The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcRRQueryVersion, (2) SProcRRGetScreenInfo, (3) SProcRRSelectInput, or (4) SProcRRConfigureOutputProperty function.
Monthly Archives: December 2014
CVE-2014-8100
The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcRenderQueryVersion, (2) SProcRenderQueryVersion, (3) SProcRenderQueryPictFormats, (4) SProcRenderQueryPictIndexValues, (5) SProcRenderCreatePicture, (6) SProcRenderChangePicture, (7) SProcRenderSetPictureClipRectangles, (8) SProcRenderFreePicture, (9) SProcRenderComposite, (10) SProcRenderScale, (11) SProcRenderCreateGlyphSet, (12) SProcRenderReferenceGlyphSet, (13) SProcRenderFreeGlyphSet, (14) SProcRenderFreeGlyphs, or (15) SProcRenderCompositeGlyphs function.
CVE-2014-8102
The SProcXFixesSelectSelectionInput function in the XFixes extension in X.Org X Window System (aka X11 or X) X11R6.8.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length value.
CVE-2014-8103
X.Org Server (aka xserver and xorg-server) 1.15.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) sproc_dri3_query_version, (2) sproc_dri3_open, (3) sproc_dri3_pixmap_from_buffer, (4) sproc_dri3_buffer_from_pixmap, (5) sproc_dri3_fence_from_fd, (6) sproc_dri3_fd_from_fence, (7) proc_present_query_capabilities, (8) sproc_present_query_version, (9) sproc_present_pixmap, (10) sproc_present_notify_msc, (11) sproc_present_select_input, or (12) sproc_present_query_capabilities function in the (a) DRI3 or (b) Present extension.
CVE-2014-8298
The NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before R331.113, R340.x before R340.65, R343.x before R343.36, and R346.x before R346.22, Lixux for Tegra (L4T) driver before R21.2, and Chrome OS driver before R40 allows remote attackers to cause a denial of service (segmentation fault and X server crash) or possibly execute arbitrary code via a crafted GLX indirect rendering protocol request.
CVE-2014-8601
PowerDNS Recursor before 3.6.2 allows remote attackers to cause a denial of service (performance degradation) via a request for a domain name that triggers a large number of queries to resolve, as demonstrated by resolving domains hosted by ezdns.it.
CVE-2014-9091
Icecast before 2.4.0 does not change the supplementary group privileges when <changeowner> is configured, which allows local users to gain privileges via unspecified vectors.
CVE-2014-9120
Cross-site scripting (XSS) vulnerability in Subrion CMS before 3.2.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to subrion/search/.
CVE-2014-9360
XML external entity (XXE) vulnerability in Scalix Web Access 11.4.6.12377 and 12.2.0.14697 allows remote attackers to read arbitrary files and trigger requests to intranet servers via a crafted request.
SA-CONTRIB-2014-120 – Piwik Web Analytics – Information disclosure
- Advisory ID: DRUPAL-SA-CONTRIB-2014-120
- Project: Piwik Web Analytics (third-party module)
- Version: 7.x
- Date: 2014-December-10
- Security risk: 11/25 ( Moderately Critical) AC:None/A:User/CI:Some/II:None/E:Theoretical/TD:Uncommon
- Vulnerability: Information Disclosure
Description
This module enables you to integrate Drupal with Piwik Web Analytics.
The module leaks the site specific hash salt to authenticated users when user-id tracking is turned on.
This vulnerability is mitigated by the fact that user-id tracking must be turned on and the attacker needs to have an account on the site.
CVE identifier(s) issued
- A CVE identifier will be requested, and added upon issuance, in accordance
with Drupal Security Team processes.
Versions affected
- Piwik Web Analytics 7.x-2.6. Neither earlier nor later versions are affected.
Drupal core is not affected. If you do not use the contributed Piwik Web Analytics module,
there is nothing you need to do.
Solution
Install the latest version:
- If you use the Piwik Web Analytics module for Drupal 7.x, upgrade to Piwik Web Analytics 7.x-2.7
Affected sites are urged to generate a new hash salt and store it in settings.php.
Methods to generate a new hash salt
- With drush:
drush php-eval 'echo(drupal_random_key()) . "n";' - With openssl:
openssl rand -base64 32
How to replace the hash salt
- Open your
settings.phpfile (e.g.,sites/default/settings.php - Locate the variable
$drupal_hash_salt:<?php
/**
* Salt for one-time login links and cancel links, form tokens, etc.
* [...]
*/
$drupal_hash_salt = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX';
?> - Replace the value and safe the file
- Flush all caches either from within the administrative UI (Administration » Configuration » Development » Performance) or by issuing
drush cache-clear all
Effects caused by replacing the hash salt
- Passwort reset links generated before the new hash salt will not work anymore. Affected users need to request a new password reset link.
- Existing image style urls will stop working. A cache flush is necessary such that all
<img>tags are updated.
If immediate installation / regeneration of the hash salt is not possible, then disable user-id tracking at once.
Also see the Piwik Web Analytics project page.
Reported by
Fixed by
- Alexander Hass the module maintainer
Coordinated by
- Klaus Purer of the Drupal Security Team
Contact and More Information
The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.
Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.
Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity
Drupal version: