Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Category Archives: Security
Security
Mozilla Releases Security Updates for Firefox and Thunderbird
Original release date: September 03, 2014
The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox and Thunderbird. Exploitation of these vulnerabilities may allow an attacker to cause an exploitable crash or execute arbitrary code.
The following updates are available:Â Â Â Â Â Â Â Â Â Â Â Â Â Â
- Firefox 32
- Firefox ESR 24.8
- Firefox ESR 31.1
- Thunderbird 31.1
- Thunderbird 24.8
Users and administrators are encouraged to review the Security Advisories for Firefox, Firefox ESR and Thunderbird to determine which updates should be applied to mitigate these risks.
This product is provided subject to this Notification and this Privacy & Use policy.
Is your software fixed?
A common query seen at Red Hat is “our auditor says our Red Hat machines are vulnerable to CVE-2015-1234, is this true?†or “Why hasn’t Red Hat updated software package foo to version 1.2.3?†In other words, our customers (and their auditors) are not sure whether or not we have fixed a security vulnerability, or if a given package is up to date with respect to security issues. In an effort to help our security-conscious customers, Red Hat make this information available in an easy to consume format.
What’s the deal with CVEs?
Red Hat is committed to the CVE process. To quote our CVE compatibility page:
We believe that giving our users accurate and complete information about security issues is extremely important. By including CVE names when we discuss security issues in our services and products, we can help users cross-reference vulnerabilities so they spend less time investigating and categorizing security events.
Red Hat has a representative on the CVE Editorial Board and declared CVE compatibility in April 2002.
To put it simply: if it’s a security issue and we fix it in an RHSA it gets a CVE. In fact we usually assign CVEs as soon as we determine a security issue exists (additional information on determining what constitutes a security issue can be found on our blog.).
How to tell if you software is fixed?
A CVE can be queried at our public CVE page. Details concerning the vulnerability, the CVSS v2 metrics, and security errata are easily accessible from here.
To verify you system is secure, simply check which version of the package you have installed and if the NVR of your installed package is equal to or higher than the NVR of the package in the RHSA then you’re safe.
What’s an NVR?
The NVR is the Name-Version-Release of the package. The Heartbleed RHSA lists packages such as: openssl-1.0.1e-16.el6_5.7.x86_64.rpm. So from this we see a package name of “openssl†(a hyphen), a version of 1.0.1e (a hyphen) and the release is 16.el6_5.7. Assuming you are running RHEL 6, x86_64, if you have openssl version 1.0.1e release 16.el6_5.7 or later you’re protected from the Heartbleed issue.
Please note, there is an additional field called “epoch”, this field actually supersedes the version number (and release), most packages do not have an epoch number, however a larger epoch number means that a package can override a package with a lower epoch. This can be useful, for example, if you need a custom modified version of a package that also exists in RPM repos you are already using. By assigning an epoch number to your package RPM you can override the same version package RPMs from another repo even if they have a higher version number. So be aware, using packages that have the same name and a higher epoch number you will not get security updates unless you specifically create new RPM’s with the epoch number and the security update.
But what if there is no CVE page?
As part of our process the CVE pages are automatically created if public entries exist in Bugzilla. CVE information may not be available if the details of the vulnerability have not been released or the issue is still embargoed. We do encourage responsible handling of vulnerabilities and sometimes delay CVE information from being made public.
Also, CVE information will not be created if the software we shipped wasn’t vulnerable.
How to tell if your system is vulnerable?
