Several vulnerabilities were found in SPIP, a website engine for
publishing, resulting in code injection.
Monthly Archives: March 2016
CESA-2016:0448 Moderate CentOS 7 samba SecurityUpdate
CentOS Errata and Security Advisory 2016:0448 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0448.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 8c3cc313c91dd609e0548a46d3e4d2934d57a57e3cd44736cbc0f0d825e6206c ctdb-4.2.3-12.el7_2.x86_64.rpm ade9f36fbd89362e7424f236b4468e24a0de88968207e07036e1eba25b9ea58c ctdb-devel-4.2.3-12.el7_2.i686.rpm 88f0d6c5d02025f004d21805c79c278738161300c7c6be4ce1ad8701c02141fd ctdb-devel-4.2.3-12.el7_2.x86_64.rpm b5f57d8cfcefb045cf2451d576f0c623710485785f5ac93b0a03a4d0355c0719 ctdb-tests-4.2.3-12.el7_2.x86_64.rpm 45fe5fe849f0c6d3c2a075b39d0f37037e98f5fcb1a5ca70d54e29f2a79b4803 libsmbclient-4.2.3-12.el7_2.i686.rpm 552ea0c2e6bd4d8f4ac86dacb64d926cedca3175d516738974421585e562ab00 libsmbclient-4.2.3-12.el7_2.x86_64.rpm 260f87f58de4bf41661c9576239150670f1b47bd01f0448aacfbbc4c23c42f9a libsmbclient-devel-4.2.3-12.el7_2.i686.rpm dca10cd6b8c2bf5b6d0eab592f93df40b225fe98fa570016c65b5386cac7cf4c libsmbclient-devel-4.2.3-12.el7_2.x86_64.rpm f625e020324143d87a9c7c24b43ec12e44435530e4019858f0e38b4e6594b600 libwbclient-4.2.3-12.el7_2.i686.rpm 7743fcace1ba6514e6cde34a14fb5423b530a175c7fb5c8115e9f8a2b6df8ecb libwbclient-4.2.3-12.el7_2.x86_64.rpm ef8c363fac7cb8c66b7e3182cef38a5908df1e08b881bf84446a98281bc7a785 libwbclient-devel-4.2.3-12.el7_2.i686.rpm 2f4b16c5605208be9190faf22794b777fd2845ca8a2d110e9830e45137218834 libwbclient-devel-4.2.3-12.el7_2.x86_64.rpm d24a970c53d95645c0b0be760c7f3340be4046708df4a783c3df89fe3272b1fe samba-4.2.3-12.el7_2.x86_64.rpm 910b0062eb7aa59a818eed03387f77b9cd0826c74bdbe06aa13afcd94d2f8b58 samba-client-4.2.3-12.el7_2.x86_64.rpm 1c1c8b1fb433b03971d3eaaeea010aeb432414acd9a80d103912332914115599 samba-client-libs-4.2.3-12.el7_2.i686.rpm b1a5277231a4a9d209932cffc39f7c165c092714d13c19c560932d1b715502ad samba-client-libs-4.2.3-12.el7_2.x86_64.rpm b31d2d2d04310ca74846d059935d3cfd7c54fefddb1da52063ab79363349a014 samba-common-4.2.3-12.el7_2.noarch.rpm 5c9bd9ed75d77c5d41ef8b2fdddb1e7a0f8d45771ad6234cf713fe20180017db samba-common-libs-4.2.3-12.el7_2.x86_64.rpm 3750fca4d53124ad9c5c14be1a2baf386080b8239e4c2fed22c5430f3cfeb85a samba-common-tools-4.2.3-12.el7_2.x86_64.rpm cf23f4c1ec07bea5ae87f1655577895b590298f8e9d7c79248707cd60ff911fa samba-dc-4.2.3-12.el7_2.x86_64.rpm 2a5723c3349f519871301ef344a6e8db018891edd85d9a57a50048aa6d9e8da0 samba-dc-libs-4.2.3-12.el7_2.x86_64.rpm 1d547d0b97e25374ca67357c112ee4d35a2baaabb6ea0537bcc3b57fb2d33094 samba-devel-4.2.3-12.el7_2.i686.rpm ca1b1849f43e5d90686afa2398a21c35f6cf878a55b985e9389a8e8fac61cace samba-devel-4.2.3-12.el7_2.x86_64.rpm ec3c284a1994d8cbcc3c1b0ca8c2ea74f1763dd01e5fe1619a35b752c9170055 samba-libs-4.2.3-12.el7_2.i686.rpm