ID

VAR-201501-0737

CVE

CVE-2015-0235

TITLE

GNU C Library (glibc) __nss_hostname_digits_dots() function vulnerable to buffer overflow

DESCRIPTION

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST.". This vulnerability has been assigned CVE-2015-0235, and is referred to in the media by the name "GHOST". eglibc The package contains a classic buffer overflow vulnerability.Denial of service (DoS) May be in a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-040: EMC Secure Remote Services Virtual Edition Security Update for Multiple Vulnerabilities CVE Identifier: CVE-2015-0235, CVE-2015-0524, CVE-2015-0525 Severity Rating: CVSSv2 Base Score: See below for individual scores for each CVE Affected products: \x95 EMC Secure Remote Services Virtual Edition 3.02 \x95 EMC Secure Remote Services Virtual Edition 3.03 Summary: EMC Secure Remote Services Virtual Edition (ESRS VE) contains multiple vulnerabilities that may potentially be exploited by attackers to compromise the affected system. Details: \x95 GHOST Vulnerability (CVE-2015-0235) On January 27, 2015, a vulnerability was publicly announced in the Linux glibc library. The details for this vulnerability can be found using the link to Qualys Advisory https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) \x95 SQL Injection (CVE-2015-0524) The ESRS VE Gateway Provisioning service contains a SQL injection vulnerability that could potentially be exploited by an attacker to retrieve arbitrary data from the application or interfere with its logic by executing arbitrary SQL commands on the affected system. CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) \x95 Command Injection (CVE-2015-0525) The ESRS VE Gateway Provisioning service contains a command injection vulnerability that could potentially be exploited by an attacker to execute arbitrary OS commands on the affected system. CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Resolution: EMC recommends all customers upgrade to the following version at the earliest opportunity: \x95 EMC Secure Remote Services Virtual Edition 3.04 Link to remedies: Registered EMC Online Support customers can download patches and software from support.emc.com at: EMC Secure Remote Services -> EMC Secure Remote Services Virtual Edition -> Downloads If you have any questions, contact EMC Support. Credits: EMC would like to thank Han Sahin (han.sahin@securify.nl) of Securify B.V. (https://www.securify.nl) for reporting CVE-2015-0524 and CVE-2015-0525. Read and use the information in this EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact EMC Software Technical Support at 1-877-534-2867. For an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. EMC Corporation distributes EMC Security Advisories, in order to bring to the attention of users of the affected EMC products, important security information. EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n a-c04874668 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04874668 Version: 1 HPSBGN03426 rev.1 - HP Mobility Software, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2015-11-02 Last Updated: 2015-11-02 Potential Security Impact: Remote Execution of Arbitrary Code Source: Hewlett-Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP Mobility Software (MSM). References: CVE-2015-0235 SSRT102283 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Mobility Software v6.4.0.0 HP Mobility Software v6.5.3.0 BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2015-0235 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has released the following software updates to resolve the vulnerability for HP Mobility Software (MSM). Please update or upgrade to one of the following versions or subsequent. - HP Mobility Software v6.4.3.0 - HP Mobility Software v6.5.3.0 The software updates are available by logging into "My Networking" portal at the following location: https://h10145.www1.hpe.com/sso/Index.aspx?ReturnUrl=..%2fdownloads%2fDow nloadSoftware.aspx%3fSoftwareReleaseUId%3d11068%26ProductNumber%3dJ9420A%26la ng%3d%26cc%3d%26prodSeriesId%3d HISTORY Version:1 (rev.1) - 2 November 2015 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett-Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability with any HPE supported product, send Email to: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2015 Hewlett-Packard Enterprise Hewlett-Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information in this document is subject to change without notice. Hewlett-Packard Enterprise and the names of Hewlett-Packard Enterprise products referenced herein are trademarks of Hewlett-Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-09-30-3 OS X El Capitan 10.11 OS X El Capitan 10.11 is now available and addresses the following: Address Book Available for: Mac OS X v10.6.8 and later Impact: A local attacker may be able to inject arbitrary code to processes loading the Address Book framework Description: An issue existed in Address Book framework's handling of an environment variable. This issue was addressed through improved environment variable handling. CVE-ID CVE-2015-5897 : Dan Bastone of Gotham Digital Science AirScan Available for: Mac OS X v10.6.8 and later Impact: An attacker with a privileged network position may be able to extract payload from eSCL packets sent over a secure connection Description: An issue existed in the processing of eSCL packets. This issue was addressed through improved validation checks. CVE-ID CVE-2015-5853 : an anonymous researcher apache_mod_php Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in PHP Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.27, including one which may have led to remote code execution. This issue was addressed by updating PHP to version 5.5.27. CVE-ID CVE-2014-9425 CVE-2014-9427 CVE-2014-9652 CVE-2014-9705 CVE-2014-9709 CVE-2015-0231 CVE-2015-0232 CVE-2015-0235 CVE-2015-0273 CVE-2015-1351 CVE-2015-1352 CVE-2015-2301 CVE-2015-2305 CVE-2015-2331 CVE-2015-2348 CVE-2015-2783 CVE-2015-2787 CVE-2015-3329 CVE-2015-3330 Apple Online Store Kit Available for: Mac OS X v10.6.8 and later Impact: A malicious application may gain access to a user's keychain items Description: An issue existed in validation of access control lists for iCloud keychain items. This issue was addressed through improved access control list checks. CVE-ID CVE-2015-5836 : XiaoFeng Wang of Indiana University, Luyi Xing of Indiana University, Tongxin Li of Peking University, Tongxin Li of Peking University, Xiaolong Bai of Tsinghua University AppleEvents Available for: Mac OS X v10.6.8 and later Impact: A user connected through screen sharing can send Apple Events to a local user's session Description: An issue existed with Apple Event filtering that allowed some users to send events to other users. This was addressed by improved Apple Event handling. CVE-ID CVE-2015-5849 : Jack Lawrence (@_jackhl) Audio Available for: Mac OS X v10.6.8 and later Impact: Playing a malicious audio file may lead to an unexpected application termination Description: A memory corruption issue existed in the handling of audio files. This issue issue was addressed through improved memory handling. CVE-ID CVE-2015-5862 : YoungJin Yoon of Information Security Lab. (Adv.: Prof. Taekyoung Kwon), Yonsei University, Seoul, Korea bash Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in bash Description: Multiple vulnerabilities existed in bash versions prior to 3.2 patch level 57. These issues were addressed by updating bash version 3.2 to patch level 57. CVE-ID CVE-2014-6277 CVE-2014-7186 CVE-2014-7187 Certificate Trust Policy Available for: Mac OS X v10.6.8 and later Impact: Update to the certificate trust policy Description: The certificate trust policy was updated. The complete list of certificates may be viewed at https://support.apple.com/en- us/HT202858. CFNetwork Cookies Available for: Mac OS X v10.6.8 and later Impact: An attacker in a privileged network position can track a user's activity Description: A cross-domain cookie issue existed in the handling of top level domains. The issue was address through improved restrictions of cookie creation. CVE-ID CVE-2015-5885 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University CFNetwork FTPProtocol Available for: Mac OS X v10.6.8 and later Impact: Malicious FTP servers may be able to cause the client to perform reconnaissance on other hosts Description: An issue existed in the handling of FTP packets when using the PASV command. This issue was resolved through improved validation. CVE-ID CVE-2015-5912 : Amit Klein CFNetwork HTTPProtocol Available for: Mac OS X v10.6.8 and later Impact: A maliciously crafted URL may be able to bypass HSTS and leak sensitive data Description: A URL parsing vulnerability existed in HSTS handling. This issue was addressed through improved URL parsing. CVE-ID CVE-2015-5858 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University CFNetwork HTTPProtocol Available for: Mac OS X v10.6.8 and later Impact: A malicious website may be able to track users in Safari private browsing mode Description: An issue existed in the handling of HSTS state in Safari private browsing mode. This issue was addressed through improved state handling. CVE-ID CVE-2015-5860 : Sam Greenhalgh of RadicalResearch Ltd CFNetwork Proxies Available for: Mac OS X v10.6.8 and later Impact: Connecting to a malicious web proxy may set malicious cookies for a website Description: An issue existed in the handling of proxy connect responses. This issue was addressed by removing the set-cookie header while parsing the connect response. CVE-ID CVE-2015-5841 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University CFNetwork SSL Available for: Mac OS X v10.6.8 and later Impact: An attacker with a privileged network position may intercept SSL/TLS connections Description: A certificate validation issue existed in NSURL when a certificate changed. This issue was addressed through improved certificate validation. CVE-ID CVE-2015-5824 : Timothy J. Wood of The Omni Group CFNetwork SSL Available for: Mac OS X v10.6.8 and later Impact: An attacker may be able to decrypt data protected by SSL Description: There are known attacks on the confidentiality of RC4. An attacker could force the use of RC4, even if the server preferred better ciphers, by blocking TLS 1.0 and higher connections until CFNetwork tried SSL 3.0, which only allows RC4. This issue was addressed by removing the fallback to SSL 3.0. CoreCrypto Available for: Mac OS X v10.6.8 and later Impact: An attacker may be able to determine a private key Description: By observing many signing or decryption attempts, an attacker may have been able to determine the RSA private key. This issue was addressed using improved encryption algorithms. CoreText Available for: Mac OS X v10.6.8 and later Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team Dev Tools Available for: Mac OS X v10.6.8 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in dyld. This was addressed through improved memory handling. CVE-ID CVE-2015-5876 : beist of grayhash Dev Tools Available for: Mac OS X v10.6.8 and later Impact: An application may be able to bypass code signing Description: An issue existed with validation of the code signature of executables. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5839 : @PanguTeam Disk Images Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in DiskImages. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5847 : Filippo Bigarella, Luca Todesco dyld Available for: Mac OS X v10.6.8 and later Impact: An application may be able to bypass code signing Description: An issue existed with validation of the code signature of executables. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5839 : TaiG Jailbreak Team EFI Available for: Mac OS X v10.6.8 and later Impact: A malicious application can prevent some systems from booting Description: An issue existed with the addresses covered by the protected range register. This issue was fixed by changing the protected range. CVE-ID CVE-2015-5900 : Xeno Kovah & Corey Kallenberg from LegbaCore EFI Available for: Mac OS X v10.6.8 and later Impact: A malicious Apple Ethernet Thunderbolt adapter may be able to affect firmware flashing Description: Apple Ethernet Thunderbolt adapters could modify the host firmware if connected during an EFI update. This issue was addressed by not loading option ROMs during updates. CVE-ID CVE-2015-5914 : Trammell Hudson of Two Sigma Investments and snare Finder Available for: Mac OS X v10.6.8 and later Impact: The "Secure Empty Trash" feature may not securely delete files placed in the Trash Description: An issue existed in guaranteeing secure deletion of Trash files on some systems, such as those with flash storage. This issue was addressed by removing the "Secure Empty Trash" option. CVE-ID CVE-2015-5901 : Apple Game Center Available for: Mac OS X v10.6.8 and later Impact: A malicious Game Center application may be able to access a player's email address Description: An issue existed in Game Center in the handling of a player's email. This issue was addressed through improved access restrictions. CVE-ID CVE-2015-5855 : Nasser Alnasser Heimdal Available for: Mac OS X v10.6.8 and later Impact: An attacker may be able to replay Kerberos credentials to the SMB server Description: An authentication issue existed in Kerberos credentials. This issue was addressed through additional validation of credentials using a list of recently seen credentials. CVE-ID CVE-2015-5913 : Tarun Chopra of Microsoft Corporation, U.S. and Yu Fan of Microsoft Corporation, China ICU Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in ICU Description: Multiple vulnerabilities existed in ICU versions prior to 53.1.0. These issues were addressed by updating ICU to version 55.1. CVE-ID CVE-2014-8146 CVE-2014-8147 CVE-2015-5922 Install Framework Legacy Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to gain root privileges Description: A restriction issue existed in the Install private framework containing a privileged executable. This issue was addressed by removing the executable. CVE-ID CVE-2015-5888 : Apple Intel Graphics Driver Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with system privileges Description: Multiple memory corruption issues existed in the Intel Graphics Driver. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5830 : Yuki MIZUNO (@mzyy94) CVE-2015-5877 : Camillus Gerard Cai IOAudioFamily Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to determine kernel memory layout Description: An issue existed in IOAudioFamily that led to the disclosure of kernel memory content. This issue was addressed by permuting kernel pointers. CVE-ID CVE-2015-5864 : Luca Todesco IOGraphics Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues existed in the kernel. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5871 : Ilja van Sprundel of IOActive CVE-2015-5872 : Ilja van Sprundel of IOActive CVE-2015-5873 : Ilja van Sprundel of IOActive CVE-2015-5890 : Ilja van Sprundel of IOActive IOGraphics Available for: Mac OS X v10.6.8 and later Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in IOGraphics which could have led to the disclosure of kernel memory layout. This issue was addressed through improved memory management. CVE-ID CVE-2015-5865 : Luca Todesco IOHIDFamily Available for: Mac OS X v10.6.8 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple memory corruption issues existed in IOHIDFamily. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5866 : Apple CVE-2015-5867 : moony li of Trend Micro IOStorageFamily Available for: Mac OS X v10.6.8 and later Impact: A local attacker may be able to read kernel memory Description: A memory initialization issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5863 : Ilja van Sprundel of IOActive Kernel Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues existed in the Kernel. