Monthly Archives: September 2015

Ubuntu

USN-2726-1: Expat vulnerability

Leave a comment

Ubuntu Security Notice USN-2726-1

31st August, 2015

expat vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 15.04
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Expat could be made to crash or run programs as your login if it opened a
specially crafted file.

Software description

  • expat
    – XML parsing C library

Details

It was discovered that Expat incorrectly handled malformed XML data. If a
user or application linked against Expat were tricked into opening a
crafted XML file, an attacker could cause a denial of service, or possibly
execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.04:
libexpat1

2.1.0-6ubuntu1.1
lib64expat1

2.1.0-6ubuntu1.1
Ubuntu 14.04 LTS:
libexpat1

2.1.0-4ubuntu1.1
lib64expat1

2.1.0-4ubuntu1.1
Ubuntu 12.04 LTS:
libexpat1

2.0.1-7.2ubuntu1.2
lib64expat1

2.0.1-7.2ubuntu1.2

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system upgrade you need to restart any applications linked
against Expat to effect the necessary changes.

References

CVE-2015-1283

Ubuntu

USN-2727-1: GnuTLS vulnerabilities

Leave a comment

Ubuntu Security Notice USN-2727-1

1st September, 2015

gnutls28 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 15.04

Summary

GnuTLS could be made to crash or run programs if it processed a specially
crafted certificate.

Software description

  • gnutls28
    – GNU TLS library

Details

It was discovered that GnuTLS incorrectly handled parsing CRL distribution
points. A remote attacker could possibly use this issue to cause a denial
of service, or execute arbitrary code. (CVE-2015-3308)

Kurt Roeckx discovered that GnuTLS incorrectly handled a long
DistinguishedName (DN) entry in a certificate. A remote attacker could
possibly use this issue to cause a denial of service, or execute arbitrary
code. (CVE-2015-6251)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.04:
libgnutls-deb0-28

3.3.8-3ubuntu3.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2015-3308,

CVE-2015-6251

Full Disclosure

[CORE-2015-0013] – FortiClient Antivirus Multiple Vulnerabilities

Leave a comment

Posted by CORE Advisories Team on Sep 01

1. Advisory Information

Title: FortiClient Antivirus Multiple Vulnerabilities
Advisory ID: CORE-2015-0013
Advisory URL: http://www.coresecurity.com/advisories/forticlient-antivirus-multiple-vulnerabilities
Date published: 2015-09-01
Date of last update: 2015-09-01
Vendors contacted: Fortinet
Release mode: Coordinated release

2. Vulnerability Information

Class: Information Exposure [CWE-200], Write-what-where Condition [CWE-123], Exposed…

CentOS

CESA-2015:1699 Moderate CentOS 6 nss-softoknSecurity Update

Leave a comment 
CentOS Errata and Security Advisory 2015:1699 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1699.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
5fcfe60107924f132e329a7c3106262b67498960c167f311770257670f955394  nss-softokn-3.14.3-23.el6_7.i686.rpm
8fe28e2fc4a93d165c351d23b2023a122ad3ffe46ce165eca77a782588d49095  nss-softokn-devel-3.14.3-23.el6_7.i686.rpm
e18491a0502de2be4bec0921f7d781e18e175b6c8ad81ca0c164ea75132b5fc3  nss-softokn-freebl-3.14.3-23.el6_7.i686.rpm
8bdc20b8cd53e74f50b11e929a82720e8a2f2d0e8dc9ca5aa69fe4771788273b  nss-softokn-freebl-devel-3.14.3-23.el6_7.i686.rpm

x86_64:
5fcfe60107924f132e329a7c3106262b67498960c167f311770257670f955394  nss-softokn-3.14.3-23.el6_7.i686.rpm
4b01afc8e522112ad555a9ff8055f612690f36278a5ffe0a9758384616c975aa  nss-softokn-3.14.3-23.el6_7.x86_64.rpm
8fe28e2fc4a93d165c351d23b2023a122ad3ffe46ce165eca77a782588d49095  nss-softokn-devel-3.14.3-23.el6_7.i686.rpm
b88ffdab79d44adc38547936e8dc27657668cb119400bf40dc5f06841f23811e  nss-softokn-devel-3.14.3-23.el6_7.x86_64.rpm
e18491a0502de2be4bec0921f7d781e18e175b6c8ad81ca0c164ea75132b5fc3  nss-softokn-freebl-3.14.3-23.el6_7.i686.rpm
21daeb0da2a7bfdbad5eec9af53bd5544519fb3408a4e5ca639a87f083d647bd  nss-softokn-freebl-3.14.3-23.el6_7.x86_64.rpm
8bdc20b8cd53e74f50b11e929a82720e8a2f2d0e8dc9ca5aa69fe4771788273b  nss-softokn-freebl-devel-3.14.3-23.el6_7.i686.rpm
d48d63f9e7021d239965c463a1eda987e1de8297be51e465fe47552f36a745c8  nss-softokn-freebl-devel-3.14.3-23.el6_7.x86_64.rpm

Source:
9a102fb89f11aace8fd00ee6d96a4306e55096600e949b71439c4a8c79554a91  nss-softokn-3.14.3-23.el6_7.src.rpm
CentOS

CESA-2015:1695 Important CentOS 6 jakarta-taglibs-standard Security Update

Leave a comment 
CentOS Errata and Security Advisory 2015:1695 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1695.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
8734f41a46e678a9256333fe5fd068cfb3ea94b561340fa54b6230e9fd9e4550  jakarta-taglibs-standard-1.1.1-11.7.el6_7.noarch.rpm
3c10722f61c4ce7891a0192f09d62bc0326dd58aa109ef718e9348b7e8eee8cb  jakarta-taglibs-standard-javadoc-1.1.1-11.7.el6_7.noarch.rpm

x86_64:
8734f41a46e678a9256333fe5fd068cfb3ea94b561340fa54b6230e9fd9e4550  jakarta-taglibs-standard-1.1.1-11.7.el6_7.noarch.rpm
3c10722f61c4ce7891a0192f09d62bc0326dd58aa109ef718e9348b7e8eee8cb  jakarta-taglibs-standard-javadoc-1.1.1-11.7.el6_7.noarch.rpm

Source:
66f3e729df06bcbb30265e7c31922c23a6fab0590da90973070c7f4402fb7a08  jakarta-taglibs-standard-1.1.1-11.7.el6_7.src.rpm
CentOS

CESA-2015:1700 Important CentOS 6 pcs SecurityUpdate

Leave a comment 
CentOS Errata and Security Advisory 2015:1700 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1700.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
04d8c7473ff56d13b5c9599c685fd5535cfc973bdcd3c7c30e5a662ae0e2942b  pcs-0.9.139-9.el6_7.1.i686.rpm

x86_64:
1b6670c2ec2b6b546d4b469c84b2db0f1cde3ca2a66cc085c4579ff546568628  pcs-0.9.139-9.el6_7.1.x86_64.rpm

Source:
6cc0bd0e3344f93909e8cf16e70a23093cdd1a81fdcb9165d8ce6e3da7625538  pcs-0.9.139-9.el6_7.1.src.rpm