VARIoT IoT vulnerabilities database
| VAR-201209-0244 | CVE-2012-3004 | plural RealFlex Vulnerability gained in products |
CVSS V2: 6.9 CVSS V3: - Severity: MEDIUM |
Multiple untrusted search path vulnerabilities in RealFlex RealWin before 2.1.13, FlexView before 3.1.86, and RealWinDemo before 2.1.13 allow local users to gain privileges via a Trojan horse (1) realwin.dll or (2) keyhook.dll file in the current working directory. plural RealFlex There is a vulnerability in the product that can be obtained because the processing related to the search path is incomplete. Supplementary information : CWE Vulnerability type by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified. (1) realwin.dll Or (2) keyhook.dll It may be possible to get permission through the file. RealWin is a data acquisition and monitoring control system (SCADA) server product running on the Windows platform. FlexView is a human interface product for Eston Automation. Multiple RealFlex products are not installed in the library file, and an attacker can build a malicious DLL file, store it in a remote WebDAV or SMB share, entice the application to parse, and execute arbitrary code in the application context. Multiple RealFlex products are prone to an insecure library loading vulnerability
| VAR-201209-0512 | CVE-2012-0254 | Honeywell HMIWeb Browser ActiveX Control Buffer Overflow Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Stack-based buffer overflow in the HMIWeb Browser HSCDSPRenderDLL ActiveX control in Honeywell Process Solutions (HPS) Experion R2xx, R30x, R31x, and R400.x; Honeywell Building Solutions (HBS) Enterprise Building Manager R400 and R410.1; and Honeywell Environmental Combustion and Controls (ECC) SymmetrE R410.1 allows remote attackers to execute arbitrary code via unspecified vectors. HMIWeb uses Honeywell's new generation of operator interface technology, with HTML (Hypertext Markup Language) as the basic file format for displaying images, and provides access to Experion PKS process screens using Microsoft's IE browser. Allows an attacker to build a malicious web page, convincing the user to parse, and execute arbitrary code in the context of the application.
An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Honeywell HMIWeb Browser ActiveX Control Buffer Overflow
Vulnerability
SECUNIA ADVISORY ID:
SA50572
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50572/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50572
RELEASE DATE:
2012-09-10
DISCUSS ADVISORY:
http://secunia.com/advisories/50572/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50572/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50572
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Honeywell HMIWeb Browser ActiveX
Control, which can be exploited by malicious people to compromise a
user's system.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in the following products:
* Honeywell Process Solutions (HPS) Experion Releases R400.x, R31x,
R30x, and R2xx.
* Honeywell Building Solutions (HBS) Enterprise Building Manager
Releases.
* Honeywell Environmental Combustion and Control (ECC) SymmetrE R400,
R410.1, and R410.1 releases.
SOLUTION:
Apply fixes. Contact the vendor for further information.
PROVIDED AND/OR DISCOVERED BY:
ICS-CERT credits an anonymous person via ZDI.
ORIGINAL ADVISORY:
ICS-CERT:
http://www.us-cert.gov/control_systems/pdf/ICSA-12-150-01.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201209-0439 | CVE-2012-4867 |
vtiger CRM Path traversal vulnerability
Related entries in the VARIoT exploits database: VAR-E-201204-0615 |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Directory traversal vulnerability in modules/com_vtiger_workflow/sortfieldsjson.php in vtiger CRM 5.1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the module_name parameter. vtiger CRM of modules/com_vtiger_workflow/sortfieldsjson.php Contains a directory traversal vulnerability.By a third party .. Vtiger CRM is a Web-based Sales Capability Automation (SFA)-based Customer Relationship Management System (CRM). The management system provides functions such as management, collection, and analysis of customer information
| VAR-201209-0451 | CVE-2012-4879 | Linux Run on the console WAGO I/O System 758 model Industrial PC Vulnerability to obtain login privileges on devices |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
The Linux Console on the WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 Industrial PC (IPC) devices has a default password of wago for the (1) root and (2) admin accounts, (3) a default password of user for the user account, and (4) a default password of guest for the guest account, which makes it easier for remote attackers to obtain login access via a TELNET session, a different vulnerability than CVE-2012-3013. WAGO IPC is a compact industrial PC suitable for control applications. Wago I%2Fo System 758 Industrial Pc Device is prone to a remote security vulnerability
| VAR-201209-0219 | CVE-2012-3012 | Arbiter Systems Power Sentinel 1133A Service disruption in device firmware (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
The Arbiter Power Sentinel 1133A device with firmware before 11Jun2012 Rev 421 allows remote attackers to cause a denial of service (Ethernet outage) via unspecified Ethernet traffic that fills a buffer, as demonstrated by a port scan. Arbiter Power Sentinel is a power industry test and measurement device. The firmware has a vulnerability in the Arbiter Power Sentinel 1133A device prior to 11Jun2012 Rev 421.
Successful exploits will cause denial-of-service conditions in the affected device. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Power Sentinel Traffic Handling Denial of Service Vulnerability
SECUNIA ADVISORY ID:
SA50533
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50533/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50533
RELEASE DATE:
2012-09-06
DISCUSS ADVISORY:
http://secunia.com/advisories/50533/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50533/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50533
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Power Sentinel, which can be
exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error when handling traffic
sent to the ethernet port and can be exploited to cause the device to
stop responding.
SOLUTION:
Update to firmware version 11June2012 Rev 421.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
Power Sentinel:
http://www.arbiter.com/news/index.php?id=261
ICS-CERT:
http://www.us-cert.gov/control_systems/pdf/ICSA-12-249-01.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201312-0022 | CVE-2012-6151 | Net-SNMP Denial of service in Japan (DoS) Vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout. Net-SNMP is prone to a remote denial-of-service vulnerability.
Net-SNMP 5.7.1 is vulnerable; other versions may also be affected. The software is used to monitor network equipment, computer equipment, UPS equipment, etc. There is a denial of service vulnerability in Net-SNMP 5.7.1 and earlier versions. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: net-snmp security update
Advisory ID: RHSA-2014:0322-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0322.html
Issue date: 2014-03-24
CVE Names: CVE-2012-6151 CVE-2014-2285
=====================================================================
1. Summary:
Updated net-snmp packages that fix two security issues are now available
for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
3. Description:
The net-snmp packages provide various libraries and tools for the Simple
Network Management Protocol (SNMP), including an SNMP library, an
extensible agent, tools for requesting or setting information from SNMP
agents, tools for generating and handling SNMP traps, a version of the
netstat command which uses SNMP, and a Tk/Perl Management Information Base
(MIB) browser.
A denial of service flaw was found in the way snmpd, the Net-SNMP daemon,
handled subagent timeouts.
(CVE-2012-6151)
A denial of service flaw was found in the way the snmptrapd service, which
receives and logs SNMP trap messages, handled SNMP trap requests with an
empty community string when the Perl handler (provided by the net-snmp-perl
package) was enabled. A remote attacker could use this flaw to crash
snmptrapd by sending a trap request with an empty community string.
(CVE-2014-2285)
All net-snmp users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. After installing this
update, the snmpd and snmptrapd services will be restarted automatically.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1038007 - CVE-2012-6151 net-snmp: snmpd crashes/hangs when AgentX subagent times-out
1072778 - CVE-2014-2285 net-snmp: snmptrapd crash when using a trap with empty community string
6. Package List:
Red Hat Enterprise Linux Desktop (v. 5 client):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/net-snmp-5.3.2.2-22.el5_10.1.src.rpm
i386:
net-snmp-5.3.2.2-22.el5_10.1.i386.rpm
net-snmp-debuginfo-5.3.2.2-22.el5_10.1.i386.rpm
net-snmp-libs-5.3.2.2-22.el5_10.1.i386.rpm
net-snmp-perl-5.3.2.2-22.el5_10.1.i386.rpm
net-snmp-utils-5.3.2.2-22.el5_10.1.i386.rpm
x86_64:
net-snmp-5.3.2.2-22.el5_10.1.x86_64.rpm
net-snmp-debuginfo-5.3.2.2-22.el5_10.1.i386.rpm
net-snmp-debuginfo-5.3.2.2-22.el5_10.1.x86_64.rpm
net-snmp-libs-5.3.2.2-22.el5_10.1.i386.rpm
net-snmp-libs-5.3.2.2-22.el5_10.1.x86_64.rpm
net-snmp-perl-5.3.2.2-22.el5_10.1.x86_64.rpm
net-snmp-utils-5.3.2.2-22.el5_10.1.x86_64.rpm
RHEL Desktop Workstation (v. 5 client):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/net-snmp-5.3.2.2-22.el5_10.1.src.rpm
i386:
net-snmp-debuginfo-5.3.2.2-22.el5_10.1.i386.rpm
net-snmp-devel-5.3.2.2-22.el5_10.1.i386.rpm
x86_64:
net-snmp-debuginfo-5.3.2.2-22.el5_10.1.i386.rpm
net-snmp-debuginfo-5.3.2.2-22.el5_10.1.x86_64.rpm
net-snmp-devel-5.3.2.2-22.el5_10.1.i386.rpm
net-snmp-devel-5.3.2.2-22.el5_10.1.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/net-snmp-5.3.2.2-22.el5_10.1.src.rpm
i386:
net-snmp-5.3.2.2-22.el5_10.1.i386.rpm
net-snmp-debuginfo-5.3.2.2-22.el5_10.1.i386.rpm
net-snmp-devel-5.3.2.2-22.el5_10.1.i386.rpm
net-snmp-libs-5.3.2.2-22.el5_10.1.i386.rpm
net-snmp-perl-5.3.2.2-22.el5_10.1.i386.rpm
net-snmp-utils-5.3.2.2-22.el5_10.1.i386.rpm
ia64:
net-snmp-5.3.2.2-22.el5_10.1.ia64.rpm
net-snmp-debuginfo-5.3.2.2-22.el5_10.1.ia64.rpm
net-snmp-devel-5.3.2.2-22.el5_10.1.ia64.rpm
net-snmp-libs-5.3.2.2-22.el5_10.1.ia64.rpm
net-snmp-perl-5.3.2.2-22.el5_10.1.ia64.rpm
net-snmp-utils-5.3.2.2-22.el5_10.1.ia64.rpm
ppc:
net-snmp-5.3.2.2-22.el5_10.1.ppc.rpm
net-snmp-debuginfo-5.3.2.2-22.el5_10.1.ppc.rpm
net-snmp-debuginfo-5.3.2.2-22.el5_10.1.ppc64.rpm
net-snmp-devel-5.3.2.2-22.el5_10.1.ppc.rpm
net-snmp-devel-5.3.2.2-22.el5_10.1.ppc64.rpm
net-snmp-libs-5.3.2.2-22.el5_10.1.ppc.rpm
net-snmp-libs-5.3.2.2-22.el5_10.1.ppc64.rpm
net-snmp-perl-5.3.2.2-22.el5_10.1.ppc.rpm
net-snmp-utils-5.3.2.2-22.el5_10.1.ppc.rpm
s390x:
net-snmp-5.3.2.2-22.el5_10.1.s390x.rpm
net-snmp-debuginfo-5.3.2.2-22.el5_10.1.s390.rpm
net-snmp-debuginfo-5.3.2.2-22.el5_10.1.s390x.rpm
net-snmp-devel-5.3.2.2-22.el5_10.1.s390.rpm
net-snmp-devel-5.3.2.2-22.el5_10.1.s390x.rpm
net-snmp-libs-5.3.2.2-22.el5_10.1.s390.rpm
net-snmp-libs-5.3.2.2-22.el5_10.1.s390x.rpm
net-snmp-perl-5.3.2.2-22.el5_10.1.s390x.rpm
net-snmp-utils-5.3.2.2-22.el5_10.1.s390x.rpm
x86_64:
net-snmp-5.3.2.2-22.el5_10.1.x86_64.rpm
net-snmp-debuginfo-5.3.2.2-22.el5_10.1.i386.rpm
net-snmp-debuginfo-5.3.2.2-22.el5_10.1.x86_64.rpm
net-snmp-devel-5.3.2.2-22.el5_10.1.i386.rpm
net-snmp-devel-5.3.2.2-22.el5_10.1.x86_64.rpm
net-snmp-libs-5.3.2.2-22.el5_10.1.i386.rpm
net-snmp-libs-5.3.2.2-22.el5_10.1.x86_64.rpm
net-snmp-perl-5.3.2.2-22.el5_10.1.x86_64.rpm
net-snmp-utils-5.3.2.2-22.el5_10.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2012-6151.html
https://www.redhat.com/security/data/cve/CVE-2014-2285.html
https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFTMHSuXlSAg2UNWIIRAry9AJ9/8dV56R/SbgYJ11yIkbD/xeXQYQCeNWNw
O5Ub5yb41Yk85fyW4Z/hbsM=
=Pr1x
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update
2015-007
OS X El Capitan 10.11.1 and Security Update 2015-007 are now
available and address the following:
Accelerate Framework
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan 10.11
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: A memory corruption issue existed in the Accelerate
Framework in multi-threading mode. This issue was addressed through
improved accessor element validation and improved object locking.
CVE-ID
CVE-2015-5940 : Apple
apache_mod_php
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan 10.11
Impact: Multiple vulnerabilities in PHP
Description: Multiple vulnerabilities existed in PHP versions prior
to 5.5.29 and 5.4.45. These were addressed by updating PHP to
versions 5.5.29 and 5.4.45.
CVE-ID
CVE-2015-0235
CVE-2015-0273
CVE-2015-6834
CVE-2015-6835
CVE-2015-6836
CVE-2015-6837
CVE-2015-6838
ATS
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan 10.11
Impact: Visiting a maliciously crafted webpage may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in ATS. This issue
was addressed through improved memory handling.
CVE-ID
CVE-2015-6985 : John Villamil (@day6reak), Yahoo Pentest Team
Audio
Available for: OS X El Capitan 10.11
Impact: A malicious application may be able to execute arbitrary
code
Description: An uninitialized memory issue existed in coreaudiod.
This issue was addressed through improved memory initialization.
CVE-ID
CVE-2015-7003 : Mark Brand of Google Project Zero
Audio
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan 10.11
Impact: Playing a malicious audio file may lead to arbitrary code
execution
Description: Multiple memory corruption issues existed in the
handling of audio files. These issues were addressed through improved
memory handling.
CVE-ID
CVE-2015-5933 : Apple
CVE-2015-5934 : Apple
Bom
Available for: OS X El Capitan 10.11
Impact: Unpacking a maliciously crafted archive may lead to
arbitrary code execution
Description: A file traversal vulnerability existed in the handling
of CPIO archives. This issue was addressed through improved
validation of metadata.
CVE-ID
CVE-2015-7006 : Mark Dowd of Azimuth Security
CFNetwork
Available for: OS X El Capitan 10.11
Impact: Visiting a maliciously crafted website may lead to cookies
being overwritten
Description: A parsing issue existed when handling cookies with
different letter casing. This issue was addressed through improved
parsing.
CVE-ID
CVE-2015-7023 : Marvin Scholz; Xiaofeng Zheng and Jinjin Liang of
Tsinghua University, Jian Jiang of University of California,
Berkeley, Haixin Duan of Tsinghua University and International
Computer Science Institute, Shuo Chen of Microsoft Research Redmond,
Tao Wan of Huawei Canada, Nicholas Weaver of International Computer
Science Institute and University of California, Berkeley, coordinated
via CERT/CC
configd
Available for: OS X El Capitan 10.11
Impact: A malicious application may be able to elevate privileges
Description: A heap based buffer overflow issue existed in the DNS
client library. A malicious application with the ability to spoof
responses from the local configd service may have been able to cause
arbitrary code execution in DNS clients.
CVE-ID
CVE-2015-7015 : PanguTeam
CoreGraphics
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan 10.11
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: Multiple memory corruption issues existed in
CoreGraphics. These issues were addressed through improved memory
handling.
CVE-ID
CVE-2015-5925 : Apple
CVE-2015-5926 : Apple
CoreText
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan 10.11
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: Multiple memory corruption issues existed in the
handling of font files. These issues were addressed through improved
bounds checking.
CVE-ID
CVE-2015-6992 : John Villamil (@day6reak), Yahoo Pentest Team
CoreText
Available for: OS X Yosemite v10.10.5 and OS X El Capitan 10.11
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: Multiple memory corruption issues existed in the
handling of font files. These issues were addressed through improved
bounds checking.
CVE-ID
CVE-2015-6975 : John Villamil (@day6reak), Yahoo Pentest Team
CoreText
Available for: OS X El Capitan 10.11
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: Multiple memory corruption issues existed in the
handling of font files. These issues were addressed through improved
bounds checking.
CVE-ID
CVE-2015-7017 : John Villamil (@day6reak), Yahoo Pentest Team
CoreText
Available for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: Multiple memory corruption issues existed in the
handling of font files. These issues were addressed through improved
bounds checking.