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5868 : Cererdlong of Alibaba Mobile Security Team CVE-2015-5896 : Maxime Villard of m00nbsd CVE-2015-5903 : CESG Kernel Available for: Mac OS X v10.6.8 and later Impact: A local process can modify other processes without entitlement checks Description: An issue existed where root processes using the processor_set_tasks API were allowed to retrieve the task ports of other processes. This issue was addressed through additional entitlement checks. CVE-ID CVE-2015-5882 : Pedro Vilaca, working from original research by Ming-chieh Pan and Sung-ting Tsai; Jonathan Levin Kernel Available for: Mac OS X v10.6.8 and later Impact: A local attacker may control the value of stack cookies Description: Multiple weaknesses existed in the generation of user space stack cookies. These issues were addressed through improved generation of stack cookies. CVE-ID CVE-2013-3951 : Stefan Esser Kernel Available for: Mac OS X v10.6.8 and later Impact: An attacker may be able to launch denial of service attacks on targeted TCP connections without knowing the correct sequence number Description: An issue existed in xnu's validation of TCP packet headers. This issue was addressed through improved TCP packet header validation. CVE-ID CVE-2015-5879 : Jonathan Looney Kernel Available for: Mac OS X v10.6.8 and later Impact: An attacker in a local LAN segment may disable IPv6 routing Description: An insufficient validation issue existed in the handling of IPv6 router advertisements that allowed an attacker to set the hop limit to an arbitrary value. This issue was addressed by enforcing a minimum hop limit. CVE-ID CVE-2015-5869 : Dennis Spindel Ljungmark Kernel Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to determine kernel memory layout Description: An issue existed that led to the disclosure of kernel memory layout. This was addressed through improved initialization of kernel memory structures. CVE-ID CVE-2015-5842 : beist of grayhash Kernel Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to determine kernel memory layout Description: An issue existed in debugging interfaces that led to the disclosure of memory content. This issue was addressed by sanitizing output from debugging interfaces. CVE-ID CVE-2015-5870 : Apple Kernel Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to cause a system denial of service Description: A state management issue existed in debugging functionality. This issue was addressed through improved validation. CVE-ID CVE-2015-5902 : Sergi Alvarez (pancake) of NowSecure Research Team libc Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2014-8611 : Adrian Chadd and Alfred Perlstein of Norse Corporation libpthread Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5899 : Lufeng Li of Qihoo 360 Vulcan Team libxpc Available for: Mac OS X v10.6.8 and later Impact: Many SSH connections could cause a denial of service Description: launchd had no limit on the number of processes that could be started by a network connection. This issue was addressed by limiting the number of SSH processes to 40. CVE-ID CVE-2015-5881 : Apple Login Window Available for: Mac OS X v10.6.8 and later Impact: The screen lock may not engage after the specified time period Description: An issue existed with captured display locking. The issue was addressed through improved lock handling. CVE-ID CVE-2015-5833 : Carlos Moreira, Rainer Dorau of rainer dorau informationsdesign, Chris Nehren, Kai Takac, Hans Douma, Toni Vaahtera, and an anonymous researcher lukemftpd Available for: Mac OS X v10.6.8 and later Impact: A remote attacker may be able to deny service to the FTP server Description: A glob-processing issue existed in tnftpd. This issue was addressed through improved glob validation. CVE-ID CVE-2015-5917 : Maksymilian Arciemowicz of cxsecurity.com Mail Available for: Mac OS X v10.6.8 and later Impact: Printing an email may leak sensitive user information Description: An issue existed in Mail which bypassed user preferences when printing an email. This issue was addressed through improved user preference enforcement. CVE-ID CVE-2015-5881 : Owen DeLong of Akamai Technologies, Noritaka Kamiya, Dennis Klein from Eschenburg, Germany, Jeff Hammett of Systim Technology Partners Mail Available for: Mac OS X v10.6.8 and later Impact: An attacker in a privileged network position may be able to intercept attachments of S/MIME-encrypted e-mail sent via Mail Drop Description: An issue existed in handling encryption parameters for large email attachments sent via Mail Drop. The issue is addressed by no longer offering Mail Drop when sending an encrypted e-mail. CVE-ID CVE-2015-5884 : John McCombs of Integrated Mapping Ltd Multipeer Connectivity Available for: Mac OS X v10.6.8 and later Impact: A local attacker may be able to observe unprotected multipeer data Description: An issue existed in convenience initializer handling in which encryption could be actively downgraded to a non-encrypted session. This issue was addressed by changing the convenience initializer to require encryption. CVE-ID CVE-2015-5851 : Alban Diquet (@nabla_c0d3) of Data Theorem NetworkExtension Available for: Mac OS X v10.6.8 and later Impact: A malicious application may be able to determine kernel memory layout Description: An uninitialized memory issue in the kernel led to the disclosure of kernel memory content. This issue was addressed through improved memory initialization. CVE-ID CVE-2015-5831 : Maxime Villard of m00nbsd Notes Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to leak sensitive user information Description: An issue existed in parsing links in the Notes application. This issue was addressed through improved input validation. CVE-ID CVE-2015-5878 : Craig Young of Tripwire VERT, an anonymous researcher Notes Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to leak sensitive user information Description: A cross-site scripting issue existed in parsing text by the Notes application. This issue was addressed through improved input validation. CVE-ID CVE-2015-5875 : xisigr of Tencent's Xuanwu LAB (www.tencent.com) OpenSSH Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in OpenSSH Description: Multiple vulnerabilities existed in OpenSSH versions prior to 6.9. These issues were addressed by updating OpenSSH to version 6.9. CVE-ID CVE-2014-2532 OpenSSL Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in OpenSSL Description: Multiple vulnerabilities existed in OpenSSL versions prior to 0.9.8zg. These were addressed by updating OpenSSL to version 0.9.8zg. CVE-ID CVE-2015-0286 CVE-2015-0287 procmail Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in procmail Description: Multiple vulnerabilities existed in procmail versions prior to 3.22. These issues were addressed by removing procmail. CVE-ID CVE-2014-3618 remote_cmds Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with root privileges Description: An issue existed in the usage of environment variables by the rsh binary. This issue was addressed by dropping setuid privileges from the rsh binary. CVE-ID CVE-2015-5889 : Philip Pettersson removefile Available for: Mac OS X v10.6.8 and later Impact: Processing malicious data may lead to unexpected application termination Description: An overflow fault existed in the checkint division routines. This issue was addressed with improved division routines. CVE-ID CVE-2015-5840 : an anonymous researcher Ruby Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in Ruby Description: Multiple vulnerabilities existed in Ruby versions prior to 2.0.0p645. These were addressed by updating Ruby to version 2.0.0p645. CVE-ID CVE-2014-8080 CVE-2014-8090 CVE-2015-1855 Security Available for: Mac OS X v10.6.8 and later Impact: The lock state of