Resolved Bugs
782621 – xrdp: predictable temporary files may lead to arbitrary file overwrite [epel-all]<br
Close a security vulnerability in 0.5.0 and update to a known working release, 0.6.1.
Monthly Archives: December 2014
Fedora EPEL 6 Security Update: firebird-2.5.3.26778.0-2.el6
Resolved Bugs
1172445 – firebird: malformed network packet can cause denial of service
1172447 – firebird: malformed network packet can cause denial of service [epel-all]<br
These updates fix the recently discovered security vulnerability (CORE-4630) that may be used for a remote DoS attack performed by unauthorized users
Fedora EPEL 6 Security Update: links-2.8-4.el6
USN-2436-2: X.Org X server vulnerabilities
Ubuntu Security Notice USN-2436-2
9th December, 2014
xorg-server, xorg-server-lts-trusty vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
USN-2436-1 contained incomplete fixes for the X.Org X server.
Software description
- xorg-server
– X.Org X11 server - xorg-server-lts-trusty
– Xorg X server – source files
Details
USN-2436-1 fixed vulnerabilities in the X.Org X server. Since publication,
additional fixes have been made available for these issues. This update
adds the additional fixes.
Original advisory details:
Ilja van Sprundel discovered a multitude of security issues in the X.Org X
server. An attacker able to connect to an X server, either locally or
remotely, could use these issues to cause the X server to crash or execute
arbitrary code resulting in possible privilege escalation.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 14.10:
-
xserver-xorg-core
2:1.16.0-1ubuntu1.2
- Ubuntu 14.04 LTS:
-
xserver-xorg-core
2:1.15.1-0ubuntu2.5
- Ubuntu 12.04 LTS:
-
xserver-xorg-core
2:1.11.4-0ubuntu10.16
-
xserver-xorg-core-lts-trusty
2:1.15.1-0ubuntu2~precise4
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make
all the necessary changes.
References
USN-2438-1: NVIDIA graphics drivers vulnerabilities
Ubuntu Security Notice USN-2438-1
10th December, 2014
nvidia-graphics-drivers-304, nvidia-graphics-drivers-304-updates, nvidia-graphics-drivers-331, nvidia-graphics-drivers-331-updates vulnerabilities
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
Several security issues were fixed in the NVIDIA graphics drivers.
Software description
- nvidia-graphics-drivers-304
– NVIDIA binary Xorg driver - nvidia-graphics-drivers-304-updates
– NVIDIA binary Xorg driver - nvidia-graphics-drivers-331
– NVIDIA binary Xorg driver - nvidia-graphics-drivers-331-updates
– NVIDIA binary Xorg driver
Details
It was discovered that the NVIDIA graphics drivers incorrectly handled GLX
indirect rendering support. An attacker able to connect to an X server,
either locally or remotely, could use these issues to cause the X server to
crash or execute arbitrary code resulting in possible privilege escalation.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 14.10:
- nvidia-331-updates 331.113-0ubuntu0.1
- nvidia-331 331.113-0ubuntu0.1
- nvidia-304-updates 304.125-0ubuntu0.1
- nvidia-304 304.125-0ubuntu0.1
- Ubuntu 14.04 LTS:
- nvidia-331-updates 331.113-0ubuntu0.0.4
- nvidia-331 331.113-0ubuntu0.0.4
- nvidia-304-updates 304.125-0ubuntu0.0.1
- nvidia-304 304.125-0ubuntu0.0.1
- Ubuntu 12.04 LTS:
- nvidia-331-updates 331.113-0ubuntu0.0.0.3
- nvidia-331 331.113-0ubuntu0.0.0.3
- nvidia-304-updates 304.125-0ubuntu0.0.0.1
- nvidia-304 304.125-0ubuntu0.0.0.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make
all the necessary changes.
References
Fedora EPEL 5 Security Update: firebird-2.1.5.18496.0-5.el5
Resolved Bugs
1172445 – firebird: malformed network packet can cause denial of service
1172447 – firebird: malformed network packet can cause denial of service [epel-all]<br
These updates fix the recently discovered security vulnerability (CORE-4630) that may be used for a remote DoS attack performed by unauthorized users
Fedora EPEL 5 Security Update: xrdp-0.6.1-1.el5
Resolved Bugs
782621 – xrdp: predictable temporary files may lead to arbitrary file overwrite [epel-all]<br
Close a security vulnerability in 0.5.0 and update to a known working release, 0.6.1.
Fedora EPEL 7 Security Update: firebird-2.5.3.26778.0-2.el7
Resolved Bugs
1172445 – firebird: malformed network packet can cause denial of service
1172447 – firebird: malformed network packet can cause denial of service [epel-all]<br
These updates fix the recently discovered security vulnerability (CORE-4630) that may be used for a remote DoS attack performed by unauthorized users
CVE-2014-8500
ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals.
CVE-2014-8602
iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals.