Monthly Archives: November 2014

CentOS

CESA-2014:1843 Important CentOS 6 kernel SecurityUpdate

CentOS Errata and Security Advisory 2014:1843 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2014-1843.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
e64a630855f472f4807e3f372ac5e3db50cb0364eee72d50588b351f0a3dd711  kernel-2.6.32-504.1.3.el6.i686.rpm
59a69f69fbc12acacb743ac045b539a0f1c73c00ce16d605d513601d70268fa6  kernel-abi-whitelists-2.6.32-504.1.3.el6.noarch.rpm
f319f1a7b0900df550a32cb3464c5b1f195052ccdc4cd33588292e02d1e83789  kernel-debug-2.6.32-504.1.3.el6.i686.rpm
622fb747d10b9e5a19e2d2a427a92583aa0d4a06a7821bc6d3179c96e61e1ff4  kernel-debug-devel-2.6.32-504.1.3.el6.i686.rpm
60f4c49b5a42d7f6d282764952349dd0c7fbeee95a886b66b2a6cf76eff26b1f  kernel-devel-2.6.32-504.1.3.el6.i686.rpm
efaf4a0803a7bfd29abe3e8ab751b25242f356bf2054d924bf6c00ee46439eb8  kernel-doc-2.6.32-504.1.3.el6.noarch.rpm
e1fa08c31f3982e895945e703c2bd5211911a4a60f2b2c632090bf9e7d7d2cb0  kernel-firmware-2.6.32-504.1.3.el6.noarch.rpm
69590e12f6aec5ee924caa81a240555bb0a7f071d36770e4d91cd39cdda35282  kernel-headers-2.6.32-504.1.3.el6.i686.rpm
7ef7d0ab42e941779e75b24e7fabc2884fd336e644fd467c047e9b8c12ff3ad1  perf-2.6.32-504.1.3.el6.i686.rpm
4e8dabde67439cad326be23e988aca91ebfdd320f8794e9b4fb69cc6ecc7b508  python-perf-2.6.32-504.1.3.el6.i686.rpm

x86_64:
e3401c36143dedd71d9f5a0b4c743b20705efbf21358749212a2df94d423057a  kernel-2.6.32-504.1.3.el6.x86_64.rpm
59a69f69fbc12acacb743ac045b539a0f1c73c00ce16d605d513601d70268fa6  kernel-abi-whitelists-2.6.32-504.1.3.el6.noarch.rpm
3b62c8cc13fb670ed63e8686ea9dd84eda5a916cbbbf8089639c215f67d8f6ed  kernel-debug-2.6.32-504.1.3.el6.x86_64.rpm
04ed371ff25e86dabbd6ade04eea43ade8605594e4f75efc1ea192484073d019  kernel-debug-devel-2.6.32-504.1.3.el6.x86_64.rpm
9e8f28789d9c102fa8643eb4277006d7cfd87f7bc0d531fc080a9eed14ded64c  kernel-devel-2.6.32-504.1.3.el6.x86_64.rpm
efaf4a0803a7bfd29abe3e8ab751b25242f356bf2054d924bf6c00ee46439eb8  kernel-doc-2.6.32-504.1.3.el6.noarch.rpm
e1fa08c31f3982e895945e703c2bd5211911a4a60f2b2c632090bf9e7d7d2cb0  kernel-firmware-2.6.32-504.1.3.el6.noarch.rpm
922bd34bb3f7b01b0ed762ca809af950861ed8b78ada25c59bb09f5b1db7b280  kernel-headers-2.6.32-504.1.3.el6.x86_64.rpm
f2c0b198f82458d102efabc159cb0deb33250edd99500ec91923272cfdf20133  perf-2.6.32-504.1.3.el6.x86_64.rpm
b190d2f4b5f398f2e4f4e13971f4ec002c4637442abf55a4f0dd0d9f6673089c  python-perf-2.6.32-504.1.3.el6.x86_64.rpm

Source:
54731d970e5a18144faa02bb7ab2d5512b789501551ce19b95f1cc48c9e3faa8  kernel-2.6.32-504.1.3.el6.src.rpm
CentOS