the keychain may be incorrectly displayed to the user Description: A state management issue existed in the way keychain lock status was tracked. This issue was addressed through improved state management. CVE-ID CVE-2015-5915 : Peter Walz of University of Minnesota, David Ephron, Eric E. Lawrence, Apple Security Available for: Mac OS X v10.6.8 and later Impact: A trust evaluation configured to require revocation checking may succeed even if revocation checking fails Description: The kSecRevocationRequirePositiveResponse flag was specified but not implemented. This issue was addressed by implementing the flag. CVE-ID CVE-2015-5894 : Hannes Oud of kWallet GmbH Security Available for: Mac OS X v10.6.8 and later Impact: A remote server may prompt for a certificate before identifying itself Description: Secure Transport accepted the CertificateRequest message before the ServerKeyExchange message. This issue was addressed by requiring the ServerKeyExchange first. CVE-ID CVE-2015-5887 : Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Alfredo Pironti, and Jean Karim Zinzindohoue of INRIA Paris-Rocquencourt, and Cedric Fournet and Markulf Kohlweiss of Microsoft Research, Pierre-Yves Strub of IMDEA Software Institute SMB Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5891 : Ilja van Sprundel of IOActive SMB Available for: Mac OS X v10.6.8 and later Impact: A local user may be able to determine kernel memory layout Description: An issue existed in SMBClient that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5893 : Ilja van Sprundel of IOActive SQLite Available for: Mac OS X v10.6.8 and later Impact: Multiple vulnerabilities in SQLite v3.8.5 Description: Multiple vulnerabilities existed in SQLite v3.8.5. These issues were addressed by updating SQLite to version 3.8.10.2. CVE-ID CVE-2015-3414 CVE-2015-3415 CVE-2015-3416 Telephony Available for: Mac OS X v10.6.8 and later Impact: A local attacker can place phone calls without the user's knowledge when using Continuity Description: An issue existed in the authorization checks for placing phone calls. This issue was addressed through improved authorization checks. CVE-ID CVE-2015-3785 : Dan Bastone of Gotham Digital Science Terminal Available for: Mac OS X v10.6.8 and later Impact: Maliciously crafted text could mislead the user in Terminal Description: Terminal did not handle bidirectional override characters in the same way when displaying text and when selecting text. This issue was addressed by suppressing bidirectional override characters in Terminal. CVE-ID CVE-2015-5883 : an anonymous researcher tidy Available for: Mac OS X v10.6.8 and later Impact: Visiting a maliciously crafted website may lead to arbitrary code execution Description: Multiple memory corruption issues existed in tidy. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5522 : Fernando Munoz of NULLGroup.com CVE-2015-5523 : Fernando Munoz of NULLGroup.com Time Machine Available for: Mac OS X v10.6.8 and later Impact: A local attacker may gain access to keychain items Description: An issue existed in backups by the Time Machine framework. This issue was addressed through improved coverage of Time Machine backups. CVE-ID CVE-2015-5854 : Jonas Magazinius of Assured AB Note: OS X El Capitan 10.11 includes the security content of Safari 9: https://support.apple.com/kb/HT205265. OS X El Capitan 10.11 may be obtained from the Mac App Store: http://www.apple.com/support/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJWDB2wAAoJEBcWfLTuOo7t0sYP/2L3JOGPkHH8XUh2YHpu5qaw S5F2v+SRpWleKQBVsGZ7oA8PV0rBTzEkzt8K1tNxYmxEqL9f/TpRiGoforn89thO /hOtmVOfUcBjPZ4XKwMVzycfSMC9o6LxWTLEKDVylE+F+5jkXafOC9QaqD11dxX6 QhENkpS1BwrKhyaSVxEcgBQtZM9aTsVdZ78rTCb9XTn6gDnvs8NfIQquFOnaQT54 YJ36e5UcUsnyBIol+yGDbC3ZEhzSVIGE5/8/NFlFfRXLgnJArxD8lqz8WdfU9fop hpT/dDqqAdYbRcW1ihcG1haiNHgP9yQCY5jRNfttb+Tc/kIi/QmPkEO0QS8Ygt/O c3sUbNulr1LCinymFVwx16CM1DplGS/GmBL18BAEBnL6yi9tEhYDynZWLSEa37VR 8q802rXRSF10Wct9/kEeR4HgY/1k0KK/4Uddm3c0YyOU21ya7NAhoHGwmDa9g11r N1TniOK8tPiCGjRNOJwuF6DKxD9L3Fv44bVlxAarGUGYkICqzaNS+bgKI1aQNahT fJ91x5uKD4+L9v9c5slkoDIvWqIhO9oyuxgnmC5GstkwFplFXSOklLkTktjLGNn1 nJq8cPnZ/3E1RXTEwVhGljYw5pdZHNx98XmLomGrPqVlZfjGURK+5AXdf2pOlt2e g6jld/w5tPuCFhGucE7Z =XciV -----END PGP SIGNATURE----- . The original glibc bug was reported by Peter Klotz. CVE-2014-7817 Tim Waugh of Red Hat discovered that the WRDE_NOCMD option of the wordexp function did not suppress command execution in all cases. This allows a context-dependent attacker to execute shell commands. CVE-2012-6656 CVE-2014-6040 The charset conversion code for certain IBM multi-byte code pages could perform an out-of-bounds array access, causing the process to crash. In some scenarios, this allows a remote attacker to cause a persistent denial of service. For the upcoming stable distribution (jessie) and the unstable distribution (sid), the CVE-2015-0235 issue has been fixed in version 2.18-1 of the glibc package. We recommend that you upgrade your eglibc packages. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235 https://rhn.redhat.com/errata/RHSA-2015-0092.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: 678efef85b85206451ef8927bad808e0 mbs1/x86_64/glibc-2.14.1-12.11.mbs1.x86_64.rpm 46cd508f03e36c1e4f752c317852ec8e mbs1/x86_64/glibc-devel-2.14.1-12.11.mbs1.x86_64.rpm 069302c80e3b79504e2b0eaaa72c2745 mbs1/x86_64/glibc-doc-2.14.1-12.11.mbs1.noarch.rpm 3a841c0295823354655dd3e7734ada0b mbs1/x86_64/glibc-doc-pdf-2.14.1-12.11.mbs1.noarch.rpm 11a672a0b4bae77c7adfa803bea9871f mbs1/x86_64/glibc-i18ndata-2.14.1-12.11.mbs1.x86_64.rpm d3f113ccec4f18e4bb08c951625e51d7 mbs1/x86_64/glibc-profile-2.14.1-12.11.mbs1.x86_64.rpm f6d6aa5806dd747e66996ea8cc01c9b4 mbs1/x86_64/glibc-static-devel-2.14.1-12.11.mbs1.x86_64.rpm 98cc6eae0234eeed945712bbc8b2c0ea mbs1/x86_64/glibc-utils-2.14.1-12.11.mbs1.x86_64.rpm bf6f2fcc3dd21bd8380aac40e91bb802 mbs1/x86_64/nscd-2.14.1-12.11.mbs1.x86_64.rpm f597e4d6241c76701733d730e84f5714 mbs1/SRPMS/glibc-2.14.1-12.11.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: glibc security update Advisory ID: RHSA-2015:0092-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-0092.html Issue date: 2015-01-27 CVE Names: CVE-2015-0235 ===================================================================== 1. Summary: Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. (CVE-2015-0235) Red Hat would like to thank Qualys for reporting this issue. All glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1183461 - CVE-2015-0235 glibc: __nss_hostname_digits_dots() heap-based buffer overflow 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: glibc-2.12-1.149.el6_6.5.src.rpm i386: glibc-2.12-1.149.el6_6.5.i686.rpm glibc-common-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-devel-2.12-1.149.el6_6.5.i686.rpm glibc-headers-2.12-1.149.el6_6.5.i686.rpm glibc-utils-2.12-1.149.el6_6.5.i686.rpm nscd-2.12-1.149.el6_6.5.i686.rpm x86_64: glibc-2.12-1.149.el6_6.5.i686.rpm glibc-2.12-1.149.el6_6.5.x86_64.rpm glibc-common-2.12-1.149.el6_6.5.x86_64.rpm glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.5.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.x86_64.rpm glibc-devel-2.12-1.149.el6_6.5.i686.rpm glibc-devel-2.12-1.149.el6_6.5.x86_64.rpm glibc-headers-2.12-1.149.el6_6.5.x86_64.rpm glibc-utils-2.12-1.149.el6_6.5.x86_64.rpm nscd-2.12-1.149.el6_6.5.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-static-2.12-1.149.el6_6.5.i686.rpm x86_64: glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.5.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.x86_64.rpm glibc-static-2.12-1.149.el6_6.5.i686.rpm glibc-static-2.12-1.149.el6_6.5.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: glibc-2.12-1.149.el6_6.5.src.rpm x86_64: glibc-2.12-1.149.el6_6.5.i686.rpm glibc-2.12-1.149.el6_6.5.x86_64.rpm glibc-common-2.12-1.149.el6_6.5.x86_64.rpm glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.5.