Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands.
Monthly Archives: August 2015
CVE-2015-5165 (xen)
The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.
CVE-2015-5166 (xen)
Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.
CVE-2015-5718 (content_gateway)
Stack-based buffer overflow in the handle_debug_network function in the manager in Websense Content Gateway before 8.0.0 HF02 allows remote administrators to cause a denial of service (crash) via a crafted diagnostic command line request to submit_net_debug.cgi.
CEBA-2015:1596 CentOS 7 filesystem FASTTRACKBugFix Update
CentOS Errata and Bugfix Advisory 2015:1596 Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-1596.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 865119d716a0e4d4f57b2d075f242fbf11d6af440f24ce052ae568e0f369d685 filesystem-3.2-20.el7.x86_64.rpm Source: 0063f44da1df467e4b1d94cc3aed08d67a86d820fe7c2d409f05530740305345 filesystem-3.2-20.el7.src.rpm
[Onapsis Security Advisory 2015-011] SAP Mobile Platform DataVault Predictable encryption passwords for Configuration Values
Posted by Onapsis Research Labs on Aug 12
Onapsis Security Advisory 2015-011: SAP Mobile Platform DataVault
Predictable encryption passwordsfor Configuration Values
1. Impact on Business
———————
By exploiting this vulnerability an attacker with access to a vulnerable
mobile device would be able to decrypt and modify sensitive configuration
values used by SAP business applications.
Risk Level: High
2. Advisory Information
———————–
* Public Release…
[Onapsis Security Advisory 2015-010] SAP Mobile Platform DataVault Keystream Recovery
Posted by Onapsis Research Labs on Aug 12
Onapsis Security Advisory 2015-010: SAP Mobile Platform DataVault
Keystream Recovery
1. Impact on Business
———————
By exploiting this vulnerability an attacker with access to a vulnerable
mobile device would be able to decrypt credentials and other sensitive
information stored in it, potentially being able to connect to other
business systems.
Risk Level: High
2. Advisory Information
———————–
* Public Release…
[Onapsis Security Advisory 2015-012] SAP Mobile Platform DataVault Predictable Encryption Password for Secure Storage
Posted by Onapsis Research Labs on Aug 12
Onapsis Security Advisory 2015-012: SAP Mobile Platform DataVault
Predictable Encryption Password for Secure Storage
1. Impact on Business
———————
By exploiting this vulnerability an attacker with access to a vulnerable
mobile device would be able to read sensitive information, including
encrypted log in credentials, stored in the device, potentially
connecting to business applications and accessing or modifying business…
Firefox 40 Begins Warning Users About Unsigned Add-Ons
With Tuesday’s release of Firefox 40, Mozilla has begun the process of requiring all add-ons for the browser to be signed. The company announced the forthcoming change in February, and Firefox 40 is the first version to warn users about unsigned add-ons. The goal for the change in policy is to protect users from malicious extensions […]
USN-2702-1: Firefox vulnerabilities
Ubuntu Security Notice USN-2702-1
11th August, 2015
firefox vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Software description
- firefox
– Mozilla Open Source web browser
Details
Gary Kwong, Christian Holler, Byron Campen, Tyson Smith, Bobby Holley,
Chris Coulson, and Eric Rahm discovered multiple memory safety issues in
Firefox. If a user were tricked in to opening a specially crafted website,
an attacker could potentially exploit these to cause a denial of service
via application crash, or execute arbitrary code with the privileges of
the user invoking Firefox. (CVE-2015-4473, CVE-2015-4474)
Aki Helin discovered an out-of-bounds read when playing malformed MP3
content in some circumstances. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
obtain sensitive information, cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2015-4475)
A use-after-free was discovered during MediaStream playback in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash or execute arbitrary code with the
priviliges of the user invoking Firefox. (CVE-2015-4477)
André Bargull discovered that non-configurable properties on javascript
objects could be redefined when parsing JSON. If a user were tricked in to
opening a specially crafted website, an attacker could potentially exploit
this to bypass same-origin restrictions. (CVE-2015-4478)
Multiple integer overflows were discovered in libstagefright. If a user
were tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via application
crash, or execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2015-4479, CVE-2015-4480, CVE-2015-4493)
Jukka Jylänki discovered a crash that occurs because javascript does not
properly gate access to Atomics or SharedArrayBuffers in some
circumstances. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service. (CVE-2015-4484)
Abhishek Arya discovered 2 buffer overflows in libvpx when decoding
malformed WebM content in some circumstances. If a user were tricked in
to opening a specially crafted website, an attacker could potentially
exploit these to cause a denial of service via application crash, or
execute arbitrary code with the privileges of the user invoking Firefox.
(CVE-2015-4485, CVE-2015-4486)
Ronald Crane reported 3 security issues. If a user were tricked in to
opening a specially crafted website, an attacker could potentially
exploit these, in combination with another security vulnerability, to
cause a denial of service via application crash, or execute arbitrary
code with the privileges of the user invoking Firefox. (CVE-2015-4487,
CVE-2015-4488, CVE-2015-4489)
Christoph Kerschbaumer discovered an issue with Mozilla’s implementation
of Content Security Policy (CSP), which could allow for a more permissive
usage in some cirucumstances. An attacker could potentially exploit this
to conduct cross-site scripting (XSS) attacks. (CVE-2015-4490)
Gustavo Grieco discovered a heap overflow in gdk-pixbuf. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via application
crash or execute arbitrary code with the priviliges of the user invoking
Firefox. (CVE-2015-4491)
Looben Yang discovered a use-after-free when using XMLHttpRequest with
shared workers in some circumstances. If a user were tricked in to opening
a specially crafted website, an attacker could potentially exploit this to
cause a denial of service via application crash or execute arbitrary code
with the priviliges of the user invoking Firefox. (CVE-2015-4492)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 15.04:
-
firefox
40.0+build4-0ubuntu0.15.04.1
- Ubuntu 14.04 LTS:
-
firefox
40.0+build4-0ubuntu0.14.04.1
- Ubuntu 12.04 LTS:
-
firefox
40.0+build4-0ubuntu0.12.04.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart Firefox to make
all the necessary changes.