VARIoT IoT vulnerabilities database

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses an uninitialized pointer during processing of Cascading Style Sheets (CSS) counter styles, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. WebKit is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user into visiting a malicious webpage. Successful attacks will allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition. NOTE: This issue was previously covered in BID 44938 (Apple Safari Prior to 5.0.3 and 4.1.3 Multiple Security Vulnerabilities) but has been given its own record to better document it. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Apple Safari Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42264 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42264/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42264 RELEASE DATE: 2010-11-19 DISCUSS ADVISORY: http://secunia.com/advisories/42264/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42264/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42264 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities and weaknesses have been reported in Apple Safari, which can be exploited by malicious people to bypass certain security restrictions, conduct spoofing attacks, or compromise a user's system. 1) An integer overflow error in the handling of strings can be exploited to corrupt memory and potentially execute arbitrary code. 2) A weakness in the random number generator for JavaScript applications can be exploited to e.g. track users. 3) Multiple vulnerabilities in WebKit can be exploited by malicious people to compromise a user's system. For more information: SA41328 4) An integer underflow error in the handling of WebSockets can be exploited to corrupt memory and potentially execute arbitrary code. 5) An unspecified error in the handling of images created from "canvas" elements can be exploited to conduct cross-origin image thefts. This is related to vulnerability #12 in: SA41242 6) An invalid cast in the handling of editing commands can potentially be exploited to execute arbitrary code. 7) An invalid cast in the handling of inline styling can potentially be exploited to execute arbitrary code. 8) An error within the handling of the History object can be exploited to spoof the address in the location bar or add arbitrary locations to the history. 9) A use-after-free error in the handling of element attributes can be exploited to corrupt memory and potentially execute arbitrary code. 10) An integer overflow error in the handling of Text objects can be exploited to corrupt memory and potentially execute arbitrary code. 11) A weakness is caused due to WebKit performing DNS prefetching for HTML Link elements even when it is disabled. 12) Multiple use-after-free errors in the handling of plugins can be exploited to corrupt memory and potentially execute arbitrary code. This is related to vulnerability #5 in: SA41014 13) A use-after-free error in the handling of element focus can be exploited to corrupt memory and potentially execute arbitrary code. This is related to vulnerability #10 in: SA41242 14) A use-after-free error in the handling of scrollbars can be exploited to corrupt memory and potentially execute arbitrary code. 15) An invalid cast in the handling of CSS 3D transforms can potentially be exploited to execute arbitrary code. 16) A use-after-free error in the handling of inline text boxes can be exploited to corrupt memory and potentially execute arbitrary code. 17) An invalid cast in the handling of CSS boxes can potentially be exploited to execute arbitrary code. 18) An unspecified error in the handling of editable elements can be exploited to trigger an access of uninitialised memory and potentially execute arbitrary code. 19) An unspecified error in the handling of the ':first-letter' pseudo-element in cascading stylesheets can be exploited to corrupt memory and potentially execute arbitrary code. 20) An uninitialised pointer error in the handling of CSS counter styles can potentially be exploited to execute arbitrary code. 21) A use-after-free error in the handling of Geolocation objects can be exploited to corrupt memory and potentially execute arbitrary code. 22) A use-after-free error in the handling of "use" elements in SVG documents can be exploited to corrupt memory and potentially execute arbitrary code. 23) An invalid cast in the handling of SVG elements in non-SVG documents can potentially be exploited to execute arbitrary code. This is related to vulnerability #2 in: SA41443 24) An invalid cast in the handling of colors in SVG documents can potentially be exploited to execute arbitrary code. SOLUTION: Update to Safari 5.0.3 (Mac OS X 10.5.8, Mac OS X 10.6.4 or later, Windows 7, Vista, XP) or Safari 4.1.3 (Mac OS X 10.4.11). PROVIDED AND/OR DISCOVERED BY: 2) Amit Klein, Trusteer The vendor credits: 1, 10) J23 3) Jose A. Vazquez of spa-s3c.blogspot.com, Csaba Osztrogonac of University of Szeged, and also thabermann and chipplyman 4) Keith Campbell, and Cris Neckar, Google Chrome Security Team 5) Isaac Dawson, and James Qiu, Microsoft and Microsoft Vulnerability Research (MSVR) 6, 22, 23) wushi, team509 7, 15 - 17, 19, 24) Abhishek Arya (Inferno), Google Chrome Security Team 8) Mike Taylor, Opera Software 9) Michal Zalewski 11) Jeff Johnson, Rogue Amoeba Software 13) Vupen 14) Rohit Makasana, Google Inc. 20, 21) kuzzcc ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4455 Trusteer: http://www.trusteer.com/sites/default/files/Temporary_User_Tracking_in_Major_Browsers.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . For more information: SA40257 SA41328 SA42151 SA42312 SOLUTION: Upgrade to iOS 4.2 (downloadable and installable via iTunes). For more information: SA32349 SA33495 SA35095 SA35379 SA35411 SA35449 SA35758 SA36269 SA36677 SA37273 SA37346 SA37769 SA38061 SA38545 SA38932 SA39029 SA39091 SA39384 SA39661 SA39937 SA40002 SA40072 SA40105 SA40112 SA40148 SA40196 SA40257 SA40664 SA40783 SA41014 SA41085 SA41242 SA41328 SA41390 SA41443 SA41535 SA41841 SA41888 SA41968 SA42151 SA42264 SA42290 SA42312 SA42443 SA42461 SA42658 SA42769 SA42886 SA42956 SA43053 SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the :first-letter pseudo-element in a Cascading Style Sheets (CSS) token sequence, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. WebKit is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user into visiting a malicious webpage. Successful attacks will allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition. NOTE: This issue was previously covered in BID 44938 (Apple Safari Prior to 5.0.3 and 4.1.3 Multiple Security Vulnerabilities) but has been given its own record to better document it. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Apple Safari Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42264 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42264/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42264 RELEASE DATE: 2010-11-19 DISCUSS ADVISORY: http://secunia.com/advisories/42264/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42264/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42264 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities and weaknesses have been reported in Apple Safari, which can be exploited by malicious people to bypass certain security restrictions, conduct spoofing attacks, or compromise a user's system. 