Typo3

Cross-Site Scripting in TYPO3 component CSS styled content

February 23, 2016 007admin Leave a comment

Component Type: TYPO3 CMS

Release Date: February 23, 2016

Vulnerable subcomponent: CSS styled content

Vulnerability Type: Cross-Site Scripting

Affected Versions: Versions 6.2.0 to 6.2.18 and 7.6.0 to 7.6.3

Severity: Medium

Suggested CVSS v2.0: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:P/RL:O/RC:C

CVE: not assigned yet

Problem Description: Failing to properly encode user input, the CSS styled content component is susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML or JavaScript.

Solution: Update to TYPO3 versions 6.2.19 or 7.6.4 that fix the problem described.

Credits: Thanks to Jakub Galczyk who discovered and reported the issue.

General Advice: Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list.

General Note: All security related code changes are tagged so that you can easily look them up on our review system.

Typo3

Cross-Site Scripting in TYPO3 component Backend

February 23, 2016 007admin Leave a comment

Component Type: TYPO3 CMS

Release Date: February 23, 2016

Vulnerable subcomponent: Backend

Vulnerability Type: Cross-Site Scripting

Affected Versions: Versions 6.2.0 to 6.2.18

Severity: Low

Suggested CVSS v2.0: AV:N/AC:M/Au:S/C:P/I:P/A:P/E:P/RL:O/RC:C

CVE: not assigned yet

Problem Description: Failing to properly encode incoming data, the bookmark toolbar is susceptible to Cross-Site Scripting.

Solution: Update to TYPO3 version 6.2.19 that fixes the problem described.

Credits: Thanks to Filipe Reis who discovered and reported the issue.

General Advice: Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list.

General Note: All security related code changes are tagged so that you can easily look them up on our review system.

Typo3

XML External Entity (XXE) Processing in TYPO3 Core

February 23, 2016 007admin Leave a comment

Component Type: TYPO3 CMS

Release Date: February 23, 2016

Vulnerable subcomponent: TYPO3 CMS

Vulnerability Type: XML External Entity Processing

Affected Versions: Versions 6.2.0 to 6.2.18 and 7.6.0 to 7.6.3

Severity: Low

Suggested CVSS v2.0: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:P/RL:O/RC:C

CVE: not assigned yet

Problem Description: All XML processing within the TYPO3 CMS are vulnerable to XEE processing. This can lead to load internal and/or external (file) content within an XML structure. Furthermore it is possible to inject arbitrary files for an XML Denial of Service attack. For more information on that topic see https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing.

Solution: Update to TYPO3 versions 6.2.19 or 7.6.4 that fix the problem described.

Important Note: Systems using a PHP version with libxml2 >= 2.9 should be protected by default. Since version 2.9 the library changed its behavior to disallow external entity processing by default.

Credits: Thanks to security team member Marcus Krause who discovered and reported the issue.

General Advice: Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list.

General Note: All security related code changes are tagged so that you can easily look them up on our review system.

Redhat

RHEA-2016:0285-1: nodejs010 bug fix and enhancement update

February 23, 2016 007admin Leave a comment

Red Hat Enterprise Linux: Updated nodejs010 packages that fix two bugs and add one enhancement are now
available for Red Hat Software Collections.

Redhat

RHBA-2016:0284-1: Red Hat Enterprise Linux OpenStack Platform Installer update

February 23, 2016 007admin Leave a comment

Red Hat Enterprise Linux: Updated Red Hat Enterprise Linux OpenStack Platform Installer packages that fix
several bugs are now available for Red Hat Enterprise Linux OpenStack Platform
6.0.

Redhat

RHBA-2016:0283-1: openstack-nova bug fix advisory

February 23, 2016 007admin Leave a comment

Red Hat Enterprise Linux: Updated OpenStack Compute packages that resolve various issues are now
available for Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for
RHEL 7.

Redhat

RHSA-2016:0286-1: Critical: chromium-browser security update

February 23, 2016 007admin Leave a comment

Red Hat Enterprise Linux: Updated chromium-browser packages that fix two security issues are now
available for Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2016-1629

Ubuntu

USN-2906-1: GNU cpio vulnerabilities

February 23, 2016 007admin Leave a comment

Ubuntu Security Notice USN-2906-1

22nd February, 2016

cpio vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 15.10
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS

Summary

Several security issues were fixed in GNU cpio.

Software description

cpio
– a tool to manage archives of files

Details

Alexander Cherepanov discovered that GNU cpio incorrectly handled symbolic
links when used with the –no-absolute-filenames option. If a user or
automated system were tricked into extracting a specially-crafted cpio
archive, a remote attacker could possibly use this issue to write arbitrary
files. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS.
(CVE-2015-1197)

Gustavo Grieco discovered that GNU cpio incorrectly handled memory when
extracting archive files. If a user or automated system were tricked into
extracting a specially-crafted cpio archive, a remote attacker could use
this issue to cause GNU cpio to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2016-2037)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.10:: cpio

2.11+dfsg-4.1ubuntu1.1
Ubuntu 14.04 LTS:: cpio

2.11+dfsg-1ubuntu1.2
Ubuntu 12.04 LTS:: cpio

2.11-7ubuntu3.2

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2015-1197,

CVE-2016-2037

Ubuntu

USN-2907-1: Linux kernel vulnerabilities

February 23, 2016 007admin Leave a comment

Ubuntu Security Notice USN-2907-1

22nd February, 2016

linux vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 14.04 LTS

Summary

Several security issues were fixed in the kernel.

Software description

linux
– Linux kernel

Details

halfdog discovered that OverlayFS, when mounting on top of a FUSE mount,
incorrectly propagated file attributes, including setuid. A local
unprivileged attacker could use this to gain privileges. (CVE-2016-1576)

halfdog discovered that OverlayFS in the Linux kernel incorrectly
propagated security sensitive extended attributes, such as
POSIX ACLs. A local unprivileged attacker could use this to gain
privileges. (CVE-2016-1575)

It was discovered that the Linux kernel keyring subsystem contained a race
between read and revoke operations. A local attacker could use this to
cause a denial of service (system crash). (CVE-2015-7550)

郭永刚 discovered that the Linux kernel networking implementation did
not validate protocol identifiers for certain protocol families, A local
attacker could use this to cause a denial of service (system crash) or
possibly gain administrative privileges. (CVE-2015-8543)

Dmitry Vyukov discovered that the pptp implementation in the Linux kernel
did not verify an address length when setting up a socket. A local attacker
could use this to craft an application that exposed sensitive information
from kernel memory. (CVE-2015-8569)

David Miller discovered that the Bluetooth implementation in the Linux
kernel did not properly validate the socket address length for Synchronous
Connection-Oriented (SCO) sockets. A local attacker could use this to
expose sensitive information. (CVE-2015-8575)

It was discovered that the Linux kernel’s Filesystem in Userspace (FUSE)
implementation did not handle initial zero length segments properly. A
local attacker could use this to cause a denial of service (unkillable
task). (CVE-2015-8785)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:: linux-image-3.13.0-79-lowlatency

3.13.0-79.123; linux-image-3.13.0-79-powerpc-e500mc

3.13.0-79.123; linux-image-3.13.0-79-powerpc64-emb

3.13.0-79.123; linux-image-3.13.0-79-powerpc-e500

3.13.0-79.123; linux-image-3.13.0-79-generic

3.13.0-79.123; linux-image-3.13.0-79-powerpc-smp

3.13.0-79.123; linux-image-3.13.0-79-generic-lpae

3.13.0-79.123; linux-image-3.13.0-79-powerpc64-smp

3.13.0-79.123

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.