Monthly Archives: July 2015

Ubuntu

USN-2692-1: QEMU vulnerabilities

Ubuntu Security Notice USN-2692-1

28th July, 2015

qemu vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 15.04
  • Ubuntu 14.04 LTS

Summary

Several security issues were fixed in QEMU.

Software description

  • qemu
    – Machine emulator and virtualizer

Details

Matt Tait discovered that QEMU incorrectly handled PIT emulation. In a
non-default configuration, a malicious guest could use this issue to cause
a denial of service, or possibly execute arbitrary code on the host as the
user running the QEMU process. In the default installation, when QEMU is
used with libvirt, attackers would be isolated by the libvirt AppArmor
profile. (CVE-2015-3214)

Kevin Wolf discovered that QEMU incorrectly handled processing ATAPI
commands. A malicious guest could use this issue to cause a denial of
service, or possibly execute arbitrary code on the host as the user running
the QEMU process. In the default installation, when QEMU is used with
libvirt, attackers would be isolated by the libvirt AppArmor profile.
(CVE-2015-5154)

Zhu Donghai discovered that QEMU incorrectly handled the SCSI driver. A
malicious guest could use this issue to cause a denial of service, or
possibly execute arbitrary code on the host as the user running the QEMU
process. In the default installation, when QEMU is used with libvirt,
attackers would be isolated by the libvirt AppArmor profile. This issue
only affected Ubuntu 15.04. (CVE-2015-5158)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.04:
qemu-system-misc

1:2.2+dfsg-5expubuntu9.3
qemu-system

1:2.2+dfsg-5expubuntu9.3
qemu-system-aarch64

1:2.2+dfsg-5expubuntu9.3
qemu-system-x86

1:2.2+dfsg-5expubuntu9.3
qemu-system-sparc

1:2.2+dfsg-5expubuntu9.3
qemu-system-arm

1:2.2+dfsg-5expubuntu9.3
qemu-system-ppc

1:2.2+dfsg-5expubuntu9.3
qemu-system-mips

1:2.2+dfsg-5expubuntu9.3
Ubuntu 14.04 LTS:
qemu-system-misc

2.0.0+dfsg-2ubuntu1.15
qemu-system

2.0.0+dfsg-2ubuntu1.15
qemu-system-aarch64

2.0.0+dfsg-2ubuntu1.15
qemu-system-x86

2.0.0+dfsg-2ubuntu1.15
qemu-system-sparc

2.0.0+dfsg-2ubuntu1.15
qemu-system-arm

2.0.0+dfsg-2ubuntu1.15
qemu-system-ppc

2.0.0+dfsg-2ubuntu1.15
qemu-system-mips

2.0.0+dfsg-2ubuntu1.15

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart all QEMU virtual
machines to make all the necessary changes.

References

CVE-2015-3214,

CVE-2015-5154,

CVE-2015-5158

Ubuntu

USN-2693-1: Bind vulnerabilities

Ubuntu Security Notice USN-2693-1

28th July, 2015

bind9 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 15.04
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Bind could be made to crash if it received specially crafted network
traffic.

Software description

  • bind9
    – Internet Domain Name Server

Details

Jonathan Foote discovered that Bind incorrectly handled certain TKEY
queries. A remote attacker could use this issue with a specially crafted
packet to cause Bind to crash, resulting in a denial of service.
(CVE-2015-5477)

Pories Ediansyah discovered that Bind incorrectly handled certain
configurations involving DNS64. A remote attacker could use this issue with
a specially crafted query to cause Bind to crash, resulting in a denial of
service. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-5689)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.04:
bind9

1:9.9.5.dfsg-9ubuntu0.2
Ubuntu 14.04 LTS:
bind9

1:9.9.5.dfsg-3ubuntu0.4
Ubuntu 12.04 LTS:
bind9

1:9.8.1.dfsg.P1-4ubuntu0.12

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2012-5689,

CVE-2015-5477

Panda Security

The bots on Twitter aren’t harmless – cybercriminals use them to steal your information!

tuit

They are everywhere and are one of the main negatives of Twitter. The bots, an army of fake accounts that has invaded the social media site, can actually pose a serious risk for users.

They reached the height of their infamy thanks to a fight between politicians to see who could get the most followers on Twitter. This showed, rather humorously, that the network of bots is a double-edged sword. On one hand, they allow you to inflate the number of followers that you have, but on the other hand they can also lead to an embarrassing situation if you’re caught with your hand in the cookie jar.

Nevertheless, this is the harmless side to the bots because, in reality, this coordinated network of fake accounts could put the security of other users at risk. This is because in the hands of a cybercriminal, a network of bots could steal your personal information.

Even if they are most famous for spreading spam, the robots on twitter are also a powerful tool that are used for spreading different types of malware. All it takes is a few hundred false accounts and a shortened URL to infect your computer.

spam

That means that a shortened linked that is tweeted by a large groups of these bots could be a trap to steal user information via phishing, or even a Trojan which could gain access to your bank details.

This is how cybercriminals make a profit from creating fake accounts on Twitter. By stealing user information, they can make money by selling the information or, in extreme cases, stealing directly from your bank account.

Careful with shortened links

It’s important to remind users to be wary before clicking on a shortened link and to follow some advice to be sure that a link is safe. These include checking to see if it has been tweeted by a trusted account or by taking a look at its statistics and web page by adding the “+” symbol to the URL. This is a quick and easy way to avoid a nasty surprise.

bitly

Apart from being wary of the shortened links that come from unknown sources, users of Twitter should also be careful with hashtags, which are also becoming a way to spread malicious software.

Bots that are created and coordinated by a cybercriminal can take advantage of the tags on twitter to easily spread malware. This means that you need to keep an eye on trending topics as they are the most dangerous – the cybercriminals know that this is an easy way to take advantage of careless users.

It has to be repeated that the spreading of spam is not the worst thing that these bots can do – if they manage to rob from you via Twitter then that is a far more worrying prospect. In order to avoid this scenario, be wary of every Tweet before opening the content that is contains and, where possible, avoid really popular hashtags. You never know which of them has been infiltrated by an army of bots with bad intentions.

The post The bots on Twitter aren’t harmless – cybercriminals use them to steal your information! appeared first on MediaCenter Panda Security.

Panda Security

The bots on Twitter aren’t harmless – cybercriminals use them to steal your information!

tuit

They are everywhere and are one of the main negatives of Twitter. The bots, an army of fake accounts that has invaded the social media site, can actually pose a serious risk for users.

They reached the height of their infamy thanks to a fight between politicians to see who could get the most followers on Twitter. This showed, rather humorously, that the network of bots is a double-edged sword. On one hand, they allow you to inflate the number of followers that you have, but on the other hand they can also lead to an embarrassing situation if you’re caught with your hand in the cookie jar.

Nevertheless, this is the harmless side to the bots because, in reality, this coordinated network of fake accounts could put the security of other users at risk. This is because in the hands of a cybercriminal, a network of bots could steal your personal information.

Even if they are most famous for spreading spam, the robots on twitter are also a powerful tool that are used for spreading different types of malware. All it takes is a few hundred false accounts and a shortened URL to infect your computer.

spam

That means that a shortened linked that is tweeted by a large groups of these bots could be a trap to steal user information via phishing, or even a Trojan which could gain access to your bank details.

This is how cybercriminals make a profit from creating fake accounts on Twitter. By stealing user information, they can make money by selling the information or, in extreme cases, stealing directly from your bank account.

Careful with shortened links

It’s important to remind users to be wary before clicking on a shortened link and to follow some advice to be sure that a link is safe. These include checking to see if it has been tweeted by a trusted account or by taking a look at its statistics and web page by adding the “+” symbol to the URL. This is a quick and easy way to avoid a nasty surprise.

bitly

Apart from being wary of the shortened links that come from unknown sources, users of Twitter should also be careful with hashtags, which are also becoming a way to spread malicious software.

Bots that are created and coordinated by a cybercriminal can take advantage of the tags on twitter to easily spread malware. This means that you need to keep an eye on trending topics as they are the most dangerous – the cybercriminals know that this is an easy way to take advantage of careless users.

It has to be repeated that the spreading of spam is not the worst thing that these bots can do – if they manage to rob from you via Twitter then that is a far more worrying prospect. In order to avoid this scenario, be wary of every Tweet before opening the content that is contains and, where possible, avoid really popular hashtags. You never know which of them has been infiltrated by an army of bots with bad intentions.

