Red Hat Enterprise Linux: Updated Samba package that adds one enhancement is now available for Red
Hat Gluster Storage 3.1.
Monthly Archives: September 2016
USN-3076-1: Firefox vulnerabilities
Ubuntu Security Notice USN-3076-1
22nd September, 2016
firefox vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Software description
- firefox
– Mozilla Open Source web browser
Details
Atte Kettunen discovered an out-of-bounds read when handling certain
Content Security Policy (CSP) directives in some circumstances. If a user
were tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via application
crash. (CVE-2016-2827)
Christoph Diehl, Christian Holler, Gary Kwong, Nathan Froyd, Honza Bambas,
Seth Fowler, Michael Smith, Andrew McCreight, Dan Minor, Byron Campen, Jon
Coppeard, Steve Fink, Tyson Smith, and Carsten Book discovered multiple
memory safety issues in Firefox. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit these to
cause a denial of service via application crash, or execute arbitrary
code. (CVE-2016-5256, CVE-2016-5257)
Atte Kettunen discovered a heap buffer overflow during text conversion
with some unicode characters. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
cause a denial of service via application crash, or execute arbitrary
code. (CVE-2016-5270)
Abhishek Arya discovered an out of bounds read during the processing of
text runs in some circumstances. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
cause a denial of service via application crash. (CVE-2016-5271)
Abhishek Arya discovered a bad cast when processing layout with input
elements in some circumstances. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit this to
cause a denial of service via application crash, or execute arbitrary
code. (CVE-2016-5272)
A crash was discovered in accessibility. If a user were tricked in to
opening a specially crafted website, an attacker could potentially
exploit this to execute arbitrary code. (CVE-2016-5273)
A use-after-free was discovered in web animations during restyling. If a
user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code. (CVE-2016-5274)
A buffer overflow was discovered when working with empty filters during
canvas rendering. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code. (CVE-2016-5275)
A use-after-free was discovered in accessibility. If a user were tricked
in to opening a specially crafted website, an attacker could potentially
exploit this to cause a denial of service via application crash, or
execute arbitrary code. (CVE-2016-5276)
A use-after-free was discovered in web animations when destroying a
timeline. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via application crash, or execute arbitrary code. (CVE-2016-5277)
A buffer overflow was discovered when encoding image frames to images in
some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code.
(CVE-2016-5278)
Rafael Gieschke discovered that the full path of files is available to web
pages after a drag and drop operation. An attacker could potentially
exploit this to obtain sensitive information. (CVE-2016-5279)
Mei Wang discovered a use-after-free when changing text direction. If a
user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to cause a denial of service via
application crash, or execute arbitrary code. (CVE-2016-5280)
Brian Carpenter discovered a use-after-free when manipulating SVG content
in some circumstances. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via application crash, or execute arbitrary code.
(CVE-2016-5281)
Richard Newman discovered that favicons can be loaded through
non-whitelisted protocols, such as jar:. (CVE-2016-5282)
Gavin Sharp discovered a timing attack vulnerability involving document
resizes and link colours. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to obtain
sensitive information. (CVE-2016-5283)
An issue was discovered with the preloaded Public Key Pinning (HPKP). If
a man-in-the-middle (MITM) attacker was able to obtain a fraudulent
certificate for a Mozilla site, they could exploit this by providing
malicious addon updates. (CVE-2016-5284)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 16.04 LTS:
-
firefox
49.0+build4-0ubuntu0.16.04.1
- Ubuntu 14.04 LTS:
-
firefox
49.0+build4-0ubuntu0.14.04.1
- Ubuntu 12.04 LTS:
-
firefox
49.0+build4-0ubuntu0.12.04.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart Firefox to make
all the necessary changes.
References
USN-3073-1: Thunderbird vulnerabilities
Ubuntu Security Notice USN-3073-1
22nd September, 2016
thunderbird vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
Thunderbird could be made to crash or run programs as your login if it
opened a malicious message.
Software description
- thunderbird
– Mozilla Open Source mail and newsgroup client
Details
Christian Holler, Carsten Book, Gary Kwong, Jesse Ruderman, Andrew
McCreight, and Phil Ringnalda discovered multiple memory safety issues in
Thunderbird. If a user were tricked in to opening a specially crafted
message, an attacker could potentially exploit these to cause a denial of
service via application crash, or execute arbitrary code. (CVE-2016-2836)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 16.04 LTS:
-
thunderbird
1:45.3.0+build1-0ubuntu0.16.04.2
- Ubuntu 14.04 LTS:
-
thunderbird
1:45.3.0+build1-0ubuntu0.14.04.4
- Ubuntu 12.04 LTS:
-
thunderbird
1:45.3.0+build1-0ubuntu0.12.04.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to restart Thunderbird to make
all the necessary changes.
References
USN-3087-1: OpenSSL vulnerabilities
Ubuntu Security Notice USN-3087-1
22nd September, 2016
openssl vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
Several security issues were fixed in OpenSSL.
Software description
- openssl
– Secure Socket Layer (SSL) cryptographic library and tools
Details
Shi Lei discovered that OpenSSL incorrectly handled the OCSP Status Request
extension. A remote attacker could possibly use this issue to cause memory
consumption, resulting in a denial of service. (CVE-2016-6304)
Guido Vranken discovered that OpenSSL used undefined behaviour when
performing pointer arithmetic. A remote attacker could possibly use this
issue to cause OpenSSL to crash, resulting in a denial of service. This
issue has only been addressed in Ubuntu 16.04 LTS in this update.
(CVE-2016-2177)
César Pereida, Billy Brumley, and Yuval Yarom discovered that OpenSSL
did not properly use constant-time operations when performing DSA signing.
A remote attacker could possibly use this issue to perform a cache-timing
attack and recover private DSA keys. (CVE-2016-2178)
Quan Luo discovered that OpenSSL did not properly restrict the lifetime
of queue entries in the DTLS implementation. A remote attacker could
possibly use this issue to consume memory, resulting in a denial of
service. (CVE-2016-2179)
Shi Lei discovered that OpenSSL incorrectly handled memory in the
TS_OBJ_print_bio() function. A remote attacker could possibly use this
issue to cause a denial of service. (CVE-2016-2180)
It was discovered that the OpenSSL incorrectly handled the DTLS anti-replay
feature. A remote attacker could possibly use this issue to cause a denial
of service. (CVE-2016-2181)
Shi Lei discovered that OpenSSL incorrectly validated division results. A
remote attacker could possibly use this issue to cause a denial of service.
(CVE-2016-2182)
Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES
ciphers were vulnerable to birthday attacks. A remote attacker could
possibly use this flaw to obtain clear text data from long encrypted
sessions. This update moves DES from the HIGH cipher list to MEDIUM.
(CVE-2016-2183)
Shi Lei discovered that OpenSSL incorrectly handled certain ticket lengths.
A remote attacker could use this issue to cause a denial of service.
(CVE-2016-6302)
Shi Lei discovered that OpenSSL incorrectly handled memory in the
MDC2_Update() function. A remote attacker could possibly use this issue to
cause a denial of service. (CVE-2016-6303)
Shi Lei discovered that OpenSSL incorrectly performed certain message
length checks. A remote attacker could possibly use this issue to cause a
denial of service. (CVE-2016-6306)
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 16.04 LTS:
-
libssl1.0.0
1.0.2g-1ubuntu4.4
- Ubuntu 14.04 LTS:
-
libssl1.0.0
1.0.1f-1ubuntu2.20
- Ubuntu 12.04 LTS:
-
libssl1.0.0
1.0.1-4ubuntu5.37
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make
all the necessary changes.
References
DSA-3675 imagemagick – security update
This updates fixes several vulnerabilities in imagemagick: Various memory
handling problems and cases of missing or incomplete input sanitising
may result in denial of service or the execution of arbitrary code if
malformed SIXEL, PDB, MAP, SGI, TIFF and CALS files are processed.
Vuln: ImageMagick 'coders/psd.c' Heap Buffer Overflow Vulnerability
ImageMagick ‘coders/psd.c’ Heap Buffer Overflow Vulnerability
Vuln: Google Chrome Logic Error Security Bypass Vulnerability
Google Chrome Logic Error Security Bypass Vulnerability
Vuln: Exponent CMS Arbitrary Code Execution and File Upload Vulnerabilities
Exponent CMS Arbitrary Code Execution and File Upload Vulnerabilities
Vuln: ImageMagick CVE-2016-7513 Denial of Service Vulnerability
ImageMagick CVE-2016-7513 Denial of Service Vulnerability
RECON Brussels 2017 Call For Papers
RECON Brussels has announced it’s call for papers. This is the first time RECON will be held in Europe. The conference will take place January 27th through the 29th, 2017 in Brussels, Belgium.