Monthly Archives: July 2015

Security

Red Hat Security Advisory 2015-1218-01

Red Hat Security Advisory 2015-1218-01 – PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. An uninitialized pointer use flaw was found in PHP’s Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_read_data() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application.

Security

Red Hat Security Advisory 2015-1219-01

Red Hat Security Advisory 2015-1219-01 – PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. An integer overflow flaw leading to a heap-based buffer overflow was found in the way PHP’s FTP extension parsed file listing FTP server responses. A malicious FTP server could use this flaw to cause a PHP application to crash or, possibly, execute arbitrary code.

Security

Ubuntu Security Notice USN-2656-1

Ubuntu Security Notice 2656-1 – Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property. Looben Yan discovered 2 use-after-free issues when using XMLHttpRequest in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.

Security

Ubuntu Security Notice USN-2671-1

Ubuntu Security Notice 2671-1 – Eric Peterson and Lin Hua Cheng discovered that Django incorrectly handled session records. A remote attacker could use this issue to cause a denial of service. Sjoerd Job Postmus discovered that DJango incorrectly handled newline characters when performing validation. A remote attacker could use this issue to perform header injection attacks.

Security

Ubuntu Security Notice USN-2672-1

Ubuntu Security Notice 2672-1 – Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property. Watson Ladd discovered that NSS incorrectly handled Elliptical Curve Cryptography (ECC) multiplication. A remote attacker could possibly use this issue to spoof ECDSA signatures. Various other issues were also addressed.

Security

OpenSSL Security Advisory – Certificate Forgery

During certificate verification, OpenSSL (starting from version 1.0.1n and 1.0.2b) will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and “issue” an invalid certificate. This issue will impact any application that verifies certificates including SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client authentication. This issue affects OpenSSL versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o.

VMWare

NEW VMSA-2015-0005 "VMware Workstation, Player and Horizon View Client for Windows updates address a host privilege escalation vulnerability"

------------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID: VMSA-2015-0005
Synopsis:    VMware Workstation, Player and Horizon View Client for
             Windows updates address a host privilege escalation
             vulnerability

Issue date:  2015-07-09
Updated on:  2015-07-09
CVE number:  CVE-2015-3650
------------------------------------------------------------------------

1. Summary

   VMware Workstation, Player and Horizon View Client for Windows
   updates address a host privilege escalation vulnerability.

2. Relevant Releases

   VMware Workstation for Windows 11.x prior to version 11.1.1
   VMware Workstation for Windows 10.x prior to version 10.0.7
   VMware Player for Windows 7.x prior to version 7.1.1
   VMware Player for Windows 6.x prior to version 6.0.7
   VMware Horizon Client for Windows (with Local Mode Option) prior to
   version 5.4.2


3. Problem Description

   a. VMware Workstation, Player and Horizon View Client for Windows
      host privilege escalation vulnerability.

      VMware Workstation, Player and Horizon View Client for Windows do
      not set a discretionary access control list (DACL) for one of
      their processes. This may allow a local attacker to elevate their
      privileges and execute code in the security context of the
      affected process.

      VMware would like to thank Kyriakos Economou of Nettitude for
      reporting this issue to us.

      The Common Vulnerabilities and Exposures project (cve.mitre.org)
      has assigned the identifier CVE-2015-3650 to this issue.

      Column 4 of the following table lists the action required to
      remediate the vulnerability in each release, if a solution is
      available.

      VMware                        Product    Running   Replace with/
      Product                       Version    on        Apply Patch
      =============                 =======    =======   ===============
      VMware Workstation             11.x      Windows   11.1.1
      VMware Workstation             10.x      Windows   10.0.7

      VMware Player                  7.x       Windows   7.1.1
      VMware Player                  6.x       Windows   6.0.7

      VMware Horizon Client for      5.x       Windows   5.4.2
      Windows (with Local Mode Option)

      VMware Horizon Client for      3.x       any       not affected
      Windows



4. Solution

   Please review the patch/release notes for your product and
   version and verify the checksum of your downloaded file.

   VMware Workstation
   --------------------------------
   https://www.vmware.com/go/downloadworkstation

   VMware Player
   --------------------------------
   https://www.vmware.com/go/downloadplayer

   VMware Horizon Clients
   --------------------------------
   https://www.vmware.com/go/viewclients


5. References

   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3650

------------------------------------------------------------------------

6. Change log

   2015-07-09 VMSA-2015-0005
   Initial security advisory.

------------------------------------------------------------------------

7. Contact

   E-mail list for product security notifications and announcements:
   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

   This Security Advisory is posted to the following lists:

    security-announce at lists.vmware.com
    bugtraq at securityfocus.com
    fulldisclosure at seclists.org

   E-mail: security at vmware.com
   PGP key at: http://kb.vmware.com/kb/1055

   VMware Security Advisories
   http://www.vmware.com/security/advisories

   Consolidated list of VMware Security Advisories
   http://kb.vmware.com/kb/2078735

   VMware Security Response Policy
   https://www.vmware.com/support/policies/security_response.html

   VMware Lifecycle Support Phases
   https://www.vmware.com/support/policies/lifecycle.html

   Twitter
   https://twitter.com/VMwareSRC

   Copyright 2015 VMware Inc.  All rights reserved.
_______________________________________________
Security-announce mailing list
Security-announce-xEzmwC/hc7si8rCdYzckzA< at >public.gmane.org
http://lists.vmware.com/mailman/listinfo/security-announce
CentOS

CESA-2015:1218 Moderate CentOS 6 php SecurityUpdate

CentOS Errata and Security Advisory 2015:1218 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1218.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
97908585a91585137ccb6eee94f45568936c29c3358ddcf2f0fecef66aa807e3  php-5.3.3-46.el6_6.i686.rpm
904b300d398ee3d5ce0f55e4099c45f51b7753c855720c7d1c245cf5425b7f3e  php-bcmath-5.3.3-46.el6_6.i686.rpm
53a07be26838874150138ca397e92eb467ba682b7cbc6d9fade3e9979cc2ca57  php-cli-5.3.3-46.el6_6.i686.rpm
09bb5673d2894ddf9de223ded3f9a1eef51956301d6ba735be10c0246cd4ffb5  php-common-5.3.3-46.el6_6.i686.rpm
e1235f6cffd68c85eaa0216db76f4b628d5e9aa5b080936f6c4e82397440715e  php-dba-5.3.3-46.el6_6.i686.rpm
72b398096f27035b56e4e46223d18e76692c771e7a2cdadebf8808da9c782ab3  php-devel-5.3.3-46.el6_6.i686.rpm
7b65855b6c9f6bfa7fb760ce61335974bd0d43e8713ae573243cf83986b594b6  php-embedded-5.3.3-46.el6_6.i686.rpm
a52c5dfb1e0eb52c83965c0dc5e6b7ff1c6c50553fe1a9b29e49b977f0aeae0d  php-enchant-5.3.3-46.el6_6.i686.rpm
1e287c54d1b76e9adc169ca6b446e08c1b7013f2c68408eae0c79923f3c58d73  php-fpm-5.3.3-46.el6_6.i686.rpm
18d933596c1def34379b5d0d1bf9a789ca0034d3930bbe1566dddfad6085bbd5  php-gd-5.3.3-46.el6_6.i686.rpm
3042e3eaed7876445b3acf07ef482259fe8413f3e4e55405d1d76366d8afde8b  php-imap-5.3.3-46.el6_6.i686.rpm
3e5fc5c46acb4fb1249f2b3e8e580caa07f4cda05e8e2dbef83d2f81dcd845ff  php-intl-5.3.3-46.el6_6.i686.rpm
a40d0e8fafb5d54cde0cae013ef3ab19b559fd93dc8a8cb6ab93a0ebc3147bfa  php-ldap-5.3.3-46.el6_6.i686.rpm
75b0cf46e035aed61c4714a517b2ccef8850cfadeb9543e34eb18b6dfdf398cb  php-mbstring-5.3.3-46.el6_6.i686.rpm
9ca19170b19d9c6917dc407fafeb31d4cb7ad76992bee021cdcb976c021571e4  php-mysql-5.3.3-46.el6_6.i686.rpm
6e85aaa43ee1dd174292fbcdd8e3e35ced65e8d69a88b6266acc0add645a7163  php-odbc-5.3.3-46.el6_6.i686.rpm
82256356a0bde09f945f99096815423dc675ce853380d4ae6d4c15567ba066a2  php-pdo-5.3.3-46.el6_6.i686.rpm
22d30a8346618e1f09e266ba2b22b491e8daa65c5eb6c4bb86cc05329ce3c60d  php-pgsql-5.3.3-46.el6_6.i686.rpm
2693447fa0ad5632f248b7f3e07c8b418dc36da5d117fb30ae80e7a26c05ac6e  php-process-5.3.3-46.el6_6.i686.rpm
164b189cac9a834a9721c4f323d6e3a58ac0cdfefd64dcc21607de54556c9bfe  php-pspell-5.3.3-46.el6_6.i686.rpm
0a278f4abe0eb142c864e1087c93b8d127adcb5708299e98f39453393aad8922  php-recode-5.3.3-46.el6_6.i686.rpm
efeae4c0cbbc4a9d7643fc13f93d5665e4ef99c900de565dd34346e81d0fa64c  php-snmp-5.3.3-46.el6_6.i686.rpm
3b32736c6698616a820f187ed430140f7ac93c9e6b478aa140b87bda0218a3ae  php-soap-5.3.3-46.el6_6.i686.rpm
b76458a0d402e52d3eb0bed3c8276c469165d3290cffa934b47674065041bad1  php-tidy-5.3.3-46.el6_6.i686.rpm
98c57680a6582c2460c7c4f95153e19560b0a9b762f531bdc88d6251e3243bf9  php-xml-5.3.3-46.el6_6.i686.rpm
11e4721c452a2e691e71d2e4530d0bd03e1817a7bfd36a99170b70bcdfef9231  php-xmlrpc-5.3.3-46.el6_6.i686.rpm
1b10dcc2a9140e3b515c5a5028e1ec29898b92d914ab2b0d4be892f4e25c0a5f  php-zts-5.3.3-46.el6_6.i686.rpm

x86_64:
0c45509eff8fe9176329691a60dbfde48d3ad02fa496c8c383d180203d605d63  php-5.3.3-46.el6_6.x86_64.rpm
c7a9ea7d8e9250adcd45312394cdf57969490e18d5f46f48b788333b1cdce512  php-bcmath-5.3.3-46.el6_6.x86_64.rpm
017d7ae9cca8701ee461634d5baae9598cf78921955a4f77de85d6f5eb0109f6  php-cli-5.3.3-46.el6_6.x86_64.rpm
6b78b92fbd734e70743913c684ab1859850fdb8ac5eaf17b167e37444c883202  php-common-5.3.3-46.el6_6.x86_64.rpm
7b7c7712e78b169d49a0dbb91a58c8a9e755df347067e563258e85475081f685  php-dba-5.3.3-46.el6_6.x86_64.rpm
20fa622e155bf1ff739152321105bc91b3d5b99a312ec0bf5336905016c05b51  php-devel-5.3.3-46.el6_6.x86_64.rpm
94c0f77389b09896ee9e1053671cc592a03b6e817a9da200118eb533bd63c648  php-embedded-5.3.3-46.el6_6.x86_64.rpm
729dee2897ced5fade373520d2fa3328c065263a369177b1baa1bd3bc0d1992d  php-enchant-5.3.3-46.el6_6.x86_64.rpm
ab2a88d6f414d008354e987b2eca4641bc72cbc24d348120d04a1a2675732173  php-fpm-5.3.3-46.el6_6.x86_64.rpm
01f2a681f2b90511dc4b4db3a4a8b70fe604cf31e08c6e0fb8a3c2e97000801c  php-gd-5.3.3-46.el6_6.x86_64.rpm
ba53e43da7c07501d1ef7aea5a6c903324d129dded436b90a63627d18ec8ed1f  php-imap-5.3.3-46.el6_6.x86_64.rpm
bddd9dcfde4a79a59eb54a3690e29a8a37564371cb7608220aeb0340182368be  php-intl-5.3.3-46.el6_6.x86_64.rpm
128e84cad9089e4711cb02455ce72a3ef0c0b4a5d999e1b7dab6959741adb45d  php-ldap-5.3.3-46.el6_6.x86_64.rpm
5165459e1ea4da86459560da795df01f14127be1b91de3b3b811692b28b14276  php-mbstring-5.3.3-46.el6_6.x86_64.rpm
42557a4431d3ede06908fc44341ac50a612d418f524b8faec10e52212028da05  php-mysql-5.3.3-46.el6_6.x86_64.rpm
405080398f52c8cdfa5f15b5d579b9d488da62f9f86c934d51dadd0e6ef86f42  php-odbc-5.3.3-46.el6_6.x86_64.rpm
9289e97429bc379173e2b6b87026b9c7356678001369d1e215d12e28cdd21e56  php-pdo-5.3.3-46.el6_6.x86_64.rpm
e28c0ef558d544a7d8691943e038e026af971ad518ec180c2513e3958765289e  php-pgsql-5.3.3-46.el6_6.x86_64.rpm
c402a8a8392752be1be1ca12a0ba70cd9720d50efd6021fc362c68a1aa9f1aa0  php-process-5.3.3-46.el6_6.x86_64.rpm
b4ccefafc18c5b2f8cdd859ff32c244e79e5eaae6f80a06d15878ec7803203ef  php-pspell-5.3.3-46.el6_6.x86_64.rpm
0dcac5d3afadbf4b259006bfef3f244c932fe5ab185febd944fa5ce4deea8a02  php-recode-5.3.3-46.el6_6.x86_64.rpm
9b6314836113114c39c98c05e33239b576b1b05cd05546d041ade7713cfb0dcd  php-snmp-5.3.3-46.el6_6.x86_64.rpm
56f79deea445b7aeef8b4e27d357fb5e186454e43d53867a75de5362e73d9a69  php-soap-5.3.3-46.el6_6.x86_64.rpm
7de2b9c2794b0d3f2dc2c2add872cfeb8735503a50902e75b70a81b288490180  php-tidy-5.3.3-46.el6_6.x86_64.rpm
7de7c01300061c237e602983706f2871e5826e4ac7ab8c72dcba7a773d641f3e  php-xml-5.3.3-46.el6_6.x86_64.rpm
0d10a266d7d66030604e03493b027ff63f366fdee3e2aad71b3efbf467c8e22a  php-xmlrpc-5.3.3-46.el6_6.x86_64.rpm
aee49ee856e2ab0d777e4724f141953cef239281220aa212cd5c2b9d34e2eccd  php-zts-5.3.3-46.el6_6.x86_64.rpm

Source:
bb6d33cfdb1f35409416d43f456161085c9c6b11f0a24147a9368a0a7cc4f2e1  php-5.3.3-46.el6_6.src.rpm