CVE-ID
CVE-2015-5944 : John Villamil (@day6reak), Yahoo Pentest Team
Disk Images
Available for: OS X El Capitan 10.11
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A memory corruption issue existed in the parsing of
disk images. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-6995 : Ian Beer of Google Project Zero
EFI
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan 10.11
Impact: An attacker can exercise unused EFI functions
Description: An issue existed with EFI argument handling. This was
addressed by removing the affected functions.
CVE-ID
CVE-2015-7035 : Corey Kallenberg, Xeno Kovah, John Butterworth, and
Sam Cornwell of The MITRE Corporation, coordinated via CERT/CC
File Bookmark
Available for: OS X El Capitan 10.11
Impact: Browsing to a folder with malformed bookmarks may cause
unexpected application termination
Description: An input validation issue existed in parsing bookmark
metadata. This issue was addressed through improved validation
checks.
CVE-ID
CVE-2015-6987 : Luca Todesco (@qwertyoruiop)
FontParser
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan 10.11
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: Multiple memory corruption issues existed in the
handling of font files. These issues were addressed through improved
bounds checking.
CVE-ID
CVE-2015-5927 : Apple
CVE-2015-5942
CVE-2015-6976 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-6977 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-6978 : Jaanus Kp, Clarified Security, working with HP's Zero
Day Initiative
CVE-2015-6991 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-6993 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-7009 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-7010 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-7018 : John Villamil (@day6reak), Yahoo Pentest Team
FontParser
Available for: OS X El Capitan 10.11
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: Multiple memory corruption issues existed in the
handling of font files. These issues were addressed through improved
bounds checking.
CVE-ID
CVE-2015-6990 : John Villamil (@day6reak), Yahoo Pentest Team
CVE-2015-7008 : John Villamil (@day6reak), Yahoo Pentest Team
Grand Central Dispatch
Available for: OS X Yosemite v10.10.5 and OS X El Capitan 10.11
Impact: Processing a maliciously crafted package may lead to
arbitrary code execution
Description: A memory corruption issue existed in the handling of
dispatch calls. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-6989 : Apple
Graphics Drivers
Available for: OS X El Capitan 10.11
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: Multiple out of bounds read issues existed in the
NVIDIA graphics driver. These issues were addressed through improved
bounds checking.
CVE-ID
CVE-2015-7019 : Ian Beer of Google Project Zero
CVE-2015-7020 : Moony Li of Trend Micro
Graphics Drivers
Available for: OS X El Capitan 10.11
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue existed in the kernel. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-7021 : Moony Li of Trend Micro
ImageIO
Available for: OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5
Impact: Processing a maliciously crafted image file may lead to
arbitrary code execution
Description: Multiple memory corruption issues existed in the
parsing of image metadata. These issues were addressed through
improved metadata validation.
CVE-ID
CVE-2015-5935 : Apple
CVE-2015-5938 : Apple
ImageIO
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan 10.11
Impact: Processing a maliciously crafted image file may lead to
arbitrary code execution
Description: Multiple memory corruption issues existed in the
parsing of image metadata. These issues were addressed through
improved metadata validation.
CVE-ID
CVE-2015-5936 : Apple
CVE-2015-5937 : Apple
CVE-2015-5939 : Apple
IOAcceleratorFamily
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan 10.11
Impact: A malicious application may be able to execute arbitrary
code with system privileges
Description: A memory corruption issue existed in
IOAcceleratorFamily. This issue was addressed through improved memory
handling.
CVE-ID
CVE-2015-6996 : Ian Beer of Google Project Zero
IOHIDFamily
Available for: OS X El Capitan 10.11
Impact: A malicious application may be able to execute arbitrary
code with kernel privileges
Description: A memory corruption issue existed in the kernel. This
issue was addressed through improved memory handling.
CVE-ID
CVE-2015-6974 : Luca Todesco (@qwertyoruiop)
Kernel
Available for: OS X Yosemite v10.10.5
Impact: A local user may be able to execute arbitrary code with
system privileges
Description: A type confusion issue existed in the validation of
Mach tasks. This issue was addressed through improved Mach task
validation.
CVE-ID
CVE-2015-5932 : Luca Todesco (@qwertyoruiop), Filippo Bigarella
Kernel
Available for: OS X El Capitan 10.11
Impact: An attacker with a privileged network position may be able
to execute arbitrary code
Description: An uninitialized memory issue existed in the kernel.
This issue was addressed through improved memory initialization.
CVE-ID
CVE-2015-6988 : The Brainy Code Scanner (m00nbsd)
Kernel
Available for: OS X El Capitan 10.11
Impact: A local application may be able to cause a denial of service
Description: An issue existed when reusing virtual memory. This
issue was addressed through improved validation.
CVE-ID
CVE-2015-6994 : Mark Mentovai of Google Inc.
libarchive
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan 10.11
Impact: A malicious application may be able to overwrite arbitrary
files
Description: An issue existed within the path validation logic for
symlinks. This issue was addressed through improved path
sanitization.
CVE-ID
CVE-2015-6984 : Christopher Crone of Infinit, Jonathan Schleifer
MCX Application Restrictions
Available for: OS X Yosemite v10.10.5 and OS X El Capitan 10.11
Impact: A developer-signed executable may acquire restricted
entitlements
Description: An entitlement validation issue existed in Managed
Configuration. A developer-signed app could bypass restrictions on
use of restricted entitlements and elevate privileges. This issue was
addressed through improved provisioning profile validation.
CVE-ID
CVE-2015-7016 : Apple
Net-SNMP
Available for: OS X El Capitan 10.11
Impact: An attacker in a privileged network position may be able to
cause a denial of service
Description: Multiple issues existed in netsnmp version 5.6. These
issues were addressed by using patches affecting OS X from upstream.
CVE-ID
CVE-2012-6151
CVE-2014-3565
OpenGL
Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5,
and OS X El Capitan 10.11
Impact: Visiting a maliciously crafted website may lead to arbitrary
code execution
Description: A memory corruption issue existed in OpenGL. This issue
was addressed through improved memory handling.
CVE-ID
CVE-2015-5924 : Apple
OpenSSH
Available for: OS X El Capitan 10.11
Impact: A local user may be able to conduct impersonation attacks
Description: A privilege separation issue existed in PAM support.
This issue was addressed with improved authorization checks.
CVE-ID
CVE-2015-6563 : Moritz Jodeit of Blue Frost Security GmbH
Sandbox
Available for: OS X El Capitan 10.11
Impact: A local user may be able to execute arbitrary code with
kernel privileges
Description: An input validation issue existed when handling NVRAM
parameters. This issue was addressed through improved validation.
CVE-ID
CVE-2015-5945 : Rich Trouton (@rtrouton), Howard Hughes Medical
Institute, Apple
Script Editor
Available for: OS X El Capitan 10.11
Impact: An attacker may trick a user into running arbitrary
AppleScript
Description: In some circumstances, Script Editor did not ask for
user confirmation before executing AppleScripts. This issue was
addressed by prompting for user confirmation before executing
AppleScripts.
CVE-ID
CVE-2015-7007 : Joe Vennix of Rapid7
Security
Available for: OS X El Capitan 10.11
Impact: A malicious application may be able to overwrite arbitrary
files
Description: A double free issue existed in the handling of
AtomicBufferedFile descriptors. This issue was addressed through
improved validation of AtomicBufferedFile descriptors.
CVE-ID
CVE-2015-6983 : David Benjamin, Greg Kerr, Mark Mentovai and Sergey
Ulanov from the Chrome Team
SecurityAgent
Available for: OS X El Capitan 10.11
Impact: A malicious application can programmatically control
keychain access prompts
Description: A method existed for applications to create synthetic
clicks on keychain prompts. This was addressed by disabling synthetic
clicks for keychain access windows.
CVE-ID
CVE-2015-5943
Installation note:
OS X El Capitan v10.11.1 includes the security content of
Safari 9.0.1: https://support.apple.com/kb/HT205377
OS X El Capitan 10.11.1 and Security Update 2015-007 may be obtained
from the Mac App Store or Apple's Software Downloads web site:
http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJWJuKsAAoJEBcWfLTuOo7t8e0P/igVHKDXeLNib2eEzbS2BMVV
Ee968BgEDw1xnHK8zzh3bbRNxxAUT9lwe8RuSYECfp8sUYySb51/VIWpmidewsqB
az7mJ4Gohldppejc5tykHDoTYesQL7iySLn74PdxZfZXbtz2EGJK19cA6hIHcO5x
ZiMCbJzTaAOylKRQRRi3kMdNWEzxbtm90247vNx/zMSjs1bhGlQbJsCVDmX/Q9uH
Xja9aPCHDfaQueTw5idbXwT+Y/+I9ytBlL5JXVrjRUDYCtuewC4DNsQxZY0qcDyE
A7/0G7iYW5vOECNhpoLA0+1MbdHxJXhwJtmIKX8zucYqe/Vr4j41oGey/HJW55ER
USJ2RBpMtGhDEolyvxz7FlSPYOIpp05mwMB0GWQWAmkWDAxnagkQm9xwKBMt4eq4
CNdI0YaX0iPPWYIkI3HpZHdzuwbE5b053cw1hLKc0OVQBiqLUQxe3W5s64ZqTSe0
whlm9lt/9EUwyfXHEiXTYi/d+CF8+JthY4ieXRJ4mwz77udafmgA5Pbl71SqB8pE
7TBByuCOFdou6JmdJPahLDxoGRA+i7Z+a8Myn4WtbemkjrO9iZ/VsdAdl/Db+7cz
rEgSPjelEC5z5WxQspiuohxU1NkDnMgWm2Tnx+pFBOfZMheE4xnTfve3vqY+gQdN
4GbuRXld4PbxeDdel0Nk
=snJ4
-----END PGP SIGNATURE-----
. ============================================================================
Ubuntu Security Notice USN-2166-1
April 14, 2014
net-snmp vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.10
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Net-SNMP could be made to crash if it received specially crafted network
traffic.
Software Description:
- net-snmp: SNMP (Simple Network Management Protocol) server and applications
Details:
Ken Farnen discovered that Net-SNMP incorrectly handled AgentX timeouts. (CVE-2012-6151)
It was discovered that the Net-SNMP ICMP-MIB incorrectly validated input. This issue only affected Ubuntu 13.10.
(CVE-2014-2284)
Viliam P=C3=BA=C4=8Dik discovered that the Net-SNMP perl trap handler incorrectly
handled NULL arguments. (CVE-2014-2285)
It was discovered that Net-SNMP incorrectly handled AgentX multi-object
requests. This issue only affected Ubuntu
10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 12.10. (CVE-2014-2310)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 13.10:
libsnmp30 5.7.2~dfsg-8ubuntu1.1
Ubuntu 12.10:
libsnmp15 5.4.3~dfsg-2.5ubuntu1.1
Ubuntu 12.04 LTS:
libsnmp15 5.4.3~dfsg-2.4ubuntu1.2
Ubuntu 10.04 LTS:
libsnmp15 5.4.2.1~dfsg0ubuntu1-0ubuntu2.3
In general, a standard system update will make all the necessary changes.
This update also fixes two other minor issues: IPADDRESS size in
python-netsnmp on 64-bit systems and adding btrfs support to hrFSTable. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFS37hgmqjQ0CJFipgRAjxKAKC6ViJ2WOTAAWJFn11qJpAb/VDpIQCePDvL
7Y2ZoOmPI9yoA8XKT9uUKMk=
=y+p/
-----END PGP SIGNATURE-----
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201409-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Net-SNMP: Denial of Service
Date: September 01, 2014
Bugs: #431752, #493296, #502968, #509110
ID: 201409-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Net-SNMP which could allow
remote attackers to cause Denial of Service.
Background
==========
Net-SNMP bundles software for generating and retrieving SNMP data. Please
review the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All net-snmp users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=net-analyzer/net-snmp-5.7.3_pre3"
References
==========
[ 1 ] CVE-2012-2141
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2141
[ 2 ] CVE-2012-6151
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6151
[ 3 ] CVE-2014-2284
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2284
[ 4 ] CVE-2014-2285
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2285
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201409-02.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201209-0796 | No CVE | TP-LINK TL-WR340G Router Denial of Service Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
The TL-WR340G is a wireless broadband router. A denial of service vulnerability exists in TL-WR340G. An attacker could exploit this vulnerability to cause the affected device to become unresponsive, resulting in a denial of service. TP-LINK TL-WR340G router is prone to a denial-of-service vulnerability.
TL-WR340G 4.7.11 Build 101102 Rel.60376n is vulnerable; other versions may also be affected
| VAR-201208-0320 | CVE-2012-4746 |
ZTE ZXDSL Cross-Site Request Forgery Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201111-0085 |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Cross-site request forgery (CSRF) vulnerability in accessaccount.cgi in ZTE ZXDSL 831IIV7.5.0a_Z29_OV allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the sysPassword parameter. ZTE ZXDSL is an ADSL device. ZTE ZXDSL accessaccount.cgi has a cross-site request forgery vulnerability
| VAR-201209-0221 | CVE-2012-3014 | GarrettCom Magnum MNS-6K Software Hard Coded Password Security Bypass Vulnerability |
CVSS V2: 7.7 CVSS V3: - Severity: HIGH |
The Management Software application in GarrettCom Magnum MNS-6K before 4.4.0, and 14.x before 14.4.0, has a hardcoded password for an administrative account, which allows local users to gain privileges via unspecified vectors. GarrettCom Magnum MNS-6K software can be used for integrated management of GarrettCom switches.
Attackers can leverage this issue to gain unauthorized administrative access to the device running the affected software.
The following versions are affected:
MNS-6K 4.1.14 and prior
MNS-6K-SECURE 4.1.14 and prior. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Magnum MNS-6K Hardcoded Password Security Issue
SECUNIA ADVISORY ID:
SA50418
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50418/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50418
RELEASE DATE:
2012-08-31
DISCUSS ADVISORY:
http://secunia.com/advisories/50418/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50418/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50418
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A security issue has been reported in Magnum MNS-6K, which can be
exploited by malicious, local users to gain escalated privileges.
* Magnum MNS-6K version 14.1.14 SECURE and prior.
SOLUTION:
Update to version 4.1.15 and 14.1.15.
PROVIDED AND/OR DISCOVERED BY:
ICS-CERT credits Justin W. Clarke, Cylance Inc.
ORIGINAL ADVISORY:
GarretCom:
http://www.garrettcom.com/techsupport/6k_dl/6k14115a_rn.pdf
ICS-CERT:
http://www.us-cert.gov/control_systems/pdf/ICSA-12-243-01.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0108 | CVE-2012-0547 |
Oracle Java SE of Java Runtime Environment (JRE) In AWT Processing vulnerability
Related entries in the VARIoT exploits database: VAR-E-201003-0011, VAR-E-201110-0793 |
CVSS V2: - CVSS V3: - Severity: LOW |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier, and 6 Update 34 and earlier, has no impact and remote attack vectors involving AWT and "a security-in-depth issue that is not directly exploitable but which can be used to aggravate security vulnerabilities that can be directly exploited." NOTE: this identifier was assigned by the Oracle CNA, but CVE is not intended to cover defense-in-depth issues that are only exposed by the presence of other vulnerabilities. NOTE: Oracle has not commented on claims from a downstream vendor that this issue is related to "toolkit internals references.". Oracle Java SE of Java Runtime Environment (JRE) Is AWT Incomplete processing AWT There are vulnerabilities that are exploited through other vulnerabilities.By a third party AWT Other vulnerabilities may be exploited through.
The issue can be exploited over multiple protocols and affects the 'AWT' sub-component.
Note: The flaw cannot be exploited directly but is dependent on any other security vulnerability that can be directly executed first.
This issue affects the following supported versions:
7 Update 6 and before, 6 Update 34 and before.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Awareness System
US-CERT Alert TA13-051A
Oracle Java Multiple Vulnerabilities
Original release date: February 20, 2013
Last revised: --
Systems Affected
Any system using Oracle Java including
* JDK and JRE 7 Update 13 and earlier
* JDK and JRE 6 Update 39 and earlier
* JDK and JRE 5.0 Update 39 and earlier
* SDK and JRE 1.4.2_41 and earlier
Web browsers using the Java plug-in are at high risk.
Overview
Multiple vulnerabilities in Java could allow an attacker to execute
arbitrary code on a vulnerable system. An additional five fixes that had been
previously planned for delivery are in this update. This
distribution therefore completes the content for all originally
planned fixes to be included in the Java SE Critical Patch Update
for February 2013.
Both Java applets delivered via web browsers and stand-alone Java
applications are affected, however web browsers using the Java
plug-in are at particularly high risk.
The Java plug-in, the Java Deployment Toolkit plug-in, and Java Web
Start can be used as attack vectors. An attacker could use social
engineering techniques to entice a user to visit a link to a
website hosting a malicious Java applet. An attacker could also
compromise a legitimate website and upload a malicious Java applet
(a "drive-by download" attack).
Some vulnerabilities affect stand-alone Java applications,
depending on how the Java application functions and how it
processes untrusted data.
Reports indicate that at least one of these vulnerabilities is
being actively exploited.
Impact
By convincing a user to load a malicious Java applet or Java
Network Launching Protocol (JNLP) file, an attacker could execute
arbitrary code on a vulnerable system with the privileges of the
Java plug-in process.
Stand-alone java applications may also be affected.
Disable Java in web browsers
These and previous Java vulnerabilities have been widely targeted
by attackers, and new Java vulnerabilities are likely to be
discovered. To defend against this and future Java vulnerabilities,
consider disabling Java in web browsers until adequate updates have
been installed. As with any software, unnecessary features should
be disabled or removed as appropriate for your environment.
Starting with Java 7 Update 10, it is possible to disable Java
content in web browsers through the Java control panel applet. From
Setting the Security Level of the Java Client:
For installations where the highest level of security is required,
it is possible to entirely prevent any Java apps (signed or
unsigned) from running in a browser by de-selecting Enable Java
content in the browser in the Java Control Panel under the Security
tab.
If you are unable to update to at least Java 7 Update 10, please
see the solution section of Vulnerability Note VU#636312 for
instructions on how to disable Java on a per-browser basis.
Restrict access to Java applets
Network administrators unable to disable Java in web browsers may
be able to help mitigate these and other Java vulnerabilities by
restricting access to Java applets using a web proxy. Most web
proxies have features that can be used to block or whitelist
requests for .jar and .class files based on network location.
Filtering requests that contain a Java User-Agent header may also
be effective. For environments where Java is required on the local
intranet, the proxy can be configured to allow access to Java
applets hosted locally, but block access to Java applets on the
internet.
References
* Oracle Java SE Critical Patch Update Advisory Update - February
2013
<http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html>
* Setting the Security Level of the Java Client
<http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/client-security.html>
* The Security Manager
<http://docs.oracle.com/javase/tutorial/essential/environment/security.html>
* How to disable the Java web plug-in in Safari
<https://support.apple.com/kb/HT5241>
* How to turn off Java applets
<https://support.mozilla.org/en-US/kb/How%20to%20turn%20off%20Java%20applets>
* NoScript
<http://noscript.net/>
* Securing Your Web Browser
<https://www.us-cert.gov/reading_room/securing_browser/#Safari>
* Vulnerability Note VU#636312
<http://www.kb.cert.org/vuls/id/636312#solution>
Revision History
February 20, 2013: Initial release
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA13-051A Feedback " in
the subject.
____________________________________________________________________
Produced by US-CERT, a government organization. (CVE-2012-4681,
CVE-2012-1682, CVE-2012-3136, CVE-2012-0547)
Red Hat is aware that a public exploit for CVE-2012-4681 is available that
executes code without user interaction when a user visits a malicious web
page using a browser with the Oracle Java 7 web browser plug-in enabled. Bugs fixed (http://bugzilla.redhat.com/):
852051 - CVE-2012-4681 OpenJDK: beans insufficient permission checks, Java 7 0day (beans, 7162473)
853097 - CVE-2012-1682 OpenJDK: beans ClassFinder insufficient permission checks (beans, 7162476)
853138 - CVE-2012-3136 OpenJDK: beans MethodElementHandler insufficient permission checks (beans, 7194567)
853228 - CVE-2012-0547 OpenJDK: AWT hardening fixes (AWT, 7163201)
6. In a typical operating environment, these are of low security risk as
the runtime is not used on untrusted applets. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: java-1.6.0-ibm security update
Advisory ID: RHSA-2012:1466-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1466.html
Issue date: 2012-11-15
CVE Names: CVE-2012-0547 CVE-2012-1531 CVE-2012-1532
CVE-2012-1533 CVE-2012-1682 CVE-2012-3143
CVE-2012-3159 CVE-2012-3216 CVE-2012-4820
CVE-2012-4822 CVE-2012-4823 CVE-2012-5068
CVE-2012-5069 CVE-2012-5071 CVE-2012-5072
CVE-2012-5073 CVE-2012-5075 CVE-2012-5079
CVE-2012-5081 CVE-2012-5083 CVE-2012-5084
CVE-2012-5089
=====================================================================
1. Summary:
Updated java-1.6.0-ibm packages that fix several security issues are now
available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node Supplementary (v. 6) - x86_64
Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, ppc, s390x, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Detailed
vulnerability descriptions are linked from the IBM Security alerts page,
listed in the References section. (CVE-2012-0547, CVE-2012-1531,
CVE-2012-1532, CVE-2012-1533, CVE-2012-1682, CVE-2012-3143, CVE-2012-3159,
CVE-2012-3216, CVE-2012-4820, CVE-2012-4822, CVE-2012-4823, CVE-2012-5068,
CVE-2012-5069, CVE-2012-5071, CVE-2012-5072, CVE-2012-5073, CVE-2012-5075,
CVE-2012-5079, CVE-2012-5081, CVE-2012-5083, CVE-2012-5084, CVE-2012-5089)
All users of java-1.6.0-ibm are advised to upgrade to these updated
packages, containing the IBM Java SE 6 SR12 release. All running instances
of IBM Java must be restarted for the update to take effect.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
853097 - CVE-2012-1682 OpenJDK: beans ClassFinder insufficient permission checks (beans, 7162476)
853228 - CVE-2012-0547 OpenJDK: AWT hardening fixes (AWT, 7163201)
865346 - CVE-2012-3216 OpenJDK: java.io.FilePermission information leak (Libraries, 6631398)
865348 - CVE-2012-5068 OpenJDK: RhinoScriptEngine security bypass (Scripting, 7143535)
865357 - CVE-2012-5073 OpenJDK: LogManager security bypass (Libraries, 7169884)
865363 - CVE-2012-5075 OpenJDK: RMIConnectionImpl information disclosure (JMX, 7169888)
865365 - CVE-2012-5072 OpenJDK: AccessController.doPrivilegedWithCombiner() information disclosure (Security, 7172522)
865370 - CVE-2012-5081 OpenJDK: JSSE denial of service (JSSE, 7186286)
865511 - CVE-2012-5084 OpenJDK: DefaultFormatter insufficient data validation (Swing, 7195194)
865514 - CVE-2012-5089 OpenJDK: RMIConnectionImpl insufficient access control checks (JMX, 7198296)
865519 - CVE-2012-5071 OpenJDK: DescriptorSupport insufficient package access checks (JMX, 7192975)
865531 - CVE-2012-5069 OpenJDK: Executors state handling issues (Concurrency, 7189103)
865568 - CVE-2012-5079 OpenJDK: ServiceLoader reject not subtype classes without instantiating (Libraries, 7195919)
867185 - CVE-2012-1531 Oracle JDK: unspecified vulnerability (2D)
867186 - CVE-2012-1532 Oracle JDK: unspecified vulnerability (Deployment)
867187 - CVE-2012-1533 Oracle JDK: unspecified vulnerability (Deployment)
867189 - CVE-2012-3143 Oracle JDK: unspecified vulnerability (JMX)
867190 - CVE-2012-3159 Oracle JDK: unspecified vulnerability (Deployment)
867193 - CVE-2012-5083 Oracle JDK: unspecified vulnerability (2D)
876386 - CVE-2012-4820 IBM JDK: java.lang.reflect.Method invoke() code execution
876388 - CVE-2012-4822 IBM JDK: java.lang.class code execution
876389 - CVE-2012-4823 IBM JDK: java.lang.ClassLoder defineClass() code execution
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386:
java-1.6.0-ibm-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-accessibility-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-demo-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-javacomm-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-jdbc-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-plugin-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-src-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
x86_64:
java-1.6.0-ibm-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-1.6.0.12.0-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-ibm-accessibility-1.6.0.12.0-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-ibm-demo-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-demo-1.6.0.12.0-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-ibm-javacomm-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-javacomm-1.6.0.12.0-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-ibm-jdbc-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-jdbc-1.6.0.12.0-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-ibm-plugin-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-plugin-1.6.0.12.0-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-ibm-src-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-src-1.6.0.12.0-1jpp.1.el5_8.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386:
java-1.6.0-ibm-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-accessibility-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-demo-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-javacomm-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-jdbc-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-plugin-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-src-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
ppc:
java-1.6.0-ibm-1.6.0.12.0-1jpp.1.el5_8.ppc.rpm
java-1.6.0-ibm-1.6.0.12.0-1jpp.1.el5_8.ppc64.rpm
java-1.6.0-ibm-accessibility-1.6.0.12.0-1jpp.1.el5_8.ppc.rpm
java-1.6.0-ibm-demo-1.6.0.12.0-1jpp.1.el5_8.ppc.rpm
java-1.6.0-ibm-demo-1.6.0.12.0-1jpp.1.el5_8.ppc64.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el5_8.ppc.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el5_8.ppc64.rpm
java-1.6.0-ibm-javacomm-1.6.0.12.0-1jpp.1.el5_8.ppc.rpm
java-1.6.0-ibm-javacomm-1.6.0.12.0-1jpp.1.el5_8.ppc64.rpm
java-1.6.0-ibm-jdbc-1.6.0.12.0-1jpp.1.el5_8.ppc.rpm
java-1.6.0-ibm-jdbc-1.6.0.12.0-1jpp.1.el5_8.ppc64.rpm
java-1.6.0-ibm-plugin-1.6.0.12.0-1jpp.1.el5_8.ppc.rpm
java-1.6.0-ibm-src-1.6.0.12.0-1jpp.1.el5_8.ppc.rpm
java-1.6.0-ibm-src-1.6.0.12.0-1jpp.1.el5_8.ppc64.rpm
s390x:
java-1.6.0-ibm-1.6.0.12.0-1jpp.1.el5_8.s390.rpm
java-1.6.0-ibm-1.6.0.12.0-1jpp.1.el5_8.s390x.rpm
java-1.6.0-ibm-accessibility-1.6.0.12.0-1jpp.1.el5_8.s390x.rpm
java-1.6.0-ibm-demo-1.6.0.12.0-1jpp.1.el5_8.s390.rpm
java-1.6.0-ibm-demo-1.6.0.12.0-1jpp.1.el5_8.s390x.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el5_8.s390.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el5_8.s390x.rpm
java-1.6.0-ibm-jdbc-1.6.0.12.0-1jpp.1.el5_8.s390.rpm
java-1.6.0-ibm-jdbc-1.6.0.12.0-1jpp.1.el5_8.s390x.rpm
java-1.6.0-ibm-src-1.6.0.12.0-1jpp.1.el5_8.s390.rpm
java-1.6.0-ibm-src-1.6.0.12.0-1jpp.1.el5_8.s390x.rpm
x86_64:
java-1.6.0-ibm-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-1.6.0.12.0-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-ibm-accessibility-1.6.0.12.0-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-ibm-demo-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-demo-1.6.0.12.0-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-ibm-javacomm-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-javacomm-1.6.0.12.0-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-ibm-jdbc-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-jdbc-1.6.0.12.0-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-ibm-plugin-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-plugin-1.6.0.12.0-1jpp.1.el5_8.x86_64.rpm
java-1.6.0-ibm-src-1.6.0.12.0-1jpp.1.el5_8.i386.rpm
java-1.6.0-ibm-src-1.6.0.12.0-1jpp.1.el5_8.x86_64.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
java-1.6.0-ibm-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
java-1.6.0-ibm-demo-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
java-1.6.0-ibm-javacomm-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
java-1.6.0-ibm-jdbc-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
java-1.6.0-ibm-plugin-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
java-1.6.0-ibm-src-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
x86_64:
java-1.6.0-ibm-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-ibm-demo-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-ibm-javacomm-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-ibm-jdbc-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-ibm-plugin-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-ibm-src-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
Red Hat Enterprise Linux HPC Node Supplementary (v. 6):
x86_64:
java-1.6.0-ibm-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-ibm-demo-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-ibm-javacomm-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-ibm-src-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
java-1.6.0-ibm-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
java-1.6.0-ibm-demo-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
java-1.6.0-ibm-javacomm-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
java-1.6.0-ibm-jdbc-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
java-1.6.0-ibm-plugin-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
java-1.6.0-ibm-src-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
ppc64:
java-1.6.0-ibm-1.6.0.12.0-1jpp.1.el6_3.ppc64.rpm
java-1.6.0-ibm-demo-1.6.0.12.0-1jpp.1.el6_3.ppc64.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el6_3.ppc.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el6_3.ppc64.rpm
java-1.6.0-ibm-javacomm-1.6.0.12.0-1jpp.1.el6_3.ppc64.rpm
java-1.6.0-ibm-jdbc-1.6.0.12.0-1jpp.1.el6_3.ppc64.rpm
java-1.6.0-ibm-src-1.6.0.12.0-1jpp.1.el6_3.ppc64.rpm
s390x:
java-1.6.0-ibm-1.6.0.12.0-1jpp.1.el6_3.s390x.rpm
java-1.6.0-ibm-demo-1.6.0.12.0-1jpp.1.el6_3.s390x.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el6_3.s390.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el6_3.s390x.rpm
java-1.6.0-ibm-jdbc-1.6.0.12.0-1jpp.1.el6_3.s390x.rpm
java-1.6.0-ibm-src-1.6.0.12.0-1jpp.1.el6_3.s390x.rpm
x86_64:
java-1.6.0-ibm-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-ibm-demo-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-ibm-javacomm-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-ibm-jdbc-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-ibm-plugin-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-ibm-src-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
java-1.6.0-ibm-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
java-1.6.0-ibm-demo-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
java-1.6.0-ibm-javacomm-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
java-1.6.0-ibm-jdbc-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
java-1.6.0-ibm-plugin-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
java-1.6.0-ibm-src-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
x86_64:
java-1.6.0-ibm-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-ibm-demo-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el6_3.i686.rpm
java-1.6.0-ibm-devel-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-ibm-javacomm-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-ibm-jdbc-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-ibm-plugin-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
java-1.6.0-ibm-src-1.6.0.12.0-1jpp.1.el6_3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2012-0547.html
https://www.redhat.com/security/data/cve/CVE-2012-1531.html
https://www.redhat.com/security/data/cve/CVE-2012-1532.html
https://www.redhat.com/security/data/cve/CVE-2012-1533.html
https://www.redhat.com/security/data/cve/CVE-2012-1682.html
https://www.redhat.com/security/data/cve/CVE-2012-3143.html
https://www.redhat.com/security/data/cve/CVE-2012-3159.html
https://www.redhat.com/security/data/cve/CVE-2012-3216.html
https://www.redhat.com/security/data/cve/CVE-2012-4820.html
https://www.redhat.com/security/data/cve/CVE-2012-4822.html
https://www.redhat.com/security/data/cve/CVE-2012-4823.html
https://www.redhat.com/security/data/cve/CVE-2012-5068.html
https://www.redhat.com/security/data/cve/CVE-2012-5069.html
https://www.redhat.com/security/data/cve/CVE-2012-5071.html
https://www.redhat.com/security/data/cve/CVE-2012-5072.html
https://www.redhat.com/security/data/cve/CVE-2012-5073.html
https://www.redhat.com/security/data/cve/CVE-2012-5075.html
https://www.redhat.com/security/data/cve/CVE-2012-5079.html
https://www.redhat.com/security/data/cve/CVE-2012-5081.html
https://www.redhat.com/security/data/cve/CVE-2012-5083.html
https://www.redhat.com/security/data/cve/CVE-2012-5084.html
https://www.redhat.com/security/data/cve/CVE-2012-5089.html
https://access.redhat.com/security/updates/classification/#critical
https://www.ibm.com/developerworks/java/jdk/alerts/
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFQpV4wXlSAg2UNWIIRAh3xAKCCtopCdB74QaM37wyC/DyniWhpLQCghJEj
Rm+cXgBdDZVQhZ96Ylamhpk=
=d/D8
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0547
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1682
http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html
_______________________________________________________________________
Updated Packages:
Mandriva Enterprise Server 5:
286dbb39a335671d71463907eb367c30 mes5/i586/java-1.6.0-openjdk-1.6.0.0-34.b24.1mdvmes5.2.i586.rpm
e5f5fc7abaf8c9cfd7bb6497c0bdce82 mes5/i586/java-1.6.0-openjdk-demo-1.6.0.0-34.b24.1mdvmes5.2.i586.rpm
088aa2775b4e66dede9492d4cd51f8ec mes5/i586/java-1.6.0-openjdk-devel-1.6.0.0-34.b24.1mdvmes5.2.i586.rpm
b628e97ddf02083759cc434019eafc99 mes5/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-34.b24.1mdvmes5.2.i586.rpm
05fbc9d227be560f44c4c7dab844f5d9 mes5/i586/java-1.6.0-openjdk-src-1.6.0.0-34.b24.1mdvmes5.2.i586.rpm
99a8a99f80ae162704ad4bdb5cee3f03 mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-34.b24.1mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
35672929025893cc919f96f6a3f5a64d mes5/x86_64/java-1.6.0-openjdk-1.6.0.0-34.b24.1mdvmes5.2.x86_64.rpm
aba364efac24a36a18701730a431316f mes5/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-34.b24.1mdvmes5.2.x86_64.rpm
2ab69f1c6eb159fae58ef41b0c6db727 mes5/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-34.b24.1mdvmes5.2.x86_64.rpm
4c9dd84ed0e30d56032bf43aca6625bd mes5/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-34.b24.1mdvmes5.2.x86_64.rpm
96172e0de881538984e6e1086d383030 mes5/x86_64/java-1.6.0-openjdk-src-1.6.0.0-34.b24.1mdvmes5.2.x86_64.rpm
99a8a99f80ae162704ad4bdb5cee3f03 mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-34.b24.1mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFQTc2ymqjQ0CJFipgRAtdPAJ4okhZyCQ9BTpmAn4JPjXoPrVw9pACg4YXC
RMZdy7VbZqL5+9SfkTIRYzg=
=xDgA
-----END PGP SIGNATURE-----
. Content-Disposition: inline
==========================================================================Ubuntu Security Notice USN-1553-1
September 03, 2012
openjdk-6 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Summary:
Two security issues were fixed in OpenJDK 6.
