Monthly Archives: March 2015

Full Disclosure

Path traversal vulnerability in EMC M&R (Watch4net) MIB Browser

Posted by Securify B.V. on Mar 18

————————————————————————
Path traversal vulnerability in EMC M&R (Watch4net) MIB Browser
————————————————————————
Han Sahin, November 2014

————————————————————————
Abstract
————————————————————————
A path traversal vulnerability was found in EMC M&R…

Full Disclosure

Path traversal vulnerability in EMC M&R (Watch4net) Device Discovery

Posted by Securify B.V. on Mar 18

————————————————————————
Path traversal vulnerability in EMC M&R (Watch4net) Device Discovery
————————————————————————
Han Sahin, November 2014

————————————————————————
Abstract
————————————————————————
A path traversal vulnerability was found in EMC…

Drupal

SA-CONTRIB-2015-080 – Profile2 Privacy – Cross Site Scripting (XSS)

Description

Profile2 Privacy module enables you to show or hide parts of a profile2 entity based on pre-configured field sets with a title and description.

The module doesn’t sufficiently sanitize user supplied text in some pages, thereby exposing a Cross Site Scripting vulnerability.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission “Administer Profile2 Privacy Levels”.

CVE identifier(s) issued

  • A CVE identifier will be requested, and added upon issuance, in accordance with Drupal Security Team processes.

Versions affected

  • Profile2 Privacy 7.x-1.x versions prior to 7.x-1.5.

Drupal core is not affected. If you do not use the contributed Profile2 Privacy module, there is nothing you need to do.

Solution

Install the latest version:

Also see the Profile2 Privacy project page.

Reported by

  • Matt Vance provisional member of the Drupal Security Team

Fixed by

Coordinated by

  • Matt Vance provisional member of the Drupal Security Team

Contact and More Information

The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.

Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.

Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity

Drupal version: 
Drupal 7.x
CentOS

CEEA-2015:0701 CentOS 6 sssd Enhancement Update

CentOS Errata and Enhancement Advisory 2015:0701 

Upstream details at : https://rhn.redhat.com/errata/RHEA-2015-0701.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
c732f6ea6f8cd4e3002ed4b4a86dd813448faa1b73d3c0d8678a3a632a195265  libipa_hbac-1.11.6-30.el6_6.4.i686.rpm
2c64017af10cfb370b40b01e38f2d66e9e092d31c4233cc1bc30e3b7235e2062  libipa_hbac-devel-1.11.6-30.el6_6.4.i686.rpm
58c5cf1e04267cd1b4da1c4f39f04030caea6b13d08a17798eb4457031ffcaf1  libipa_hbac-python-1.11.6-30.el6_6.4.i686.rpm
b8f075692a9c1f86ce952d4918b996ea9d3c3187a8fb661dd73204223e69032e  libsss_idmap-1.11.6-30.el6_6.4.i686.rpm
9056764f5696e17b62ffb117e83deb9f8383f20fe157c806cc4ac75bd5ffd6d8  libsss_idmap-devel-1.11.6-30.el6_6.4.i686.rpm
a4aa1deda59150eef50182146cf3068d720d5c72e5374a27fb7fc757b228d884  libsss_nss_idmap-1.11.6-30.el6_6.4.i686.rpm
05dc3bef5bc3c3c9ca4d640f896113de0acfa457865620a536a9c627ceb6bbf8  libsss_nss_idmap-devel-1.11.6-30.el6_6.4.i686.rpm
0bd1439b331f8e56dc303aea3cb630045ec079293397be75cd958d2bfdde239f  libsss_nss_idmap-python-1.11.6-30.el6_6.4.i686.rpm
43ad7c250f903184929faa80c63573ca99a591ada6edcff70ba3e2bcbacf6002  python-sssdconfig-1.11.6-30.el6_6.4.noarch.rpm
8a58664365cd401608cc7d502d994350f73b47693907816da1dc7fea7669c6e5  sssd-1.11.6-30.el6_6.4.i686.rpm
7688c68f9c9bac5cd960e76d288183e34b2cff88f8c51b7126498e25dac23a7e  sssd-ad-1.11.6-30.el6_6.4.i686.rpm
616c867706f445dc8fe1c286ffc433f15b2e291be60e39f6ea4a91de1ccd949b  sssd-client-1.11.6-30.el6_6.4.i686.rpm
166ef324b2b06cc1a7f7638d0407d6fff9c345af6817a10938b64dd231c48fdd  sssd-common-1.11.6-30.el6_6.4.i686.rpm
7a6a38282ce8659dcea22f478396b6e5468b5b96a6f75904e526291febdeb16e  sssd-common-pac-1.11.6-30.el6_6.4.i686.rpm
81122fc3a12e05ba06dd0afc3e5e37d6b33fc5e9e83f9239b787e6eec60b0b94  sssd-dbus-1.11.6-30.el6_6.4.i686.rpm
ac0f8ad1ca40951a8081eb85d9508a32dc22e901f72a8ffa2e13da2b98ccdaf4  sssd-ipa-1.11.6-30.el6_6.4.i686.rpm
08a68d4748eb9ba099c0d630b584b7cd10f1c215806d3cc2ef2627238e863046  sssd-krb5-1.11.6-30.el6_6.4.i686.rpm
f5f18cccb8bcde48c97e86a1674bf787c437ad45fb4189b0af937cd19ecdd367  sssd-krb5-common-1.11.6-30.el6_6.4.i686.rpm
64495be2c2eace89d499822a1ea664c67a297c0f0427120851cd07d8b7ef0538  sssd-ldap-1.11.6-30.el6_6.4.i686.rpm
dc38f030ecd3b3ba88e5d3b7589cf35b435d6d75a9fa97798430043cbc05f537  sssd-proxy-1.11.6-30.el6_6.4.i686.rpm
81889b946d39da62e1b168eceb9d7768cf26245b577d3ffbf95f410df99b03ac  sssd-tools-1.11.6-30.el6_6.4.i686.rpm