CEBA-2014:1828 CentOS 7 ipa BugFix Update

CentOS Errata and Bugfix Advisory 2014:1828 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-1828.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
48fb8185766b8ad8c46123dc8d0e91c73bb1fd1e7d1fa15c7218d2863a8a3439  ipa-admintools-3.3.3-28.el7_0.3.x86_64.rpm
1cf2e2ed639ce436be331771abf4ae6fc31c3ff0af22df2025c3d56c336841bb  ipa-client-3.3.3-28.el7_0.3.x86_64.rpm
918cc3fc9d1d782bd79f9f67e1a3001878bb7f099759d7d28f7dde4cb440b86d  ipa-python-3.3.3-28.el7_0.3.x86_64.rpm
3984d4845aeccc6a91d75c28ce68b2183012002986d9d004ebadd450c0c8d59a  ipa-server-3.3.3-28.el7_0.3.x86_64.rpm
52de4977b1ef5acaa4faf23423c3e5a75227f776373a3e78941f5b0f5515e31c  ipa-server-trust-ad-3.3.3-28.el7_0.3.x86_64.rpm

Source:
8aaf46c4b60d6227d6cc4a6325c7742a8d5c5e5546651500abd17bafbc594536  ipa-3.3.3-28.el7_0.3.src.rpm
Ubuntu

USN-2401-1: Konversation vulnerability

Ubuntu Security Notice USN-2401-1

10th November, 2014

konversation vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 12.04 LTS

Summary

Konversation could be made to crash if it received specially crafted
network traffic.

Software description

  • konversation
    – Internet Relay Chat (IRC) client for KDE

Details

Manuel Nickschas discovered that Konversation did not properly perform
input sanitization when using Blowfish ECB encryption. A remote attacker
could exploit this to cause a denial of service.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:
konversation

1.4-1ubuntu2.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart Konversation to make
all the necessary changes.

References

CVE-2014-8483

Ubuntu

USN-2402-1: KDE workspace vulnerability

Ubuntu Security Notice USN-2402-1

10th November, 2014

kde-workspace vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 12.04 LTS

Summary

KDE workspace could be made to crash or run programs as an administrator.

Software description

  • kde-workspace
    – KDE Plasma Workspace components

Details

David Edmundson discovered that the KDE Clock KCM policykit helper did not
properly guard against untrusted input. Under certain circumstances, a
process running under the user’s session could exploit this to run
programs as the administrator.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:
kde-workspace-bin

4:4.8.5-0ubuntu0.4

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2014-8651

Ubuntu

USN-2403-1: GnuTLS vulnerability

Ubuntu Security Notice USN-2403-1

11th November, 2014

gnutls28 vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 14.10

Summary

GnuTLS could be made to crash or run programs if it processed a specially
crafted certificate.

Software description

  • gnutls28
    – GNU TLS library – commandline utilities

Details

Sean Burford discovered that GnuTLS incorrectly handled printing certain
elliptic curve parameters. A malicious remote server or client could use
this issue to cause GnuTLS to crash, resulting in a denial of service, or
possibly execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:
gnutls-bin

3.2.16-1ubuntu2.1
libgnutls-openssl27

3.2.16-1ubuntu2.1
libgnutls-deb0-28

3.2.16-1ubuntu2.1
libgnutlsxx28

3.2.16-1ubuntu2.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2014-8564

Ubuntu

USN-2404-1: libvirt vulnerabilities

Ubuntu Security Notice USN-2404-1

11th November, 2014

libvirt vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 14.10
  • Ubuntu 14.04 LTS

Summary

Several security issues were fixed in libvirt.

Software description

  • libvirt
    – Libvirt virtualization toolkit

Details

Pavel Hrdina discovered that libvirt incorrectly handled locking when
processing the virConnectListAllDomains command. An attacker could use this
issue to cause libvirtd to hang, resulting in a denial of service.
(CVE-2014-3657)

Eric Blake discovered that libvirt incorrectly handled permissions when
processing the qemuDomainFormatXML command. An attacker with read-only
privileges could possibly use this to gain access to certain information
from the domain xml file. (CVE-2014-7823)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.10:
libvirt0

1.2.8-0ubuntu11.1
libvirt-bin

1.2.8-0ubuntu11.1
Ubuntu 14.04 LTS:
libvirt0

1.2.2-0ubuntu13.1.7
libvirt-bin

1.2.2-0ubuntu13.1.7

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2014-3657,

CVE-2014-7823