If you have a specific CVE or set of CVEs that you are worried about you can use the yum command to see if your system is vulnerable. Start by installing yum-plugin-security:
sudo yum install yum-plugin-security
Then query the CVE you are interested in, for example on a RHEL 7 system without the OpenSSL update:
[root@localhost ~]# yum updateinfo info --cve CVE-2014-0224
===============================================
Important: openssl security update
===============================================
Update ID : RHSA-2014:0679
Release :
Type : security
Status : final
Issued : 2014-06-10 00:00:00
Bugs : 1087195 - CVE-2010-5298 openssl: freelist misuse causing
a possible use-after-free
: 1093837 - CVE-2014-0198 openssl: SSL_MODE_RELEASE_BUFFERS NULL
pointer dereference in do_ssl3_write()
: 1103586 - CVE-2014-0224 openssl: SSL/TLS MITM vulnerability
: 1103593 - CVE-2014-0221 openssl: DoS when sending invalid DTLS
handshake
: 1103598 - CVE-2014-0195 openssl: Buffer overflow via DTLS
invalid fragment
: 1103600 - CVE-2014-3470 openssl: client-side denial of service
when using anonymous ECDH
CVEs : CVE-2014-0224
: CVE-2014-0221
: CVE-2014-0198
: CVE-2014-0195
: CVE-2010-5298
: CVE-2014-3470
Description : OpenSSL is a toolkit that implements the Secure
Sockets Layer
If your system is up to date or the CVE doesn’t affect the platform you’re on then no information will be returned.
Conclusion
Red Hat Product Security makes available as much information as we can regarding vulnerabilities affecting our customers. This information is available on our customer portal as well as within the software repositories. As you can see it is both easy and quick to determine if your system is up to date on security patches with the provided information and tools.
The following checklist can be used to check if systems or packages are affected by specific security issues:
1) Check if the issue you’re concerned about has a CVE and check the Red Hat CVE page:
https://access.redhat.com/security/cve/CVE-2014-0224
2) Check to see if your system is up to date for that issue:
sudo yum install yum-plugin-security yum updateinfo info --cve CVE-2014-0224
3) Alternatively you can check the package NVR in the RHSA errata listed in the CVE page (in #1) and compare it to the packages on your system to see if they are the same or greater.
4) If you still have questions please contact Red Hat Support!
MS14-028 – Important: Vulnerabilities in iSCSI Could Allow Denial of Service (2962485) – Version: 1.1
Severity Rating: Important
Revision Note: V1.1 (September 3, 2014): Updated the Known Issues entry in the Knowledge Base Article section from “None” to “Yes”.
Summary: This security update resolves two vulnerabilities in the Microsoft Windows. The vulnerabilities could allow denial of service if an attacker sends large amounts of specially crafted iSCSI packets over the target network. This vulnerability only affects servers for which the iSCSI target role has been enabled.
Watering Hole Attack Targets Automotive, Aerospace Industries
A new watering hole attack is targeting the aerospace, automotive and manufacturing industries with a new reconnaissance malware tool called “Scanbox.”
Google Accelerates End Of SHA-1 Support, Certificate Authorities Nervous
A Google Site Meant To Protect You Is Helping Hackers Attack You
North Korean Tactics In Cyberwarfare Exposed
Several vulnerabilities in third party extensions
Release Date: September 02, 2014
Bulletin update: September 5, 2014 (added CVEs)
Please read first: This Collective Security Bulletin (CSB) is a listing of vulnerable extensions with neither significant download numbers, nor other special importance amongst the TYPO3 Community. The intention of CSBs is to reduce the workload of the TYPO3 Security Team and of the maintainers of extensions with vulnerabilities. Nevertheless, vulnerabilities in TYPO3 core or important extensions will still get the well-known single Security Bulletin each.
Please read the chapter in the Security Guide about the different types of Extension Security Bulletins.
All vulnerabilities affect third-party extensions. These extensions are not part of the TYPO3 default installation.
Extension: CWT Frontend Edit (cwt_feedit)
Affected Versions: 1.2.4 and all versions below
Vulnerability Type: Arbitrary Code Execution
Severity: Critical
Suggested CVSS v2.0: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:F/RL:O/RC:C (What’s that?)
CVE: CVE-2014-6231
Solution: An updated version 1.2.5 is available from the TYPO3 extension manager and at http://typo3.org/extensions/repository/download/cwt_feedit/1.2.5/t3x/. Users of the extension are advised to update the extension as soon as possible.
Credits: Credits go to Milan Altenburg who discovered and reported the issue.
Extension: LDAP (eu_ldap)
Affected Versions: 2.8.17 and all versions below
Vulnerability Type: Information Disclosure
Severity: Low
Suggested CVSS v2.0: AV:N/AC:H/Au:S/C:C/I:N/A:N/E:ND/RL:O/RC:C (What’s that?)
CVE: CVE-2014-6232
Solution: An updated version 2.8.18 is available from the TYPO3 extension manager and at http://typo3.org/extensions/repository/download/eu_ldap/2.8.18/t3x/. Users of the extension are advised to update the extension as soon as possible.
Credits: Credits go to Florian Seirer who discovered and reported the issue.
Extension: Flat Manager (flatmgr)
Affected Versions: 2.7.9 and all versions below
Vulnerability Type: SQL Injection
Severity: High
Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:C/I:P/A:N/E:F/RL:O/RC:C (What’s that?)
CVE: CVE-2014-6233
Solution: An updated version 2.7.10 is available from the TYPO3 extension manager and at http://typo3.org/extensions/repository/download/flatmgr/2.7.10/t3x/. Users of the extension are advised to update the extension as soon as possible.
Credits: Credits go to Ingo Schmitt who discovered and reported the issue.
Extension: Open Graph protocol (jh_opengraphprotocol)
Affected Versions: 1.0.1 and all versions below
Vulnerability Type: Cross-Site Scripting
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:F/RL:O/RC:C (What’s that?)
CVE: CVE-2014-6234
Solution: An updated version 1.0.2 is available from the TYPO3 extension manager and at http://typo3.org/extensions/repository/download/jh_opengraphprotocol/1.0.2/t3x/. Users of the extension are advised to update the extension as soon as possible.
Credits: Credits go to Heiko Kromm who discovered and reported the issue.
Extension: ke DomPDF (ke_dompdf)
Affected Versions: 0.0.3 and all versions below
Vulnerability Type: Remote Code Execution
Severity: Critical
Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:O/RC:C (What’s that?)
CVE: CVE-2014-6235
Solution: An updated version 0.0.5 is available from the TYPO3 extension manager and at http://typo3.org/extensions/repository/download/ke_dompdf/0.0.5/t3x/. Users of the extension are advised to update the extension as soon as possible.
Credits: Credits go to Hendrik Nadler who discovered and reported the issue.
Extension: LumoNet PHP Include (lumophpinclude)
Affected Versions: 1.2.0 and all versions below
Vulnerability Type: Arbitrary Code Execution
Severity: Critical
Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:O/RC:C (What’s that?)
CVE: CVE-2014-6236
Solution: An updated version 1.2.1 is available from the TYPO3 extension manager and at http://typo3.org/extensions/repository/download/lumophpinclude/1.2.1/t3x/. Users of the extension are advised to update the extension as soon as possible.
Credits: Credits go to Jost Baron who discovered and reported the issue.
Extension: News Pack (news_pack)
Affected Versions: 0.1.0 and all versions below
Vulnerability Type: Cross-Site Scripting
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:L/Au:S/C:P/I:P/A:N/E:F/RL:U/RC:C (What’s that?)
CVE: CVE-2014-6237
Solution: Versions of this extension that are known to be vulnerable will no longer be available for download from the TYPO3 Extension Repository. The extension author failed in providing a security fix for the reported vulnerability in a decent amount of time. Please uninstall and delete the extension folder from your installation.
Credits: Credits go to Frederic Gaus who discovered and reported the issue.
Extension: SB Folderdownload (sb_akronymmanager)
Affected Versions: 0.5.0 and all versions below
Vulnerability Type: Cross-Site Scripting
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:L/Au:S/C:P/I:P/A:N/E:F/RL:U/RC:C (What’s that?)
CVE: CVE-2014-6238
Solution: Versions of this extension that are known to be vulnerable will no longer be available for download from the TYPO3 Extension Repository. The extension author failed in providing a security fix for the reported vulnerability in a decent amount of time. Please uninstall and delete the extension folder from your installation.
Extension: Address visualization with Google Maps (st_address_map)
Affected Versions: 0.3.5 and all versions below
Vulnerability Type: SQL Injection
Severity: High
Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:C/I:P/A:N/E:F/RL:O/RC:C (What’s that?)
CVE: CVE-2014-6239
Solution: An updated version 0.3.6 is available from the TYPO3 extension manager and at http://typo3.org/extensions/repository/download/st_address_map/0.3.6/t3x/. Users of the extension are advised to update the extension as soon as possible.