x86_64:
c732f6ea6f8cd4e3002ed4b4a86dd813448faa1b73d3c0d8678a3a632a195265  libipa_hbac-1.11.6-30.el6_6.4.i686.rpm
6ff0c0c930b748aba85467352fd140298b93520e7e569565cc7ea0f95c33e3a0  libipa_hbac-1.11.6-30.el6_6.4.x86_64.rpm
2c64017af10cfb370b40b01e38f2d66e9e092d31c4233cc1bc30e3b7235e2062  libipa_hbac-devel-1.11.6-30.el6_6.4.i686.rpm
c84b0bba97a817b0c00e8ebade89b52b6af17b5ed3b618f72fd025d494cb5fd0  libipa_hbac-devel-1.11.6-30.el6_6.4.x86_64.rpm
eda5252af695b97b9e26f15d8d0952d4a4714102106129317896c0ec8b32a19c  libipa_hbac-python-1.11.6-30.el6_6.4.x86_64.rpm
b8f075692a9c1f86ce952d4918b996ea9d3c3187a8fb661dd73204223e69032e  libsss_idmap-1.11.6-30.el6_6.4.i686.rpm
cc39f2009b1a03ed6be2e32cfca96a06afd8e4b6ce77edd1affeebe25b633788  libsss_idmap-1.11.6-30.el6_6.4.x86_64.rpm
9056764f5696e17b62ffb117e83deb9f8383f20fe157c806cc4ac75bd5ffd6d8  libsss_idmap-devel-1.11.6-30.el6_6.4.i686.rpm
92dd8c7bcdf039532d09b864e50d399e1ed29ff2336be5f35b88193aacd35c8e  libsss_idmap-devel-1.11.6-30.el6_6.4.x86_64.rpm
a4aa1deda59150eef50182146cf3068d720d5c72e5374a27fb7fc757b228d884  libsss_nss_idmap-1.11.6-30.el6_6.4.i686.rpm
58f47134c98e575177f1d78a8e8314eac85dd7350c38879301d32661df4e994f  libsss_nss_idmap-1.11.6-30.el6_6.4.x86_64.rpm
05dc3bef5bc3c3c9ca4d640f896113de0acfa457865620a536a9c627ceb6bbf8  libsss_nss_idmap-devel-1.11.6-30.el6_6.4.i686.rpm
fe256269865062a529a3729012341c8bc8a51da17f9cfcf032c38e67b424bcb1  libsss_nss_idmap-devel-1.11.6-30.el6_6.4.x86_64.rpm
da9fc6ba5b8d5124c8f4d541bc1a7a6a22bd5fddb4f219d8aa6a8948a879b551  libsss_nss_idmap-python-1.11.6-30.el6_6.4.x86_64.rpm
43ad7c250f903184929faa80c63573ca99a591ada6edcff70ba3e2bcbacf6002  python-sssdconfig-1.11.6-30.el6_6.4.noarch.rpm
de7a69990f967d2e2c8d5b74898f8c1c3ce5bf79c278061b8f814260406661cb  sssd-1.11.6-30.el6_6.4.x86_64.rpm
bb2bb77a318ec0279e6ef15441ece1f0eadc959a89f2c7592421005b17494b7e  sssd-ad-1.11.6-30.el6_6.4.x86_64.rpm
616c867706f445dc8fe1c286ffc433f15b2e291be60e39f6ea4a91de1ccd949b  sssd-client-1.11.6-30.el6_6.4.i686.rpm
7638e1729357ed6b836f6a1217dfba95acde8e9600cd7b75cb89c6abf107263f  sssd-client-1.11.6-30.el6_6.4.x86_64.rpm
166ef324b2b06cc1a7f7638d0407d6fff9c345af6817a10938b64dd231c48fdd  sssd-common-1.11.6-30.el6_6.4.i686.rpm
c5ffeece952a2fc991cf404c65a639d52a6eb29ed98a96facd6e5730d0dba130  sssd-common-1.11.6-30.el6_6.4.x86_64.rpm
256f10dcf22b24c337ee008b2b00821ff4241e8942fadda619b1af6e9167a677  sssd-common-pac-1.11.6-30.el6_6.4.x86_64.rpm
1d215006cfd98c0a61a5436ea461edcbf05f8fb6f3ce0a406eb18c809c19bc91  sssd-dbus-1.11.6-30.el6_6.4.x86_64.rpm
124e529a30f227014309827d1e48e5e2960799b51489a8c905738aef9e775617  sssd-ipa-1.11.6-30.el6_6.4.x86_64.rpm
3d67c3ddffbdac9c1349c56eb9b3eeceaef8c9465c05ef43091acf39acbad04e  sssd-krb5-1.11.6-30.el6_6.4.x86_64.rpm
7a7c9a23f9fab5a314859ad02d5189de88d1d7b3bd530da684e703ec25f7f4a5  sssd-krb5-common-1.11.6-30.el6_6.4.x86_64.rpm
7cdb10c0183dcd7bd30dccf1b5321b62b7671b3ef83d0e2cc380fb16e483b443  sssd-ldap-1.11.6-30.el6_6.4.x86_64.rpm
8882608b252fc2c4c7c271aac80db84d59fcd8adcf7881de6e9e7088cae6dd66  sssd-proxy-1.11.6-30.el6_6.4.x86_64.rpm
e356035a2446104809a24a2e38a43bb8c7017c77d2ffd5352b44fcb88d0d1e9c  sssd-tools-1.11.6-30.el6_6.4.x86_64.rpm