Software Description:
- openjdk-6: Open Source Java implementation
Details:
It was discovered that the Beans component in OpenJDK 6 did not
properly prevent access to restricted classes. (CVE-2012-1682)
It was discovered that functionality in the AWT component in OpenJDK 6
made it easier for a remote attacker, in conjunction with other
vulnerabilities, to bypass Java sandbox restrictions. (CVE-2012-0547)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
icedtea-6-jre-cacao 6b24-1.11.4-1ubuntu0.12.04.1
icedtea-6-jre-jamvm 6b24-1.11.4-1ubuntu0.12.04.1
openjdk-6-jre 6b24-1.11.4-1ubuntu0.12.04.1
openjdk-6-jre-headless 6b24-1.11.4-1ubuntu0.12.04.1
openjdk-6-jre-lib 6b24-1.11.4-1ubuntu0.12.04.1
openjdk-6-jre-zero 6b24-1.11.4-1ubuntu0.12.04.1
Ubuntu 11.10:
icedtea-6-jre-cacao 6b24-1.11.4-1ubuntu0.11.10.1
icedtea-6-jre-jamvm 6b24-1.11.4-1ubuntu0.11.10.1
openjdk-6-jre 6b24-1.11.4-1ubuntu0.11.10.1
openjdk-6-jre-headless 6b24-1.11.4-1ubuntu0.11.10.1
openjdk-6-jre-lib 6b24-1.11.4-1ubuntu0.11.10.1
openjdk-6-jre-zero 6b24-1.11.4-1ubuntu0.11.10.1
Ubuntu 11.04:
icedtea-6-jre-cacao 6b24-1.11.4-1ubuntu0.11.04.1
icedtea-6-jre-jamvm 6b24-1.11.4-1ubuntu0.11.04.1
openjdk-6-jre 6b24-1.11.4-1ubuntu0.11.04.1
openjdk-6-jre-headless 6b24-1.11.4-1ubuntu0.11.04.1
openjdk-6-jre-lib 6b24-1.11.4-1ubuntu0.11.04.1
openjdk-6-jre-zero 6b24-1.11.4-1ubuntu0.11.04.1
Ubuntu 10.04 LTS:
icedtea-6-jre-cacao 6b24-1.11.4-1ubuntu0.10.04.1
openjdk-6-jre 6b24-1.11.4-1ubuntu0.10.04.1
openjdk-6-jre-headless 6b24-1.11.4-1ubuntu0.10.04.1
openjdk-6-jre-lib 6b24-1.11.4-1ubuntu0.10.04.1
openjdk-6-jre-zero 6b24-1.11.4-1ubuntu0.10.04.1
After a standard system update you need to restart any Java applets
or applications to make all the necessary changes
| VAR-201209-0151 | CVE-2012-3551 | Crowbar of Crowbar barclamp Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in crowbar_framework/app/views/support/index.html.haml in the Crowbar barclamp in Crowbar, possibly 1.4 and earlier, allows remote attackers to inject arbitrary web script or HTML via the file parameter to /utils. Crowbar is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks
| VAR-201208-0417 | CVE-2012-4171 | Adobe Flash Player Service disruption in (DoS) Vulnerabilities |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow attackers to cause a denial of service (application crash) by leveraging a logic error during handling of Firefox dialogs. Adobe Flash Player There is a service disruption ( Application crash ) There is a vulnerability that becomes a condition.By the attacker, Firefox Service operation disruption by generating a logic error during dialog processing ( Application crash ) There is a possibility of being put into a state. Adobe Flash Player and AIR are prone to a remote denial-of-service vulnerability.
Attackers can exploit this issue to cause the affected application to crash. The product enables viewing of applications, content and video across screens and browsers
| VAR-201208-0344 | CVE-2012-2871 | Google Chrome Used in libxml2 Service disruption in (DoS) Vulnerabilities |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h. Google Chrome is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code in the context of the browser, cause denial-of-service conditions, execute arbitrary script code in the browser of an unsuspecting user or steal cookie-based authentication credentials; other attacks are also possible.
Versions prior to Chrome 21.0.1180.89 are vulnerable. Google Chrome is a web browser developed by Google (Google). An
attacker with a privileged network position may inject arbitrary
contents. This issue was addressed by using an encrypted HTTPS
connection to retrieve tutorials. Summary:
Updated libxslt packages that fix several security issues are now available
for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
2. Relevant releases/architectures:
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
3. Description:
libxslt is a library for transforming XML files into other textual formats
(including HTML, plain text, and other XML representations of the
underlying data) using the standard XSLT stylesheet transformation
mechanism.
A heap-based buffer overflow flaw was found in the way libxslt applied
templates to nodes selected by certain namespaces. An attacker could use
this flaw to create a malicious XSL file that, when used by an application
linked against libxslt to perform an XSL transformation, could cause the
application to crash or, possibly, execute arbitrary code with the
privileges of the user running the application. (CVE-2012-2871)
Several denial of service flaws were found in libxslt. An attacker could
use these flaws to create a malicious XSL file that, when used by an
application linked against libxslt to perform an XSL transformation, could
cause the application to crash. (CVE-2012-2825, CVE-2012-2870,
CVE-2011-3970)
An information leak could occur if an application using libxslt processed
an untrusted XPath expression, or used a malicious XSL file to perform an
XSL transformation. If combined with other flaws, this leak could possibly
help an attacker bypass intended memory corruption protections.
(CVE-2011-1202)
All libxslt users are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues. All running
applications linked against libxslt must be restarted for this update to
take effect.
4.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
684386 - CVE-2011-1202 libxslt: Heap address leak in XLST
788826 - CVE-2011-3970 libxslt: Out-of-bounds read when parsing certain patterns
835982 - CVE-2012-2825 libxslt: DoS when reading unexpected DTD nodes in XSLT
852935 - CVE-2012-2871 libxslt: Heap-buffer overflow caused by bad cast in XSL transforms
852937 - CVE-2012-2870 libxslt: Use-after-free when processing an invalid XPath expression
6. Package List:
Red Hat Enterprise Linux Desktop (v. 5 client):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libxslt-1.1.17-4.el5_8.3.src.rpm
i386:
libxslt-1.1.17-4.el5_8.3.i386.rpm
libxslt-debuginfo-1.1.17-4.el5_8.3.i386.rpm
libxslt-python-1.1.17-4.el5_8.3.i386.rpm
x86_64:
libxslt-1.1.17-4.el5_8.3.i386.rpm
libxslt-1.1.17-4.el5_8.3.x86_64.rpm
libxslt-debuginfo-1.1.17-4.el5_8.3.i386.rpm
libxslt-debuginfo-1.1.17-4.el5_8.3.x86_64.rpm
libxslt-python-1.1.17-4.el5_8.3.x86_64.rpm
RHEL Desktop Workstation (v. 5 client):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/libxslt-1.1.17-4.el5_8.3.src.rpm
i386:
libxslt-debuginfo-1.1.17-4.el5_8.3.i386.rpm
libxslt-devel-1.1.17-4.el5_8.3.i386.rpm
x86_64:
libxslt-debuginfo-1.1.17-4.el5_8.3.i386.rpm
libxslt-debuginfo-1.1.17-4.el5_8.3.x86_64.rpm
libxslt-devel-1.1.17-4.el5_8.3.i386.rpm
libxslt-devel-1.1.17-4.el5_8.3.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/libxslt-1.1.17-4.el5_8.3.src.rpm
i386:
libxslt-1.1.17-4.el5_8.3.i386.rpm
libxslt-debuginfo-1.1.17-4.el5_8.3.i386.rpm
libxslt-devel-1.1.17-4.el5_8.3.i386.rpm
libxslt-python-1.1.17-4.el5_8.3.i386.rpm
ia64:
libxslt-1.1.17-4.el5_8.3.i386.rpm
libxslt-1.1.17-4.el5_8.3.ia64.rpm
libxslt-debuginfo-1.1.17-4.el5_8.3.i386.rpm
libxslt-debuginfo-1.1.17-4.el5_8.3.ia64.rpm
libxslt-devel-1.1.17-4.el5_8.3.ia64.rpm
libxslt-python-1.1.17-4.el5_8.3.ia64.rpm
ppc:
libxslt-1.1.17-4.el5_8.3.ppc.rpm
libxslt-1.1.17-4.el5_8.3.ppc64.rpm
libxslt-debuginfo-1.1.17-4.el5_8.3.ppc.rpm
libxslt-debuginfo-1.1.17-4.el5_8.3.ppc64.rpm
libxslt-devel-1.1.17-4.el5_8.3.ppc.rpm
libxslt-devel-1.1.17-4.el5_8.3.ppc64.rpm
libxslt-python-1.1.17-4.el5_8.3.ppc.rpm
s390x:
libxslt-1.1.17-4.el5_8.3.s390.rpm
libxslt-1.1.17-4.el5_8.3.s390x.rpm
libxslt-debuginfo-1.1.17-4.el5_8.3.s390.rpm
libxslt-debuginfo-1.1.17-4.el5_8.3.s390x.rpm
libxslt-devel-1.1.17-4.el5_8.3.s390.rpm
libxslt-devel-1.1.17-4.el5_8.3.s390x.rpm
libxslt-python-1.1.17-4.el5_8.3.s390x.rpm
x86_64:
libxslt-1.1.17-4.el5_8.3.i386.rpm
libxslt-1.1.17-4.el5_8.3.x86_64.rpm
libxslt-debuginfo-1.1.17-4.el5_8.3.i386.rpm
libxslt-debuginfo-1.1.17-4.el5_8.3.x86_64.rpm
libxslt-devel-1.1.17-4.el5_8.3.i386.rpm
libxslt-devel-1.1.17-4.el5_8.3.x86_64.rpm
libxslt-python-1.1.17-4.el5_8.3.x86_64.rpm
Red Hat Enterprise Linux Desktop (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libxslt-1.1.26-2.el6_3.1.src.rpm
i386:
libxslt-1.1.26-2.el6_3.1.i686.rpm
libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm
x86_64:
libxslt-1.1.26-2.el6_3.1.i686.rpm
libxslt-1.1.26-2.el6_3.1.x86_64.rpm
libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm
libxslt-debuginfo-1.1.26-2.el6_3.1.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/libxslt-1.1.26-2.el6_3.1.src.rpm
i386:
libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm
libxslt-devel-1.1.26-2.el6_3.1.i686.rpm
libxslt-python-1.1.26-2.el6_3.1.i686.rpm
x86_64:
libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm
libxslt-debuginfo-1.1.26-2.el6_3.1.x86_64.rpm
libxslt-devel-1.1.26-2.el6_3.1.i686.rpm
libxslt-devel-1.1.26-2.el6_3.1.x86_64.rpm
libxslt-python-1.1.26-2.el6_3.1.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libxslt-1.1.26-2.el6_3.1.src.rpm
x86_64:
libxslt-1.1.26-2.el6_3.1.i686.rpm
libxslt-1.1.26-2.el6_3.1.x86_64.rpm
libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm
libxslt-debuginfo-1.1.26-2.el6_3.1.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/libxslt-1.1.26-2.el6_3.1.src.rpm
x86_64:
libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm
libxslt-debuginfo-1.1.26-2.el6_3.1.x86_64.rpm
libxslt-devel-1.1.26-2.el6_3.1.i686.rpm
libxslt-devel-1.1.26-2.el6_3.1.x86_64.rpm
libxslt-python-1.1.26-2.el6_3.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libxslt-1.1.26-2.el6_3.1.src.rpm
i386:
libxslt-1.1.26-2.el6_3.1.i686.rpm
libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm
libxslt-devel-1.1.26-2.el6_3.1.i686.rpm
ppc64:
libxslt-1.1.26-2.el6_3.1.ppc.rpm
libxslt-1.1.26-2.el6_3.1.ppc64.rpm
libxslt-debuginfo-1.1.26-2.el6_3.1.ppc.rpm
libxslt-debuginfo-1.1.26-2.el6_3.1.ppc64.rpm
libxslt-devel-1.1.26-2.el6_3.1.ppc.rpm
libxslt-devel-1.1.26-2.el6_3.1.ppc64.rpm
s390x:
libxslt-1.1.26-2.el6_3.1.s390.rpm
libxslt-1.1.26-2.el6_3.1.s390x.rpm
libxslt-debuginfo-1.1.26-2.el6_3.1.s390.rpm
libxslt-debuginfo-1.1.26-2.el6_3.1.s390x.rpm
libxslt-devel-1.1.26-2.el6_3.1.s390.rpm
libxslt-devel-1.1.26-2.el6_3.1.s390x.rpm
x86_64:
libxslt-1.1.26-2.el6_3.1.i686.rpm
libxslt-1.1.26-2.el6_3.1.x86_64.rpm
libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm
libxslt-debuginfo-1.1.26-2.el6_3.1.x86_64.rpm
libxslt-devel-1.1.26-2.el6_3.1.i686.rpm
libxslt-devel-1.1.26-2.el6_3.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/libxslt-1.1.26-2.el6_3.1.src.rpm
i386:
libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm
libxslt-python-1.1.26-2.el6_3.1.i686.rpm
ppc64:
libxslt-debuginfo-1.1.26-2.el6_3.1.ppc64.rpm
libxslt-python-1.1.26-2.el6_3.1.ppc64.rpm
s390x:
libxslt-debuginfo-1.1.26-2.el6_3.1.s390x.rpm
libxslt-python-1.1.26-2.el6_3.1.s390x.rpm
x86_64:
libxslt-debuginfo-1.1.26-2.el6_3.1.x86_64.rpm
libxslt-python-1.1.26-2.el6_3.1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libxslt-1.1.26-2.el6_3.1.src.rpm
i386:
libxslt-1.1.26-2.el6_3.1.i686.rpm
libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm
libxslt-devel-1.1.26-2.el6_3.1.i686.rpm
x86_64:
libxslt-1.1.26-2.el6_3.1.i686.rpm
libxslt-1.1.26-2.el6_3.1.x86_64.rpm
libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm
libxslt-debuginfo-1.1.26-2.el6_3.1.x86_64.rpm
libxslt-devel-1.1.26-2.el6_3.1.i686.rpm
libxslt-devel-1.1.26-2.el6_3.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/libxslt-1.1.26-2.el6_3.1.src.rpm
i386:
libxslt-debuginfo-1.1.26-2.el6_3.1.i686.rpm
libxslt-python-1.1.26-2.el6_3.1.i686.rpm
x86_64:
libxslt-debuginfo-1.1.26-2.el6_3.1.x86_64.rpm
libxslt-python-1.1.26-2.el6_3.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2011-1202.html
https://www.redhat.com/security/data/cve/CVE-2011-3970.html
https://www.redhat.com/security/data/cve/CVE-2012-2825.html
https://www.redhat.com/security/data/cve/CVE-2012-2870.html
https://www.redhat.com/security/data/cve/CVE-2012-2871.html
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc. ============================================================================
Ubuntu Security Notice USN-1595-1
October 04, 2012
libxslt vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
Applications using libxslt could be made to crash or run programs as your
login if they processed a specially crafted file.
Software Description:
- libxslt: XSLT processing library
Details:
Chris Evans discovered that libxslt incorrectly handled generate-id XPath
functions. If a user or automated system were tricked into processing a
specially crafted XSLT document, a remote attacker could obtain potentially
sensitive information. This issue only affected Ubuntu 8.04 LTS, Ubuntu
10.04 LTS and Ubuntu 11.04. (CVE-2011-1202)
It was discovered that libxslt incorrectly parsed certain patterns. (CVE-2011-3970)
Nicholas Gregoire discovered that libxslt incorrectly handled unexpected
DTD nodes. (CVE-2012-2825)
Nicholas Gregoire discovered that libxslt incorrectly managed memory. (CVE-2012-2870)
Nicholas Gregoire discovered that libxslt incorrectly handled certain
transforms.
