Monthly Archives: November 2016

Security

Red Hat Security Advisory 2016-2142-01

Leave a comment

Red Hat Security Advisory 2016-2142-01 – The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.

Security

Red Hat Security Advisory 2016-2141-01

Leave a comment

Red Hat Security Advisory 2016-2141-01 – The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Security Fix: A denial of service flaw was found in the way BIND handled responses containing a DNAME answer. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.

Drupal

D8 Editor File upload – Moderately Critical – Cross Site Scripting (XSS) – SA-CONTRIB-2016-059

Leave a comment

Description

This module enables you to upload files directly within the CKEditor and create a link to download the given file.

The module doesn’t sufficiently check the uploaded file extensions when the allowed extensions list is not the default one.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission to use a text filter that enables this CKEditor plugin and does not use the default allowed extensions.

CVE identifier(s) issued

  • A CVE identifier will be requested, and added upon issuance, in accordance with Drupal Security Team processes.

Versions affected

  • D8 Editor File Upload 8.x-1.x versions prior to 8.x-1.2.

Drupal core is not affected. If you do not use the contributed D8 Editor File upload module, there is nothing you need to do.

Solution

Install the latest version:

Also see the D8 Editor File upload project page.

Reported by

Fixed by

Coordinated by

Contact and More Information

The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.

Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.

Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity

Drupal

Bootstrap – Moderately Critical – Cross Site Scripting (XSS) – SA-CONTRIB-2016-058

Leave a comment

Description

The Bootstrap theme enables you to integrate the Bootstrap framework with Drupal.

The theme does not sufficiently filter potential user-supplied data when it’s passed to certain templates can which lead to a Persistent Cross Site Scripting (XSS) vulnerability.

CVE identifier(s) issued

  • A CVE identifier will be requested, and added upon issuance, in accordance with Drupal Security Team processes.

Versions affected

  • Bootstrap 7.x-3.x versions prior to 7.x-3.7

Drupal core is not affected. If you do not use the contributed Bootstrap theme, there is nothing you need to do.

Solution

Install the latest version:

  • If you use the Bootstrap theme from the 7.x-3.x branch, upgrade to Bootstrap 7.x-3.8

Also see the Bootstrap project page.

Reported by

Fixed by

Coordinated by

Contact and More Information

The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.

Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.

Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity

Fedora

curl-7.47.1-9.fc24

Leave a comment

– fix cookie injection for other servers (CVE-2016-8615)
– compare user/passwd case-sensitively while reusing connections (CVE-2016-8616)
– base64: check for integer overflow on large input (CVE-2016-8617)
– fix double-free in krb5 code (CVE-2016-8619)
– fix double-free in curl_maprintf() (CVE-2016-8618)
– fix glob parser write/read out of bounds (CVE-2016-8620)
– fix out-of-bounds read in curl_getdate() (CVE-2016-8621)
– fix URL unescape heap overflow via integer truncation (CVE-2016-8622)
– fix use-after-free via shared cookies (CVE-2016-8623)
– urlparse: accept ‘#’ as end of host name (CVE-2016-8624)

Fedora

curl-7.51.0-1.fc25

Leave a comment

– fix cookie injection for other servers (CVE-2016-8615)
– compare user/passwd case-sensitively while reusing connections (CVE-2016-8616)
– base64: check for integer overflow on large input (CVE-2016-8617)
– fix double-free in krb5 code (CVE-2016-8619)
– fix double-free in curl_maprintf() (CVE-2016-8618)
– fix glob parser write/read out of bounds (CVE-2016-8620)
– fix out-of-bounds read in curl_getdate() (CVE-2016-8621)
– fix URL unescape heap overflow via integer truncation (CVE-2016-8622)
– fix use-after-free via shared cookies (CVE-2016-8623)
– urlparse: accept ‘#’ as end of host name (CVE-2016-8624)

Security

Tor-ramdisk i686 UClibc-based Linux Distribution x86 20161024

Leave a comment

Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP. x86_64 version.