WatchGuard Rolls Out Software Features Boosting Performance and Manageability
Fireware XTM 11.7 Update Showcases Websense URL Filtration, Policy Grouping and More for Enterprise-Strength Security and Manageability
[BSA-079] Security Update for icinga
Jan Wagner uploaded new packages for icinga which fixed the following security problems: CVE-2012-6096 CGI buffer overflows https://security-tracker.debian.org/tracker/CVE-2012-6096 For the squeeze-backports distribution the problems have been fixed in version 1.7.1-5~bpo60+1 of the icinga package. For the testing distribution (wheezy) these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 1.7.1-5 of the icinga package.
Oracle Security Alert for CVE-2013-0422 – 13 Jan 2013
[BSA-078] Security Update for freetype
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I uploaded new packages for freetype which fixed the following security problems: CVE-2012-5668: NULL Pointer Dereference in bdf_free_font. CVE-2012-5669: Out-of-bounds read in _bdf_parse_glyphs. CVE-2012-5670: Out-of-bounds write in _bdf_parse_glyphs. For the squeeze-backports distribution the problems have been fixed in version 2.4.9-1.1~bpo60+1. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJQ7NNzAAoJEDEWul6f+mmjyIYQAKyNZKj2qYFIudH3lAWpOhhb qrY5+oij1HBGmmEeoymgK0waceXF8QfvuqP+3+P+5wsebbpl5Yh4zPFUlK4dvT9u 1/kWJMoqCN3IKh6r6HnsqP7hvLpZ+DpkX+x0t9r82XmIxauwp73mekP/vC2ueSZ/ Jn6jwXet+oy83YJ7fSmmS6uT2DZpeHgdN9S6b6/HyZsAdq3l6RetGbJMikA9P2Mw 3G9dAmsLJ4M060MCe4vJ7MAJHmx8GTbz/1FQn1DBHW/vry47SaiHcHcqHTAGaZFy UQo9Duhe+vGnWrJCHlmtNWeijZDEocNSStiraTP+2JgCq1hCs4KJ/g/WEnT3CKYX n7J1waaL2p8WhgvzXJpbbKQ9hppaM1UZAXHQ3oggx+DsvnLzN17JeKz7m4iT+078 8xwzueiQYCYuO2gtl6pEZ6G55dBuvhVhSfau4vR+cTD3qXguyr4gf/va40AXRvPH xDiP1tkmA5j11+Y1urCpN634fkHruWhipL
CVE-2012-6329
The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6. (CVSS:7.5) (Last Update:2014-03-08)
CVE-2011-2728
The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference. (CVSS:4.3) (Last Update:2013-01-29)
WatchGuard Rolls Out Enhanced XCS 280 and XCS 580 Security Appliances
Latest Generation of Content Security Supports Small and Mid-Sized Businesses
SA-CORE-2012-004 – Drupal core – Multiple vulnerabilities
- Advisory ID: DRUPAL-SA-CORE-2012-004
- Project: Drupal core
- Version: 6.x, 7.x
- Date: 2012-December-19
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Access bypass, Arbitrary PHP code execution
Description
Multiple vulnerabilities were fixed in the supported Drupal core versions 6 and 7.
Access bypass (User module search – Drupal 6 and 7)
A vulnerability was identified that allows blocked users to appear in user search results, even when the search results are viewed by unprivileged users.
This vulnerability is mitigated by the fact that the default Drupal core user search results only display usernames (and disclosure of usernames is not considered a security vulnerability). However, since modules or themes may override the search results to display more information from each user’s profile, this could result in additional information about blocked users being disclosed on some sites.
Access bypass (Upload module – Drupal 6)
A vulnerability was identified that allows information about uploaded files to be displayed in RSS feeds and search results to users that do not have the “view uploaded files” permission.
This issue affects Drupal 6 only.
Arbitrary PHP code execution (File upload modules – Drupal 6 and 7)
Drupal core’s file upload feature blocks the upload of many files that can be executed on the server by munging the filename. A malicious user could name a file in a manner that bypasses this munging of the filename in Drupal’s input validation.
This vulnerability is mitigated by several factors: The attacker would need the permission to upload a file to the server. Certain combinations of PHP and filesystems are not vulnerable to this issue, though we did not perform an exhaustive review of the supported PHP versions. Finally: the server would need to allow execution of files in the uploads directory. Drupal core has protected against this with a .htaccess file protection in place from SA-2006-006 – Drupal Core – Execution of arbitrary files in certain Apache configurations. Users of IIS should consider updating their web.config. Users of Nginx should confirm that only the index.php and other known good scripts are executable. Users of other webservers should review their configuration to ensure the goals are achieved in some other way.
CVE identifier(s) issued
- Access bypass (User module search – Drupal 6 and 7): CVE-2012-5651
- Access bypass (Upload module – Drupal 6): CVE-2012-5652
- Arbitrary PHP code execution (File upload modules – Drupal 6 and 7): CVE-2012-5653
Versions affected
- Drupal core 6.x versions prior to 6.27.
- Drupal core 7.x versions prior to 7.18.
Solution
Install the latest version:
- If you use Drupal 6.x, upgrade to Drupal core 6.27.
- If you use Drupal 7.x, upgrade to Drupal core 7.18.
Also see the Drupal core project page.
Reported by
- The access bypass issue in the User module search results was reported by Derek Wright of the Drupal Security Team.
- The access bypass issue in the Drupal 6 Upload module was reported by Simon Rycroft, and by Damien Tournoud of the Drupal Security Team.
- The arbitrary code execution issue was reported by Amit Asaravala.
Fixed by
- The access bypass issue in the User module search results was fixed by Derek Wright, Ivo Van Geertruyen, Peter Wolanin, and David Rothstein, all members of the Drupal Security Team.
- The access bypass issue in the Drupal 6 Upload module was fixed by Michaël Dupont, and by Fox and David Rothstein of the Drupal Security Team.
- The arbitrary code execution issue was fixed by Nathan Haug and Justin Klein-Keane, and by John Morahan and Greg Knaddison of the Drupal Security team.
Coordinated by
- Jeremy Thorson QA/Testing infrastructure
- Ben Jeavons of the Drupal Security Team
- David Rothstein of the Drupal Security Team
- Gábor Hojtsy of the Drupal Security Team
- Greg Knaddison of the Drupal Security Team
- Fox of the Drupal Security Team
Contact and More Information
The Drupal security team can be reached at security at drupal.org or via the contact form at http://drupal.org/contact.
Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.
Drupal version:
CVE-2012-5195
Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the ‘x’ string repeat operator. (CVSS:7.5) (Last Update:2014-02-06)