Credits: Credits go to Marc Bastian Heinrichs who discovered and reported the issue.
Extension: Google Sitemap (weeaar_googlesitemap)
Affected Versions: 0.4.3 and all versions below
Vulnerability Type: Cross-Site Scripting
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:L/Au:S/C:P/I:P/A:N/E:F/RL:U/RC:C (What’s that?)
CVE: CVE-2014-6240
Solution: Versions of this extension that are known to be vulnerable will no longer be available for download from the TYPO3 Extension Repository. The extension author failed in providing a security fix for the reported vulnerability in a decent amount of time. Please uninstall and delete the extension folder from your installation.
Extension: wt_directory (wt_directory)
Affected Versions: 1.4.0 and all versions below
Vulnerability Type: SQL Injection
Severity: High
Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:C/I:P/A:N/E:F/RL:O/RC:C (What’s that?)
CVE: CVE-2014-6241
Solution: An updated version 1.4.1 is available from the TYPO3 extension manager and at http://typo3.org/extensions/repository/download/wt_directory/1.4.1/t3x/. Users of the extension are advised to update the extension as soon as possible.
Credits: Credits go to Marc Bastian Heinrichs who discovered and reported the issue.
General advice: Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list to receive future Security Bulletins via E-mail.
Several vulnerabilities in third party extensions
Release Date: September 02, 2014
Bulletin update: September 5, 2014 (added CVEs)
Please read first: This Collective Security Bulletin (CSB) is a listing of vulnerable extensions with neither significant download numbers, nor other special importance amongst the TYPO3 Community. The intention of CSBs is to reduce the workload of the TYPO3 Security Team and of the maintainers of extensions with vulnerabilities. Nevertheless, vulnerabilities in TYPO3 core or important extensions will still get the well-known single Security Bulletin each.
Please read the chapter in the Security Guide about the different types of Extension Security Bulletins.
All vulnerabilities affect third-party extensions. These extensions are not part of the TYPO3 default installation.
Extension: CWT Frontend Edit (cwt_feedit)
Affected Versions: 1.2.4 and all versions below
Vulnerability Type: Arbitrary Code Execution
Severity: Critical
Suggested CVSS v2.0: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:F/RL:O/RC:C (What’s that?)
CVE: CVE-2014-6231
Solution: An updated version 1.2.5 is available from the TYPO3 extension manager and at http://typo3.org/extensions/repository/download/cwt_feedit/1.2.5/t3x/. Users of the extension are advised to update the extension as soon as possible.
Credits: Credits go to Milan Altenburg who discovered and reported the issue.
Extension: LDAP (eu_ldap)
Affected Versions: 2.8.17 and all versions below
Vulnerability Type: Information Disclosure
Severity: Low
Suggested CVSS v2.0: AV:N/AC:H/Au:S/C:C/I:N/A:N/E:ND/RL:O/RC:C (What’s that?)
CVE: CVE-2014-6232
Solution: An updated version 2.8.18 is available from the TYPO3 extension manager and at http://typo3.org/extensions/repository/download/eu_ldap/2.8.18/t3x/. Users of the extension are advised to update the extension as soon as possible.
Credits: Credits go to Florian Seirer who discovered and reported the issue.
Extension: Flat Manager (flatmgr)
Affected Versions: 2.7.9 and all versions below
Vulnerability Type: SQL Injection
Severity: High
Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:C/I:P/A:N/E:F/RL:O/RC:C (What’s that?)
CVE: CVE-2014-6233
Solution: An updated version 2.7.10 is available from the TYPO3 extension manager and at http://typo3.org/extensions/repository/download/flatmgr/2.7.10/t3x/. Users of the extension are advised to update the extension as soon as possible.
Credits: Credits go to Ingo Schmitt who discovered and reported the issue.
Extension: Open Graph protocol (jh_opengraphprotocol)
Affected Versions: 1.0.1 and all versions below
Vulnerability Type: Cross-Site Scripting
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:F/RL:O/RC:C (What’s that?)
CVE: CVE-2014-6234
Solution: An updated version 1.0.2 is available from the TYPO3 extension manager and at http://typo3.org/extensions/repository/download/jh_opengraphprotocol/1.0.2/t3x/. Users of the extension are advised to update the extension as soon as possible.