(CVE-2012-2871)
Cris Neckar discovered that libxslt incorrectly managed memory. (CVE-2012-2893)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
libxslt1.1 1.1.26-8ubuntu1.2
Ubuntu 11.10:
libxslt1.1 1.1.26-7ubuntu0.1
Ubuntu 11.04:
libxslt1.1 1.1.26-6ubuntu0.1
Ubuntu 10.04 LTS:
libxslt1.1 1.1.26-1ubuntu1.1
Ubuntu 8.04 LTS:
libxslt1.1 1.1.22-1ubuntu1.3
In general, a standard system update will make all the necessary changes.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2870
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2871
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2893
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
6dd46f422fb2826ec50a583deff25ea2 mbs1/x86_64/lib64xslt1-1.1.26-6.20120127.2.mbs1.x86_64.rpm
97dbebeb234859c9fb70b42221d0e01c mbs1/x86_64/lib64xslt-devel-1.1.26-6.20120127.2.mbs1.x86_64.rpm
d89b5da4a9297a89975734dd7642200b mbs1/x86_64/python-libxslt-1.1.26-6.20120127.2.mbs1.x86_64.rpm
9f73eb409a80608836f86a2c3e2d3be9 mbs1/x86_64/xsltproc-1.1.26-6.20120127.2.mbs1.x86_64.rpm
95136df2e944a787dc25d07a364f2729 mbs1/SRPMS/libxslt-1.1.26-6.20120127.2.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security.
Background
==========
libxml2 is the XML C parser and toolkit developed for the Gnome
project.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/libxml2 < 2.9.1-r1 >= 2.9.1-r1
Description
===========
Multiple vulnerabilities have been discovered in libxml2. Please review
the CVE identifiers referenced below for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All libxml2 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/libxml2-2.9.1-r1"
References
==========
[ 1 ] CVE-2012-2871
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2871
[ 2 ] CVE-2012-5134
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5134
[ 3 ] CVE-2013-0338
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0338
[ 4 ] CVE-2013-1664
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1664
[ 5 ] CVE-2013-1969
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1969
[ 6 ] CVE-2013-2877
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2877
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201311-06.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2013-09-18-2 iOS 7
iOS 7 is now available and addresses the following:
Certificate Trust Policy
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Root certificates have been updated
Description: Several certificates were added to or removed from the
list of system roots.
CoreGraphics
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of JBIG2
encoded data in PDF files. This issue was addressed through
additional bounds checking.
CVE-ID
CVE-2013-1025 : Felix Groebert of the Google Security Team
CoreMedia
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Playing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of Sorenson
encoded movie files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2013-1019 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft)
working with HP's Zero Day Initiative
Data Protection
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Apps could bypass passcode-attempt restrictions
Description: A privilege separation issue existed in Data
Protection. An app within the third-party sandbox could repeatedly
attempt to determine the user's passcode regardless of the user's
"Erase Data" setting. This issue was addressed by requiring
additional entitlement checks.
CVE-ID
CVE-2013-0957 : Jin Han of the Institute for Infocomm Research
working with Qiang Yan and Su Mon Kywe of Singapore Management
University
Data Security
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker with a privileged network position may intercept
user credentials or other sensitive information
Description: TrustWave, a trusted root CA, has issued, and
subsequently revoked, a sub-CA certificate from one of its trusted
anchors. This sub-CA facilitated the interception of communications
secured by Transport Layer Security (TLS). This update added the
involved sub-CA certificate to OS X's list of untrusted certificates.
CVE-ID
CVE-2013-5134
dyld
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker who has arbitrary code execution on a device may
be able to persist code execution across reboots
Description: Multiple buffer overflows existed in dyld's
openSharedCacheFile() function. These issues were addressed through
improved bounds checking.
CVE-ID
CVE-2013-3950 : Stefan Esser
File Systems
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker who can mount a non-HFS filesystem may be able
to cause an unexpected system termination or arbitrary code execution
with kernel privileges
Description: A memory corruption issue existed in the handling of
AppleDouble files. This issue was addressed by removing support for
AppleDouble files.
CVE-ID
CVE-2013-3955 : Stefan Esser
ImageIO
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of JPEG2000
encoded data in PDF files. This issue was addressed through
additional bounds checking.
CVE-ID
CVE-2013-1026 : Felix Groebert of the Google Security Team
IOKit
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Background applications could inject user interface events
into the foreground app
Description: It was possible for background applications to inject
user interface events into the foreground application using the task
completion or VoIP APIs. This issue was addressed by enforcing access
controls on foreground and background processes that handle interface
events.
CVE-ID
CVE-2013-5137 : Mackenzie Straight at Mobile Labs
IOKitUser
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious local application could cause an unexpected
system termination
Description: A null pointer dereference existed in IOCatalogue.
The issue was addressed through additional type checking.
CVE-ID
CVE-2013-5138 : Will Estes
IOSerialFamily
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Executing a malicious application may result in arbitrary
code execution within the kernel
Description: An out of bounds array access existed in the
IOSerialFamily driver. This issue was addressed through additional
bounds checking.
CVE-ID
CVE-2013-5139 : @dent1zt
IPSec
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker may intercept data protected with IPSec Hybrid
Auth
Description: The DNS name of an IPSec Hybrid Auth server was not
being matched against the certificate, allowing an attacker with a
certificate for any server to impersonate any other. This issue was
addressed by improved certificate checking.
CVE-ID
CVE-2013-1028 : Alexander Traud of www.traud.de
Kernel
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A remote attacker can cause a device to unexpectedly restart
Description: Sending an invalid packet fragment to a device can
cause a kernel assert to trigger, leading to a device restart. The
issue was addressed through additional validation of packet
fragments.
CVE-ID
CVE-2013-5140 : Joonas Kuorilehto of Codenomicon, an anonymous
researcher working with CERT-FI, Antti LevomAki and Lauri Virtanen
of Vulnerability Analysis Group, Stonesoft
Kernel
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A malicious local application could cause device hang
Description: An integer truncation vulnerability in the kernel
socket interface could be leveraged to force the CPU into an infinite
loop. The issue was addressed by using a larger sized variable.
CVE-ID
CVE-2013-5141 : CESG
Kernel
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker on a local network can cause a denial of service
Description: An attacker on a local network can send specially
crafted IPv6 ICMP packets and cause high CPU load. The issue was
addressed by rate limiting ICMP packets before verifying their
checksum.
CVE-ID
CVE-2011-2391 : Marc Heuse
Kernel
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Kernel stack memory may be disclosed to local users
Description: An information disclosure issue existed in the msgctl
and segctl APIs. This issue was addressed by initializing data
structures returned from the kernel.
CVE-ID
CVE-2013-5142 : Kenzley Alphonse of Kenx Technology, Inc
Kernel
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Unprivileged processes could get access to the contents of
kernel memory which could lead to privilege escalation
Description: An information disclosure issue existed in the
mach_port_space_info API. This issue was addressed by initializing
the iin_collision field in structures returned from the kernel.
CVE-ID
CVE-2013-3953 : Stefan Esser
Kernel
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Unprivileged processes may be able to cause an unexpected
system termination or arbitrary code execution in the kernel
Description: A memory corruption issue existed in the handling of
arguments to the posix_spawn API. This issue was addressed through
additional bounds checking.
CVE-ID
CVE-2013-3954 : Stefan Esser
Kext Management
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An unauthorized process may modify the set of loaded kernel
extensions
Description: An issue existed in kextd's handling of IPC messages
from unauthenticated senders. This issue was addressed by adding
additional authorization checks.
CVE-ID
CVE-2013-5145 : "Rainbow PRISM"
libxml
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted web page may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in libxml.
These issues were addressed by updating libxml to version 2.9.0.
CVE-ID
CVE-2011-3102 : Juri Aedla
CVE-2012-0841
CVE-2012-2807 : Juri Aedla
CVE-2012-5134 : Google Chrome Security Team (Juri Aedla)
libxslt
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Viewing a maliciously crafted web page may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in libxslt.
These issues were addressed by updating libxslt to version 1.1.28.
CVE-ID
CVE-2012-2825 : Nicolas Gregoire
CVE-2012-2870 : Nicolas Gregoire
CVE-2012-2871 : Kai Lu of Fortinet's FortiGuard Labs, Nicolas
Gregoire
Passcode Lock
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to the device may be able to
bypass the screen lock
Description: A race condition issue existed in the handling of phone
calls and SIM card ejection at the lock screen. This issue was
addressed through improved lock state management.
CVE-ID
CVE-2013-5147 : videosdebarraquito
Personal Hotspot
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker may be able to join a Personal Hotspot network
Description: An issue existed in the generation of Personal Hotspot
passwords, resulting in passwords that could be predicted by an
attacker to join a user's Personal Hotspot. The issue was addressed
by generating passwords with higher entropy.
CVE-ID
CVE-2013-4616 : Andreas Kurtz of NESO Security Labs and Daniel Metz
of University Erlangen-Nuremberg
Push Notifications
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: The push notification token may be disclosed to an app
contrary to the user's decision
Description: An information disclosure issue existed in push
notification registration. Apps requesting access to the push
notification access received the token before the user approved the
app's use of push notifications. This issue was addressed by
withholding access to the token until the user has approved access.
CVE-ID
CVE-2013-5149 : Jack Flintermann of Grouper, Inc.
Safari
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue existed in the handling of
XML files. This issue was addressed through additional bounds
checking.
CVE-ID
CVE-2013-1036 : Kai Lu of Fortinet's FortiGuard Labs
Safari
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: History of pages recently visited in an open tab may remain
after clearing of history
Description: Clearing Safari's history did not clear the
back/forward history for open tabs. This issue was addressed by
clearing the back/forward history.
CVE-ID
CVE-2013-5150
Safari
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Viewing files on a website may lead to script execution even
when the server sends a 'Content-Type: text/plain' header
Description: Mobile Safari sometimes treated files as HTML files
even when the server sent a 'Content-Type: text/plain' header. This
may lead to cross-site scripting on sites that allow users to upload
files. This issue was addressed through improved handling of files
when 'Content-Type: text/plain' is set.
CVE-ID
CVE-2013-5151 : Ben Toews of Github
Safari
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a malicious website may allow an arbitrary URL to
be displayed
Description: A URL bar spoofing issue existed in Mobile Safari. This
issue was addressed through improved URL tracking.
CVE-ID
CVE-2013-5152 : Keita Haga of keitahaga.com, Lukasz Pilorz of RBS
Sandbox
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Applications that are scripts were not sandboxed
Description: Third-party applications which used the #! syntax to
run a script were sandboxed based on the identity of the script
interpreter, not the script. The interpreter may not have a sandbox
defined, leading to the application being run unsandboxed. This issue
was addressed by creating the sandbox based on the identity of the
script.
CVE-ID
CVE-2013-5154 : evad3rs
Sandbox
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Applications can cause a system hang
Description: Malicious third-party applications that wrote specific
values to the /dev/random device could force the CPU to enter an
infinite loop. This issue was addressed by preventing third-party
applications from writing to /dev/random.
CVE-ID
CVE-2013-5155 : CESG
Social
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Users recent Twitter activity could be disclosed on devices
with no passcode.
Description: An issue existed where it was possible to determine
what Twitter accounts a user had recently interacted with. This issue
was resolved by restricting access to the Twitter icon cache.
CVE-ID
CVE-2013-5158 : Jonathan Zdziarski
Springboard
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: A person with physical access to a device in Lost Mode may
be able to view notifications
Description: An issue existed in the handling of notifications when
a device is in Lost Mode. This update addresses the issue with
improved lock state management.
CVE-ID
CVE-2013-5153 : Daniel Stangroom
Telephony
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Malicious apps could interfere with or control telephony
functionality
Description: An access control issue existed in the telephony
subsystem. Bypassing supported APIs, sandboxed apps could make
requests directly to a system daemon interfering with or controlling
telephony functionality. This issue was addressed by enforcing access
controls on interfaces exposed by the telephony daemon.
CVE-ID
CVE-2013-5156 : Jin Han of the Institute for Infocomm Research
working with Qiang Yan and Su Mon Kywe of Singapore Management
University; Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke
Lee from the Georgia Institute of Technology
Twitter
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Sandboxed apps could send tweets without user interaction or
permission
Description: An access control issue existed in the Twitter
subsystem. Bypassing supported APIs, sandboxed apps could make
requests directly to a system daemon interfering with or controlling
Twitter functionality. This issue was addressed by enforcing access
controls on interfaces exposed by the Twitter daemon.
CVE-ID
CVE-2013-5157 : Jin Han of the Institute for Infocomm Research
working with Qiang Yan and Su Mon Kywe of Singapore Management
University; Tielei Wang, Kangjie Lu, Long Lu, Simon Chung, and Wenke
Lee from the Georgia Institute of Technology
WebKit
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2013-0879 : Atte Kettunen of OUSPG
CVE-2013-0991 : Jay Civelli of the Chromium development community
CVE-2013-0992 : Google Chrome Security Team (Martin Barbella)
CVE-2013-0993 : Google Chrome Security Team (Inferno)
CVE-2013-0994 : David German of Google
CVE-2013-0995 : Google Chrome Security Team (Inferno)
CVE-2013-0996 : Google Chrome Security Team (Inferno)
CVE-2013-0997 : Vitaliy Toropov working with HP's Zero Day Initiative
CVE-2013-0998 : pa_kt working with HP's Zero Day Initiative
CVE-2013-0999 : pa_kt working with HP's Zero Day Initiative
CVE-2013-1000 : Fermin J. A maliciously
crafted website could use an iframe to determine if another site used
window.webkitRequestAnimationFrame(). This issue was addressed
through improved handling of window.webkitRequestAnimationFrame().
CVE-ID
CVE-2013-5159
WebKit
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Copying and pasting a malicious HTML snippet may lead to a
cross-site scripting attack
Description: A cross-site scripting issue existed in the handling of
copied and pasted data in HTML documents. This issue was addressed
through additional validation of pasted content.
CVE-ID
CVE-2013-0926 : Aditya Gupta, Subho Halder, and Dev Kar of xys3c
(xysec.com)
WebKit
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-site scripting issue existed in the handling of
iframes. This issue was addressed through improved origin tracking.
CVE-ID
CVE-2013-1012 : Subodh Iyengar and Erling Ellingsen of Facebook
WebKit
Available for: iPhone 3GS and later,
iPod touch (4th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to an
information disclosure
Description: An information disclosure issue existed in XSSAuditor.
This issue was addressed through improved handling of URLs.
CVE-ID
CVE-2013-2848 : Egor Homakov
WebKit
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Dragging or pasting a selection may lead to a cross-site
scripting attack
Description: Dragging or pasting a selection from one site to
another may allow scripts contained in the selection to be executed
in the context of the new site. This issue is addressed through
additional validation of content before a paste or a drag and drop
operation.
CVE-ID
CVE-2013-5129 : Mario Heiderich
WebKit
Available for: iPhone 4 and later,
iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may lead to a cross-
site scripting attack
Description: A cross-site scripting issue existed in the handling of
URLs. This issue was addressed through improved origin tracking.
CVE-ID
CVE-2013-5131 : Erling A Ellingsen
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be "7.0".
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJSOe4/AAoJEPefwLHPlZEwToUP/jUGETRBdUjwN/gMmQAtl6zN
0VUMbnsNH51Lhsr15p9EHYJUL97pajT0N1gdd8Q2l+2NHkQzQLJziXgsO6VFOX7e
GoLNvlbyfoE0Ac9dSm9w7yi2lVf8bjGZKmEH0DAXzZD5s0ThiqPZCjTo8rCODMH2
TyQgkYtcXtrAHYaFe0dceWe3Q0ORu24cuFg0xeqX+7QvzK9mSeJWiN8OtimMzDni
5Dvgn7emHiuI6f3huQ25bEXK4gjN+CGwXg2RhQ7fwm9IeBdLnH1qKrFrrMHIhbrK
ibvud5jLS0ltUH+XnfBkoCkBntOO11vYllti8oIGCgaa5NkVkEOKbHy9uh6riGHT
KXYU/LfM8tt8Ax6iknn4mYC2QYbv7OIyzSfu/scWbeawsJb4OMx71oJrROTArgQG
QthFQvFk7NSe5kQlNz+xQHI5LP/ZSHTKdwT69zPIzjWQBOdcZ+4GQvmMsbKIeZeY
I2oIull2C7XYav8B0o+l4WlyEewNCOHQ8znapZnjCRKT/FF/ueG/WO0J4SEWUbQz
Kf24sZtFtm51QekPS3vc1XHacqJLELD8ugtgYC3hh9vUqkLV3UxpLKvI8uoOPUDt
SCV3qSpaxgBQtJWUZPq0MWVTDJKzX4MEB8e1p4jZAggEzfx9AdT0s7XyGm9H/UsR
GowSVGG+cJtvrngVhy3E
=dNVy
-----END PGP SIGNATURE-----
| VAR-201208-0343 | CVE-2012-2870 | Google Chrome Used in libxslt Service disruption in (DoS) Vulnerabilities |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c. (1) libxslt/pattern.c of xsltCompileLocationPathPattern function (2) libxslt/functions.c of xsltGenerateIdFunction function. Google Chrome is prone to multiple security vulnerabilities.