1) An integer overflow error in the handling of strings can be exploited to corrupt memory and potentially execute arbitrary code. 2) A weakness in the random number generator for JavaScript applications can be exploited to e.g. track users. 3) Multiple vulnerabilities in WebKit can be exploited by malicious people to compromise a user's system. For more information: SA41328 4) An integer underflow error in the handling of WebSockets can be exploited to corrupt memory and potentially execute arbitrary code. 5) An unspecified error in the handling of images created from "canvas" elements can be exploited to conduct cross-origin image thefts. This is related to vulnerability #12 in: SA41242 6) An invalid cast in the handling of editing commands can potentially be exploited to execute arbitrary code. 7) An invalid cast in the handling of inline styling can potentially be exploited to execute arbitrary code. 8) An error within the handling of the History object can be exploited to spoof the address in the location bar or add arbitrary locations to the history. 9) A use-after-free error in the handling of element attributes can be exploited to corrupt memory and potentially execute arbitrary code. 10) An integer overflow error in the handling of Text objects can be exploited to corrupt memory and potentially execute arbitrary code. 11) A weakness is caused due to WebKit performing DNS prefetching for HTML Link elements even when it is disabled. 12) Multiple use-after-free errors in the handling of plugins can be exploited to corrupt memory and potentially execute arbitrary code. This is related to vulnerability #5 in: SA41014 13) A use-after-free error in the handling of element focus can be exploited to corrupt memory and potentially execute arbitrary code. This is related to vulnerability #10 in: SA41242 14) A use-after-free error in the handling of scrollbars can be exploited to corrupt memory and potentially execute arbitrary code. 15) An invalid cast in the handling of CSS 3D transforms can potentially be exploited to execute arbitrary code. 16) A use-after-free error in the handling of inline text boxes can be exploited to corrupt memory and potentially execute arbitrary code. 17) An invalid cast in the handling of CSS boxes can potentially be exploited to execute arbitrary code. 18) An unspecified error in the handling of editable elements can be exploited to trigger an access of uninitialised memory and potentially execute arbitrary code. 19) An unspecified error in the handling of the ':first-letter' pseudo-element in cascading stylesheets can be exploited to corrupt memory and potentially execute arbitrary code. 20) An uninitialised pointer error in the handling of CSS counter styles can potentially be exploited to execute arbitrary code. 21) A use-after-free error in the handling of Geolocation objects can be exploited to corrupt memory and potentially execute arbitrary code. 22) A use-after-free error in the handling of "use" elements in SVG documents can be exploited to corrupt memory and potentially execute arbitrary code. 23) An invalid cast in the handling of SVG elements in non-SVG documents can potentially be exploited to execute arbitrary code. This is related to vulnerability #2 in: SA41443 24) An invalid cast in the handling of colors in SVG documents can potentially be exploited to execute arbitrary code. SOLUTION: Update to Safari 5.0.3 (Mac OS X 10.5.8, Mac OS X 10.6.4 or later, Windows 7, Vista, XP) or Safari 4.1.3 (Mac OS X 10.4.11). PROVIDED AND/OR DISCOVERED BY: 2) Amit Klein, Trusteer The vendor credits: 1, 10) J23 3) Jose A. Vazquez of spa-s3c.blogspot.com, Csaba Osztrogonac of University of Szeged, and also thabermann and chipplyman 4) Keith Campbell, and Cris Neckar, Google Chrome Security Team 5) Isaac Dawson, and James Qiu, Microsoft and Microsoft Vulnerability Research (MSVR) 6, 22, 23) wushi, team509 7, 15 - 17, 19, 24) Abhishek Arya (Inferno), Google Chrome Security Team 8) Mike Taylor, Opera Software 9) Michal Zalewski 11) Jeff Johnson, Rogue Amoeba Software 13) Vupen 14) Rohit Makasana, Google Inc. 20, 21) kuzzcc ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4455 Trusteer: http://www.trusteer.com/sites/default/files/Temporary_User_Tracking_in_Major_Browsers.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . For more information: SA40257 SA41328 SA42151 SA42312 SOLUTION: Upgrade to iOS 4.2 (downloadable and installable via iTunes). For more information: SA32349 SA33495 SA35095 SA35379 SA35411 SA35449 SA35758 SA36269 SA36677 SA37273 SA37346 SA37769 SA38061 SA38545 SA38932 SA39029 SA39091 SA39384 SA39661 SA39937 SA40002 SA40072 SA40105 SA40112 SA40148 SA40196 SA40257 SA40664 SA40783 SA41014 SA41085 SA41242 SA41328 SA41390 SA41443 SA41535 SA41841 SA41888 SA41968 SA42151 SA42264 SA42290 SA42312 SA42443 SA42461 SA42658 SA42769 SA42886 SA42956 SA43053 SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server

The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products does not verify whether DNS prefetching is enabled when processing an HTML LINK element, which allows remote attackers to bypass intended access restrictions, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality. WebKit is prone to a security-bypass vulnerability. Attackers can exploit this issue by enticing an unsuspecting user into visiting a malicious webpage. Successful exploits will allow clients to send requests to malicious servers that can aid in further attacks. NOTE: This issue was previously covered in BID 44938 (Apple Safari Prior to 5.0.3 and 4.1.3 Multiple Security Vulnerabilities) but has been given its own record to better document it. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. A remote attacker could exploit this vulnerability to bypass preset access restrictions. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Apple Safari Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42264 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42264/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42264 RELEASE DATE: 2010-11-19 DISCUSS ADVISORY: http://secunia.com/advisories/42264/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42264/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42264 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities and weaknesses have been reported in Apple Safari, which can be exploited by malicious people to bypass certain security restrictions, conduct spoofing attacks, or compromise a user's system. 1) An integer overflow error in the handling of strings can be exploited to corrupt memory and potentially execute arbitrary code. 2) A weakness in the random number generator for JavaScript applications can be exploited to e.g. track users. 3) Multiple vulnerabilities in WebKit can be exploited by malicious people to compromise a user's system. For more information: SA41328 4) An integer underflow error in the handling of WebSockets can be exploited to corrupt memory and potentially execute arbitrary code. 5) An unspecified error in the handling of images created from "canvas" elements can be exploited to conduct cross-origin image thefts. This is related to vulnerability #12 in: SA41242 6) An invalid cast in the handling of editing commands can potentially be exploited to execute arbitrary code. 7) An invalid cast in the handling of inline styling can potentially be exploited to execute arbitrary code. 8) An error within the handling of the History object can be exploited to spoof the address in the location bar or add arbitrary locations to the history. 9) A use-after-free error in the handling of element attributes can be exploited to corrupt memory and potentially execute arbitrary code. 10) An integer overflow error in the handling of Text objects can be exploited to corrupt memory and potentially execute arbitrary code. 11) A weakness is caused due to WebKit performing DNS prefetching for HTML Link elements even when it is disabled. 12) Multiple use-after-free errors in the handling of plugins can be exploited to corrupt memory and potentially execute arbitrary code. This is related to vulnerability #5 in: SA41014 13) A use-after-free error in the handling of element focus can be exploited to corrupt memory and potentially execute arbitrary code. This is related to vulnerability #10 in: SA41242 14) A use-after-free error in the handling of scrollbars can be exploited to corrupt memory and potentially execute arbitrary code. 15) An invalid cast in the handling of CSS 3D transforms can potentially be exploited to execute arbitrary code. 16) A use-after-free error in the handling of inline text boxes can be exploited to corrupt memory and potentially execute arbitrary code. 17) An invalid cast in the handling of CSS boxes can potentially be exploited to execute arbitrary code. 18) An unspecified error in the handling of editable elements can be exploited to trigger an access of uninitialised memory and potentially execute arbitrary code. 19) An unspecified error in the handling of the ':first-letter' pseudo-element in cascading stylesheets can be exploited to corrupt memory and potentially execute arbitrary code. 20) An uninitialised pointer error in the handling of CSS counter styles can potentially be exploited to execute arbitrary code. 21) A use-after-free error in the handling of Geolocation objects can be exploited to corrupt memory and potentially execute arbitrary code. 22) A use-after-free error in the handling of "use" elements in SVG documents can be exploited to corrupt memory and potentially execute arbitrary code. 23) An invalid cast in the handling of SVG elements in non-SVG documents can potentially be exploited to execute arbitrary code. This is related to vulnerability #2 in: SA41443 24) An invalid cast in the handling of colors in SVG documents can potentially be exploited to execute arbitrary code. SOLUTION: Update to Safari 5.0.3 (Mac OS X 10.5.8, Mac OS X 10.6.4 or later, Windows 7, Vista, XP) or Safari 4.1.3 (Mac OS X 10.4.11). PROVIDED AND/OR DISCOVERED BY: 2) Amit Klein, Trusteer The vendor credits: 1, 10) J23 3) Jose A. Vazquez of spa-s3c.blogspot.com, Csaba Osztrogonac of University of Szeged, and also thabermann and chipplyman 4) Keith Campbell, and Cris Neckar, Google Chrome Security Team 5) Isaac Dawson, and James Qiu, Microsoft and Microsoft Vulnerability Research (MSVR) 6, 22, 23) wushi, team509 7, 15 - 17, 19, 24) Abhishek Arya (Inferno), Google Chrome Security Team 8) Mike Taylor, Opera Software 9) Michal Zalewski 11) Jeff Johnson, Rogue Amoeba Software 13) Vupen 14) Rohit Makasana, Google Inc. 20, 21) kuzzcc ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4455 Trusteer: http://www.trusteer.com/sites/default/files/Temporary_User_Tracking_in_Major_Browsers.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:039 http://www.mandriva.com/security/ _______________________________________________________________________ Package : webkit Date : March 2, 2011 Affected: 2010.1 _______________________________________________________________________ Problem Description: Multiple cross-site scripting, denial of service and arbitrary code execution security flaws were discovered in webkit. Please consult the CVE web links for further information. The updated packages have been upgraded to the latest version (1.2.7) to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2797 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0046 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0047 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0048 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0049 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0054 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0314 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0651 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1390 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1391 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1393 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1394 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1395 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1396 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1397 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1398 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1400 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1401 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1402 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1403 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1404 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1405 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1406 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1407 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1410 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1417 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1418 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1421 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1501 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1664 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1665 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1758 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1759 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1760 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1761 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1762 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1764 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1766 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1767 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1770 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1771 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1773 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1774 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1782 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1785 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1786 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1790 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2264 