc209d997a4d45325abf357e35f5430ccfe48b1087e6522  postgresql-plpython-8.4.20-3.el6_6.x86_64.rpm
6b582939ebfd4f1ae95aa793356a1bfa55bd3fbc4173d8e272b1cb17d1238d20  postgresql-pltcl-8.4.20-3.el6_6.x86_64.rpm
814b84b3007ffcfe92f5f94903d04b185fb5ae263a9f9ec566397715711c737e  postgresql-server-8.4.20-3.el6_6.x86_64.rpm
e048ea27aa7f338a14c2dfdb7294f41d7dfe816124bae17916b4d59bd5128122  postgresql-test-8.4.20-3.el6_6.x86_64.rpm

Source:
75d6b751e43de5008752eb631fb44aeedcec26f8acc61783cefd033451f489c7  postgresql-8.4.20-3.el6_6.src.rpm

007 Software

Monthly Archives: June 2015

CollabNet Subversion Edge insecure password change

Fedora EPEL 7 Security Update: cryptopp-5.6.2-9.el7

Fedora EPEL 6 Security Update: cryptopp-5.6.2-9.el6

CESA-2015:1193 Moderate CentOS 7 xerces-cSecurity Update

CESA-2015:1194 Moderate CentOS 7 postgresqlSecurity Update

libpcap 1.7.4

GetSimple CMS 5.7.3.1 Cross Site Scripting

MODX Revolution 2.3.3-pl Cross Site Scripting

Fiyo CMS 2.0_1.9.1 SQL Injection

CESA-2015:1194 Moderate CentOS 6 postgresqlSecurity Update

Software and Security Information