Attackers can exploit these issues to execute arbitrary code in the context of the browser, cause denial-of-service conditions, execute arbitrary script code in the browser of an unsuspecting user or steal cookie-based authentication credentials; other attacks are also possible.
Versions prior to Chrome 21.0.1180.89 are vulnerable. A vulnerability exists in libxslt 1.1.26 and earlier versions using Google Chrome prior to 21.0.1180.89 due to improper memory management. An
attacker with a privileged network position may inject arbitrary
contents. This issue was addressed by using an encrypted HTTPS
connection to retrieve tutorials. ============================================================================
Ubuntu Security Notice USN-1595-1
October 04, 2012
libxslt vulnerabilities
============================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
Applications using libxslt could be made to crash or run programs as your
login if they processed a specially crafted file.
Software Description:
- libxslt: XSLT processing library
Details:
Chris Evans discovered that libxslt incorrectly handled generate-id XPath
functions. If a user or automated system were tricked into processing a
specially crafted XSLT document, a remote attacker could obtain potentially
sensitive information. This issue only affected Ubuntu 8.04 LTS, Ubuntu
10.04 LTS and Ubuntu 11.04. (CVE-2011-1202)
It was discovered that libxslt incorrectly parsed certain patterns. (CVE-2011-3970)
Nicholas Gregoire discovered that libxslt incorrectly handled unexpected
DTD nodes. (CVE-2012-2825)
Nicholas Gregoire discovered that libxslt incorrectly managed memory. (CVE-2012-2870)
Nicholas Gregoire discovered that libxslt incorrectly handled certain
transforms.
(CVE-2012-2871)
Cris Neckar discovered that libxslt incorrectly managed memory. (CVE-2012-2893)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
libxslt1.1 1.1.26-8ubuntu1.2
Ubuntu 11.10:
libxslt1.1 1.1.26-7ubuntu0.1
Ubuntu 11.04:
libxslt1.1 1.1.26-6ubuntu0.1
Ubuntu 10.04 LTS:
libxslt1.1 1.1.26-1ubuntu1.1
Ubuntu 8.04 LTS:
libxslt1.1 1.1.22-1ubuntu1.3
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1595-1
CVE-2011-1202, CVE-2011-3970, CVE-2012-2825, CVE-2012-2870,
CVE-2012-2871, CVE-2012-2893
Package Information:
https://launchpad.net/ubuntu/+source/libxslt/1.1.26-8ubuntu1.2
https://launchpad.net/ubuntu/+source/libxslt/1.1.26-7ubuntu0.1
https://launchpad.net/ubuntu/+source/libxslt/1.1.26-6ubuntu0.1
https://launchpad.net/ubuntu/+source/libxslt/1.1.26-1ubuntu1.1
https://launchpad.net/ubuntu/+source/libxslt/1.1.22-1ubuntu1.3
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2013:047
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : libxslt
Date : April 5, 2013
Affected: Business Server 1.0
_______________________________________________________________________
Problem Description:
A vulnerability has been discovered and corrected in libxslt:
The XSL implementation in libxslt allows remote attackers to cause a
denial of service (incorrect read operation) via unspecified vectors
(CVE-2012-2825).
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2870
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2871
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2893
_______________________________________________________________________
Updated Packages:
Mandriva Business Server 1/X86_64:
6dd46f422fb2826ec50a583deff25ea2 mbs1/x86_64/lib64xslt1-1.1.26-6.20120127.2.mbs1.x86_64.rpm
97dbebeb234859c9fb70b42221d0e01c mbs1/x86_64/lib64xslt-devel-1.1.26-6.20120127.2.mbs1.x86_64.rpm
d89b5da4a9297a89975734dd7642200b mbs1/x86_64/python-libxslt-1.1.26-6.20120127.2.mbs1.x86_64.rpm
9f73eb409a80608836f86a2c3e2d3be9 mbs1/x86_64/xsltproc-1.1.26-6.20120127.2.mbs1.x86_64.rpm
95136df2e944a787dc25d07a364f2729 mbs1/SRPMS/libxslt-1.1.26-6.20120127.2.mbs1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201401-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: libxslt: Denial of Service
Date: January 10, 2014
Bugs: #433603, #436284, #463236, #496114
ID: 201401-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple Denial of Service vulnerabilities have been found in libxslt.
Background
==========
libxslt is the XSLT C library developed for the GNOME project. XSLT is
an XML language to define transformations for XML.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-libs/libxslt < 1.1.28 >= 1.1.28
Description
===========
Multiple vulnerabilities have been found in libxslt:
* Multiple errors exist in pattern.c and functions.c (CVE-2012-2870,
CVE-2012-6139).
* A double-free error exists in templates.c (CVE-2012-2893).
* A NULL pointer dereference in keys.c (CVE-2012-6139).
* An error in handling stylesheets containing DTDs (CVE-2013-4520).
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All libxslt users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/libxslt-1.1.28"
Packages which depend on this library may need to be recompiled. Tools
such as revdep-rebuild may assist in identifying some of these
packages.
References
==========
[ 1 ] CVE-2012-2870
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2870
[ 2 ] CVE-2012-2893
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2893
[ 3 ] CVE-2012-6139
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6139
[ 4 ] CVE-2013-4520
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4520
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201401-07.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
.
For the stable distribution (squeeze), these problems have been fixed in
version 1.1.26-6+squeeze2.
For the unstable distribution (sid), these problems have been fixed in
version 1.1.26-14.
We recommend that you upgrade your libxslt packages. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2013-09-20-1 Apple TV 6.0
Apple TV 6.0 is now available and addresses the following:
Apple TV
Available for: Apple TV 2nd generation and later
Impact: Viewing a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of JBIG2
encoded data in PDF files. This issue was addressed through
additional bounds checking.
CVE-ID
CVE-2013-1025 : Felix Groebert of the Google Security Team
Apple TV
Available for: Apple TV 2nd generation and later
Impact: Playing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of Sorenson
encoded movie files. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2013-1019 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft)
working with HP's Zero Day Initiative
Apple TV
Available for: Apple TV 2nd generation and later
Impact: An attacker with a privileged network position may intercept
user credentials or other sensitive information
Description: TrustWave, a trusted root CA, has issued, and
subsequently revoked, a sub-CA certificate from one of its trusted
anchors. This sub-CA facilitated the interception of communications
secured by Transport Layer Security (TLS). This update added the
involved sub-CA certificate to OS X's list of untrusted certificates.
CVE-ID
CVE-2013-5134
Apple TV
Available for: Apple TV 2nd generation and later
Impact: An attacker who has arbitrary code execution on a device may
be able to persist code execution across reboots
Description: Multiple buffer overflows existed in dyld's
openSharedCacheFile() function. These issues were addressed through
improved bounds checking.
CVE-ID
CVE-2013-3950 : Stefan Esser
Apple TV
Available for: Apple TV 2nd generation and later
Impact: Viewing a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description: A buffer overflow existed in the handling of JPEG2000
encoded data in PDF files. This issue was addressed through
additional bounds checking.
CVE-ID
CVE-2013-1026 : Felix Groebert of the Google Security Team
Apple TV
Available for: Apple TV 2nd generation and later
Impact: A malicious local application could cause an unexpected
system termination
Description: A null pointer dereference existed in IOCatalogue.
The issue was addressed through additional type checking.
CVE-ID
CVE-2013-5138 : Will Estes
Apple TV
Available for: Apple TV 2nd generation and later
Impact: Executing a malicious application may result in arbitrary
code execution within the kernel
Description: An out of bounds array access existed in the
IOSerialFamily driver. This issue was addressed through additional
bounds checking.
CVE-ID
CVE-2013-5139 : @dent1zt
Apple TV
Available for: Apple TV 2nd generation and later
Impact: A remote attacker can cause a device to unexpectedly restart
Description: Sending an invalid packet fragment to a device can
cause a kernel assert to trigger, leading to a device restart. The
issue was addressed through additional validation of packet
fragments.
CVE-ID
CVE-2013-5140 : Joonas Kuorilehto of Codenomicon, an anonymous
researcher working with CERT-FI, Antti LevomAki and Lauri Virtanen
of Vulnerability Analysis Group, Stonesoft
Apple TV
Available for: Apple TV 2nd generation and later
Impact: An attacker on a local network can cause a denial of service
Description: An attacker on a local network can send specially
crafted IPv6 ICMP packets and cause high CPU load. The issue was
addressed by rate limiting ICMP packets before verifying their
checksum.
CVE-ID
CVE-2011-2391 : Marc Heuse
Apple TV
Available for: Apple TV 2nd generation and later
Impact: Kernel stack memory may be disclosed to local users
Description: An information disclosure issue existed in the msgctl
and segctl APIs. This issue was addressed by initializing data
structures returned from the kernel.
CVE-ID
CVE-2013-5142 : Kenzley Alphonse of Kenx Technology, Inc
Apple TV
Available for: Apple TV 2nd generation and later
Impact: Unprivileged processes could get access to the contents of
kernel memory which could lead to privilege escalation
Description: An information disclosure issue existed in the
mach_port_space_info API. This issue was addressed by initializing
the iin_collision field in structures returned from the kernel.
CVE-ID
CVE-2013-3953 : Stefan Esser
Apple TV
Available for: Apple TV 2nd generation and later
Impact: Unprivileged processes may be able to cause an unexpected
system termination or arbitrary code execution in the kernel
Description: A memory corruption issue existed in the handling of
arguments to the posix_spawn API. This issue was addressed through
additional bounds checking.
CVE-ID
CVE-2013-3954 : Stefan Esser
Apple TV
Available for: Apple TV 2nd generation and later
Impact: An unauthorized process may modify the set of loaded kernel
extensions
Description: An issue existed in kextd's handling of IPC messages
from unauthenticated senders. This issue was addressed by adding
additional authorization checks.
CVE-ID
CVE-2013-5145 : "Rainbow PRISM"
Apple TV
Available for: Apple TV 2nd generation and later
Impact: Viewing a maliciously crafted web page may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in libxml.
These issues were addressed by updating libxml to version 2.9.0.
CVE-ID
CVE-2011-3102 : Juri Aedla
CVE-2012-0841
CVE-2012-2807 : Juri Aedla
CVE-2012-5134 : Google Chrome Security Team (Juri Aedla)
Apple TV
Available for: Apple TV 2nd generation and later
Impact: Viewing a maliciously crafted web page may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in libxslt.
These issues were addressed by updating libxslt to version 1.1.28.
CVE-ID
CVE-2012-2825 : Nicolas Gregoire
CVE-2012-2870 : Nicolas Gregoire
CVE-2012-2871 : Kai Lu of Fortinet's FortiGuard Labs, Nicolas
Gregoire
Apple TV
Available for: Apple TV 2nd generation and later
Impact: Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2013-0879 : Atte Kettunen of OUSPG
CVE-2013-0991 : Jay Civelli of the Chromium development community
CVE-2013-0992 : Google Chrome Security Team (Martin Barbella)
CVE-2013-0993 : Google Chrome Security Team (Inferno)
CVE-2013-0994 : David German of Google
CVE-2013-0995 : Google Chrome Security Team (Inferno)
CVE-2013-0996 : Google Chrome Security Team (Inferno)
CVE-2013-0997 : Vitaliy Toropov working with HP's Zero Day Initiative
CVE-2013-0998 : pa_kt working with HP's Zero Day Initiative
CVE-2013-0999 : pa_kt working with HP's Zero Day Initiative
CVE-2013-1000 : Fermin J. Alternatively,
you may manually check for software updates by selecting
"Settings -> General -> Update Software".
To check the current version of software, select
"Settings -> General -> About".
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJSPKFKAAoJEPefwLHPlZEwbNcP/352LQ8RLNL4kdQN7HkNV4lE
F4r9LGM+SUyUHaXO/mUDGZxodhsLYdEVPZ9gYAkecbxqYBRw8vHiXtRHIwMdl92I
OWIAtr5Zbd55Dv9hH7SvC9ji4bA+I+8AScVZkkXIresh8fRlkID/KxM9Z8ImgVpz
b3pmFAfI35VaEdsefjX32f9p9SAEq58qi+59LVVjwnMu1/29zbvQlVatYz5+ISaz
LiBIV8zCpeDiaa3M+VmHQFR8CRjlDHinEs55wlFsKITQ29iABAO4hHQJg5+djPwo
tWZo6nVEuMhbwTL9xHKFriwmsio17Ky/qdJu1+c6nBfz/Wu2SqqtgwQTJXgOEU6N
G7N3bvLpaTE7rtPRmeFrXg79wfKVGgwu1OwYvTDnMQ7VcI9Oal2akSBDzEMHXHVN
wvUDbXAU2Ya+Ii46kgm5Xbbhr4yw2ckbuY7/b4w7S1iPFLGgk29vQK0wazF8yj/E
yoPLWgTUgQLwWldvxHX/XcOTSXAlf2tOvWz257DMqoqT8brQ6a5CjAvTDHRRRFau
pOkzb3hV/C4Rx/8L+O/NVYLH4RmWhyjqfzKLvIYGTM1w8AoBKqvNcUitlwDMQTyw
d9dhdaD6WbqOh9SC4qj3Nr6LijRr4Elgp+HUBlBmvnanS26zUsynXRYy1bvnJ3Po
Xp07MGtHmSPNt4ShV2XP
=G8s7
-----END PGP SIGNATURE-----
| VAR-201208-0619 | CVE-2012-2186 | plural Asterisk Product of main/manager.c Vulnerable to arbitrary command execution |
CVSS V2: 9.0 CVSS V3: - Severity: HIGH |
Incomplete blacklist vulnerability in main/manager.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert6, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 allows remote authenticated users to execute arbitrary commands by leveraging originate privileges and providing an ExternalIVR value in an AMI Originate action. Asterisk is prone to a security-bypass vulnerability that affects the manager interface.
An attacker can exploit this issue to bypass certain security restrictions and execute shell commands within the context of the affected application. Asterisk Project Security Advisory - AST-2012-012
Product Asterisk
Summary Asterisk Manager User Unauthorized Shell Access
Nature of Advisory Permission Escalation
Susceptibility Remote Authenticated Sessions
Severity Minor
Exploits Known No
Reported On July 13, 2012
Reported By Zubair Ashraf of IBM X-Force Research
Posted On August 30, 2012
Last Updated On August 30, 2012
Advisory Contact Matt Jordan < mjordan AT digium DOT com >
CVE Name CVE-2012-2186
Description The AMI Originate action can allow a remote user to specify
information that can be used to execute shell commands on
the system hosting Asterisk. This can result in an unwanted
escalation of permissions, as the Originate action, which
requires the "originate" class authorization, can be used
to perform actions that would typically require the
"system" class authorization. Previous attempts to prevent
this permission escalation (AST-2011-006, AST-2012-004)
have sought to do so by inspecting the names of
applications and functions passed in with the Originate
action and, if those applications/functions matched a
predefined set of values, rejecting the command if the user
lacked the "system" class authorization. As reported by IBM
X-Force Research, the "ExternalIVR" application is not
listed in the predefined set of values. The solution for
this particular vulnerability is to include the
"ExternalIVR" application in the set of defined
applications/functions that require "system" class
authorization.
Unfortunately, the approach of inspecting fields in the
Originate action against known applications/functions has a
significant flaw. The predefined set of values can be
bypassed by creative use of the Originate action or by
certain dialplan configurations, which is beyond the
ability of Asterisk to analyze at run-time. Attempting to
work around these scenarios would result in severely
restricting the applications or functions and prevent their
usage for legitimate means. As such, any additional
security vulnerabilities, where an application/function
that would normally require the "system" class
authorization can be executed by users with the "originate"
class authorization, will not be addressed. Proper system configuration can limit the impact
of such scenarios.
The next release of each version of Asterisk will contain,
in addition to the fix for the "ExternalIVR" application,
an updated README-SERIOUSLY.bestpractices.txt file.
Resolution Asterisk now checks for the "ExternalIVR" application when
processing the Originate action.