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3114 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3115 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3116 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3119 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3255 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3257 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3259 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4040 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4197 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4206 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: 141f3cd181b875d1bb40b67a507b6db1 2010.1/i586/libwebkitgtk1.0_2-1.2.7-0.1mdv2010.2.i586.rpm 054886a3c645b3ce710b9b9daec1d5f9 2010.1/i586/libwebkitgtk1.0-devel-1.2.7-0.1mdv2010.2.i586.rpm bef556ca3f281f6ef4086292c3b658d2 2010.1/i586/webkit1.0-1.2.7-0.1mdv2010.2.i586.rpm a1ff7ac638646aeb64e3bbdca9bc945d 2010.1/i586/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.i586.rpm 3f40e3ebc62bad67097a9e102e0e79c2 2010.1/i586/webkit-1.2.7-0.1mdv2010.2.i586.rpm 50875cf1bc8718cedce1a45dc509b44b 2010.1/i586/webkit-gtklauncher-1.2.7-0.1mdv2010.2.i586.rpm 625d27780d1cc9edb935d4ac3521ae16 2010.1/i586/webkit-jsc-1.2.7-0.1mdv2010.2.i586.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 5ce57cd6ab823f8084030033c7c230d7 2010.1/x86_64/lib64webkitgtk1.0_2-1.2.7-0.1mdv2010.2.x86_64.rpm 690d8718a97af93f58de3bb2357fbe9b 2010.1/x86_64/lib64webkitgtk1.0-devel-1.2.7-0.1mdv2010.2.x86_64.rpm 7cc1d4aa77e1901ccc92f27faf85c9ea 2010.1/x86_64/webkit1.0-1.2.7-0.1mdv2010.2.x86_64.rpm 2b77a77159529c55f64343aba98c15d9 2010.1/x86_64/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.x86_64.rpm 475cf83c5ddd8f6809c2c73a1f5a71d1 2010.1/x86_64/webkit-1.2.7-0.1mdv2010.2.x86_64.rpm b0f1c76107c3d54241daa7e61bfb29a9 2010.1/x86_64/webkit-gtklauncher-1.2.7-0.1mdv2010.2.x86_64.rpm 97deff5e94a625a79842b4c240b0b00d 2010.1/x86_64/webkit-jsc-1.2.7-0.1mdv2010.2.x86_64.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNbgbemqjQ0CJFipgRAs9YAJ92z2WSC2ijj34b/wr42OIYLtv65gCg7XgL Yv/ButpYAcXsmnJWUG4ayxQ= =GRM6 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Multiple packages, Multiple vulnerabilities fixed in 2011 Date: December 11, 2014 Bugs: #194151, #294253, #294256, #334087, #344059, #346897, #350598, #352608, #354209, #355207, #356893, #358611, #358785, #358789, #360891, #361397, #362185, #366697, #366699, #369069, #370839, #372971, #376793, #381169, #386321, #386361 ID: 201412-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2012. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution. Please see the package list and CVE identifiers below for more information. Background ========== For more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 games-sports/racer-bin >= 0.5.0-r1 Vulnerable! 2 media-libs/fmod < 4.38.00 >= 4.38.00 3 dev-php/PEAR-Mail < 1.2.0 >= 1.2.0 4 sys-fs/lvm2 < 2.02.72 >= 2.02.72 5 app-office/gnucash < 2.4.4 >= 2.4.4 6 media-libs/xine-lib < 1.1.19 >= 1.1.19 7 media-sound/lastfmplayer < 1.5.4.26862-r3 >= 1.5.4.26862-r3 8 net-libs/webkit-gtk < 1.2.7 >= 1.2.7 9 sys-apps/shadow < 4.1.4.3 >= 4.1.4.3 10 dev-php/PEAR-PEAR < 1.9.2-r1 >= 1.9.2-r1 11 dev-db/unixODBC < 2.3.0-r1 >= 2.3.0-r1 12 sys-cluster/resource-agents < 1.0.4-r1 >= 1.0.4-r1 13 net-misc/mrouted < 3.9.5 >= 3.9.5 14 net-misc/rsync < 3.0.8 >= 3.0.8 15 dev-libs/xmlsec < 1.2.17 >= 1.2.17 16 x11-apps/xrdb < 1.0.9 >= 1.0.9 17 net-misc/vino < 2.32.2 >= 2.32.2 18 dev-util/oprofile < 0.9.6-r1 >= 0.9.6-r1 19 app-admin/syslog-ng < 3.2.4 >= 3.2.4 20 net-analyzer/sflowtool < 3.20 >= 3.20 21 gnome-base/gdm < 3.8.4-r3 >= 3.8.4-r3 22 net-libs/libsoup < 2.34.3 >= 2.34.3 23 app-misc/ca-certificates < 20110502-r1 >= 20110502-r1 24 dev-vcs/gitolite < 1.5.9.1 >= 1.5.9.1 25 dev-util/qt-creator < 2.1.0 >= 2.1.0 ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 25 affected packages Description =========== Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. * FMOD Studio * PEAR Mail * LVM2 * GnuCash * xine-lib * Last.fm Scrobbler * WebKitGTK+ * shadow tool suite * PEAR * unixODBC * Resource Agents * mrouted * rsync * XML Security Library * xrdb * Vino * OProfile * syslog-ng * sFlow Toolkit * GNOME Display Manager * libsoup * CA Certificates * Gitolite * QtCreator * Racer Impact ====== A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. Workaround ========== There are no known workarounds at this time. Resolution ========== All FMOD Studio users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/fmod-4.38.00" All PEAR Mail users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-php/PEAR-Mail-1.2.0" All LVM2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-fs/lvm2-2.02.72" All GnuCash users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-office/gnucash-2.4.4" All xine-lib users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.19" All Last.fm Scrobbler users should upgrade to the latest version: # emerge --sync # emerge -a --oneshot -v ">=media-sound/lastfmplayer-1.5.4.26862-r3" All WebKitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-1.2.7" All shadow tool suite users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/shadow-4.1.4.3" All PEAR users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-php/PEAR-PEAR-1.9.2-r1" All unixODBC users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/unixODBC-2.3.0-r1" All Resource Agents users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=sys-cluster/resource-agents-1.0.4-r1" All mrouted users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/mrouted-3.9.5" All rsync users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/rsync-3.0.8" All XML Security Library users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/xmlsec-1.2.17" All xrdb users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=x11-apps/xrdb-1.0.9" All Vino users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/vino-2.32.2" All OProfile users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/oprofile-0.9.6-r1" All syslog-ng users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/syslog-ng-3.2.4" All sFlow Toolkit users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/sflowtool-3.20" All GNOME Display Manager users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=gnome-base/gdm-3.8.4-r3" All libsoup users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/libsoup-2.34.3" All CA Certificates users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-misc/ca-certificates-20110502-r1" All Gitolite users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-vcs/gitolite-1.5.9.1" All QtCreator users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/qt-creator-2.1.0" Gentoo has discontinued support for Racer. We recommend that users unmerge Racer: # emerge --unmerge "games-sports/racer-bin" NOTE: This is a legacy GLSA. Updates for all affected architectures have been available since 2012. It is likely that your system is already no longer affected by these issues. References ========== [ 1 ] CVE-2007-4370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4370 [ 2 ] CVE-2009-4023 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4023 [ 3 ] CVE-2009-4111 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4111 [ 4 ] CVE-2010-0778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0778 [ 5 ] CVE-2010-1780 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1780 [ 6 ] CVE-2010-1782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1782 [ 7 ] CVE-2010-1783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1783 [ 8 ] CVE-2010-1784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1784 [ 9 ] CVE-2010-1785 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1785 [ 10 ] CVE-2010-1786 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1786 [ 11 ] CVE-2010-1787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1787 [ 12 ] CVE-2010-1788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1788 [ 13 ] CVE-2010-1790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1790 [ 14 ] CVE-2010-1791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1791 [ 15 ] CVE-2010-1792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1792 [ 16 ] CVE-2010-1793 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1793 [ 17 ] CVE-2010-1807 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1807 [ 18 ] CVE-2010-1812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1812 [ 19 ] CVE-2010-1814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1814 [ 20 ] CVE-2010-1815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1815 [ 21 ] CVE-2010-2526 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2526 [ 22 ] CVE-2010-2901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2901 [ 23 ] CVE-2010-3255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3255 [ 24 ] CVE-2010-3257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3257 [ 25 ] CVE-2010-3259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3259 [ 26 ] CVE-2010-3362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3362 [ 27 ] CVE-2010-3374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3374 [ 28 ] CVE-2010-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3389 [ 29 ] CVE-2010-3812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3812 [ 30 ] CVE-2010-3813 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3813 [ 31 ] CVE-2010-3999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3999 [ 32 ] CVE-2010-4042 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4042 [ 33 ] CVE-2010-4197 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4197 [ 34 ] CVE-2010-4198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4198 [ 35 ] CVE-2010-4204 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4204 [ 36 ] CVE-2010-4206 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4206 [ 37 ] CVE-2010-4492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4492 [ 38 ] CVE-2010-4493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4493 [ 39 ] CVE-2010-4577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4577 [ 40 ] CVE-2010-4578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4578 [ 41 ] CVE-2011-0007 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0007 [ 42 ] CVE-2011-0465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0465 [ 43 ] CVE-2011-0482 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0482 [ 44 ] CVE-2011-0721 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0721 [ 45 ] CVE-2011-0727 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0727 [ 46 ] CVE-2011-0904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0904 [ 47 ] CVE-2011-0905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0905 [ 48 ] CVE-2011-1072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1072 [ 49 ] CVE-2011-1097 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1097 [ 50 ] CVE-2011-1144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1144 [ 51 ] CVE-2011-1425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1425 [ 52 ] CVE-2011-1572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1572 [ 53 ] CVE-2011-1760 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1760 [ 54 ] CVE-2011-1951 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1951 [ 55 ] CVE-2011-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2471 [ 56 ] CVE-2011-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2472 [ 57 ] CVE-2011-2473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2473 [ 58 ] CVE-2011-2524 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2524 [ 59 ] CVE-2011-3365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3365 [ 60 ] CVE-2011-3366 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3366 [ 61 ] CVE-2011-3367 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3367 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201412-09.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-1195-1 August 23, 2011 webkit vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: Multiple security vulnerabilities were fixed in WebKit. Software Description: - webkit: Web content engine library for GTK+ Details: A large number of security issues were discovered in the WebKit browser and JavaScript engines. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 10.10: libwebkit-1.0-2 1.2.7-0ubuntu0.10.10.1 Ubuntu 10.04 LTS: libwebkit-1.0-2 1.2.7-0ubuntu0.10.04.1 After a standard system update you need to restart any applications that use WebKit, such as Epiphany and Midori, to make all the necessary changes

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element attributes. WebKit is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user into visiting a malicious webpage. Successful attacks will allow attackers to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition. NOTE: This issue was previously covered in BID 44938 (Apple Safari Prior to 5.0.3 and 4.1.3 Multiple Security Vulnerabilities) but has been given its own record to better document it. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Apple Safari Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42264 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42264/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42264 RELEASE DATE: 2010-11-19 DISCUSS ADVISORY: http://secunia.com/advisories/42264/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42264/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42264 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities and weaknesses have been reported in Apple Safari, which can be exploited by malicious people to bypass certain security restrictions, conduct spoofing attacks, or compromise a user's system. 1) An integer overflow error in the handling of strings can be exploited to corrupt memory and potentially execute arbitrary code. 2) A weakness in the random number generator for JavaScript applications can be exploited to e.g. track users. 3) Multiple vulnerabilities in WebKit can be exploited by malicious people to compromise a user's system. For more information: SA41328 4) An integer underflow error in the handling of WebSockets can be exploited to corrupt memory and potentially execute arbitrary code. 5) An unspecified error in the handling of images created from "canvas" elements can be exploited to conduct cross-origin image thefts. This is related to vulnerability #12 in: SA41242 6) An invalid cast in the handling of editing commands can potentially be exploited to execute arbitrary code. 7) An invalid cast in the handling of inline styling can potentially be exploited to execute arbitrary code. 8) An error within the handling of the History object can be exploited to spoof the address in the location bar or add arbitrary locations to the history. 