Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2015-1819, CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-7941, CVE-2015-7942, CVE-2015-8241, CVE-2015-8242, CVE-2015-8317

Redhat

RHSA-2015:2549-1: Moderate: libxml2 security update

December 7, 2015 007admin

Red Hat Enterprise Linux: Updated libxml2 packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, CVE-2015-7941, CVE-2015-7942, CVE-2015-8241, CVE-2015-8242, CVE-2015-8317

Ubuntu

USN-2830-1: OpenSSL vulnerabilities

December 7, 2015 007admin

Ubuntu Security Notice USN-2830-1

7th December, 2015

openssl vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 15.10
Ubuntu 15.04
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS

Summary

Several security issues were fixed in OpenSSL.

Software description

openssl
– Secure Socket Layer (SSL) cryptographic library and tools

Details

Guy Leaver discovered that OpenSSL incorrectly handled a ServerKeyExchange
for an anonymous DH ciphersuite with the value of p set to 0. A remote
attacker could possibly use this issue to cause OpenSSL to crash, resulting
in a denial of service. This issue only applied to Ubuntu 15.10.
(CVE-2015-1794)

Hanno Böck discovered that the OpenSSL Montgomery squaring procedure
algorithm may produce incorrect results when being used on x86_64. A remote
attacker could possibly use this issue to break encryption. This issue only
applied to Ubuntu 15.10. (CVE-2015-3193)

Loïc Jonas Etienne discovered that OpenSSL incorrectly handled ASN.1
signatures with a missing PSS parameter. A remote attacker could possibly
use this issue to cause OpenSSL to crash, resulting in a denial of service.
(CVE-2015-3194)

Adam Langley discovered that OpenSSL incorrectly handled malformed
X509_ATTRIBUTE structures. A remote attacker could possibly use this issue
to cause OpenSSL to consume resources, resulting in a denial of service.
(CVE-2015-3195)

It was discovered that OpenSSL incorrectly handled PSK identity hints. A
remote attacker could possibly use this issue to cause OpenSSL to crash,
resulting in a denial of service. This issue only applied to Ubuntu 12.04
LTS, Ubuntu 14.04 LTS and Ubuntu 15.04. (CVE-2015-3196)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:: libssl1.0.0

1.0.2d-0ubuntu1.2
Ubuntu 15.04:: libssl1.0.0

1.0.1f-1ubuntu11.5
Ubuntu 14.04 LTS:: libssl1.0.0

1.0.1f-1ubuntu2.16
Ubuntu 12.04 LTS:: libssl1.0.0

1.0.1-4ubuntu5.32

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

007 Software

Monthly Archives: December 2015

Vuln: HP LoadRunner Virtual Table Server CVE-2015-6857 Local Code Execution Vulnerability

Vuln: OpenSSL CVE-2015-1789 Out of Bounds Read Denial of Service Vulnerability

Vuln: IBM WebSphere Application Server CVE-2015-7450 Remote Code Execution Vulnerability

Bugtraq: WebBoutiques Cms Cross-Site Scripting Vulnerability

Bugtraq: iScripts Multicart Cms Multiple Vulnerability

Bugtraq: Executable installers are vulnerable^WEVIL (case 8): vlc-*.exe allows remote code execution with escalation of privilege

Bugtraq: Executable installers are vulnerable^WEVIL (case 2): NSIS allows remote code execution with escalation of privilege

RHSA-2015:2550-1: Moderate: libxml2 security update