Additionally, the README-SERIOUSLY.bestpractices.txt file
has been updated. It is highly recommended that, if AMI is
utilized with accounts that have the "originate" class
authorization, Asterisk is run under a defined user that
does not have root permissions. Accounts with the
"originate" class authorization should be treated in a
similar manner to those with the "system" class
authorization. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201209-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Asterisk: Multiple vulnerabilities
Date: September 26, 2012
Bugs: #425050, #433750
ID: 201209-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Asterisk, the worst of
which may allow execution of arbitrary code.
Background
==========
Asterisk is an open source telephony engine and toolkit.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/asterisk < 1.8.15.1 >= 1.8.15.1
Description
===========
Multiple vulnerabilities have been found in Asterisk:
* An error in manager.c allows shell access (CVE-2012-2186).
* An error in Asterisk could cause all RTP ports to be exhausted
(CVE-2012-3812).
* A double-free error could occur when two parties attempt to
manipulate the same voicemail account simultaneously (CVE-2012-3863).
* Asterisk does not properly implement certain ACL rules
(CVE-2012-4737).
Impact
======
A remote, authenticated attacker could execute arbitrary code with the
privileges of the process, cause a Denial of Service condition, or
bypass outbound call restrictions.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Asterisk users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.8.15.1"
References
==========
[ 1 ] CVE-2012-2186
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2186
[ 2 ] CVE-2012-3812
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3812
[ 3 ] CVE-2012-3863
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3863
[ 4 ] CVE-2012-4737
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4737
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201209-15.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2550-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
September 18, 2012 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : asterisk
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-2186 CVE-2012-3812 CVE-2012-3863 CVE-2012-4737
Several vulnerabilities were discovered in Asterisk, a PBX and telephony
toolkit, allowing privilege escalation in the Asterisk Manager, denial of
service or privilege escalation.
More detailed information can be found in the Asterisk advisories:
http://downloads.asterisk.org/pub/security/AST-2012-010.html
http://downloads.asterisk.org/pub/security/AST-2012-011.html
http://downloads.asterisk.org/pub/security/AST-2012-012.html
http://downloads.asterisk.org/pub/security/AST-2012-013.html
For the stable distribution (squeeze), these problems have been fixed in
version 1:1.6.2.9-2+squeeze7.
For the testing distribution (wheezy) and the unstable distribution (sid),
these problems have been fixed in version 1:1.8.13.1~dfsg-1.
We recommend that you upgrade your asterisk packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlBYrLoACgkQXm3vHE4uylqDBgCfTQnp2Z1XZSgJkg1L84SDPnjK
muwAoOINdMCYMfcEc8spGQ7wrCWPKGaR
=FRM+
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released.
Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
----------------------------------------------------------------------
TITLE:
Debian update for asterisk
SECUNIA ADVISORY ID:
SA50687
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50687/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50687
RELEASE DATE:
2012-09-19
DISCUSS ADVISORY:
http://secunia.com/advisories/50687/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50687/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50687
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Debian has issued an update for asterisk.
For more information:
SA49814
SA50456
SOLUTION:
Apply updated packages via the apt-get package manager.
ORIGINAL ADVISORY:
DSA-2550-1:
http://www.debian.org/security/2012/dsa-2550
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0292 | CVE-2012-4681 |
Oracle Java 7 Vulnerability to
Related entries in the VARIoT exploits database: VAR-E-201003-0011, VAR-E-201110-0793 |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using "reflection with a trusted immediate caller" to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class. Oracle Provided by Java 7 Any OS A vulnerability exists that allows the command to be executed. Oracle Provided by Java 7 Is Java Any sandbox is avoided OS A vulnerability exists that allows the command to be executed. Attack code using this vulnerability has been released and attacks have been observed.Crafted Java By opening a web page with an applet embedded, OS The command may be executed.
An attacker can exploit the issue to execute arbitrary code in the context of the current user. Oracle Java SE is prone to a weakness in the Java Runtime Environment.
The issue can be exploited over multiple protocols and affects the 'AWT' sub-component.
Note: The flaw cannot be exploited directly but is dependent on any other security vulnerability that can be directly executed first.
This issue affects the following supported versions:
7 Update 6 and before, 6 Update 34 and before. An additional five fixes that had been
previously planned for delivery are in this update. This
distribution therefore completes the content for all originally
planned fixes to be included in the Java SE Critical Patch Update
for February 2013.
Both Java applets delivered via web browsers and stand-alone Java
applications are affected, however web browsers using the Java
plug-in are at particularly high risk.
The Java plug-in, the Java Deployment Toolkit plug-in, and Java Web
Start can be used as attack vectors. An attacker could use social
engineering techniques to entice a user to visit a link to a
website hosting a malicious Java applet. An attacker could also
compromise a legitimate website and upload a malicious Java applet
(a "drive-by download" attack).
Reports indicate that at least one of these vulnerabilities is
being actively exploited.
Impact
By convincing a user to load a malicious Java applet or Java
Network Launching Protocol (JNLP) file, an attacker could execute
arbitrary code on a vulnerable system with the privileges of the
Java plug-in process.
Stand-alone java applications may also be affected.
Disable Java in web browsers
These and previous Java vulnerabilities have been widely targeted
by attackers, and new Java vulnerabilities are likely to be
discovered. To defend against this and future Java vulnerabilities,
consider disabling Java in web browsers until adequate updates have
been installed. As with any software, unnecessary features should
be disabled or removed as appropriate for your environment.
Starting with Java 7 Update 10, it is possible to disable Java
content in web browsers through the Java control panel applet. From
Setting the Security Level of the Java Client:
For installations where the highest level of security is required,
it is possible to entirely prevent any Java apps (signed or
unsigned) from running in a browser by de-selecting Enable Java
content in the browser in the Java Control Panel under the Security
tab.
Restrict access to Java applets
Network administrators unable to disable Java in web browsers may
be able to help mitigate these and other Java vulnerabilities by
restricting access to Java applets using a web proxy. Most web
proxies have features that can be used to block or whitelist
requests for .jar and .class files based on network location.
Filtering requests that contain a Java User-Agent header may also
be effective. For environments where Java is required on the local
intranet, the proxy can be configured to allow access to Java
applets hosted locally, but block access to Java applets on the
internet.
References
* Oracle Java SE Critical Patch Update Advisory Update - February
2013
<http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html>
* Setting the Security Level of the Java Client
<http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/client-security.html>
* The Security Manager
<http://docs.oracle.com/javase/tutorial/essential/environment/security.html>
* How to disable the Java web plug-in in Safari
<https://support.apple.com/kb/HT5241>
* How to turn off Java applets
<https://support.mozilla.org/en-US/kb/How%20to%20turn%20off%20Java%20applets>
* NoScript
<http://noscript.net/>
* Securing Your Web Browser
<https://www.us-cert.gov/reading_room/securing_browser/#Safari>
* Vulnerability Note VU#636312
<http://www.kb.cert.org/vuls/id/636312#solution>
Revision History
February 20, 2013: Initial release
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA13-051A Feedback " in
the subject.
____________________________________________________________________
Produced by US-CERT, a government organization.
(CVE-2012-0547)
This erratum also upgrades the OpenJDK package to IcedTea6 1.10.9. Refer to
the NEWS file, linked to in the References, for further information. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03533078
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03533078
Version: 1
HPSBUX02824 SSRT100970 rev.1 - HP-UX Running Java, Remote Execution of
Arbitrary Code, and Other Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
References: CVE-2012-0574, CVE-2012-1682, CVE-2012-3136, CVE-2012-4681
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.23, and B.11.31 running HP JDK and JRE v7.0.02 and earlier
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2012-0574 (AV:N/AC:L/Au:N/C:N/I:N/A:N) 0.0
CVE-2012-1682 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2012-3136 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2012-4681 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following Java version upgrade to resolve these
vulnerabilities.
The upgrade is available from the following location
http://www.hp.com/go/java
HP-UX B.11.23, B.11.31
JDK and JRE v7.0.03 or subsequent
MANUAL ACTIONS: Yes - Update
For Java v7.0 update to Java v7.0.03 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application
that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins
issued by HP and lists recommended actions that may apply to a specific HP-UX
system. It can also download patches and create a depot automatically. For
more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.23
HP-UX B.11.31
===========
Jdk70.JDK70
Jdk70.JDK70-COM
Jdk70.JDK70-DEMO
Jdk70.JDK70-IPF32
Jdk70.JDK70-IPF64
Jre70.JRE70
Jre70.JRE70-COM
Jre70.JRE70-IPF32
Jre70.JRE70-IPF32-HS
Jre70.JRE70-IPF64
Jre70.JRE70-IPF64-HS
action: install revision 1.7.0.03.00 or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) - 18 October 2012 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated
periodically, is contained in HP Security Notice HPSN-2011-001:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits;damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201401-30
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Oracle JRE/JDK: Multiple vulnerabilities
Date: January 27, 2014
Bugs: #404071, #421073, #433094, #438706, #451206, #455174,
#458444, #460360, #466212, #473830, #473980, #488210, #498148
ID: 201401-30
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in the Oracle JRE/JDK,
allowing attackers to cause unspecified impact.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/sun-jdk <= 1.6.0.45 Vulnerable!
2 dev-java/oracle-jdk-bin < 1.7.0.51 >= 1.7.0.51 *
3 dev-java/sun-jre-bin <= 1.6.0.45 Vulnerable!
4 dev-java/oracle-jre-bin < 1.7.0.51 >= 1.7.0.51 *
5 app-emulation/emul-linux-x86-java
< 1.7.0.51 >= 1.7.0.51 *
-------------------------------------------------------------------
NOTE: Certain packages are still vulnerable. Users should migrate
to another package if one is available or wait for the
existing packages to be marked stable by their
architecture maintainers.
-------------------------------------------------------------------
NOTE: Packages marked with asterisks require manual intervention!
-------------------------------------------------------------------
5 affected packages
Description
===========
Multiple vulnerabilities have been reported in the Oracle Java
implementation. Please review the CVE identifiers referenced below for
details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Oracle JDK 1.7 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.7.0.51"
All Oracle JRE 1.7 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.7.0.51"
All users of the precompiled 32-bit Oracle JRE should upgrade to the
latest version:
# emerge --sync
# emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.7.0.51"
All Sun Microsystems JDK/JRE 1.6 users are suggested to upgrade to one
of the newer Oracle packages like dev-java/oracle-jdk-bin or
dev-java/oracle-jre-bin or choose another alternative we provide; eg.
the IBM JDK/JRE or the open source IcedTea.
NOTE: As Oracle has revoked the DLJ license for its Java
implementation, the packages can no longer be updated automatically.
References
==========
[ 1 ] CVE-2011-3563
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563
[ 2 ] CVE-2011-5035
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035
[ 3 ] CVE-2012-0497
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497
[ 4 ] CVE-2012-0498
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0498
[ 5 ] CVE-2012-0499
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0499
[ 6 ] CVE-2012-0500
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0500
[ 7 ] CVE-2012-0501
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501
[ 8 ] CVE-2012-0502
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502
[ 9 ] CVE-2012-0503
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503
[ 10 ] CVE-2012-0504
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0504
[ 11 ] CVE-2012-0505
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505
[ 12 ] CVE-2012-0506
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506
[ 13 ] CVE-2012-0507
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0507
[ 14 ] CVE-2012-0547
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547
[ 15 ] CVE-2012-1531
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1531
[ 16 ] CVE-2012-1532
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1532
[ 17 ] CVE-2012-1533
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1533
[ 18 ] CVE-2012-1541
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1541
[ 19 ] CVE-2012-1682
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1682
[ 20 ] CVE-2012-1711
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711
[ 21 ] CVE-2012-1713
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713
[ 22 ] CVE-2012-1716
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716
[ 23 ] CVE-2012-1717
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717
[ 24 ] CVE-2012-1718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718
[ 25 ] CVE-2012-1719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719
[ 26 ] CVE-2012-1721
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1721
[ 27 ] CVE-2012-1722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1722
[ 28 ] CVE-2012-1723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723
[ 29 ] CVE-2012-1724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724
[ 30 ] CVE-2012-1725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725
[ 31 ] CVE-2012-1726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726
[ 32 ] CVE-2012-3136
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3136
[ 33 ] CVE-2012-3143
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3143
[ 34 ] CVE-2012-3159
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3159
[ 35 ] CVE-2012-3174
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3174
[ 36 ] CVE-2012-3213
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3213
[ 37 ] CVE-2012-3216
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216
[ 38 ] CVE-2012-3342
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3342
[ 39 ] CVE-2012-4416
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416
[ 40 ] CVE-2012-4681
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4681
[ 41 ] CVE-2012-5067
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5067
[ 42 ] CVE-2012-5068
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068
[ 43 ] CVE-2012-5069
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069
[ 44 ] CVE-2012-5070
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070
[ 45 ] CVE-2012-5071
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071
[ 46 ] CVE-2012-5072
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072
[ 47 ] CVE-2012-5073
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073
[ 48 ] CVE-2012-5074
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074
[ 49 ] CVE-2012-5075
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075
[ 50 ] CVE-2012-5076
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076
[ 51 ] CVE-2012-5077
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077
[ 52 ] CVE-2012-5079
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5079
[ 53 ] CVE-2012-5081
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081
[ 54 ] CVE-2012-5083
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5083
[ 55 ] CVE-2012-5084
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084
[ 56 ] CVE-2012-5085
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085
[ 57 ] CVE-2012-5086
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086
[ 58 ] CVE-2012-5087
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087
[ 59 ] CVE-2012-5088
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5088
[ 60 ] CVE-2012-5089
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089
[ 61 ] CVE-2013-0169
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169
[ 62 ] CVE-2013-0351
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0351
[ 63 ] CVE-2013-0401
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401
[ 64 ] CVE-2013-0402
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0402
[ 65 ] CVE-2013-0409
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0409
[ 66 ] CVE-2013-0419
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0419
[ 67 ] CVE-2013-0422
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0422
[ 68 ] CVE-2013-0423
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0423
[ 69 ] CVE-2013-0430
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0430
[ 70 ] CVE-2013-0437
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0437
[ 71 ] CVE-2013-0438
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0438
[ 72 ] CVE-2013-0445
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0445
[ 73 ] CVE-2013-0446
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0446
[ 74 ] CVE-2013-0448
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0448
[ 75 ] CVE-2013-0449
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0449
[ 76 ] CVE-2013-0809
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809
[ 77 ] CVE-2013-1473
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1473
[ 78 ] CVE-2013-1479
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1479
[ 79 ] CVE-2013-1481
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1481
[ 80 ] CVE-2013-1484
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484
[ 81 ] CVE-2013-1485
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485
[ 82 ] CVE-2013-1486
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486
[ 83 ] CVE-2013-1487
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1487
[ 84 ] CVE-2013-1488
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488
[ 85 ] CVE-2013-1491
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1491
[ 86 ] CVE-2013-1493
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493
[ 87 ] CVE-2013-1500
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500
[ 88 ] CVE-2013-1518
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518
[ 89 ] CVE-2013-1537
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537
[ 90 ] CVE-2013-1540
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1540
[ 91 ] CVE-2013-1557
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557
[ 92 ] CVE-2013-1558
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1558
[ 93 ] CVE-2013-1561
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1561
[ 94 ] CVE-2013-1563
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1563
[ 95 ] CVE-2013-1564
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1564
[ 96 ] CVE-2013-1569
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569
[ 97 ] CVE-2013-1571
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571
[ 98 ] CVE-2013-2383
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383
[ 99 ] CVE-2013-2384
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384
[ 100 ] CVE-2013-2394
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2394
[ 101 ] CVE-2013-2400
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2400
[ 102 ] CVE-2013-2407
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407
[ 103 ] CVE-2013-2412
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412
[ 104 ] CVE-2013-2414
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2414
[ 105 ] CVE-2013-2415
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415
[ 106 ] CVE-2013-2416
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2416
[ 107 ] CVE-2013-2417
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417
[ 108 ] CVE-2013-2418
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2418
[ 109 ] CVE-2013-2419
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419
[ 110 ] CVE-2013-2420
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420
[ 111 ] CVE-2013-2421
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421
[ 112 ] CVE-2013-2422
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422
[ 113 ] CVE-2013-2423
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423
[ 114 ] CVE-2013-2424
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424
[ 115 ] CVE-2013-2425
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2425
[ 116 ] CVE-2013-2426
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426
[ 117 ] CVE-2013-2427
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2427
[ 118 ] CVE-2013-2428
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2428
[ 119 ] CVE-2013-2429
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429
[ 120 ] CVE-2013-2430
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430
[ 121 ] CVE-2013-2431
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431
[ 122 ] CVE-2013-2432
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2432
[ 123 ] CVE-2013-2433
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2433
[ 124 ] CVE-2013-2434
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2434
[ 125 ] CVE-2013-2435
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2435
[ 126 ] CVE-2013-2436
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436
[ 127 ] CVE-2013-2437
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2437
[ 128 ] CVE-2013-2438
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2438
[ 129 ] CVE-2013-2439