9) A use-after-free error in the handling of element attributes can be exploited to corrupt memory and potentially execute arbitrary code. 10) An integer overflow error in the handling of Text objects can be exploited to corrupt memory and potentially execute arbitrary code. 11) A weakness is caused due to WebKit performing DNS prefetching for HTML Link elements even when it is disabled. 12) Multiple use-after-free errors in the handling of plugins can be exploited to corrupt memory and potentially execute arbitrary code. This is related to vulnerability #5 in: SA41014 13) A use-after-free error in the handling of element focus can be exploited to corrupt memory and potentially execute arbitrary code. This is related to vulnerability #10 in: SA41242 14) A use-after-free error in the handling of scrollbars can be exploited to corrupt memory and potentially execute arbitrary code. 15) An invalid cast in the handling of CSS 3D transforms can potentially be exploited to execute arbitrary code. 16) A use-after-free error in the handling of inline text boxes can be exploited to corrupt memory and potentially execute arbitrary code. 17) An invalid cast in the handling of CSS boxes can potentially be exploited to execute arbitrary code. 18) An unspecified error in the handling of editable elements can be exploited to trigger an access of uninitialised memory and potentially execute arbitrary code. 19) An unspecified error in the handling of the ':first-letter' pseudo-element in cascading stylesheets can be exploited to corrupt memory and potentially execute arbitrary code. 20) An uninitialised pointer error in the handling of CSS counter styles can potentially be exploited to execute arbitrary code. 21) A use-after-free error in the handling of Geolocation objects can be exploited to corrupt memory and potentially execute arbitrary code. 22) A use-after-free error in the handling of "use" elements in SVG documents can be exploited to corrupt memory and potentially execute arbitrary code. 23) An invalid cast in the handling of SVG elements in non-SVG documents can potentially be exploited to execute arbitrary code. This is related to vulnerability #2 in: SA41443 24) An invalid cast in the handling of colors in SVG documents can potentially be exploited to execute arbitrary code. SOLUTION: Update to Safari 5.0.3 (Mac OS X 10.5.8, Mac OS X 10.6.4 or later, Windows 7, Vista, XP) or Safari 4.1.3 (Mac OS X 10.4.11). PROVIDED AND/OR DISCOVERED BY: 2) Amit Klein, Trusteer The vendor credits: 1, 10) J23 3) Jose A. Vazquez of spa-s3c.blogspot.com, Csaba Osztrogonac of University of Szeged, and also thabermann and chipplyman 4) Keith Campbell, and Cris Neckar, Google Chrome Security Team 5) Isaac Dawson, and James Qiu, Microsoft and Microsoft Vulnerability Research (MSVR) 6, 22, 23) wushi, team509 7, 15 - 17, 19, 24) Abhishek Arya (Inferno), Google Chrome Security Team 8) Mike Taylor, Opera Software 9) Michal Zalewski 11) Jeff Johnson, Rogue Amoeba Software 13) Vupen 14) Rohit Makasana, Google Inc. 20, 21) kuzzcc ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4455 Trusteer: http://www.trusteer.com/sites/default/files/Temporary_User_Tracking_in_Major_Browsers.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . For more information: SA40257 SA41328 SA42151 SA42312 SOLUTION: Upgrade to iOS 4.2 (downloadable and installable via iTunes). For more information: SA32349 SA33495 SA35095 SA35379 SA35411 SA35449 SA35758 SA36269 SA36677 SA37273 SA37346 SA37769 SA38061 SA38545 SA38932 SA39029 SA39091 SA39384 SA39661 SA39937 SA40002 SA40072 SA40105 SA40112 SA40148 SA40196 SA40257 SA40664 SA40783 SA41014 SA41085 SA41242 SA41328 SA41390 SA41443 SA41535 SA41841 SA41888 SA41968 SA42151 SA42264 SA42290 SA42312 SA42443 SA42461 SA42658 SA42769 SA42886 SA42956 SA43053 SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server

Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Text objects. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the wholeText method of the Text element. When calculating the total size of all the text containing it, the application will wrap a 32-bit integer. The application will use this in an allocation and then later use a different value for populating the buffer. This can lead to code execution under the context of the application. WebKit is prone to a remote code-execution vulnerability. Attackers can exploit this issue by enticing an unsuspecting user into visiting a malicious webpage. Failed exploit attempts will result in a denial-of-service condition. NOTE: This issue was previously covered in BID 44938 (Apple Safari Prior to 5.0.3 and 4.1.3 Multiple Security Vulnerabilities) but has been given its own record to better document it. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Apple Safari Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42264 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42264/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42264 RELEASE DATE: 2010-11-19 DISCUSS ADVISORY: http://secunia.com/advisories/42264/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42264/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42264 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities and weaknesses have been reported in Apple Safari, which can be exploited by malicious people to bypass certain security restrictions, conduct spoofing attacks, or compromise a user's system. 1) An integer overflow error in the handling of strings can be exploited to corrupt memory and potentially execute arbitrary code. 2) A weakness in the random number generator for JavaScript applications can be exploited to e.g. track users. 3) Multiple vulnerabilities in WebKit can be exploited by malicious people to compromise a user's system. For more information: SA41328 4) An integer underflow error in the handling of WebSockets can be exploited to corrupt memory and potentially execute arbitrary code. 5) An unspecified error in the handling of images created from "canvas" elements can be exploited to conduct cross-origin image thefts. 7) An invalid cast in the handling of inline styling can potentially be exploited to execute arbitrary code. 8) An error within the handling of the History object can be exploited to spoof the address in the location bar or add arbitrary locations to the history. 9) A use-after-free error in the handling of element attributes can be exploited to corrupt memory and potentially execute arbitrary code. 10) An integer overflow error in the handling of Text objects can be exploited to corrupt memory and potentially execute arbitrary code. 11) A weakness is caused due to WebKit performing DNS prefetching for HTML Link elements even when it is disabled. 