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.x86_64.rpm glibc-devel-2.12-1.149.el6_6.5.i686.rpm glibc-devel-2.12-1.149.el6_6.5.x86_64.rpm glibc-headers-2.12-1.149.el6_6.5.x86_64.rpm glibc-utils-2.12-1.149.el6_6.5.x86_64.rpm nscd-2.12-1.149.el6_6.5.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.5.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.x86_64.rpm glibc-static-2.12-1.149.el6_6.5.i686.rpm glibc-static-2.12-1.149.el6_6.5.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: glibc-2.12-1.149.el6_6.5.src.rpm i386: glibc-2.12-1.149.el6_6.5.i686.rpm glibc-common-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-devel-2.12-1.149.el6_6.5.i686.rpm glibc-headers-2.12-1.149.el6_6.5.i686.rpm glibc-utils-2.12-1.149.el6_6.5.i686.rpm nscd-2.12-1.149.el6_6.5.i686.rpm ppc64: glibc-2.12-1.149.el6_6.5.ppc.rpm glibc-2.12-1.149.el6_6.5.ppc64.rpm glibc-common-2.12-1.149.el6_6.5.ppc64.rpm glibc-debuginfo-2.12-1.149.el6_6.5.ppc.rpm glibc-debuginfo-2.12-1.149.el6_6.5.ppc64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.ppc.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.ppc64.rpm glibc-devel-2.12-1.149.el6_6.5.ppc.rpm glibc-devel-2.12-1.149.el6_6.5.ppc64.rpm glibc-headers-2.12-1.149.el6_6.5.ppc64.rpm glibc-utils-2.12-1.149.el6_6.5.ppc64.rpm nscd-2.12-1.149.el6_6.5.ppc64.rpm s390x: glibc-2.12-1.149.el6_6.5.s390.rpm glibc-2.12-1.149.el6_6.5.s390x.rpm glibc-common-2.12-1.149.el6_6.5.s390x.rpm glibc-debuginfo-2.12-1.149.el6_6.5.s390.rpm glibc-debuginfo-2.12-1.149.el6_6.5.s390x.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.s390.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.s390x.rpm glibc-devel-2.12-1.149.el6_6.5.s390.rpm glibc-devel-2.12-1.149.el6_6.5.s390x.rpm glibc-headers-2.12-1.149.el6_6.5.s390x.rpm glibc-utils-2.12-1.149.el6_6.5.s390x.rpm nscd-2.12-1.149.el6_6.5.s390x.rpm x86_64: glibc-2.12-1.149.el6_6.5.i686.rpm glibc-2.12-1.149.el6_6.5.x86_64.rpm glibc-common-2.12-1.149.el6_6.5.x86_64.rpm glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.5.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.x86_64.rpm glibc-devel-2.12-1.149.el6_6.5.i686.rpm glibc-devel-2.12-1.149.el6_6.5.x86_64.rpm glibc-headers-2.12-1.149.el6_6.5.x86_64.rpm glibc-utils-2.12-1.149.el6_6.5.x86_64.rpm nscd-2.12-1.149.el6_6.5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-static-2.12-1.149.el6_6.5.i686.rpm ppc64: glibc-debuginfo-2.12-1.149.el6_6.5.ppc.rpm glibc-debuginfo-2.12-1.149.el6_6.5.ppc64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.ppc.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.ppc64.rpm glibc-static-2.12-1.149.el6_6.5.ppc.rpm glibc-static-2.12-1.149.el6_6.5.ppc64.rpm s390x: glibc-debuginfo-2.12-1.149.el6_6.5.s390.rpm glibc-debuginfo-2.12-1.149.el6_6.5.s390x.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.s390.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.s390x.rpm glibc-static-2.12-1.149.el6_6.5.s390.rpm glibc-static-2.12-1.149.el6_6.5.s390x.rpm x86_64: glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.5.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.x86_64.rpm glibc-static-2.12-1.149.el6_6.5.i686.rpm glibc-static-2.12-1.149.el6_6.5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: glibc-2.12-1.149.el6_6.5.src.rpm i386: glibc-2.12-1.149.el6_6.5.i686.rpm glibc-common-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-devel-2.12-1.149.el6_6.5.i686.rpm glibc-headers-2.12-1.149.el6_6.5.i686.rpm glibc-utils-2.12-1.149.el6_6.5.i686.rpm nscd-2.12-1.149.el6_6.5.i686.rpm x86_64: glibc-2.12-1.149.el6_6.5.i686.rpm glibc-2.12-1.149.el6_6.5.x86_64.rpm glibc-common-2.12-1.149.el6_6.5.x86_64.rpm glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.5.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.x86_64.rpm glibc-devel-2.12-1.149.el6_6.5.i686.rpm glibc-devel-2.12-1.149.el6_6.5.x86_64.rpm glibc-headers-2.12-1.149.el6_6.5.x86_64.rpm glibc-utils-2.12-1.149.el6_6.5.x86_64.rpm nscd-2.12-1.149.el6_6.5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-static-2.12-1.149.el6_6.5.i686.rpm x86_64: glibc-debuginfo-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-2.12-1.149.el6_6.5.x86_64.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.i686.rpm glibc-debuginfo-common-2.12-1.149.el6_6.5.x86_64.rpm glibc-static-2.12-1.149.el6_6.5.i686.rpm glibc-static-2.12-1.149.el6_6.5.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: glibc-2.17-55.el7_0.5.src.rpm x86_64: glibc-2.17-55.el7_0.5.i686.rpm glibc-2.17-55.el7_0.5.x86_64.rpm glibc-common-2.17-55.el7_0.5.x86_64.rpm glibc-debuginfo-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-2.17-55.el7_0.5.x86_64.rpm glibc-debuginfo-common-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-common-2.17-55.el7_0.5.x86_64.rpm glibc-devel-2.17-55.el7_0.5.i686.rpm glibc-devel-2.17-55.el7_0.5.x86_64.rpm glibc-headers-2.17-55.el7_0.5.x86_64.rpm glibc-utils-2.17-55.el7_0.5.x86_64.rpm nscd-2.17-55.el7_0.5.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: glibc-debuginfo-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-2.17-55.el7_0.5.x86_64.rpm glibc-debuginfo-common-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-common-2.17-55.el7_0.5.x86_64.rpm glibc-static-2.17-55.el7_0.5.i686.rpm glibc-static-2.17-55.el7_0.5.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: glibc-2.17-55.el7_0.5.src.rpm x86_64: glibc-2.17-55.el7_0.5.i686.rpm glibc-2.17-55.el7_0.5.x86_64.rpm glibc-common-2.17-55.el7_0.5.x86_64.rpm glibc-debuginfo-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-2.17-55.el7_0.5.x86_64.rpm glibc-debuginfo-common-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-common-2.17-55.el7_0.5.x86_64.rpm glibc-devel-2.17-55.el7_0.5.i686.rpm glibc-devel-2.17-55.el7_0.5.x86_64.rpm glibc-headers-2.17-55.el7_0.5.x86_64.rpm glibc-utils-2.17-55.el7_0.5.x86_64.rpm nscd-2.17-55.el7_0.5.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: glibc-debuginfo-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-2.17-55.el7_0.5.x86_64.rpm glibc-debuginfo-common-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-common-2.17-55.el7_0.5.x86_64.rpm glibc-static-2.17-55.el7_0.5.i686.rpm glibc-static-2.17-55.el7_0.5.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: glibc-2.17-55.el7_0.5.src.rpm ppc64: glibc-2.17-55.el7_0.5.ppc.rpm glibc-2.17-55.el7_0.5.ppc64.rpm glibc-common-2.17-55.el7_0.5.ppc64.rpm glibc-debuginfo-2.17-55.el7_0.5.ppc.rpm glibc-debuginfo-2.17-55.el7_0.5.ppc64.rpm glibc-debuginfo-common-2.17-55.el7_0.5.ppc.rpm glibc-debuginfo-common-2.17-55.el7_0.5.ppc64.rpm glibc-devel-2.17-55.el7_0.5.ppc.rpm glibc-devel-2.17-55.el7_0.5.ppc64.rpm glibc-headers-2.17-55.el7_0.5.ppc64.rpm glibc-utils-2.17-55.el7_0.5.ppc64.rpm nscd-2.17-55.el7_0.5.ppc64.rpm s390x: glibc-2.17-55.el7_0.5.s390.rpm glibc-2.17-55.el7_0.5.s390x.rpm glibc-common-2.17-55.el7_0.5.s390x.rpm glibc-debuginfo-2.17-55.el7_0.5.s390.rpm glibc-debuginfo-2.17-55.el7_0.5.s390x.rpm glibc-debuginfo-common-2.17-55.el7_0.5.s390.rpm glibc-debuginfo-common-2.17-55.el7_0.5.s390x.rpm glibc-devel-2.17-55.el7_0.5.s390.rpm glibc-devel-2.17-55.el7_0.5.s390x.rpm glibc-headers-2.17-55.el7_0.5.s390x.rpm glibc-utils-2.17-55.el7_0.5.s390x.rpm nscd-2.17-55.el7_0.5.s390x.rpm x86_64: glibc-2.17-55.el7_0.5.i686.rpm glibc-2.17-55.el7_0.5.x86_64.rpm glibc-common-2.17-55.el7_0.5.x86_64.rpm glibc-debuginfo-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-2.17-55.el7_0.5.x86_64.rpm glibc-debuginfo-common-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-common-2.17-55.el7_0.5.x86_64.rpm glibc-devel-2.17-55.el7_0.5.i686.rpm glibc-devel-2.17-55.el7_0.5.x86_64.rpm glibc-headers-2.17-55.el7_0.5.x86_64.rpm glibc-utils-2.17-55.el7_0.5.x86_64.rpm nscd-2.17-55.el7_0.5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: glibc-debuginfo-2.17-55.el7_0.5.ppc.rpm glibc-debuginfo-2.17-55.el7_0.5.ppc64.rpm glibc-debuginfo-common-2.17-55.el7_0.5.ppc.rpm glibc-debuginfo-common-2.17-55.el7_0.5.ppc64.rpm glibc-static-2.17-55.el7_0.5.ppc.rpm