Source:
f4d23eabdb133bb990e34dd99af19b2a4ddce1bb6a8ac19fc3a0bfe4c7f937af  sssd-1.11.6-30.el6_6.4.src.rpm
CentOS

CESA-2015:0700 Moderate CentOS 6 unzip SecurityUpdate

CentOS Errata and Security Advisory 2015:0700 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-0700.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
c55d5cfb1d69e130c0c79fbe4fb8fab2ca26eb2538f849f7c7f8056e9dfd1318  unzip-6.0-2.el6_6.i686.rpm

x86_64:
a6d953312c9adb593717177e0aaba2522451e5e83cabdc1dbcc901edd4d35ef4  unzip-6.0-2.el6_6.x86_64.rpm

Source:
ecbe9378128eed9ba62f7c4fd26b2931be25fe0114e87969dcc3da95de125769  unzip-6.0-2.el6_6.src.rpm
CentOS

CESA-2015:0696 Important CentOS 6 freetypeSecurity Update

CentOS Errata and Security Advisory 2015:0696 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-0696.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
45a77d6322ca6eba1839d5ae1a2d3600053b53442178c66b4a2922db7bf675e6  freetype-2.3.11-15.el6_6.1.i686.rpm
1148728004bb73f8c2fa6531699f759a8d0fa66cff1430d77a981496ce945726  freetype-demos-2.3.11-15.el6_6.1.i686.rpm
cd21cd42093bd368199e183bff7ef9ad937d0697af2867f474bc711786737998  freetype-devel-2.3.11-15.el6_6.1.i686.rpm

x86_64:
45a77d6322ca6eba1839d5ae1a2d3600053b53442178c66b4a2922db7bf675e6  freetype-2.3.11-15.el6_6.1.i686.rpm
db9f9418457ac284178ce414f70dcd6e1aa55b3a02b450e3ea6441776a7b4ed3  freetype-2.3.11-15.el6_6.1.x86_64.rpm
b496bebf66aef645bcb274a334663f9690dd9a232a77717132b38e932e09cf66  freetype-demos-2.3.11-15.el6_6.1.x86_64.rpm
cd21cd42093bd368199e183bff7ef9ad937d0697af2867f474bc711786737998  freetype-devel-2.3.11-15.el6_6.1.i686.rpm
99fe82b0fac773c436701964c0a4870df7b18aa352a42d3d52c1cc3e87e231b3  freetype-devel-2.3.11-15.el6_6.1.x86_64.rpm

Source:
02489b5951f7e555bb49d77d2c1531240b4b301cf0a75442b7c1e1c498bbf60f  freetype-2.3.11-15.el6_6.1.src.rpm