Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establishing many TLS sessions to a multithreaded server, leading to use of a negative value for a certain length field.
Monthly Archives: July 2015
RHSA-2015:1210-1: Moderate: abrt security update
Red Hat Enterprise Linux: Updated abrt packages that fix multiple security issues are now available
for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2015-1869, CVE-2015-1870, CVE-2015-3142, CVE-2015-3147, CVE-2015-3159, CVE-2015-3315
USN-2659-1: cups-filters vulnerabilities
Ubuntu Security Notice USN-2659-1
6th July, 2015
cups-filters vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 15.04
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
cups-filters could be made to crash or run programs as the lp user if it
processed a specially crafted print job.
Software description
- cups-filters
– OpenPrinting CUPS Filters
Details
Petr Sklenar discovered that the cups-filters texttopdf filter incorrectly
handled line sizes. A remote attacker could use this issue to cause a
denial of service, or possibly execute arbitrary code as the lp user.
(CVE-2015-3258, CVE-2015-3279)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 15.04:
-
cups-filters
1.0.67-0ubuntu2.2
- Ubuntu 14.10:
-
cups-filters
1.0.61-0ubuntu2.3
- Ubuntu 14.04 LTS:
-
cups-filters
1.0.52-0ubuntu1.5
- Ubuntu 12.04 LTS:
-
cups-filters
1.0.18-0ubuntu0.4
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
USN-2658-1: PHP vulnerabilities
Ubuntu Security Notice USN-2658-1
6th July, 2015
php5 vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 15.04
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
Several security issues were fixed in PHP.
Software description
- php5
– HTML-embedded scripting language interpreter
Details
Neal Poole and Tomas Hoger discovered that PHP incorrectly handled NULL
bytes in file paths. A remote attacker could possibly use this issue to
bypass intended restrictions and create or obtain access to sensitive
files. (CVE-2015-3411, CVE-2015-3412, CVE-2015-4025, CVE-2015-4026,
CVE-2015-4598)
Emmanuel Law discovered that the PHP phar extension incorrectly handled
filenames starting with a NULL byte. A remote attacker could use this issue
with a crafted tar archive to cause a denial of service. (CVE-2015-4021)
Max Spelsberg discovered that PHP incorrectly handled the LIST command
when connecting to remote FTP servers. A malicious FTP server could
possibly use this issue to execute arbitrary code. (CVE-2015-4022,
CVE-2015-4643)
Shusheng Liu discovered that PHP incorrectly handled certain malformed form
data. A remote attacker could use this issue with crafted form data to
cause CPU consumption, leading to a denial of service. (CVE-2015-4024)
Andrea Palazzo discovered that the PHP Soap client incorrectly validated
data types. A remote attacker could use this issue with crafted serialized
data to possibly execute arbitrary code. (CVE-2015-4147)
Andrea Palazzo discovered that the PHP Soap client incorrectly validated
that the uri property is a string. A remote attacker could use this issue
with crafted serialized data to possibly obtain sensitive information.
(CVE-2015-4148)
Taoguang Chen discovered that PHP incorrectly validated data types in
multiple locations. A remote attacker could possibly use these issues to
obtain sensitive information or cause a denial of service. (CVE-2015-4599,
CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603)
It was discovered that the PHP Fileinfo component incorrectly handled
certain files. A remote attacker could use this issue to cause PHP to
crash, resulting in a denial of service. This issue only affected Ubuntu
15.04. (CVE-2015-4604, CVE-2015-4605)
It was discovered that PHP incorrectly handled table names in
php_pgsql_meta_data. A local attacker could possibly use this issue to
cause PHP to crash, resulting in a denial of service. (CVE-2015-4644)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 15.04:
-
php5-cli
5.6.4+dfsg-4ubuntu6.2
-
php5-cgi
5.6.4+dfsg-4ubuntu6.2
-
libapache2-mod-php5
5.6.4+dfsg-4ubuntu6.2
-
php5-fpm
5.6.4+dfsg-4ubuntu6.2
- Ubuntu 14.10:
-
php5-cli
5.5.12+dfsg-2ubuntu4.6
-
php5-cgi
5.5.12+dfsg-2ubuntu4.6
-
libapache2-mod-php5
5.5.12+dfsg-2ubuntu4.6
-
php5-fpm
5.5.12+dfsg-2ubuntu4.6
- Ubuntu 14.04 LTS:
-
php5-cli
5.5.9+dfsg-1ubuntu4.11
-
php5-cgi
5.5.9+dfsg-1ubuntu4.11
-
libapache2-mod-php5
5.5.9+dfsg-1ubuntu4.11
-
php5-fpm
5.5.9+dfsg-1ubuntu4.11
- Ubuntu 12.04 LTS:
-
php5-cli
5.3.10-1ubuntu3.19
-
php5-cgi
5.3.10-1ubuntu3.19
-
libapache2-mod-php5
5.3.10-1ubuntu3.19
-
php5-fpm
5.3.10-1ubuntu3.19
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
FreeBSD-SA-15:11.bind
EMC Documentum Content Server ESA-2014-105 Fail
A vulnerability exists in the EMC Documentum Content Server which allows an authenticated user to elevate privileges, hijack Content Server filesystem, or execute arbitrary commands by creating malicious dm_job objects. Although ESA-2014-105 claimed to remediate this issue, it persists.
Debian Security Advisory 3301-1
Debian Linux Security Advisory 3301-1 – Charlie Smurthwaite of aTech Media discovered a flaw in HAProxy, a fast and reliable load balancing reverse proxy, when HTTP pipelining is used. A client can take advantage of this flaw to cause data corruption and retrieve uninitialized memory contents that exhibit data from a past request or session.
Gentoo Linux Security Advisory 201507-02
Gentoo Linux Security Advisory 201507-2 – Two vulnerabilities have been found in Tor, the worst of which can allow remote attackers to cause a Denial of Service condition. Versions less than 0.2.6.7 are affected.
Ubuntu Security Notice USN-2659-1
Ubuntu Security Notice 2659-1 – Petr Sklenar discovered that the cups-filters texttopdf filter incorrectly handled line sizes. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code as the lp user.
Debian Security Advisory 3300-1
Debian Linux Security Advisory 3300-1 – Multiple security issues have been found in Iceweasel, Debian’s version of the Mozilla Firefox web browser. Multiple memory safety errors, use-after-frees and other implementation errors may lead to the execution of arbitrary code or denial of service. This update also addresses a vulnerability in DHE key processing commonly known as the “LogJam” vulnerability.