The post The bots on Twitter aren’t harmless – cybercriminals use them to steal your information! appeared first on MediaCenter Panda Security.

CentOS

CESA-2015:1514 Important CentOS 5 bind SecurityUpdate

CentOS Errata and Security Advisory 2015:1514 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1514.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
e94c5d303a687961e27faefb38542d43f85e8d50bfcb2eec97b29a4b401a7e94  bind-9.3.6-25.P1.el5_11.3.i386.rpm
2602a6619c15b9352753ca9a59f645ac19ec16eeb07c1186a1a48295b3dcba30  bind-chroot-9.3.6-25.P1.el5_11.3.i386.rpm
e90145a4e6f3bcbac6fb566d92385361c212af5171a429ac09680bf20996a70f  bind-devel-9.3.6-25.P1.el5_11.3.i386.rpm
67f04bc05d5ccb05e4c13f8b8fe4d65b1fc1b611c6d8510c85685235e2e07b4e  bind-libbind-devel-9.3.6-25.P1.el5_11.3.i386.rpm
ccf15a3e6dc0e09b007de214a97790d5d0f330994fc71a7fc31e61ab8959401a  bind-libs-9.3.6-25.P1.el5_11.3.i386.rpm
5e964b2eeabebdcc277c67cb9c66ab948a1bab42ffa1709072672d0e31975c8e  bind-sdb-9.3.6-25.P1.el5_11.3.i386.rpm
272cdaa8afedde309f4c056bf81bacd0040aba1ba9c6bd74b06c3447d19f5d79  bind-utils-9.3.6-25.P1.el5_11.3.i386.rpm
3a6ef4acad542497ad5dd4b9cf6f9a5f929f201c5da4ef0ea8edf08f36a42491  caching-nameserver-9.3.6-25.P1.el5_11.3.i386.rpm

x86_64:
121cd9c943ab2f9a2e2e3e9085df43ea552e62c31d2160f390a41779645ddf3c  bind-9.3.6-25.P1.el5_11.3.x86_64.rpm
60939ff13f60f6bfe4e0fcfe176573c88b659b12b42755d389f5cc4b6ddcf7d2  bind-chroot-9.3.6-25.P1.el5_11.3.x86_64.rpm
e90145a4e6f3bcbac6fb566d92385361c212af5171a429ac09680bf20996a70f  bind-devel-9.3.6-25.P1.el5_11.3.i386.rpm
93b096322b3b84c88f7d193dd600098f5571e1257532d49fa27dfcc8a6488973  bind-devel-9.3.6-25.P1.el5_11.3.x86_64.rpm
67f04bc05d5ccb05e4c13f8b8fe4d65b1fc1b611c6d8510c85685235e2e07b4e  bind-libbind-devel-9.3.6-25.P1.el5_11.3.i386.rpm
c99671bfe37a76a782e93e046f96983080327bc00d721c5e9d7808585f14f373  bind-libbind-devel-9.3.6-25.P1.el5_11.3.x86_64.rpm
ccf15a3e6dc0e09b007de214a97790d5d0f330994fc71a7fc31e61ab8959401a  bind-libs-9.3.6-25.P1.el5_11.3.i386.rpm
7cc7bb6a588e4ad88cfd7e230ae8b74d400e171d243b10bfbdb1106dd1773193  bind-libs-9.3.6-25.P1.el5_11.3.x86_64.rpm
be171ab4bcd0022a9d84ff36b68e38d5fd91d9d64e65527e6c3752a4cffdc2e0  bind-sdb-9.3.6-25.P1.el5_11.3.x86_64.rpm
a3ed13e15585701c1d9161d4e137d1492c740ef8601b9e9b1200cacf641c7830  bind-utils-9.3.6-25.P1.el5_11.3.x86_64.rpm
41ecfadef75c7f423f87e0fc32ee9ecb0f279db8167cbc16ffe985d17b3249eb  caching-nameserver-9.3.6-25.P1.el5_11.3.x86_64.rpm

Source:
07f2f7dda39914aeef316af6aa9e48ca450dba8b39393b210073f4482a42ec42  bind-9.3.6-25.P1.el5_11.3.src.rpm