f165bb86f1109a069b035b75f4c7d58f82085a65326742d1811ca66a0bf38be7 samba-libs-4.2.3-12.el7_2.x86_64.rpm d91f97907deb675b33b93800574524d54d2797de5678fdff41d8e1fa6e29e923 samba-pidl-4.2.3-12.el7_2.noarch.rpm b6fdd2e97a8f9029da925a45ad09904740df77eaf32253f9e22a1e01bc5dab5b samba-python-4.2.3-12.el7_2.x86_64.rpm 5d4f8d1c876a41d883fc45a598c5d4f295462fa4ce0c2d5dd9b2851bf1fe5324 samba-test-4.2.3-12.el7_2.x86_64.rpm daa259172c1a2ec48bb9f65f306e36fd71be9a2b67bd151d4d1d64a52af24283 samba-test-devel-4.2.3-12.el7_2.x86_64.rpm 828342a64e7ea3cde25e9c4720ae5ff25a9e3aaa702c690c5083fdc0320078da samba-test-libs-4.2.3-12.el7_2.i686.rpm 1dbd87dda1bcd47c29af0779c92e65bb08aa9cd60d72ee6a4a4a74ba2a56475a samba-test-libs-4.2.3-12.el7_2.x86_64.rpm a11c25786fa48cad2a922219e4342956824800c4b2ebe719fff56692ff8823b5 samba-vfs-glusterfs-4.2.3-12.el7_2.x86_64.rpm 2ed0a1237f01e4d3a73690c498b0ad93b8dc6d4fc50b8c9728230dc793e6ab51 samba-winbind-4.2.3-12.el7_2.x86_64.rpm 7874b20308965efe35a2ee3e370a36d32a4ef2786f5669273183efa05237e4ee samba-winbind-clients-4.2.3-12.el7_2.x86_64.rpm a5efdb81a5b907e2061e7a18d552a173596babda269a739e9915ebf604b0b03b samba-winbind-krb5-locator-4.2.3-12.el7_2.x86_64.rpm 5de1cb0d6cf245075dda495d44d0af2757be8f61b8de39ea26459ca7f8f47395 samba-winbind-modules-4.2.3-12.el7_2.i686.rpm 094a45e8548000d431e3926bddec06953d96e40ee4abef7464fd05652661ee81 samba-winbind-modules-4.2.3-12.el7_2.x86_64.rpm Source: e1d5b3a179f328f8b36a9e8a57ff57720d95cbfc421f0e7194b1f15a2f75e8cf samba-4.2.3-12.el7_2.src.rpm
CESA-2016:0449 Moderate CentOS 6 samba4 SecurityUpdate
CentOS Errata and Security Advisory 2016:0449 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0449.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 81b673f8138f2dd07c5b7da7c407019a3fdbad72dcae299320f082db2fd44c5e samba4-4.0.0-68.el6_7.rc4.i686.rpm 6691e7fd8436b9fd3fa786618a9cf55d9ec43f46db793f03ca02ae807a7bb40b samba4-client-4.0.0-68.el6_7.rc4.i686.rpm 9a2902004d50248c9eaeca24d3875cec18dc983213b414ae0c9ec66fc0d1dae1 samba4-common-4.0.0-68.el6_7.rc4.i686.rpm c576c5a0604d49cb440edaa7121ffbb4f7716b4e2a998e5c970b51c649ce79e4 samba4-dc-4.0.0-68.el6_7.rc4.i686.rpm 9d61faa081d7870660f2020a661d36764518606ac7259d03a1c6f97895003530 samba4-dc-libs-4.0.0-68.el6_7.rc4.i686.rpm ace320097a0e71ef33b535fe2d96be6e0a8ed87cdef6af88327899de0f9c3870 samba4-devel-4.0.0-68.el6_7.rc4.i686.rpm 8c8e4f07a3623d88a6c44a55921be4a8a738fba1d55e5ea99e9a137f34802f42 samba4-libs-4.0.0-68.el6_7.rc4.i686.rpm 9f47a014cebd152406acd5e2c08e7b97d7d116bcd64f4f0e6c70920ad81420dc samba4-pidl-4.0.0-68.el6_7.rc4.i686.rpm 2194f3117ac2aca866adac78c5b497a5e1ed2330a9a08483fd4701501e424e9f samba4-python-4.0.0-68.el6_7.rc4.i686.rpm fbdf435002051d20fe0d1f1208c0bc94fc041598338d2ecf9e64d57bddd6c472 samba4-swat-4.0.0-68.el6_7.rc4.i686.rpm b6e046d24ed24ef60e6c68bdb4bee14f42f2472ef97cfb59c7c68485119cea7d samba4-test-4.0.0-68.el6_7.rc4.i686.rpm