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2439
[ 130 ] CVE-2013-2440
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2440
[ 131 ] CVE-2013-2442
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2442
[ 132 ] CVE-2013-2443
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443
[ 133 ] CVE-2013-2444
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444
[ 134 ] CVE-2013-2445
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445
[ 135 ] CVE-2013-2446
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446
[ 136 ] CVE-2013-2447
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447
[ 137 ] CVE-2013-2448
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448
[ 138 ] CVE-2013-2449
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449
[ 139 ] CVE-2013-2450
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450
[ 140 ] CVE-2013-2451
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451
[ 141 ] CVE-2013-2452
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452
[ 142 ] CVE-2013-2453
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453
[ 143 ] CVE-2013-2454
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454
[ 144 ] CVE-2013-2455
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455
[ 145 ] CVE-2013-2456
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456
[ 146 ] CVE-2013-2457
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457
[ 147 ] CVE-2013-2458
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458
[ 148 ] CVE-2013-2459
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459
[ 149 ] CVE-2013-2460
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460
[ 150 ] CVE-2013-2461
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461
[ 151 ] CVE-2013-2462
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2462
[ 152 ] CVE-2013-2463
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463
[ 153 ] CVE-2013-2464
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2464
[ 154 ] CVE-2013-2465
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465
[ 155 ] CVE-2013-2466
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2466
[ 156 ] CVE-2013-2467
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2467
[ 157 ] CVE-2013-2468
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2468
[ 158 ] CVE-2013-2469
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469
[ 159 ] CVE-2013-2470
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470
[ 160 ] CVE-2013-2471
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471
[ 161 ] CVE-2013-2472
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472
[ 162 ] CVE-2013-2473
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473
[ 163 ] CVE-2013-3743
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3743
[ 164 ] CVE-2013-3744
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3744
[ 165 ] CVE-2013-3829
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829
[ 166 ] CVE-2013-5772
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772
[ 167 ] CVE-2013-5774
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774
[ 168 ] CVE-2013-5775
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5775
[ 169 ] CVE-2013-5776
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5776
[ 170 ] CVE-2013-5777
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5777
[ 171 ] CVE-2013-5778
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778
[ 172 ] CVE-2013-5780
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780
[ 173 ] CVE-2013-5782
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782
[ 174 ] CVE-2013-5783
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783
[ 175 ] CVE-2013-5784
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784
[ 176 ] CVE-2013-5787
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5787
[ 177 ] CVE-2013-5788
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5788
[ 178 ] CVE-2013-5789
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5789
[ 179 ] CVE-2013-5790
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790
[ 180 ] CVE-2013-5797
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797
[ 181 ] CVE-2013-5800
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800
[ 182 ] CVE-2013-5801
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5801
[ 183 ] CVE-2013-5802
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802
[ 184 ] CVE-2013-5803
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803
[ 185 ] CVE-2013-5804
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804
[ 186 ] CVE-2013-5805
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805
[ 187 ] CVE-2013-5806
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806
[ 188 ] CVE-2013-5809
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809
[ 189 ] CVE-2013-5810
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5810
[ 190 ] CVE-2013-5812
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5812
[ 191 ] CVE-2013-5814
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814
[ 192 ] CVE-2013-5817
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817
[ 193 ] CVE-2013-5818
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5818
[ 194 ] CVE-2013-5819
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5819
[ 195 ] CVE-2013-5820
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820
[ 196 ] CVE-2013-5823
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823
[ 197 ] CVE-2013-5824
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5824
[ 198 ] CVE-2013-5825
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825
[ 199 ] CVE-2013-5829
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829
[ 200 ] CVE-2013-5830
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830
[ 201 ] CVE-2013-5831
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5831
[ 202 ] CVE-2013-5832
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5832
[ 203 ] CVE-2013-5838
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5838
[ 204 ] CVE-2013-5840
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840
[ 205 ] CVE-2013-5842
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842
[ 206 ] CVE-2013-5843
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5843
[ 207 ] CVE-2013-5844
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5844
[ 208 ] CVE-2013-5846
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5846
[ 209 ] CVE-2013-5848
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5848
[ 210 ] CVE-2013-5849
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849
[ 211 ] CVE-2013-5850
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850
[ 212 ] CVE-2013-5851
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851
[ 213 ] CVE-2013-5852
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5852
[ 214 ] CVE-2013-5854
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5854
[ 215 ] CVE-2013-5870
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5870
[ 216 ] CVE-2013-5878
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5878
[ 217 ] CVE-2013-5887
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5887
[ 218 ] CVE-2013-5888
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5888
[ 219 ] CVE-2013-5889
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5889
[ 220 ] CVE-2013-5893
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5893
[ 221 ] CVE-2013-5895
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5895
[ 222 ] CVE-2013-5896
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5896
[ 223 ] CVE-2013-5898
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5898
[ 224 ] CVE-2013-5899
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5899
[ 225 ] CVE-2013-5902
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5902
[ 226 ] CVE-2013-5904
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5904
[ 227 ] CVE-2013-5905
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5905
[ 228 ] CVE-2013-5906
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5906
[ 229 ] CVE-2013-5907
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5907
[ 230 ] CVE-2013-5910
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5910
[ 231 ] CVE-2014-0368
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0368
[ 232 ] CVE-2014-0373
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0373
[ 233 ] CVE-2014-0375
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0375
[ 234 ] CVE-2014-0376
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0376
[ 235 ] CVE-2014-0382
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0382
[ 236 ] CVE-2014-0385
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0385
[ 237 ] CVE-2014-0387
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0387
[ 238 ] CVE-2014-0403
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0403
[ 239 ] CVE-2014-0408
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0408
[ 240 ] CVE-2014-0410
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0410
[ 241 ] CVE-2014-0411
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0411
[ 242 ] CVE-2014-0415
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0415
[ 243 ] CVE-2014-0416
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0416
[ 244 ] CVE-2014-0417
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0417
[ 245 ] CVE-2014-0418
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0418
[ 246 ] CVE-2014-0422
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0422
[ 247 ] CVE-2014-0423
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0423
[ 248 ] CVE-2014-0424
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0424
[ 249 ] CVE-2014-0428
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0428
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201401-30.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Important: java-1.7.0-openjdk security update
Advisory ID: RHSA-2012:1223-01
Product: Red Hat Enterprise Linux
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1223.html
Issue date: 2012-09-03
CVE Names: CVE-2012-0547 CVE-2012-1682 CVE-2012-3136
CVE-2012-4681
=====================================================================
1. Summary:
Updated java-1.7.0-openjdk packages that fix several security issues are
now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch, x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64
3. Description:
These packages provide the OpenJDK 7 Java Runtime Environment and the
OpenJDK 7 Software Development Kit.
Multiple improper permission check issues were discovered in the Beans
component in OpenJDK. An untrusted Java application or applet could use
these flaws to bypass Java sandbox restrictions. (CVE-2012-4681,
CVE-2012-1682, CVE-2012-3136)
A hardening fix was applied to the AWT component in OpenJDK, removing
functionality from the restricted SunToolkit class that was used in
combination with other flaws to bypass Java sandbox restrictions.
(CVE-2012-0547)
All users of java-1.7.0-openjdk are advised to upgrade to these updated
packages, which resolve these issues. All running instances of OpenJDK Java
must be restarted for the update to take effect.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
852051 - CVE-2012-4681 OpenJDK: beans insufficient permission checks, Java 7 0day (beans, 7162473)
853097 - CVE-2012-1682 OpenJDK: beans ClassFinder insufficient permission checks (beans, 7162476)
853138 - CVE-2012-3136 OpenJDK: beans MethodElementHandler insufficient permission checks (beans, 7194567)
853228 - CVE-2012-0547 OpenJDK: AWT hardening fixes (AWT, 7163201)
6. Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3.src.rpm
i386:
java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3.i686.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.3.i686.rpm
x86_64:
java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3.src.rpm
i386:
java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.3.i686.rpm
java-1.7.0-openjdk-demo-1.7.0.5-2.2.1.el6_3.3.i686.rpm
java-1.7.0-openjdk-devel-1.7.0.5-2.2.1.el6_3.3.i686.rpm
java-1.7.0-openjdk-src-1.7.0.5-2.2.1.el6_3.3.i686.rpm
noarch:
java-1.7.0-openjdk-javadoc-1.7.0.5-2.2.1.el6_3.3.noarch.rpm
x86_64:
java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3.src.rpm
noarch:
java-1.7.0-openjdk-javadoc-1.7.0.5-2.2.1.el6_3.3.noarch.rpm
x86_64:
java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3.src.rpm
i386:
java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3.i686.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.3.i686.rpm
x86_64:
java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3.src.rpm
i386:
java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.3.i686.rpm
java-1.7.0-openjdk-demo-1.7.0.5-2.2.1.el6_3.3.i686.rpm
java-1.7.0-openjdk-devel-1.7.0.5-2.2.1.el6_3.3.i686.rpm
java-1.7.0-openjdk-src-1.7.0.5-2.2.1.el6_3.3.i686.rpm
noarch:
java-1.7.0-openjdk-javadoc-1.7.0.5-2.2.1.el6_3.3.noarch.rpm
x86_64:
java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3.src.rpm
i386:
java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3.i686.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.3.i686.rpm
x86_64:
java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm
java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
Source:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/java-1.7.0-openjdk-1.7.0.5-2.2.1.el6_3.3.src.rpm
i386:
java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.3.i686.rpm
java-1.7.0-openjdk-demo-1.7.0.5-2.2.1.el6_3.3.i686.rpm
java-1.7.0-openjdk-devel-1.7.0.5-2.2.1.el6_3.3.i686.rpm
java-1.7.0-openjdk-src-1.7.0.5-2.2.1.el6_3.3.i686.rpm
noarch:
java-1.7.0-openjdk-javadoc-1.7.0.5-2.2.1.el6_3.3.noarch.rpm
x86_64:
java-1.7.0-openjdk-debuginfo-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm
java-1.7.0-openjdk-demo-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm
java-1.7.0-openjdk-devel-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm
java-1.7.0-openjdk-src-1.7.0.5-2.2.1.el6_3.3.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2012-0547.html
https://www.redhat.com/security/data/cve/CVE-2012-1682.html
https://www.redhat.com/security/data/cve/CVE-2012-3136.html
https://www.redhat.com/security/data/cve/CVE-2012-4681.html
https://access.redhat.com/security/updates/classification/#important
http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFQRKzHXlSAg2UNWIIRAt9QAJ9qt+dYZrGWLZfelO3gxXIHLRIrjgCdE0e8
0vzPqUIZfBkT+eNBNebUuVE=
=WYyS
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-201209-0147 | CVE-2012-3537 | Crowbar of Deployer Barclamp Vulnerable to arbitrary shell command execution |
CVSS V2: 4.6 CVSS V3: - Severity: MEDIUM |
The Crowbar Ohai plugin (chef/cookbooks/ohai/files/default/plugins/crowbar.rb) in the Deployer Barclamp in Crowbar, possibly 1.4 and earlier, allows local users to execute arbitrary shell commands via vectors related to "insecure handling of tmp files" and predictable file names.
An attacker can exploit this issue to execute arbitrary code with elevated privileges. Successful exploits will result in the complete compromise of affected computers. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Crowbar Ohai Plugin Insecure Temporary Files Security Issue
SECUNIA ADVISORY ID:
SA50442
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50442/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50442
RELEASE DATE:
2012-08-28
DISCUSS ADVISORY:
http://secunia.com/advisories/50442/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50442/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50442
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A security issue has been reported in Crowbar, which can be exploited
by malicious, local users to gain escalated privileges.
SOLUTION:
Fixed in the Git repository.
PROVIDED AND/OR DISCOVERED BY:
Thomas Biege, SUSE
ORIGINAL ADVISORY:
http://seclists.org/oss-sec/2012/q3/302
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0524 | CVE-2012-0308 | Symantec Messaging Gateway Vulnerable to cross-site request forgery |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
Cross-site request forgery (CSRF) vulnerability in Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to hijack the authentication of administrators. Symantec Messaging Gateway (formerly known as Brightmail Gateway Small Business Edition) is an easy-to-use email virus protection hardware that provides accurate and effective anti-spam protection. Allows an attacker to build a malicious URI, entice an administrator to resolve, and perform malicious actions in the target user context. Other attacks are also possible. Symantec Messaging Gateway is a spam filter that integrates anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies from Symantec. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Symantec Messaging Gateway Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50435
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50435/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50435
RELEASE DATE:
2012-08-28
DISCUSS ADVISORY:
http://secunia.com/advisories/50435/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50435/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50435
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A weakness and multiple vulnerabilities have been reported in
Symantec Messaging Gateway, which can be exploited by malicious users
to bypass certain security restrictions and by malicious people to
disclose certain sensitive information and conduct cross-site
scripting and request forgery attacks.
1) Certain input passed via web or email content is not properly
sanitised before being returned to the user. This can be exploited to
execute arbitrary HTML and script code in a user's browser session.
2) The application allows users to perform certain actions via HTTP
requests without performing proper validity checks to verify the
requests. This can be exploited to e.g. gain administrative access
when a logged-in administrative user visits a specially crafted web
page.
3) An error within the management interface can be exploited to
perform otherwise restricted actions and e.g. modify the underlying
web application.
4) The weakness is caused due to the application disclosing detailed
component version information.
The vulnerabilities are reported in versions 9.5.x and prior.
SOLUTION:
Upgrade to version 10.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Ben Williams, NGS Secure.
ORIGINAL ADVISORY:
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0497 | CVE-2012-3580 | Symantec Messaging Gateway In Web Application modification vulnerability |
CVSS V2: 7.7 CVSS V3: - Severity: HIGH |
Symantec Messaging Gateway (SMG) before 10.0 allows remote authenticated users to modify the web application by leveraging access to the management interface. Symantec Messaging Gateway (formerly known as Brightmail Gateway Small Business Edition) is an easy-to-use email virus protection hardware that provides accurate and effective anti-spam protection. Symantec Messaging Gateway is prone to a security-bypass vulnerability.
Symantec Messaging Gateway 9.5.x versions are vulnerable. Symantec Messaging Gateway is a spam filter that integrates anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies from Symantec. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Symantec Messaging Gateway Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50435
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50435/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50435
RELEASE DATE:
2012-08-28
DISCUSS ADVISORY:
http://secunia.com/advisories/50435/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50435/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50435
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A weakness and multiple vulnerabilities have been reported in
Symantec Messaging Gateway, which can be exploited by malicious users
to bypass certain security restrictions and by malicious people to
disclose certain sensitive information and conduct cross-site
scripting and request forgery attacks.
1) Certain input passed via web or email content is not properly
sanitised before being returned to the user. This can be exploited to
execute arbitrary HTML and script code in a user's browser session.
2) The application allows users to perform certain actions via HTTP
requests without performing proper validity checks to verify the
requests. This can be exploited to e.g. gain administrative access
when a logged-in administrative user visits a specially crafted web
page.
3) An error within the management interface can be exploited to
perform otherwise restricted actions and e.g. modify the underlying
web application.
4) The weakness is caused due to the application disclosing detailed
component version information.
The vulnerabilities are reported in versions 9.5.x and prior.
SOLUTION:
Upgrade to version 10.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Ben Williams, NGS Secure.
ORIGINAL ADVISORY:
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0498 | CVE-2012-3581 | Symantec Messaging Gateway Vulnerability in which important information is obtained |
CVSS V2: 3.3 CVSS V3: - Severity: LOW |
Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to obtain potentially sensitive information about component versions via unspecified vectors. Symantec Messaging Gateway (formerly known as Brightmail Gateway Small Business Edition) is an easy-to-use email virus protection hardware that provides accurate and effective anti-spam protection. A security vulnerability exists in the Symantec Messaging Gateway application. Symantec Messaging Gateway is a spam filter that integrates anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies from Symantec. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Symantec Messaging Gateway Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50435
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50435/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50435
RELEASE DATE:
2012-08-28
DISCUSS ADVISORY:
http://secunia.com/advisories/50435/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50435/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50435
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A weakness and multiple vulnerabilities have been reported in
Symantec Messaging Gateway, which can be exploited by malicious users
to bypass certain security restrictions and by malicious people to
disclose certain sensitive information and conduct cross-site
scripting and request forgery attacks.
1) Certain input passed via web or email content is not properly
sanitised before being returned to the user. This can be exploited to
execute arbitrary HTML and script code in a user's browser session.
2) The application allows users to perform certain actions via HTTP
requests without performing proper validity checks to verify the
requests. This can be exploited to e.g. gain administrative access
when a logged-in administrative user visits a specially crafted web
page.
3) An error within the management interface can be exploited to
perform otherwise restricted actions and e.g. modify the underlying
web application.
The vulnerabilities are reported in versions 9.5.x and prior.
SOLUTION:
Upgrade to version 10.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Ben Williams, NGS Secure.
ORIGINAL ADVISORY:
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------