[RT-SA-2015-005] o2/Telefonica Germany: ACS Discloses VoIP/SIP Credentials
Monthly Archives: January 2016
Bugtraq: MobaXTerm before version 8.5 vulnerability in "jump host" functionality
MobaXTerm before version 8.5 vulnerability in “jump host” functionality
Bugtraq: Executable installers are vulnerable^WEVIL (case 20): TrueCrypt's installers allow arbitrary (remote) code execution and escalation of privilege
Executable installers are vulnerable^WEVIL (case 20): TrueCrypt’s installers allow arbitrary (remote) code execution and escalation of privilege
RHSA-2016:0016-1: Moderate: samba security update
Red Hat Enterprise Linux: Updated samba packages that fix multiple security issues are now available
for Red Hat Gluster Storage 3.1 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-5330
RHSA-2016:0014-1: Moderate: libldb security update
Red Hat Enterprise Linux: Updated libldb packages that fix two security issues are now available for
Red Hat Gluster Storage 3.1.
Red Hat Product Security has rated this update as having Moderate security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2015-3223, CVE-2015-5330
USN-2865-1: GnuTLS vulnerability
Ubuntu Security Notice USN-2865-1
8th January, 2016
gnutls26, gnutls28 vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
GnuTLS could be made to expose sensitive information over the network.
Software description
- gnutls26
– GNU TLS library - gnutls28
– GNU TLS library
Details
Karthikeyan Bhargavan and Gaetan Leurent discovered that GnuTLS incorrectly
allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were
able to perform a man-in-the-middle attack, this flaw could be exploited to
view sensitive information.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 15.04:
-
libgnutls-openssl27
3.3.8-3ubuntu3.2
-
libgnutls-deb0-28
3.3.8-3ubuntu3.2
-
libgnutlsxx28
3.3.8-3ubuntu3.2
- Ubuntu 14.04 LTS:
-
libgnutlsxx27
2.12.23-12ubuntu2.4
-
libgnutls-openssl27
2.12.23-12ubuntu2.4
-
libgnutls26
2.12.23-12ubuntu2.4
- Ubuntu 12.04 LTS:
-
libgnutlsxx27
2.12.14-5ubuntu3.11
-
libgnutls-openssl27
2.12.14-5ubuntu3.11
-
libgnutls26
2.12.14-5ubuntu3.11
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.
References
USN-2866-1: Firefox vulnerability
Ubuntu Security Notice USN-2866-1
8th January, 2016
firefox vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 15.10
- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
Firefox could be made to expose sensitive information over the network.
Software description
- firefox
– Mozilla Open Source web browser
Details
Karthikeyan Bhargavan and Gaetan Leurent discovered that NSS incorrectly
allowed MD5 to be used for TLS 1.2 connections. If a remote attacker were
able to perform a man-in-the-middle attack, this flaw could be exploited to
view sensitive information.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 15.10:
-
firefox
43.0.4+build3-0ubuntu0.15.10.1
- Ubuntu 15.04:
-
firefox
43.0.4+build3-0ubuntu0.15.04.1
- Ubuntu 14.04 LTS:
-
firefox
43.0.4+build3-0ubuntu0.14.04.1
- Ubuntu 12.04 LTS:
-
firefox
43.0.4+build3-0ubuntu0.12.04.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart Firefox to make
all the necessary changes.
References
CVE-2015-6933
The VMware Tools HGFS (aka Shared Folders) implementation in VMware Workstation 11.x before 11.1.2, VMware Player 7.x before 7.1.2, VMware Fusion 7.x before 7.1.2, and VMware ESXi 5.0 through 6.0 allows Windows guest OS users to gain guest OS privileges or cause a denial of service (guest OS kernel memory corruption) via unspecified vectors.
CVE-2015-7085
Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, CVE-2015-7092, and CVE-2015-7117.
CVE-2015-7086
Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, CVE-2015-7092, and CVE-2015-7117.