USN-3116-1: DBus vulnerabilities

Ubuntu Security Notice USN-3116-1

1st November, 2016

dbus vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 16.10
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in DBus.

Software description

  • dbus
    – simple interprocess messaging system

Details

It was discovered that DBus incorrectly validated the source of
ActivationFailure signals. A local attacker could use this issue to cause a
denial of service. This issue only applied to Ubuntu 12.04 LTS and Ubuntu
14.04 LTS. (CVE-2015-0245)

It was discovered that DBus incorrectly handled certain format strings. A
local attacker could use this issue to cause a denial of service, or
possibly execute arbitrary code. This issue is only exposed to unprivileged
users when the fix for CVE-2015-0245 is not applied, hence this issue is
only likely to affect Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Ubuntu 16.04
LTS and Ubuntu 16.10 have been updated as a preventative measure in the
event that a new attack vector for this issue is discovered.
(No CVE number)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.10:
dbus

1.10.10-1ubuntu1.1
libdbus-1-3

1.10.10-1ubuntu1.1
Ubuntu 16.04 LTS:
dbus

1.10.6-1ubuntu3.1
libdbus-1-3

1.10.6-1ubuntu3.1
Ubuntu 14.04 LTS:
dbus

1.6.18-0ubuntu4.4
libdbus-1-3

1.6.18-0ubuntu4.4
Ubuntu 12.04 LTS:
dbus

1.4.18-1ubuntu1.8
libdbus-1-3

1.4.18-1ubuntu1.8

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2015-0245

USN-3117-1: GD library vulnerabilities

Ubuntu Security Notice USN-3117-1

1st November, 2016

libgd2 vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 16.10
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

The GD library could be made to crash or run programs if it processed a
specially crafted image file.

Software description

  • libgd2
    – GD Graphics Library

Details

Ibrahim El-Sayed discovered that the GD library incorrectly handled certain
malformed Tiff images. If a user or automated system were tricked into
processing a specially crafted Tiff image, an attacker could cause a denial
of service. (CVE-2016-6911)

Ke Liu discovered that the GD library incorrectly handled certain integers
when processing WebP images. If a user or automated system were tricked
into processing a specially crafted WebP image, an attacker could cause a
denial of service, or possibly execute arbitrary code. This issue only
applied to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10.
(CVE-2016-7568)

Emmanuel Law discovered that the GD library incorrectly handled certain
strings when creating images. If a user or automated system were tricked
into processing a specially crafted image, an attacker could cause a denial
of service, or possibly execute arbitrary code. (CVE-2016-8670)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.10:
libgd3

2.2.1-1ubuntu3.2
Ubuntu 16.04 LTS:
libgd3

2.1.1-4ubuntu0.16.04.5
Ubuntu 14.04 LTS:
libgd3

2.1.0-3ubuntu0.5
Ubuntu 12.04 LTS:
libgd2-xpm

2.0.36~rc1~dfsg-6ubuntu2.3
libgd2-noxpm

2.0.36~rc1~dfsg-6ubuntu2.3

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2016-6911,

CVE-2016-7568,

CVE-2016-8670

USN-3118-1: Mailman vulnerabilities

Ubuntu Security Notice USN-3118-1

1st November, 2016

mailman vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 16.10
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Several security issues were fixed in Mailman.

Software description

  • mailman
    – Powerful, web-based mailing list manager

Details

It was discovered that the Mailman administrative web interface did not
protect against cross-site request forgery (CSRF) attacks. If an
authenticated user were tricked into visiting a malicious website while
logged into Mailman, a remote attacker could perform administrative
actions. This issue only affected Ubuntu 12.04 LTS. (CVE-2016-7123)

Nishant Agarwala discovered that the Mailman user options page did not
protect against cross-site request forgery (CSRF) attacks. If an
authenticated user were tricked into visiting a malicious website while
logged into Mailman, a remote attacker could modify user options.
(CVE-2016-6893)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.10:
mailman

1:2.1.22-1ubuntu0.1
Ubuntu 16.04 LTS:
mailman

1:2.1.20-1ubuntu0.1
Ubuntu 14.04 LTS:
mailman

1:2.1.16-2ubuntu0.2
Ubuntu 12.04 LTS:
mailman

1:2.1.14-3ubuntu0.4

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2016-6893,

CVE-2016-7123

USN-3119-1: Bind vulnerability

Ubuntu Security Notice USN-3119-1

1st November, 2016

bind9 vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 16.10
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Bind could be made to crash if it received specially crafted network
traffic.