glibc-static-2.17-55.el7_0.5.ppc64.rpm s390x: glibc-debuginfo-2.17-55.el7_0.5.s390.rpm glibc-debuginfo-2.17-55.el7_0.5.s390x.rpm glibc-debuginfo-common-2.17-55.el7_0.5.s390.rpm glibc-debuginfo-common-2.17-55.el7_0.5.s390x.rpm glibc-static-2.17-55.el7_0.5.s390.rpm glibc-static-2.17-55.el7_0.5.s390x.rpm x86_64: glibc-debuginfo-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-2.17-55.el7_0.5.x86_64.rpm glibc-debuginfo-common-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-common-2.17-55.el7_0.5.x86_64.rpm glibc-static-2.17-55.el7_0.5.i686.rpm glibc-static-2.17-55.el7_0.5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: glibc-2.17-55.el7_0.5.src.rpm x86_64: glibc-2.17-55.el7_0.5.i686.rpm glibc-2.17-55.el7_0.5.x86_64.rpm glibc-common-2.17-55.el7_0.5.x86_64.rpm glibc-debuginfo-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-2.17-55.el7_0.5.x86_64.rpm glibc-debuginfo-common-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-common-2.17-55.el7_0.5.x86_64.rpm glibc-devel-2.17-55.el7_0.5.i686.rpm glibc-devel-2.17-55.el7_0.5.x86_64.rpm glibc-headers-2.17-55.el7_0.5.x86_64.rpm glibc-utils-2.17-55.el7_0.5.x86_64.rpm nscd-2.17-55.el7_0.5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: glibc-debuginfo-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-2.17-55.el7_0.5.x86_64.rpm glibc-debuginfo-common-2.17-55.el7_0.5.i686.rpm glibc-debuginfo-common-2.17-55.el7_0.5.x86_64.rpm glibc-static-2.17-55.el7_0.5.i686.rpm glibc-static-2.17-55.el7_0.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-0235 https://access.redhat.com/security/updates/classification/#critical 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUx9bmXlSAg2UNWIIRAjP4AJ9/EPFLyhSuapG8Lie71zPk6VaF8wCfVAw2 VIBda0hF+i0zAuST73ezXzI= =w5UI -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Background ========== The GNU C library is the standard C library used by Gentoo Linux systems. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-libs/glibc < 2.19-r1 >= 2.19-r1 Description =========== Multiple vulnerabilities have been discovered in the GNU C Library. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All glibc users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.19-r1" References ========== [ 1 ] CVE-2012-3404 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3404 [ 2 ] CVE-2012-3405 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3405 [ 3 ] CVE-2012-3406 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3406 [ 4 ] CVE-2012-3480 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3480 [ 5 ] CVE-2012-4412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4412 [ 6 ] CVE-2012-4424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4424 [ 7 ] CVE-2012-6656 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6656 [ 8 ] CVE-2013-0242 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0242 [ 9 ] CVE-2013-1914 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1914 [ 10 ] CVE-2013-2207 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2207 [ 11 ] CVE-2013-4237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4237 [ 12 ] CVE-2013-4332 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4332 [ 13 ] CVE-2013-4458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4458 [ 14 ] CVE-2013-4788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4788 [ 15 ] CVE-2014-4043 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4043 [ 16 ] CVE-2015-0235 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0235 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201503-04.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/glibc-2.17-i486-10_slack14.1.txz: Rebuilt. This flaw could allow local or remote attackers to take control of a machine running a vulnerable version of glibc. Thanks to Qualys for discovering this issue (also known as the GHOST vulnerability.) For more information, see: https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235 (* Security fix *) patches/packages/glibc-i18n-2.17-i486-10_slack14.1.txz: Rebuilt. patches/packages/glibc-profile-2.17-i486-10_slack14.1.txz: Rebuilt. patches/packages/glibc-solibs-2.17-i486-10_slack14.1.txz: Rebuilt. patches/packages/glibc-zoneinfo-2014j-noarch-1.txz: Upgraded. Upgraded to tzcode2014j and tzdata2014j. +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-2.9-i486-7_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-i18n-2.9-i486-7_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-profile-2.9-i486-7_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-solibs-2.9-i486-7_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/glibc-zoneinfo-2014j-noarch-1.txz Updated packages for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-2.9-x86_64-7_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-i18n-2.9-x86_64-7_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-profile-2.9-x86_64-7_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-solibs-2.9-x86_64-7_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/glibc-zoneinfo-2014j-noarch-1.txz Updated packages for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-2.11.1-i486-9_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-i18n-2.11.1-i486-9_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-profile-2.11.1-i486-9_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-solibs-2.11.1-i486-9_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/glibc-zoneinfo-2014j-noarch-1.txz Updated packages for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-2.11.1-x86_64-9_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-i18n-2.11.1-x86_64-9_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-profile-2.11.1-x86_64-9_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-solibs-2.11.1-x86_64-9_slack13.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/glibc-zoneinfo-2014j-noarch-1.txz Updated packages for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-2.13-i486-8_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-i18n-2.13-i486-8_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-profile-2.13-i486-8_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-solibs-2.13-i486-8_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/glibc-zoneinfo-2014j-noarch-1.txz Updated packages for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-2.13-x86_64-8_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-i18n-2.13-x86_64-8_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-profile-2.13-x86_64-8_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-solibs-2.13-x86_64-8_slack13.37.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/glibc-zoneinfo-2014j-noarch-1.txz Updated packages for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/glibc-2.15-i486-9_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/glibc-i18n-2.15-i486-9_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/glibc-profile-2.15-i486-9_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/glibc-solibs-2.15-i486-9_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/glibc-zoneinfo-2014j-noarch-1.txz Updated packages for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/glibc-2.15-x86_64-9_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/glibc-i18n-2.15-x86_64-9_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/glibc-profile-2.15-x86_64-9_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/glibc-solibs-2.15-x86_64-9_slack14.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/glibc-zoneinfo-2014j-noarch-1.txz Updated packages for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-2.17-i486-10_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-i18n-2.17-i486-10_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-profile-2.17-i486-10_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-solibs-2.17-i486-10_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/glibc-zoneinfo-2014j-noarch-1.txz Updated packages for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-2.17-x86_64-10_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-i18n-2.17-x86_64-10_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-profile-2.17-x86_64-10_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-solibs-2.17-x86_64-10_slack14.1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/glibc-zoneinfo-2014j-noarch-1.txz Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-solibs-2.20-i486-2.