Monthly Archives: June 2015

Redhat

RHSA-2015:1042-1: Important: kernel security and bug fix update

Red Hat Enterprise Linux: Updated kernel packages that fix one security issue and several bugs are
now available for Red Hat Enterprise Linux 5.

Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
CVE-2015-1805

Ubuntu

USN-2625-1: Apache HTTP Server update

Ubuntu Security Notice USN-2625-1

2nd June, 2015

apache2 update

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 12.04 LTS

Summary

Several security improvements have been made to the Apache HTTP Server.

Software description

  • apache2
    – Apache HTTP server

Details

As a security improvement, this update makes the following changes to
the Apache package in Ubuntu 12.04 LTS:

Added support for ECC keys and ECDH ciphers.

The SSLProtocol configuration directive now allows specifying the TLSv1.1
and TLSv1.2 protocols.

Ephemeral key handling has been improved, including allowing DH parameters
to be loaded from the SSL certificate file specified in SSLCertificateFile.

The export cipher suites are now disabled by default.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:
apache2.2-bin

2.2.22-1ubuntu1.9

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

This update may cause DH parameters to change which could impact certain Java
clients. See http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#javadh for more
information.

References

LP: 1197884,

LP: 1400473

CentOS

CESA-2015:1042 Important CentOS 5 kernel SecurityUpdate

CentOS Errata and Security Advisory 2015:1042 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1042.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
a7bfa5e63a167a8646502974127df86e30ce25bd5236702345ad5fe654dfdd55  kernel-2.6.18-406.el5.i686.rpm
d4a5245ea7c03dabf103c77625bd1d07edbaf84730bb8657d5ab73bdd2db9cc1  kernel-debug-2.6.18-406.el5.i686.rpm
2d41b245d910dc26251dc0aec60077373cce38b8fba914e2e5330ae3aedef7d5  kernel-debug-devel-2.6.18-406.el5.i686.rpm
6f04abd548af95c5674da3947cf47a00bb3fb65a968cef7d3ef309e8f23c4f0f  kernel-devel-2.6.18-406.el5.i686.rpm
8135c348dda781a0c4cbd2e681ca79592c9c570d8a719dda699805889dd012db  kernel-doc-2.6.18-406.el5.noarch.rpm
58f74b1087fea7e6107adb1fb3426f35291e3744d3090dff6b464a9f141abffd  kernel-headers-2.6.18-406.el5.i386.rpm
97738c288a1f5eeb990836abc121141a28a06a5af93fb1835cfd923560dbb8cf  kernel-PAE-2.6.18-406.el5.i686.rpm
04a12b7f9b1ed1e4ffd48c23cf330f4cb9f93974d5d63950927765723b7e054d  kernel-PAE-devel-2.6.18-406.el5.i686.rpm
a1a7da8dde91665ae6020faa06cdb01b9d38705ca0c0a385cc3f58734b3184f8  kernel-xen-2.6.18-406.el5.i686.rpm
83111d0f1f2978feaffd7a10a5ffd83a39b0614bb05dcb617376b7128bf7e148  kernel-xen-devel-2.6.18-406.el5.i686.rpm

x86_64:
834ee2dd5e935b8a25f2c5ccd38db308a98f02b374e2d7b344533d17bad2da2c  kernel-2.6.18-406.el5.x86_64.rpm
71571dd466800e193218def369dd686e885d4b049b3793a861ba22eddeddadc2  kernel-debug-2.6.18-406.el5.x86_64.rpm
c3aa7cef9ffd211999d6a912d4268da3fef14dc0b9b37bcdf8ec27b0793ab075  kernel-debug-devel-2.6.18-406.el5.x86_64.rpm
177af15945aa3278e6c69a6f6cc4a8c7c71bcd69dafcf43361fe34c5f40b207f  kernel-devel-2.6.18-406.el5.x86_64.rpm
8135c348dda781a0c4cbd2e681ca79592c9c570d8a719dda699805889dd012db  kernel-doc-2.6.18-406.el5.noarch.rpm
d74eaaf916c47a4c5972be51eede9f3103e8cbf8088b050de4799b80b9572b6e  kernel-headers-2.6.18-406.el5.x86_64.rpm
a9e99724f48f1b97078774fad6bce2bd9af5565e05f4a03440dca015873c876f  kernel-xen-2.6.18-406.el5.x86_64.rpm
92b41d54d4314bb763c475896df4149c5fde128930ac2d000742db9e7fad33e7  kernel-xen-devel-2.6.18-406.el5.x86_64.rpm

Source:
fbe67f9d5aa5df397e6d2aaa19f81d2699985d000e33da6e4759955127c82f0e  kernel-2.6.18-406.el5.src.rpm
Debian

DSA-3278 libapache-mod-jk – security update

An information disclosure flaw due to incorrect JkMount/JkUnmount
directives processing was found in the Apache 2 module mod_jk to forward
requests from the Apache web server to Tomcat. A JkUnmount rule for a
subtree of a previous JkMount rule could be ignored. This could allow a
remote attacker to potentially access a private artifact in a tree that
would otherwise not be accessible to them.

Full Disclosure

Re: Safari Address Spoofing (How We Got It)

Posted by Jeffrey Walton on Jun 02

Another simple one is:

<a href=”http://www.evil.com&quot; target=”_blank” title=”http://good.com&quot;
style=”color: rgb(0, 102, 204);”>Login <strong>HERE</strong></a>

The browsers will hide “evil.com”, and display “good.com” as a tool
tip when you hover the mouse.

The browser makers will tell you the user is not supposed to make
security decisions based on…

Security

Ubuntu Security Notice USN-2625-1

Ubuntu Security Notice 2625-1 – As a security improvement, this update makes the following changes to the Apache package in Ubuntu 12.04 LTS: Added support for ECC keys and ECDH ciphers. The SSLProtocol configuration directive now allows specifying the TLSv1.1 and TLSv1.2 protocols. Ephemeral key handling has been improved, including allowing DH parameters to be loaded from the SSL certificate file specified in SSLCertificateFile. Various other issues were also addressed.

Security

Red Hat Security Advisory 2015-1042-01

Red Hat Security Advisory 2015-1042-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the Linux kernel’s implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.