Credits: Credits go to Heiko Kromm who discovered and reported the issue.
Extension: ke DomPDF (ke_dompdf)
Affected Versions: 0.0.3 and all versions below
Vulnerability Type: Remote Code Execution
Severity: Critical
Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:O/RC:C (What’s that?)
CVE: CVE-2014-6235
Solution: An updated version 0.0.5 is available from the TYPO3 extension manager and at http://typo3.org/extensions/repository/download/ke_dompdf/0.0.5/t3x/. Users of the extension are advised to update the extension as soon as possible.
Credits: Credits go to Hendrik Nadler who discovered and reported the issue.
Extension: LumoNet PHP Include (lumophpinclude)
Affected Versions: 1.2.0 and all versions below
Vulnerability Type: Arbitrary Code Execution
Severity: Critical
Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:O/RC:C (What’s that?)
CVE: CVE-2014-6236
Solution: An updated version 1.2.1 is available from the TYPO3 extension manager and at http://typo3.org/extensions/repository/download/lumophpinclude/1.2.1/t3x/. Users of the extension are advised to update the extension as soon as possible.
Credits: Credits go to Jost Baron who discovered and reported the issue.
Extension: News Pack (news_pack)
Affected Versions: 0.1.0 and all versions below
Vulnerability Type: Cross-Site Scripting
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:L/Au:S/C:P/I:P/A:N/E:F/RL:U/RC:C (What’s that?)
CVE: CVE-2014-6237
Solution: Versions of this extension that are known to be vulnerable will no longer be available for download from the TYPO3 Extension Repository. The extension author failed in providing a security fix for the reported vulnerability in a decent amount of time. Please uninstall and delete the extension folder from your installation.
Credits: Credits go to Frederic Gaus who discovered and reported the issue.
Extension: SB Folderdownload (sb_akronymmanager)
Affected Versions: 0.5.0 and all versions below
Vulnerability Type: Cross-Site Scripting
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:L/Au:S/C:P/I:P/A:N/E:F/RL:U/RC:C (What’s that?)
CVE: CVE-2014-6238
Solution: Versions of this extension that are known to be vulnerable will no longer be available for download from the TYPO3 Extension Repository. The extension author failed in providing a security fix for the reported vulnerability in a decent amount of time. Please uninstall and delete the extension folder from your installation.
Extension: Address visualization with Google Maps (st_address_map)
Affected Versions: 0.3.5 and all versions below
Vulnerability Type: SQL Injection
Severity: High
Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:C/I:P/A:N/E:F/RL:O/RC:C (What’s that?)
CVE: CVE-2014-6239
Solution: An updated version 0.3.6 is available from the TYPO3 extension manager and at http://typo3.org/extensions/repository/download/st_address_map/0.3.6/t3x/. Users of the extension are advised to update the extension as soon as possible.
Credits: Credits go to Marc Bastian Heinrichs who discovered and reported the issue.
Extension: Google Sitemap (weeaar_googlesitemap)
Affected Versions: 0.4.3 and all versions below
Vulnerability Type: Cross-Site Scripting
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:L/Au:S/C:P/I:P/A:N/E:F/RL:U/RC:C (What’s that?)
CVE: CVE-2014-6240
Solution: Versions of this extension that are known to be vulnerable will no longer be available for download from the TYPO3 Extension Repository. The extension author failed in providing a security fix for the reported vulnerability in a decent amount of time. Please uninstall and delete the extension folder from your installation.
Extension: wt_directory (wt_directory)
Affected Versions: 1.4.0 and all versions below
Vulnerability Type: SQL Injection
Severity: High
Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:C/I:P/A:N/E:F/RL:O/RC:C (What’s that?)
CVE: CVE-2014-6241
Solution: An updated version 1.4.1 is available from the TYPO3 extension manager and at http://typo3.org/extensions/repository/download/wt_directory/1.4.1/t3x/. Users of the extension are advised to update the extension as soon as possible.
Credits: Credits go to Marc Bastian Heinrichs who discovered and reported the issue.
General advice: Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list to receive future Security Bulletins via E-mail.