12) Multiple use-after-free errors in the handling of plugins can be exploited to corrupt memory and potentially execute arbitrary code. This is related to vulnerability #5 in: SA41014 13) A use-after-free error in the handling of element focus can be exploited to corrupt memory and potentially execute arbitrary code. 15) An invalid cast in the handling of CSS 3D transforms can potentially be exploited to execute arbitrary code. 16) A use-after-free error in the handling of inline text boxes can be exploited to corrupt memory and potentially execute arbitrary code. 17) An invalid cast in the handling of CSS boxes can potentially be exploited to execute arbitrary code. 18) An unspecified error in the handling of editable elements can be exploited to trigger an access of uninitialised memory and potentially execute arbitrary code. 19) An unspecified error in the handling of the ':first-letter' pseudo-element in cascading stylesheets can be exploited to corrupt memory and potentially execute arbitrary code. 20) An uninitialised pointer error in the handling of CSS counter styles can potentially be exploited to execute arbitrary code. 21) A use-after-free error in the handling of Geolocation objects can be exploited to corrupt memory and potentially execute arbitrary code. 22) A use-after-free error in the handling of "use" elements in SVG documents can be exploited to corrupt memory and potentially execute arbitrary code. 23) An invalid cast in the handling of SVG elements in non-SVG documents can potentially be exploited to execute arbitrary code. This is related to vulnerability #2 in: SA41443 24) An invalid cast in the handling of colors in SVG documents can potentially be exploited to execute arbitrary code. SOLUTION: Update to Safari 5.0.3 (Mac OS X 10.5.8, Mac OS X 10.6.4 or later, Windows 7, Vista, XP) or Safari 4.1.3 (Mac OS X 10.4.11). PROVIDED AND/OR DISCOVERED BY: 2) Amit Klein, Trusteer The vendor credits: 1, 10) J23 3) Jose A. Vazquez of spa-s3c.blogspot.com, Csaba Osztrogonac of University of Szeged, and also thabermann and chipplyman 4) Keith Campbell, and Cris Neckar, Google Chrome Security Team 5) Isaac Dawson, and James Qiu, Microsoft and Microsoft Vulnerability Research (MSVR) 6, 22, 23) wushi, team509 7, 15 - 17, 19, 24) Abhishek Arya (Inferno), Google Chrome Security Team 8) Mike Taylor, Opera Software 9) Michal Zalewski 11) Jeff Johnson, Rogue Amoeba Software 13) Vupen 14) Rohit Makasana, Google Inc. 20, 21) kuzzcc ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4455 Trusteer: http://www.trusteer.com/sites/default/files/Temporary_User_Tracking_in_Major_Browsers.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:039 http://www.mandriva.com/security/ _______________________________________________________________________ Package : webkit Date : March 2, 2011 Affected: 2010.1 _______________________________________________________________________ Problem Description: Multiple cross-site scripting, denial of service and arbitrary code execution security flaws were discovered in webkit. Please consult the CVE web links for further information. The updated packages have been upgraded to the latest version (1.2.7) to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2797 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0046 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0047 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0048 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0049 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0054 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0314 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0651 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1390 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1391 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1393 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1394 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1395 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1396 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1397 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1398 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1400 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1401 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1402 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1403 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1404 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1405 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1406 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1407 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1410 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1417 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1418 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1421 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1501 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1664 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1665 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1758 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1759 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1760 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1761 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1762 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1764 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1766 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1767 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1770 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1771 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1773 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1774 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1782 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1785 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1786 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1790 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2264 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3114 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3115 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3116 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3119 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3255 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3257 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3259 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4040 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4197 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4206 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: 141f3cd181b875d1bb40b67a507b6db1 2010.1/i586/libwebkitgtk1.0_2-1.2.7-0.1mdv2010.2.i586.rpm 054886a3c645b3ce710b9b9daec1d5f9 2010.1/i586/libwebkitgtk1.0-devel-1.2.7-0.1mdv2010.2.i586.rpm bef556ca3f281f6ef4086292c3b658d2 2010.1/i586/webkit1.0-1.2.7-0.1mdv2010.2.i586.rpm a1ff7ac638646aeb64e3bbdca9bc945d 2010.1/i586/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.i586.rpm 3f40e3ebc62bad67097a9e102e0e79c2 2010.1/i586/webkit-1.2.7-0.1mdv2010.2.i586.rpm 50875cf1bc8718cedce1a45dc509b44b 2010.1/i586/webkit-gtklauncher-1.2.7-0.1mdv2010.2.i586.rpm 625d27780d1cc9edb935d4ac3521ae16 2010.1/i586/webkit-jsc-1.2.7-0.1mdv2010.2.i586.