This bulletin summary lists one bulletin that has undergone a major revision increment for April, 2015.
Monthly Archives: April 2015
libtasn1 Heap Overflow
Fuzzing GnuTLS, it was discovered that a malformed certificate input sample would cause a heap overflow read of 99 bytes in the DER decoding functions of Libtasn1. The heap overflow happens in the function _asn1_extract_der_octet().
CVE-2014-3598
The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image. (CVSS:5.0) (Last Update:2015-05-04)
DSA-3243 libxml-libxml-perl – security update
Tilmann Haak from xing.com discovered that XML::LibXML, a Perl interface
to the libxml2 library, did not respect the expand_entities parameter to
disable processing of external entities in some circumstances. This may
allow attackers to gain read access to otherwise protected resources,
depending on how the library is used.
MDVSA-2015:218: glibc
Multiple vulnerabilities has been found and corrected in glibc:
It was discovered that, under certain circumstances, glibc’s
getaddrinfo() function would send DNS queries to random file
descriptors. An attacker could potentially use this flaw to send DNS
queries to unintended recipients, resulting in information disclosure
or data loss due to the application encountering corrupted data
(CVE-2013-7423).
A buffer overflow flaw was found in the way glibc’s gethostbyname_r()
and other related functions computed the size of a buffer when passed
a misaligned buffer as input. An attacker able to make an application
call any of these functions with a misaligned buffer could use this
flaw to crash the application or, potentially, execute arbitrary
code with the permissions of the user running the application
(CVE-2015-1781).
The updated packages provides a solution for these security issues.
MDVSA-2015:217: sqlite3
Multiple vulnerabilities has been found and corrected in sqlite3:
SQLite before 3.8.9 does not properly implement the dequoting of
collation-sequence names, which allows context-dependent attackers to
cause a denial of service (uninitialized memory access and application
crash) or possibly have unspecified other impact via a crafted COLLATE
clause, as demonstrated by COLLATE at the end of a SELECT statement
(CVE-2015-3414).
The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9
does not properly implement comparison operators, which allows
context-dependent attackers to cause a denial of service (invalid
free operation) or possibly have unspecified other impact via a
crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE
TABLE statement (CVE-2015-3415).
The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does
not properly handle precision and width values during floating-point
conversions, which allows context-dependent attackers to cause a
denial of service (integer overflow and stack-based buffer overflow)
or possibly have unspecified other impact via large integers in a
crafted printf function call in a SELECT statement (CVE-2015-3416).
The updated packages provides a solution for these security issues.
RHSA-2015:0921-1: Important: chromium-browser security and bug fix update
Red Hat Enterprise Linux: Updated chromium-browser packages that fix multiple security issues and one
bug are now available for Red Hat Enterprise Linux 6 Supplementary.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2015-1243, CVE-2015-1250
RHSA-2015:0919-1: Important: kernel security update
Red Hat Enterprise Linux: Updated kernel packages that fix one security issue are now available for
Red Hat Enterprise Linux 5.6 Long Life.
Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
CVE-2014-8159
USN-2583-1: Linux kernel vulnerability
Ubuntu Security Notice USN-2583-1
30th April, 2015
linux vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 10.04 LTS
Summary
The system could be made to run programs as an administrator.
Software description
- linux
– Linux kernel
Details
A race condition between chown() and execve() was discovered in the Linux
kernel. A local attacker could exploit this race by using chown on a
setuid-user-binary to gain administrative privileges.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 10.04 LTS:
-
linux-image-2.6.32-74-powerpc
2.6.32-74.142
-
linux-image-2.6.32-74-386
2.6.32-74.142
-
linux-image-2.6.32-74-sparc64
2.6.32-74.142
-
linux-image-2.6.32-74-generic-pae
2.6.32-74.142
-
linux-image-2.6.32-74-preempt
2.6.32-74.142
-
linux-image-2.6.32-74-lpia
2.6.32-74.142
-
linux-image-2.6.32-74-sparc64-smp
2.6.32-74.142
-
linux-image-2.6.32-74-powerpc64-smp
2.6.32-74.142
-
linux-image-2.6.32-74-versatile
2.6.32-74.142
-
linux-image-2.6.32-74-generic
2.6.32-74.142
-
linux-image-2.6.32-74-virtual
2.6.32-74.142
-
linux-image-2.6.32-74-server
2.6.32-74.142
-
linux-image-2.6.32-74-powerpc-smp
2.6.32-74.142
-
linux-image-2.6.32-74-ia64
2.6.32-74.142
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.
References
USN-2584-1: Linux kernel (EC2) vulnerability
Ubuntu Security Notice USN-2584-1
30th April, 2015
linux-ec2 vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 10.04 LTS
Summary
The system could be made to run programs as an administrator.
Software description
- linux-ec2
– Linux kernel for EC2
Details
A race condition between chown() and execve() was discovered in the Linux
kernel. A local attacker could exploit this race by using chown on a
setuid-user-binary to gain administrative privileges.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 10.04 LTS:
-
linux-image-2.6.32-377-ec2
2.6.32-377.94
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed. If
you use linux-restricted-modules, you have to update that package as
well to get modules which work with the new kernel version. Unless you
manually uninstalled the standard kernel metapackages (e.g. linux-generic,
linux-server, linux-powerpc), a standard system upgrade will automatically
perform this as well.