f7adb813db4789b3d54eb3f21926e06244bd483cb53f1528f2cc6d81ae2da4e2 samba4-winbind-4.0.0-68.el6_7.rc4.i686.rpm 9bae92e4646c402258123193c5ac15639ec25039556ca8a959fe8f7fa7e79b20 samba4-winbind-clients-4.0.0-68.el6_7.rc4.i686.rpm 103c104561533a25f9b5fb3211eac0a1ee9c5706541253b2d68f365cd2097134 samba4-winbind-krb5-locator-4.0.0-68.el6_7.rc4.i686.rpm x86_64: 89b6244f7ea7f44e82b0724bbc9014673284d47ecbbef7037f78d20a36538665 samba4-4.0.0-68.el6_7.rc4.x86_64.rpm 384ace2be4554f2d4947bd84997e7dc1f9d216740bcb87b810cc831440bd65ee samba4-client-4.0.0-68.el6_7.rc4.x86_64.rpm ea8f08e7f0e1f8ed1cc3c4f45c5d38627c746bb474332e272b8eb6e012f6f74f samba4-common-4.0.0-68.el6_7.rc4.x86_64.rpm 563790e31cd6997d767e51cdd87594399b4a15728c2db181ceaff211d9d223a0 samba4-dc-4.0.0-68.el6_7.rc4.x86_64.rpm 732a7aaa07e1439558dbda0e08a5c92c3609487626ba0c63ee0e1dc84e6c81c4 samba4-dc-libs-4.0.0-68.el6_7.rc4.x86_64.rpm 001f341684a1182e3b02c5e565b1238ebaa8a2c2adafa534b33c6ab5eb1748c8 samba4-devel-4.0.0-68.el6_7.rc4.x86_64.rpm c81a9246444cb1e8777355783a94245ba77b482312569bcf3407d3eb4102e5d0 samba4-libs-4.0.0-68.el6_7.rc4.x86_64.rpm cc7a4f0eb21b859807fa04554a5b0e72cc81f4d945f2bed12fb837dbccc50fa1 samba4-pidl-4.0.0-68.el6_7.rc4.x86_64.rpm f852593cf4d2fc8300e6cd4d338be42c4669846ef4392d03882325d9561c9486 samba4-python-4.0.0-68.el6_7.rc4.x86_64.rpm e74441c9e2a590e3fcb8dec6b65bdc81ae5ef509cdb26c42d85290a4fd9ecbb7 samba4-swat-4.0.0-68.el6_7.rc4.x86_64.rpm 7bfee12336a558e8de44994b3254ee1cd3886cd3e073b1c0ab05043287415602 samba4-test-4.0.0-68.el6_7.rc4.x86_64.rpm f5a670ad012ff91c90b841cb83c87eb11f9f48d1670fa5e5da97a7a331b2a75f samba4-winbind-4.0.0-68.el6_7.rc4.x86_64.rpm a5eb2a76aa1a797d59b677d88c3a8071c4c70a4ae6c336ce45e2485ac1611024 samba4-winbind-clients-4.0.0-68.el6_7.rc4.x86_64.rpm 3373fd48c2810dfa5b7ca5f8a8c72c2ee1b0121f751730562ff93e1c5567d2bb samba4-winbind-krb5-locator-4.0.0-68.el6_7.rc4.x86_64.rpm Source: 25199187aba97fd9c62e550b1f8d8def3516f75060103ceadabce56b6108df49 samba4-4.0.0-68.el6_7.rc4.src.rpm
CESA-2016:0448 Moderate CentOS 6 samba SecurityUpdate
CentOS Errata and Security Advisory 2016:0448 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0448.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: b5decc0e8074aa9e596c96b3323adab98335d5cd675cb9b51ccee1dd26353bed libsmbclient-3.6.23-25.el6_7.i686.rpm e14b5e4a88985ecb78679b877eb0a4dec5e605202ceb4c70d9ac88ad29c2a240 libsmbclient-devel-3.6.23-25.el6_7.i686.rpm 211aa86fc7e335d28dec4a3e1170d2e9c0ac581235674ed0b003970ddff7fffb samba-3.6.23-25.el6_7.i686.rpm 367f71d1b1cb957d4c0e5064e706f38d28bf0fbdeaf0b98146480f117dd365a9 samba-client-3.6.23-25.el6_7.i686.rpm 8a8f42a291d5e906f44feed5617804c4b6757667e05e623465be09bdbec2f68c samba-common-3.6.23-25.el6_7.i686.rpm 25057bd234c04a0edc7590488c68606eedc8223afc5cfae0aedecd31c558666a samba-doc-3.6.23-25.el6_7.i686.rpm 