Monthly Archives: May 2015

Ubuntu

USN-2610-1: Oxide vulnerabilities

Ubuntu Security Notice USN-2610-1

21st May, 2015

oxide-qt vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 15.04
  • Ubuntu 14.10
  • Ubuntu 14.04 LTS

Summary

Several security issues were fixed in Oxide.

Software description

  • oxide-qt
    – Web browser engine library for Qt (QML plugin)

Details

Several security issues were discovered in the DOM implementation in
Blink. If a user were tricked in to opening a specially crafted website,
an attacker could potentially exploit these to bypass Same Origin Policy
restrictions. (CVE-2015-1253, CVE-2015-1254)

A use-after-free was discovered in the WebAudio implementation in
Chromium. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial of
service via renderer crash, or execute arbitrary code with the privileges
of the sandboxed render process. (CVE-2015-1255)

A use-after-free was discovered in the SVG implementation in Blink. If a
user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to cause a denial of service via renderer
crash, or execute arbitrary code with the privileges of the sandboxed
render process. (CVE-2015-1256)

A security issue was discovered in the SVG implementation in Blink. If a
user were tricked in to opening a specially crafted website, an attacker
could potentially exploit this to cause a denial of service via renderer
crash. (CVE-2015-1257)

An issue was discovered with the build of libvpx. If a user were tricked
in to opening a specially crafted website, an attacker could potentially
exploit this to cause a denial of service via renderer crash, or execute
arbitrary code with the privileges of the sandboxed render process.
(CVE-2015-1258)

Multiple use-after-free issues were discovered in the WebRTC
implementation in Chromium. If a user were tricked in to opening a
specially crafted website, an attacker could potentially exploit these to
cause a denial of service via renderer crash, or execute arbitrary code
with the privileges of the sandboxed render process. (CVE-2015-1260)

An uninitialized value bug was discovered in the font shaping code in
Blink. If a user were tricked in to opening a specially crafted website,
an attacker could potentially exploit this to cause a denial of service
via renderer crash. (CVE-2015-1262)

Multiple security issues were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to read uninitialized memory, cause a denial
of service via application crash or execute arbitrary code with the
privileges of the user invoking the program. (CVE-2015-1265)

Multiple security issues were discovered in V8. If a user were tricked
in to opening a specially crafted website, an attacker could potentially
exploit these to read uninitialized memory, cause a denial of service via
renderer crash or execute arbitrary code with the privileges of the
sandboxed render process. (CVE-2015-3910)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.04:
liboxideqtcore0

1.7.8-0ubuntu0.15.04.1
oxideqt-codecs

1.7.8-0ubuntu0.15.04.1
oxideqt-codecs-extra

1.7.8-0ubuntu0.15.04.1
Ubuntu 14.10:
liboxideqtcore0

1.7.8-0ubuntu0.14.10.1
oxideqt-codecs

1.7.8-0ubuntu0.14.10.1
oxideqt-codecs-extra

1.7.8-0ubuntu0.14.10.1
Ubuntu 14.04 LTS:
liboxideqtcore0

1.7.8-0ubuntu0.14.04.1
oxideqt-codecs

1.7.8-0ubuntu0.14.04.1
oxideqt-codecs-extra

1.7.8-0ubuntu0.14.04.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2015-1253,

CVE-2015-1254,

CVE-2015-1255,

CVE-2015-1256,

CVE-2015-1257,

CVE-2015-1258,

CVE-2015-1260,

CVE-2015-1262,

CVE-2015-1265,

CVE-2015-3910

Ubuntu

USN-2617-1: FUSE vulnerability

Ubuntu Security Notice USN-2617-1

21st May, 2015

fuse vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 15.04
  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

FUSE could be made to overwrite files as the administrator.

Software description

  • fuse
    – Filesystem in Userspace

Details

Tavis Ormandy discovered that FUSE incorrectly filtered environment
variables. A local attacker could use this issue to gain administrative
privileges.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.04:
fuse

2.9.2-4ubuntu4.15.04.1
Ubuntu 14.10:
fuse

2.9.2-4ubuntu4.14.10.1
Ubuntu 14.04 LTS:
fuse

2.9.2-4ubuntu4.14.04.1
Ubuntu 12.04 LTS:
fuse

2.8.6-2ubuntu2.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2015-3202

Ubuntu

USN-2609-1: Apport vulnerabilities

Ubuntu Security Notice USN-2609-1

21st May, 2015

apport vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 15.04
  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Apport could be tricked into creating arbitrary files as an administrator,
resulting in privilege escalation.

Software description

  • apport
    – automatically generate crash reports for debugging

Details

Sander Bos discovered that Apport incorrectly handled permissions when
the system was configured to generate core dumps for setuid binaries. A
local attacker could use this issue to gain elevated privileges.
(CVE-2015-1324)

Philip Pettersson discovered that Apport contained race conditions
resulting core dumps to be generated with incorrect permissions in
arbitrary locations. A local attacker could use this issue to gain elevated
privileges. (CVE-2015-1325)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.04:
apport

2.17.2-0ubuntu1.1
Ubuntu 14.10:
apport

2.14.7-0ubuntu8.5
Ubuntu 14.04 LTS:
apport

2.14.1-0ubuntu3.11
Ubuntu 12.04 LTS:
apport

2.0.1-0ubuntu17.9

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2015-1324,

CVE-2015-1325

Ubuntu

USN-2618-1: python-dbusmock vulnerability

Ubuntu Security Notice USN-2618-1

21st May, 2015

python-dbusmock vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 15.04
  • Ubuntu 14.10
  • Ubuntu 14.04 LTS

Summary

python-dbusmock could be tricked into running arbitrary programs.

Software description

  • python-dbusmock
    – mock D-Bus objects for tests

Details

It was discovered that python-dbusmock incorrectly handled template
loading from shared directories. A local attacker could possibly use this
issue to execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 15.04:
python-dbusmock

0.14-1ubuntu2
python3-dbusmock

0.14-1ubuntu2
Ubuntu 14.10:
python-dbusmock

0.11.4-1ubuntu1
python3-dbusmock

0.11.4-1ubuntu1
Ubuntu 14.04 LTS:
python-dbusmock

0.10.1-1ubuntu1
python3-dbusmock

0.10.1-1ubuntu1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2015-1326

NVD

CVE-2015-0746

The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows remote attackers to cause a denial of service (API outage) by sending many requests, aka Bug ID CSCut62022.

NVD

CVE-2015-0915

Cross-site scripting (XSS) vulnerability in RAKUS MailDealer 11.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted attachment filename.

NVD

CVE-2015-0916

SQL injection vulnerability in graph.php in Cacti before 0.8.6f allows remote authenticated users to execute arbitrary SQL commands via the local_graph_id parameter, a different vulnerability than CVE-2007-6035.

Fedora

Fedora 22 Security Update: ufraw-0.21-1.fc22

Resolved Bugs
1221249 – CVE-2015-3885 dcraw: input sanitization flaw leading to buffer overflow
1221258 – CVE-2015-3885 ufraw: dcraw: input sanitization flaw leading to buffer overflow [fedora-all]<br
This update contains a fix for a bug which could cause dcraw write past array boundaries.
Additionally, it updates ufraw to version 0.21, an upstream bugfix release.

Fedora

Fedora 22 Security Update: php-ZendFramework-1.12.13-1.fc22

Resolved Bugs
1215712 – CVE-2015-3154 php-ZendFramework2: ZF2015-04: Potential header and mail injection vulnerability
1223762 – CVE-2015-3154 php-ZendFramework: php-ZendFramework2: ZF2015-04: Potential header and mail injection vulnerability [fedora-all]<br
**Zend Framework 1.12.13**
* 567: Cast int and float to string when creating headers
**Zend Framework 1.12.12**
* 493: PHPUnit not being installed
* 511: Add PATCH to the list of allowed methods in Zend_Controller_Request_HttpTestCase
* 513: Save time and space when cloning PHPUnit
* 515: !IE conditional comments bug
* 516: Zend_Locale does not honor parentLocale configuration
* 518: Run travis build also on PHP 7 builds
* 534: Failing unit test: Zend_Validate_EmailAddressTest::testIdnHostnameInEmaillAddress
* 536: Zend_Measure_Number convert some decimal numbers to roman with space char
* 537: Extend view renderer controller fix (#440)
* 540: Fix PHP 7 BC breaks in Zend_XmlRpc/Amf_Server
* 541: Fixed errors in tests on PHP7
* 542: Correctly reset the sub-path when processing routes
* 545: Fixed path delimeters being stripped by chain routes affecting later routes
* 546: TravisCI: Skip memcache(d) on PHP 5.2
* 547: Session Validators throw ‘general’ Session Exception during Session start
* 550: Notice “Undefined index: browser_version”
* 557: doc: Zend Framework Dependencies table unreadable
* 559: Fixes a typo in Zend_Validate messages for SK
* 561: Zend_Date not expected year
* 564: Zend_Application tries to load ZendX_Application_Resource_FrontController during instantiation
**Security**
* **ZF2015-04**: Zend_Mail and Zend_Http were both susceptible to CRLF Injection Attack vectors (for HTTP, this is often referred to as HTTP Response Splitting). Both components were updated to perform header value validations to ensure no values contain characters not detailed in their corresponding specifications, and will raise exceptions on detection. Each also provides new facilities for both validating and filtering header values prior to injecting them into header classes. If you use either Zend_Mail or Zend_Http, we recommend upgrading immediately.