Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service (host disk consumption) via certain invalid operations.
Monthly Archives: June 2015
CVE-2015-4106
QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which mighy allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors.
Ubuntu Security Notice USN-2626-1
Ubuntu Security Notice 2626-1 – Wolfgang Schenk discovered that Qt incorrectly handled certain malformed GIF images. If a user or automated system were tricked into opening a specially crafted GIF image, a remote attacker could use this issue to cause Qt to crash, resulting in a denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Fabian Vogt discovered that Qt incorrectly handled certain malformed BMP images. If a user or automated system were tricked into opening a specially crafted BMP image, a remote attacker could use this issue to cause Qt to crash, resulting in a denial of service. Various other issues were also addressed.
Red Hat Security Advisory 2015-1044-01
Red Hat Security Advisory 2015-1044-01 – The virtio-win package provides paravirtualized network drivers for most Microsoft Windows operating systems. Paravirtualized drivers are virtualization-aware drivers used by fully virtualized guests running on Red Hat Enterprise Linux. Fully virtualized guests using the paravirtualized drivers gain significantly better I/O performance than fully virtualized guests running without the drivers. It was found that the Windows Virtio NIC driver did not sufficiently sanitize the length of the incoming IP packets, as demonstrated by a packet with IP options present but the overall packet length not being adjusted to reflect the length of those options. A remote attacker able to send a specially crafted IP packet to the guest could use this flaw to crash that guest.
Red Hat Security Advisory 2015-1043-01
Red Hat Security Advisory 2015-1043-01 – The virtio-win package provides paravirtualized network drivers for most Microsoft Windows operating systems. Paravirtualized drivers are virtualization-aware drivers used by fully virtualized guests running on Red Hat Enterprise Linux. Fully virtualized guests using the paravirtualized drivers gain significantly better I/O performance than fully virtualized guests running without the drivers. It was found that the Windows Virtio NIC driver did not sufficiently sanitize the length of the incoming IP packets, as demonstrated by a packet with IP options present but the overall packet length not being adjusted to reflect the length of those options. A remote attacker able to send a specially crafted IP packet to the guest could use this flaw to crash that guest.
Privacy Proponents Rally In Favor of Tracking Protection in Firefox
Privacy advocates are calling on Mozilla to better deploy Tracking Protection, a technology that offers more stringent privacy and speeds up page loads by blocking requests to tracking domains, in its Firefox browser.
Facebook Requires SHA-2 as of Oct. 1
Facebook has put developers on notice that as of Oct. 1, apps that do not support SHA-2 will no longer connect to its network.
RSA Web Threat Detection Cross Site Request Forgery
RSA Web Threat Detection contains fixes for a cross site request forgery vulnerability that could potentially be exploited by malicious users to compromise the affected system. Versions prior to 5.1 are affected.
Novalnet Payment Module Drupal Commerce – Critical – SQL Injection – Unsupported – SA-CONTRIB-2015-117
- Advisory ID: DRUPAL-SA-CONTRIB-2015-117
- Project: Novalnet Payment Module- Drupal Commerce (third-party module)
- Version: 7.x
- Date: 2015-June-03
- Security risk: 15/25 ( Critical) AC:Complex/A:None/CI:Some/II:Some/E:Theoretical/TD:All
- Vulnerability: SQL Injection
Description
This module enables you add the Novalnet payment service provider to Drupal Commerce.
The module fails to sanitize a database query by not using the database API properly, thereby leading to a SQL Injection vulnerability. Since the affected path is not protected against CSRF, a malicious user can exploit this vulnerability by triggering a request to a specially-crafted URL.
This vulnerability is mitigated by the fact that the malicious request must come from a specific Novalnet IP address.
CVE identifier(s) issued
- A CVE identifier will be requested, and added upon issuance, in accordance with Drupal Security Team processes.
Versions affected
- All versions of Novalnet Payment Module Drupal Commerce module
Drupal core is not affected. If you do not use the contributed Novalnet Payment Module Drupal Commerce module, there is nothing you need to do.
Solution
If you use the Novalnet Payment Module Drupal Commerce module you should uninstall it.
Also see the Novalnet Payment Module Drupal Commerce project page.
Reported by
- Pere Orga of the Drupal Security Team
Fixed by
Not applicable.
Coordinated by
- Pere Orga of the Drupal Security Team
Contact and More Information
The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.
Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.
Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity
Drupal version:
QuickTalk 1.5 Password Hash Disclosure
QuickTalk version 1.5 discloses the encrypted database password hash in a reinstall script exposed in the document root.