1e5d129320f06dbf0d3d93fc2991763d9bd1cb49ea2a88d0c93d1279fe60c15c samba-domainjoin-gui-3.6.23-25.el6_7.i686.rpm 640ac634c8d50a58e23af9fe78fcc4b0a821c8f8e4f8091ad545fb2250aa98f6 samba-swat-3.6.23-25.el6_7.i686.rpm e053bbb569673a04ce216ae8cbc5876853e2230968860aebf9ad099517e4c8a0 samba-winbind-3.6.23-25.el6_7.i686.rpm e8d6e75beb584ea9e5a2b05373808660387ac8ed9371ef58c2fc59cc8813e3ff samba-winbind-clients-3.6.23-25.el6_7.i686.rpm c03637316bc9fc0a4689711367540685e2de5b667c907d86d40788c00564c722 samba-winbind-devel-3.6.23-25.el6_7.i686.rpm 0c014a4a4585f0f5a99988d7663a3e0545f224d8ba42fe728205398eab7d0e5e samba-winbind-krb5-locator-3.6.23-25.el6_7.i686.rpm x86_64: b5decc0e8074aa9e596c96b3323adab98335d5cd675cb9b51ccee1dd26353bed libsmbclient-3.6.23-25.el6_7.i686.rpm 06c201497abcccc6e9d6ca5452f497596926a02f4655c0e8f088035982f5f7a7 libsmbclient-3.6.23-25.el6_7.x86_64.rpm e14b5e4a88985ecb78679b877eb0a4dec5e605202ceb4c70d9ac88ad29c2a240 libsmbclient-devel-3.6.23-25.el6_7.i686.rpm 3a272561feb500ac90f3b2f9df1381ed9bc164a0663c05d25ae752c0a2b8bfce libsmbclient-devel-3.6.23-25.el6_7.x86_64.rpm 44e3af03d1a0aab293efa611a2c0bd4f48f0ee3abdc8e0b1ad816369a32f9e63 samba-3.6.23-25.el6_7.x86_64.rpm e885e5fa406f5f5279e11c36bb8837ab633d4b1b0cfddf4eb386782310b662ec samba-client-3.6.23-25.el6_7.x86_64.rpm 8a8f42a291d5e906f44feed5617804c4b6757667e05e623465be09bdbec2f68c samba-common-3.6.23-25.el6_7.i686.rpm 7d281ec0a9cdb997c974b76e6ffe090080c521a4a7536b2aa74b3b94aadc8e21 samba-common-3.6.23-25.el6_7.x86_64.rpm 79195d1229850a6bc0872c4499f9e5f0952001ea3dfb7a809472e15632f5362b samba-doc-3.6.23-25.el6_7.x86_64.rpm 155b2372c505de3b0c6e37f28e702c24993205acee5cf1c1723fe3f322d5d234 samba-domainjoin-gui-3.6.23-25.el6_7.x86_64.rpm ed8f50e1b484bd6529f882a2e88cf2740f6eb08419fda15097c6c3d88a00786f samba-glusterfs-3.6.23-25.el6_7.x86_64.rpm c43cd36e8680659b26fa5a071bc7b5c7e29094335382199d608216cc70600b84 samba-swat-3.6.23-25.el6_7.x86_64.rpm 93304d35bbc21e244536799768f1a142a425959a475414d68e0b648bbc97274e samba-winbind-3.6.23-25.el6_7.x86_64.rpm e8d6e75beb584ea9e5a2b05373808660387ac8ed9371ef58c2fc59cc8813e3ff samba-winbind-clients-3.6.23-25.el6_7.i686.rpm 08f92d7b9c329a3d9c762590075c2910a9fddf3f33473ecbb6cf736dc8a83281 samba-winbind-clients-3.6.23-25.el6_7.x86_64.rpm c03637316bc9fc0a4689711367540685e2de5b667c907d86d40788c00564c722 samba-winbind-devel-3.6.23-25.el6_7.i686.rpm 21cad06ac779310c7fa5f556579c3fd4465552db161a3514caaca50b06a86dd2 samba-winbind-devel-3.6.23-25.el6_7.x86_64.rpm c9902a8e32c886a42103e3d907c855c5c3f4b3146d6457e5c4e4c96a31e30a96 samba-winbind-krb5-locator-3.6.23-25.el6_7.x86_64.rpm Source: e9e2e607ac462b38a0e534e9badd817b08c2badc0ecca1fa4a9e5c5b84ee4c0d samba-3.6.23-25.el6_7.src.rpm
Massive Malvertising Campaign Lands On Top Websites
Malvertisers tricked ad networks to run ads which link to Angler EK on major websites such as Answers.com.
NEW VMSA-2016-0003 – VMware vRealize Automation and vRealize Business Advanced and Enterprise address Cross-Site Scripting (XSS) issues
Posted by VMware Security Response Center on Mar 15
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
– ————————————————————————
VMware Security Advisory
Advisory ID: VMSA-2016-0003
Synopsis: VMware vRealize Automation and vRealize Business Advanced
and Enterprise address Cross-Site Scripting (XSS) issues.
Issue date: 2016-03-15
Updated on: 2016-03-15 (Initial Advisory)
CVE number: CVE-2015-2344, CVE-2016-2075…
NEW VMSA-2016-0003 – VMware vRealize Automation and vRealize Business Advanced and Enterprise address Cross-Site Scripting (XSS) issues
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2016-0003
Synopsis: VMware vRealize Automation and vRealize Business Advanced
and Enterprise address Cross-Site Scripting (XSS) issues.
Issue date: 2016-03-15
Updated on: 2016-03-15 (Initial Advisory)
CVE number: CVE-2015-2344, CVE-2016-2075
1. Summary
VMware vRealize Automation and vRealize Business Advanced and
Enterprise address Cross-Site Scripting (XSS) issues.
2. Relevant Releases
VMware vRealize Automation 6.x prior to 6.2.4
VMware vRealize Business Advanced and Enterprise 8.x prior to 8.2.5
3. Problem Description
a. Important Stored Cross-Site Scripting (XSS) issue in VMware
vRealize Automation
VMware vRealize Automation contains a vulnerability that may allow
for a Stored Cross-Site Scripting (XSS) attack. Exploitation of this
issue may lead to the compromise of a vRA user's client workstation.
VMware would like to thank would like to thank Lukasz Plonka for
reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the identifier CVE-2015-2344 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= =================
VMware vRealize Automation 7.x Linux Not Affected
VMware vRealize Automation 6.x Linux 6.2.4
VMware vRealize Automation 5.x Windows Not Affected
b. Important Stored Cross-Site Scripting (XSS) issue in vRealize
Business Advanced and Enterprise
VMware vRealize Business Advanced and Enterprise contains a
vulnerability that may allow for a Stored Cross-Site Scripting (XSS)
attack. Exploitation of this issue may lead to the compromise of a
vRB user's client workstation.
VMware would like to thank Alvaro Trigo Martin de Vidales of Deloitte
Spain for reporting this issue to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the identifier CVE-2016-2075 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= =================
VMware vRealize Business 8.x Linux 8.2.5
Advanced and Enterprise
VMware vRealize Business 7.x Linux Not Affected
Standard
VMware vRealize Business 6.x Linux Not Affected
Standard
4. Solution
Please review the patch/release notes for your product and
version and verify the checksum of your downloaded file.
VMware vRealize Automation 6.2.4
Downloads and Doumentation:
https://my.vmware.com/web/vmware/info/slug/infrastructure_operations_manage
ment/vmware_vrealize_automation/6_2
VMware vRealize Business Advanced and Enterprise 8.2.5
Downloads and Doumentation:
https://my.vmware.com/web/vmware/info/slug/infrastructure_operations_manage
ment/vmware_vrealize_business/8_2
5. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2344
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2075
- - ------------------------------------------------------------------------
6. Change log
2016-03-15 VMSA-2016-0003 Initial security advisory in conjunction
with the release of VMware vRealize Automation 6.2.4 and VMware
vRealize Business Advanced and Enterprise 8.2.5 on 2016-03-15.
- - ------------------------------------------------------------------------
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org
E-mail: security at vmware.com
PGP key at: https://kb.vmware.com/kb/1055
VMware Security Advisories
http://www.vmware.com/security/advisories
Consolidated list of VMware Security Advisories
http://kb.vmware.com/kb/2078735
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
Twitter
https://twitter.com/VMwareSRC
Copyright 2016 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.3.2 (Build 15337)
Charset: utf-8
wj8DBQFW6F8WDEcm8Vbi9kMRAqCcAJ4+Wo3ThKcaVY+gUDTuUl8ER8NlOgCgpcUf
2CAHJCdDsJT5L8/oyE8dpkc=
=kgj0
-----END PGP SIGNATURE-----
UPDATE: VMSA-2015-0009.2 VMware product updates address a critical deserialization vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
VMware Security Advisory
Advisory ID: VMSA-2015-0009.2
Synopsis: VMware product updates address a critical deserialization
vulnerability
Issue date: 2015-12-18
Updated on: 2016-03-15
CVE number: CVE-2015-6934
- ------------------------------------------------------------------------
1. Summary
VMware product updates address a critical deserialization
vulnerability
2. Relevant Releases
vRealize Orchestrator 6.x
vCenter Orchestrator 5.x
vRealize Infrastructure Navigator 5.8.x
3. Problem Description
a. Deserialization vulnerability
A deserialization vulnerability involving Apache Commons-collections
and a specially constructed chain of classes exists. Successful
exploitation could result in remote code execution, with the
permissions of the application using the Commons-collections library.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the identifier CVE-2015-6934 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
===================== ======= ======= =================
vRealize Orchestrator 7.0 Any Not Affected
vRealize Orchestrator 6.x Any See KB2141244
vCenter Orchestrator 5.x Any See KB2141244
vRealize Operations 6.x Windows 6.2 *
vCenter Operations 5.x Windows Patch Pending *
vCenter Application 7.x Any Patch Pending *
Discovery Manager (vADM)
vRealize Infrastructure 5.8.x Linux 5.8.5
Navigator
* Exploitation of the issue on vRealize Operations, vCenter
Operations, and vCenter Application Discovery Manager is limited to
local privilege escalation.
4. Solution
Please review the patch/release notes for your product and
version and verify the checksum of your downloaded file.
vRealize Orchestrator 6.x and
vCenter Orchestrator 5.x
Downloads and Documentation:
http://kb.vmware.com/kb/2141244
vRealize Operations 6.x
Release Notes
http://pubs.vmware.com/Release_Notes/en/vrops/62/vrops-62-release-notes.htm
l
vRealize Infrastructure Navigator 5.8.5
Release Notes
http://pubs.vmware.com/Release_Notes/en/vin/585/releasenotes-vin585.html
5. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6934
- ------------------------------------------------------------------------
6. Change log
2015-12-18 VMSA-2015-0009
Initial security advisory in conjunction with the release of vRealize
Orchestrator 6.x and vCenter Orchestrator 5.x patches on 2015-12-18.
2016-01-29 VMSA-2015-0009.1
Updated security advisory in conjunction with the release of vRealize
Operations 6.2 on 2016-01-28. Added a note below the table in
section 3.a that exploitation of this issue in vCenter Application
Discovery Manager is limited to local privilege escalation.
2016-03-15 VMSA-2015-0009.2
Updated security advisory to reflect the release of vRealize
Infrastructure Navigator 5.8.5, which addresses CVE-2015-6934.
- ------------------------------------------------------------------------
7. Contact
E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org
E-mail: security at vmware.com
PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories
http://www.vmware.com/security/advisories
Consolidated list of VMware Security Advisories
http://kb.vmware.com/kb/2078735
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
Twitter
https://twitter.com/VMwareSRC
Copyright 2015 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.3.2 (Build 15337)
Charset: utf-8
wj8DBQFW6Fs4DEcm8Vbi9kMRAmQFAKDFI6Ij60rfu0ruRd+/SglVGh3E/QCdGJJJ
D27ELmdZmRq4mzpxkRqlXw8=
=hUe6
-----END PGP SIGNATURE-----
Bangladesh central bank boss quits over $100m cyberheist
Bangladesh central bank boss Atiur Rahman has resigned after a $100m cyberheist, but the incident could have been even worse if not for spelling mistake.
The post Bangladesh central bank boss quits over $100m cyberheist appeared first on We Live Security.
After Apple, WhatsApp Under Fire from US Govt Over Encryption
Before winding up the dispute of Apple and FBI over encryption, another buzz on the Whatsapp Snooping is now the hot debate on the court bench.
In the wake of WhatsApp’s move to offer end-to-end encryption to text messages as well as VoIP calls made through its app, federal authorities have not been able to execute wiretapping warrants on WhatsApp users.
Though the US Department of