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/glibc-zoneinfo-2014j-noarch-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-2.20-i486-2.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-i18n-2.20-i486-2.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/glibc-profile-2.20-i486-2.txz Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-solibs-2.20-x86_64-2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/glibc-zoneinfo-2014j-noarch-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-2.20-x86_64-2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-i18n-2.20-x86_64-2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/glibc-profile-2.20-x86_64-2.txz MD5 signatures: +-------------+ Slackware 13.0 packages: 41402c65ebdef4b022c799131556ef7e glibc-2.9-i486-7_slack13.0.txz 7095e3cd743af0179ea14b9bff81e3f4 glibc-i18n-2.9-i486-7_slack13.0.txz 901d50b809ed84837ff45b2ca7838bb3 glibc-profile-2.9-i486-7_slack13.0.txz 421a711b7cf1be2df2421ae5cd50b217 glibc-solibs-2.9-i486-7_slack13.0.txz 61278ba5a904a7474e9b0b64b0daab97 glibc-zoneinfo-2014j-noarch-1.txz Slackware x86_64 13.0 packages: d4266628a8db63751f3f55b8bc2e2162 glibc-2.9-x86_64-7_slack13.0.txz b6161a0e23da771c5c6903605e49e403 glibc-i18n-2.9-x86_64-7_slack13.0.txz b8026d61e3849cce26539def0b665ca3 glibc-profile-2.9-x86_64-7_slack13.0.txz 1f7f4cf57d44d75d4ef2786152f33403 glibc-solibs-2.9-x86_64-7_slack13.0.txz 61278ba5a904a7474e9b0b64b0daab97 glibc-zoneinfo-2014j-noarch-1.txz Slackware 13.1 packages: 03e0d0224efe8bc794b5be0454612a1e glibc-2.11.1-i486-9_slack13.1.txz fabbdd8d7f14667c7a2dc7ede87b5510 glibc-i18n-2.11.1-i486-9_slack13.1.txz 1c1d86a9dabe329c3d30796188b66ebe glibc-profile-2.11.1-i486-9_slack13.1.txz e2ebe08bb02550c69202a6f973ef7e47 glibc-solibs-2.11.1-i486-9_slack13.1.txz 61278ba5a904a7474e9b0b64b0daab97 glibc-zoneinfo-2014j-noarch-1.txz Slackware x86_64 13.1 packages: c00de492a4842e3a86101028e8cc03f0 glibc-2.11.1-x86_64-9_slack13.1.txz 9657c55f39b233333e48d08acee9ed78 glibc-i18n-2.11.1-x86_64-9_slack13.1.txz ada2d7f7b7ffdfd7a4407696ad714e48 glibc-profile-2.11.1-x86_64-9_slack13.1.txz b3c393e74aafbb5276cea1217dfcd1aa glibc-solibs-2.11.1-x86_64-9_slack13.1.txz 61278ba5a904a7474e9b0b64b0daab97 glibc-zoneinfo-2014j-noarch-1.txz Slackware 13.37 packages: 16615e6ef8311b928e3a05e0b7f3e505 glibc-2.13-i486-8_slack13.37.txz 319dfc0cbdaf8410981195fffb1371c6 glibc-i18n-2.13-i486-8_slack13.37.txz 6964339495ab981d17ba27cd5878a400 glibc-profile-2.13-i486-8_slack13.37.txz 1834abd11fab02725e897040bbead56f glibc-solibs-2.13-i486-8_slack13.37.txz 61278ba5a904a7474e9b0b64b0daab97 glibc-zoneinfo-2014j-noarch-1.txz Slackware x86_64 13.37 packages: 1753003d261831ac235445e23a9f9870 glibc-2.13-x86_64-8_slack13.37.txz 8aa103984bb2cb293072a022dd9144f2 glibc-i18n-2.13-x86_64-8_slack13.37.txz a56e90a34eec8f60e265c45d05490a57 glibc-profile-2.13-x86_64-8_slack13.37.txz c6f684ea049e4091b96d15606eb454d1 glibc-solibs-2.13-x86_64-8_slack13.37.txz 61278ba5a904a7474e9b0b64b0daab97 glibc-zoneinfo-2014j-noarch-1.txz Slackware 14.0 packages: a2fadb666bfdf5c7c4c9792cbf34785d glibc-2.15-i486-9_slack14.0.txz 3b3626f4a170a603af36ca60c7840fa6 glibc-i18n-2.15-i486-9_slack14.0.txz ad237d138bb874e57c4080071d27e798 glibc-profile-2.15-i486-9_slack14.0.txz f07d37e52014cec80e43d883eda516ae glibc-solibs-2.15-i486-9_slack14.0.txz 61278ba5a904a7474e9b0b64b0daab97 glibc-zoneinfo-2014j-noarch-1.txz Slackware x86_64 14.0 packages: a5d02d71a230b6daa39d2ebefd8a6548 glibc-2.15-x86_64-9_slack14.0.txz 62c30b615e38ba63cafb8053383eabde glibc-i18n-2.15-x86_64-9_slack14.0.txz 152d094ab6bc4c7f763dd4ad1a53784c glibc-profile-2.15-x86_64-9_slack14.0.txz b256163bb179d1aebfda5f45270a0580 glibc-solibs-2.15-x86_64-9_slack14.0.txz 61278ba5a904a7474e9b0b64b0daab97 glibc-zoneinfo-2014j-noarch-1.txz Slackware 14.1 packages: 8f2fb91bb39d8a1db3bd6510295e6b1e glibc-2.17-i486-10_slack14.1.txz 8d179820a827a4dce028b57d3fa39237 glibc-i18n-2.17-i486-10_slack14.1.txz 19a4824c6ff8792a1166a38ceff824e0 glibc-profile-2.17-i486-10_slack14.1.txz 417dede2ae464059002b6fcc2048f942 glibc-solibs-2.17-i486-10_slack14.1.txz 61278ba5a904a7474e9b0b64b0daab97 glibc-zoneinfo-2014j-noarch-1.txz Slackware x86_64 14.1 packages: 490ce11a13439e30ff312769cc4fabb1 glibc-2.17-x86_64-10_slack14.1.txz cd145e0d6a12b15d5282d7d1b3de92ed glibc-i18n-2.17-x86_64-10_slack14.1.txz 93aea777dd41dc1c631dce1cf252bf14 glibc-profile-2.17-x86_64-10_slack14.1.txz 6b759039a5b3f8c88b3753e722ded78e glibc-solibs-2.17-x86_64-10_slack14.1.txz 61278ba5a904a7474e9b0b64b0daab97 glibc-zoneinfo-2014j-noarch-1.txz Slackware -current packages: 395d4ad5fb71c4a56a500c3e51d07c8b a/glibc-solibs-2.20-i486-2.txz 61278ba5a904a7474e9b0b64b0daab97 a/glibc-zoneinfo-2014j-noarch-1.txz 3ca2827446e66d0d2d0e0bc8c55ba1ed l/glibc-2.20-i486-2.txz 94105b1a10c42ce0995f8ace6b4f06a8 l/glibc-i18n-2.20-i486-2.txz fcc2ad4f5aad3a7d704d708a170c5351 l/glibc-profile-2.20-i486-2.txz Slackware x86_64 -current packages: 25129dd9dfed8a8e834c87ba40c1ef17 a/glibc-solibs-2.20-x86_64-2.txz 61278ba5a904a7474e9b0b64b0daab97 a/glibc-zoneinfo-2014j-noarch-1.txz b8ff5e308769d8e4eddccd9940058d5c l/glibc-2.20-x86_64-2.txz 8c3db9286aa93346d25ffad38178137b l/glibc-i18n-2.20-x86_64-2.txz 21f2a62d975b433f570cd5129cdc21fb l/glibc-profile-2.20-x86_64-2.txz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg glibc-* +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. SEC Consult Vulnerability Lab Security Advisory < 20210901-0 > ======================================================================= title: Multiple vulnerabilities product: see "Vulnerable / tested versions" vulnerable version: see "Vulnerable / tested versions" fixed version: see "Solution" CVE number: CVE-2021-39278, CVE-2021-39279 impact: High homepage: https://www.moxa.com/ found: 2020-08-31 by: T. Weber (Office Vienna) SEC Consult Vulnerability Lab An integrated part of SEC Consult, an Atos company Europe | Asia | North America https://www.sec-consult.com ======================================================================= Vendor description: ------------------- "Together, We Create Change Moxa is committed to making a positive impact around the world. We put our all behind this commitment--from our employees, to our products and supply chain. In our local communities, we nurture and support the spirit of volunteering. We encourage our employees to contribute to community development, with an emphasis on ecology, education, and health. In our products, we invest in social awareness programs and environment-friendly policies at every stage of the product lifecycle. We make sure our manufacturing meets the highest standards with regards to quality, ethics, and sustainability." Source: https://www.moxa.com/en/about-us/corporate-responsibility Business recommendation: ------------------------ SEC Consult recommends to immediately apply the available patches from the vendor. A thorough security review should be performed by security professionals to identify further potential security issues. Vulnerability overview/description: ----------------------------------- 1) Authenticated Command Injection (CVE-2021-39279) An authenticated command injection vulnerability can be triggered by issuing a GET request to the "/forms/web_importTFTP" CGI program which is available on the web interface. An attacker can abuse this vulnerability to compromise the operating system of the device. This issue was found by emulating the firmware of the device. 2) Reflected Cross-Site Scripting via Manipulated Config-File (CVE-2021-39278) Via a crafted config-file, a reflected cross-site scripting vulnerability can be exploited in the context of the victim's browser. This config-file can be uploaded to the device via the "Config Import Export" tab in the main menu. 3) Known GNU glibc Vulnerabilities (CVE-2015-0235) The used GNU glibc in version 2.9 is outdated and contains multiple known vulnerabilities. One of the discovered vulnerabilities (CVE-2015-0235, gethostbyname "GHOST" buffer overflow) was verified by using the MEDUSA scalable firmware runtime. 4) Multiple Outdated Software Components Multiple outdated software components containing vulnerabilities were found by the IoT Inspector. The vulnerabilities 1), 2) and 3) were manually verified on an emulated device by using the MEDUSA scalable firmware runtime. Proof of concept: ----------------- 1) Authenticated Command Injection (CVE-2021-39279) The vulnerability can be triggered by navigating in the web interface to the tab: "Main Menu"->"Maintenance"->"Config Import Export" The "TFTP Import" menu is prone to command injection via all parameters. To exploit the vulnerability, an IP address, a configuration path and a filename must be set. If the filename is used to trigger the exploit, the payload in the interceptor proxy would be: http://192.168.1.1/forms/web_importTFTP?servIP=192.168.1.1&configPath=/&fileName=name|`ping localhost -c 100` 2) Reflected Cross-Site Scripting via Manipulated Config-File (CVE-2021-39278) The vulnerability can be triggered by navigating in the web interface to the tab: "Main Menu"->"Maintenance"->"Config Import Export" The "Config Import" menu is prone to reflected cross-site scripting via the upload of config files. Example of malicious config file: ------------------------------------------------------------------------------- [board] deviceName="WAC-2004_0000</span><script>alert(document.cookie)</script>" deviceLocation="" [..] ------------------------------------------------------------------------------- Uploading such a crafted file triggers cross-site scripting as the erroneous value is displayed without filtering characters. 3) Known GNU glibc Vulnerabilities (CVE-2015-0235) GNU glibc version 2.9 contains multiple CVEs like: CVE-2016-1234, CVE-2015-7547, CVE-2013-7423, CVE-2013-1914, and more. The gethostbyname buffer overflow vulnerability (GHOST) was checked with the help of the exploit code from https://seclists.org/oss-sec/2015/q1/274. It was compiled and executed on the emulated device to test the system. 4) Multiple Outdated Software Components The IoT Inspector recognized multiple outdated software components with known vulnerabilities: BusyBox 1.18.5 06/2011 Dropbear SSH 2011.54 11/2011 GNU glibc 2.9 02/2009 Linux Kernel 2.6.27 10/2008 OpenSSL 0.9.7g 04/2005 Only found in the program "iw_director" OpenSSL 1.0.0 03/2010 Vulnerable / tested versions: ----------------------------- The following firmware versions for various devices have been identified to be vulnerable: * WAC-2004 / 1.7 * WAC-1001 / 2.1 * WAC-1001-T / 2.1 * OnCell G3470A-LTE-EU / 1.7 * OnCell G3470A-LTE-EU-T / 1.7 * TAP-323-EU-CT-T / 1.3 * TAP-323-US-CT-T / 1.3 * TAP-323-JP-CT-T / 1.3 * WDR-3124A-EU / 2.3 * WDR-3124A-EU-T / 2.3 * WDR-3124A-US / 2.3 * WDR-3124A-US-T / 2.3 Vendor contact timeline: ------------------------ 2020-10-09: Contacting vendor through moxa.csrt@moxa.com. 2020-10-12: Contact sends PGP key for encrypted communication and asks for the detailed advisory. Sent encrypted advisory to vendor. 2020-11-06: Status update from vendor regarding technical analysis. Vendor requested more time for fixing the vulnerabilities as more products are affected. 2020-11-09: Granted more time for fixing to vendor. 2020-11-10: Vendor asked for next steps regarding the advisory publication. 2020-11-11: Asked vendor for an estimation when a public disclosure is possible. 2020-11-16: Vendor responded that the product team can give a rough feedback. 2020-11-25: Asked for a status update. 2020-11-25: Vendor responded that the investigation is not done yet. 2020-12-14: Vendor provided a list of potential affected devices and stated that full investigation may take until January 2021 due to the list of CVEs that were provided with the appended IoT Inspector report. The patches may be available until June 2021. 2020-12-15: Shifted next status update round with vendor on May 2021. 2020-12-23: Vendor provided full list of affected devices. 2021-02-05: Vendor sieved out the found issues from 4) manually and provided a full list of confirmed vulnerabilities. WAC-2004 phased-out in 2019. 2021-02-21: Confirmed receive of vulnerabilities, next status update in May 2021. 2021-06-10: Asking for an update. 2021-06-15: Vendor stated, that the update will be provided in the next days. 2021-06-21: Vendor will give an update in the next week as Covid gets worse in Taiwan. 2021-06-23: Vendor stated, that patches are under development. Vendor needs more time to finish the patches. 2021-06-24: Set release date to 2021-09-01. 2021-07-02: Vendor provides status updates. 2021-08-16: Vendor provides status updates. 2021-08-17: Vendor asks for CVE IDs and stated, that WDR-3124A has phased-out. 2021-08-20: Sent assigned CVE-IDs to vendor. Asked for fixed version numbers. 2021-08-31: Vendor provides fixed firmware version numbers and the advisory links. 2021-09-01: Coordinated release of security advisory. Solution: --------- According to the vendor the following patches must be applied to fix issues: * WAC-1001 / 2.1.5 * WAC-1001-T / 2.1.5 * OnCell G3470A-LTE-EU / 1.7.4 * OnCell G3470A-LTE-EU-T / 1.7.4 * TAP-323-EU-CT-T / 1.8.1 * TAP-323-US-CT-T / 1.8.1 * TAP-323-JP-CT-T / 1.8.1 The Moxa Technical Support must be contacted for requesting the security patches. The corresponding security advisories for the affected devices are available on the vendor's website: TAP-323/WAC-1001/WAC-2004 https://www.moxa.com/en/support/product-support/security-advisory/tap-323-wac-1001-2004-wireless-ap-bridge-client-vulnerabilities OnCell G3470A-LTE/WDR-3124A https://www.moxa.com/en/support/product-support/security-advisory/oncell-g3470a-wdr-3124a-cellular-gateways-router-vulnerabilities The following device models are EOL and should be replaced: * WAC-2004 * WDR-3124A-EU * WDR-3124A-EU-T * WDR-3124A-US * WDR-3124A-US-T Workaround: ----------- None. Advisory URL: ------------- https://sec-consult.com/vulnerability-lab/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SEC Consult Vulnerability Lab SEC Consult, an Atos company Europe | Asia | North America About SEC Consult Vulnerability Lab The SEC Consult Vulnerability Lab is an integrated part of SEC Consult, an Atos company. It ensures the continued knowledge gain of SEC Consult in the field of network and application security to stay ahead of the attacker. The SEC Consult Vulnerability Lab supports high-quality penetration testing and the evaluation of new offensive and defensive technologies for our customers. Hence our customers obtain the most current information about vulnerabilities and valid recommendation about the risk profile of new technologies. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Interested to work with the experts of SEC Consult? Send us your application https://sec-consult.com/career/ Interested in improving your cyber security with the experts of SEC Consult? Contact our local offices https://sec-consult.com/contact/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Mail: research at sec-consult dot com Web: https://www.sec-consult.com Blog: http://blog.sec-consult.com Twitter: https://twitter.com/sec_consult EOF Thomas Weber / @2021

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

buffer error

CONFIGURATIONS

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Qualys

SOURCES

LAST UPDATE DATE

2024-09-17T19:25:12.010000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE