Want to mend your systems admin relationship? On this Systems Administration appreciation day, we give you a few tips to help mend fences.
The post 5 Systems Admin relationship tips (so you’re on talking terms again) appeared first on We Live Security.
Resolved Bugs
817696 – CVE-2012-2150 xfsprogs: xfs_metadump information disclosure flaw<br
Gabriel Vlasiu reported that xfs_metadump, part of the xfsprogs suite of tools for the XFS filesystem, did not properly obfuscate data. xfs_metadump properly obfuscates active metadata, but the rest of the space within that fs block comes through in the clear. This could lead to exposure of stale disk data via the produced metadump image.
The expectation of xfs_metadump is to obfuscate all but the shortest names in the metadata, as noted in the manpage:
By default, xfs_metadump obfuscates most file (regular file, directory and symbolic link) names and extended attribute names to allow the dumps to be sent without revealing confidential information. Extended attribute values are zeroed and no data is copied. The only exceptions are file or attribute names that are 4 or less characters in length. Also file names that span extents (this can only occur with the mkfs.xfs(8) options where -n size > -b size) are not obfuscated. Names between 5 and 8 characters in length inclusively are partially obfuscated.
While the xfs_metadump tool can be run by unprivileged users, it requires appropriate permissions to access block devices (such as root) where the sensitive data might be dumped. An unprivileged user, without access to the block device, could not use this flaw to obtain sensitive data they would not otherwise have permission to access.
Resolved Bugs
1180920 – [abrt] WARNING: CPU: 1 PID: 293 at kernel/sched/core.c:7303 __might_sleep+0xbd/0xd0()
1206724 – [abrt] WARNING: CPU: 0 PID: 302 at kernel/sched/core.c:7326 __might_sleep+0x87/0x90()
1243465 – CVE-2015-3290 kernel: x86: nested NMI handler and espfix64 interaction privilege escalation
1245927 – CVE-2015-3291 kernel: x86/nmi: malicious userspace programs can cause the kernel to skip NMIs [fedora-all]<br
Fixes for CVE-2015-3290 CVE-2015-3291 CVE-2015-1333 in the kernel.
Also fixes for a minor warning in pcmcia.
Resolved Bugs
817696 – CVE-2012-2150 xfsprogs: xfs_metadump information disclosure flaw<br
Gabriel Vlasiu reported that xfs_metadump, part of the xfsprogs suite of tools for the XFS filesystem, did not properly obfuscate data. xfs_metadump properly obfuscates active metadata, but the rest of the space within that fs block comes through in the clear. This could lead to exposure of stale disk data via the produced metadump image.
The expectation of xfs_metadump is to obfuscate all but the shortest names in the metadata, as noted in the manpage:
By default, xfs_metadump obfuscates most file (regular file, directory and symbolic link) names and extended attribute names to allow the dumps to be sent without revealing confidential information. Extended attribute values are zeroed and no data is copied. The only exceptions are file or attribute names that are 4 or less characters in length. Also file names that span extents (this can only occur with the mkfs.xfs(8) options where -n size > -b size) are not obfuscated. Names between 5 and 8 characters in length inclusively are partially obfuscated.
While the xfs_metadump tool can be run by unprivileged users, it requires appropriate permissions to access block devices (such as root) where the sensitive data might be dumped. An unprivileged user, without access to the block device, could not use this flaw to obtain sensitive data they would not otherwise have permission to access.
Tomek Rabczak from the NCC Group discovered a flaw in the
normalize_params() method in Rack, a modular Ruby webserver interface.
A remote attacker can use this flaw via specially crafted requests to
cause a `SystemStackError` and potentially cause a denial of service
condition for the service.
CentOS Errata and Bugfix Advisory 2015:1521 Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-1521.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 94999b90a6ce0c291b86d07ffbd4400409c783b846b65d5c874667dc8938c492 less-458-9.el7.x86_64.rpm Source: cedc1c32bdf9f66401ceba704a168d2bdeae6d6671b1627bd51e1e1696a1c949 less-458-9.el7.src.rpm
CentOS Errata and Security Advisory 2015:1526 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1526.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 11a2635ffab652c45c63ac6aa128866507d5aa53d04ad7030b839f31c6a5f4df java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el5_11.i386.rpm 7597882cfdaf40f21aca2a6af73aedd1ac1bce73e18a316d6db23d56a40f44c6 java-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el5_11.i386.rpm a6ceae2f7957675fb06d209fe703019069257c1c31a48a7abf09b8933858077a java-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el5_11.i386.rpm 94ec650562cec44847914ce52fb88a83937a8646ac58093aacbb89cc44200580 java-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el5_11.i386.rpm b44c48cbff3a0eb0fc713ff4bd5624cce7aa5abafa54bdd2994026f57c3542d4 java-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el5_11.i386.rpm x86_64: 9d896fe3912a3feef0f0806d8ba0231beec02ecaaff0dd3062228c694a94acab java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el5_11.x86_64.rpm e5e5f98447cde6cf42dec41b2012ce03a2c4da60d149b2172f7bc594d3aeeb28 java-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el5_11.x86_64.rpm 91996692b0932c47d3d3f37707bfd3d5e119d9bf091940d810b650cbb0984ce3 java-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el5_11.x86_64.rpm 1f4028f6cf0ea019a8d032e1860060e71939facfce1497574b2b4420829377ee java-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el5_11.x86_64.rpm 105b064767a936c604222364891240945104958b0af6fdc013dbc474aa489b66 java-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el5_11.x86_64.rpm Source: a1823e46d30a1db8e7631e2a912f863f3bad7442db82f9d323dca26dc7cfa9d0 java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el5_11.src.rpm
CentOS Errata and Security Advisory 2015:1526 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1526.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 5e91f94700cc94a8422277dcca5146e2f54a33547397d0b467e52e916ded811a java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm 3e22027833fc703705aa7bbc9cb395733f2098320dc6538cd59bba7015d94745 java-1.6.0-openjdk-demo-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm 7a3a1b5b8bcaf615fa3797b9c76660a11e6ecd8b43670a4da00d610fe7c32b1d java-1.6.0-openjdk-devel-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm a2753379c1c1e628a155cd2af93a1c44ef7a44d164ce39fdddef0c51dbb53ad6 java-1.6.0-openjdk-javadoc-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm a263d9da3f58f534699e226540180c7874fa38e7a60782a161902c1091e41eb8 java-1.6.0-openjdk-src-1.6.0.36-1.13.8.1.el7_1.x86_64.rpm Source: 41b960e8e0cd7a4acd59a1750fcd2129c95a69a68e92d898ee613e1ae000fef8 java-1.6.0-openjdk-1.6.0.36-1.13.8.1.el7_1.src.rpm
Cisco has patched a denial-of-service vulnerability in its ASR 1000 line of routers, a bug that’s caused by an issue with the way the routers handle some fragmented packets. The company said the DoS vulnerability affects all of the ASR 1000 Series Aggregation Services Routers that are running a vulnerable version of the IOS XE […]
OS X security researcher Patrick Wardle is expected at Black Hat to demonstrate how to write advanced Mac malware, including Gatekeeper and Xprotect bypasses, in hopes of raising awareness to the current state of OS malware detection.