Software description

  • bind9
    – Internet Domain Name Server

Details

Tony Finch and Marco Davids discovered that Bind incorrectly handled
certain responses containing a DNAME answer. A remote attacker could
possibly use this issue to cause Bind to crash, resulting in a denial of
service.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.10:
bind9

1:9.10.3.dfsg.P4-10.1ubuntu1.1
Ubuntu 16.04 LTS:
bind9

1:9.10.3.dfsg.P4-8ubuntu1.2
Ubuntu 14.04 LTS:
bind9

1:9.9.5.dfsg-3ubuntu0.10
Ubuntu 12.04 LTS:
bind9

1:9.8.1.dfsg.P1-4ubuntu0.19

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2016-8864

Simplifying SSH keys and SSL Certs Management across the Enterprise using Key Manager Plus

With rapidly growing web-based services and widely expanding locations, organizations are using more and more SSL certificates as well as SSH keys than ever.

From authentication, confidentiality, and integrity to preventing the organization from industrial espionage, SSL certificates play an important role.

Managing SSL certificates across networks to ensure protection and prevent

Microsoft Internet Explorer 9 MSHTML CAttrArray use-after-free details

Posted by Berend-Jan Wever on Nov 01

Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I’ve not released before. This is the first
entry in that series.
The below information is also available on my blog at
http://blog.skylined.nl/20161101001.html. There you can find a repro
that triggered this issue in addition to the information below.
Follow me on twitter.com/berendjanwever for daily browser bugs.

MSIE 9 MSHTML CAttrArray…

CVE-2016-8583 – Alienvault OSSIM/USM Reflected XSS

Posted by Peter Lapp on Nov 01

Details
=======

Product: Alienvault OSSIM/USM
Vulnerability: Reflected XSS
Author: Peter Lapp, lappsec () gmail com
CVE: CVE-2016-8583
Vulnerable Versions: <=5.3.1
Fixed Version: 5.3.2

Vulnerability Details
=====================

Multiple GET parameters in the vulnerability scan scheduler of
OSSIM/USM before 5.3.2 are vulnerable to reflected XSS. The parameters
include jobname, timeout, sched_id, and targets[] in
/ossim/vulnmeter/sched.php….

CVE-2016-8582 – Alienvault OSSIM/USM SQL Injection Vulnerability

Posted by Peter Lapp on Nov 01

Details
=======

Product: Alienvault OSSIM/USM
Vulnerability: SQL Injection
Author: Peter Lapp, lappsec () gmail com
CVE: CVE-2016-8582
Vulnerable Versions: <=5.3.1
Fixed Version: 5.3.2

Vulnerability Details
=====================

A SQL injection vulnerability exists in the value parameter of
/ossim/dashboard/sections/widgets/data/gauge.php on line 231. By
sending a serialized array with a SQL query in the type field, it’s
possible to…

CVE-2016-8581 – Alienvault OSSIM/USM Stored XSS Vulnerability

Posted by Peter Lapp on Nov 01

Details
=======

Product: Alienvault OSSIM/USM
Vulnerability: Stored XSS
Author: Peter Lapp, lappsec () gmail com
CVE: CVE-2016-8581
CVSS: 3.5
Vulnerable Versions: <=5.3.1
Fixed Version: 5.3.2

Vulnerability Details
=====================

A stored XSS vulnerability exists in the User-Agent header of the
login process. It’s possible to inject a script into that header that
then gets executed when mousing over the User-Agent field in…

CVE-2016-8580 – Alienvault OSSIM/USM Object Injection Vulnerability

Posted by Peter Lapp on Nov 01

Details
=======

Product: Alienvault OSSIM/USM
Vulnerability: PHP Object Injection
Author: Peter Lapp, lappsec () gmail com
CVE: CVE-2016-8580
Vulnerable Versions: <=5.3.1
Fixed Version: 5.3.2

Vulnerability Details
=====================

A PHP object injection vulnerability exists in multiple widget files
due to the unsafe use of the unserialize() function. The affected
files include flow_chart.php, gauge.php, honeypot.php,…