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 5ce57cd6ab823f8084030033c7c230d7 2010.1/x86_64/lib64webkitgtk1.0_2-1.2.7-0.1mdv2010.2.x86_64.rpm 690d8718a97af93f58de3bb2357fbe9b 2010.1/x86_64/lib64webkitgtk1.0-devel-1.2.7-0.1mdv2010.2.x86_64.rpm 7cc1d4aa77e1901ccc92f27faf85c9ea 2010.1/x86_64/webkit1.0-1.2.7-0.1mdv2010.2.x86_64.rpm 2b77a77159529c55f64343aba98c15d9 2010.1/x86_64/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.x86_64.rpm 475cf83c5ddd8f6809c2c73a1f5a71d1 2010.1/x86_64/webkit-1.2.7-0.1mdv2010.2.x86_64.rpm b0f1c76107c3d54241daa7e61bfb29a9 2010.1/x86_64/webkit-gtklauncher-1.2.7-0.1mdv2010.2.x86_64.rpm 97deff5e94a625a79842b4c240b0b00d 2010.1/x86_64/webkit-jsc-1.2.7-0.1mdv2010.2.x86_64.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNbgbemqjQ0CJFipgRAs9YAJ92z2WSC2ijj34b/wr42OIYLtv65gCg7XgL Yv/ButpYAcXsmnJWUG4ayxQ= =GRM6 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -- Vendor Response: Apple states: iOS 4.2: http://support.apple.com/kb/HT4456 -- Disclosure Timeline: 2010-08-12 - Vulnerability reported to vendor 2010-11-23 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * J23 (http://twitter.com/HansJ23) -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Multiple packages, Multiple vulnerabilities fixed in 2011 Date: December 11, 2014 Bugs: #194151, #294253, #294256, #334087, #344059, #346897, #350598, #352608, #354209, #355207, #356893, #358611, #358785, #358789, #360891, #361397, #362185, #366697, #366699, #369069, #370839, #372971, #376793, #381169, #386321, #386361 ID: 201412-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2012. Please see the package list and CVE identifiers below for more information. Background ========== For more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 games-sports/racer-bin >= 0.5.0-r1 Vulnerable! 2 media-libs/fmod < 4.38.00 >= 4.38.00 3 dev-php/PEAR-Mail < 1.2.0 >= 1.2.0 4 sys-fs/lvm2 < 2.02.72 >= 2.02.72 5 app-office/gnucash < 2.4.4 >= 2.4.4 6 media-libs/xine-lib < 1.1.19 >= 1.1.19 7 media-sound/lastfmplayer < 1.5.4.26862-r3 >= 1.5.4.26862-r3 8 net-libs/webkit-gtk < 1.2.7 >= 1.2.7 9 sys-apps/shadow < 4.1.4.3 >= 4.1.4.3 10 dev-php/PEAR-PEAR < 1.9.2-r1 >= 1.9.2-r1 11 dev-db/unixODBC < 2.3.0-r1 >= 2.3.0-r1 12 sys-cluster/resource-agents < 1.0.4-r1 >= 1.0.4-r1 13 net-misc/mrouted < 3.9.5 >= 3.9.5 14 net-misc/rsync < 3.0.8 >= 3.0.8 15 dev-libs/xmlsec < 1.2.17 >= 1.2.17 16 x11-apps/xrdb < 1.0.9 >= 1.0.9 17 net-misc/vino < 2.32.2 >= 2.32.2 18 dev-util/oprofile < 0.9.6-r1 >= 0.9.6-r1 19 app-admin/syslog-ng < 3.2.4 >= 3.2.4 20 net-analyzer/sflowtool < 3.20 >= 3.20 21 gnome-base/gdm < 3.8.4-r3 >= 3.8.4-r3 22 net-libs/libsoup < 2.34.3 >= 2.34.3 23 app-misc/ca-certificates < 20110502-r1 >= 20110502-r1 24 dev-vcs/gitolite < 1.5.9.1 >= 1.5.9.1 25 dev-util/qt-creator < 2.1.0 >= 2.1.0 ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 25 affected packages Description =========== Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. * FMOD Studio * PEAR Mail * LVM2 * GnuCash * xine-lib * Last.fm Scrobbler * WebKitGTK+ * shadow tool suite * PEAR * unixODBC * Resource Agents * mrouted * rsync * XML Security Library * xrdb * Vino * OProfile * syslog-ng * sFlow Toolkit * GNOME Display Manager * libsoup * CA Certificates * Gitolite * QtCreator * Racer Impact ====== A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. Workaround ========== There are no known workarounds at this time. Resolution ========== All FMOD Studio users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/fmod-4.38.00" All PEAR Mail users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-php/PEAR-Mail-1.2.0" All LVM2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-fs/lvm2-2.02.72" All GnuCash users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-office/gnucash-2.4.4" All xine-lib users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.19" All Last.fm Scrobbler users should upgrade to the latest version: # emerge --sync # emerge -a --oneshot -v ">=media-sound/lastfmplayer-1.5.4.26862-r3" All WebKitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-1.2.7" All shadow tool suite users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/shadow-4.1.4.3" All PEAR users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-php/PEAR-PEAR-1.9.2-r1" All unixODBC users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/unixODBC-2.3.0-r1" All Resource Agents users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=sys-cluster/resource-agents-1.0.4-r1" All mrouted users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/mrouted-3.9.5" All rsync users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/rsync-3.0.8" All XML Security Library users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/xmlsec-1.2.17" All xrdb users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=x11-apps/xrdb-1.0.9" All Vino users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/vino-2.32.2" All OProfile users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/oprofile-0.9.6-r1" All syslog-ng users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/syslog-ng-3.2.4" All sFlow Toolkit users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/sflowtool-3.20" All GNOME Display Manager users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=gnome-base/gdm-3.8.4-r3" All libsoup users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/libsoup-2.34.3" All CA Certificates users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-misc/ca-certificates-20110502-r1" All Gitolite users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-vcs/gitolite-1.5.9.1" All QtCreator users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/qt-creator-2.1.0" Gentoo has discontinued support for Racer. We recommend that users unmerge Racer: # emerge --unmerge "games-sports/racer-bin" NOTE: This is a legacy GLSA. Updates for all affected architectures have been available since 2012. It is likely that your system is already no longer affected by these issues. References ========== [ 1 ] CVE-2007-4370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4370 [ 2 ] CVE-2009-4023 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4023 [ 3 ] CVE-2009-4111 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4111 [ 4 ] CVE-2010-0778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0778 [ 5 ] CVE-2010-1780 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1780 [ 6 ] CVE-2010-1782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1782 [ 7 ] CVE-2010-1783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1783 [ 8 ] CVE-2010-1784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1784 [ 9 ] CVE-2010-1785 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1785 [ 10 ] CVE-2010-1786 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1786 [ 11 ] CVE-2010-1787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1787 [ 12 ] CVE-2010-1788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1788 [ 13 ] CVE-2010-1790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1790 [ 14 ] CVE-2010-1791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1791 [ 15 ] CVE-2010-1792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1792 [ 16 ] CVE-2010-1793 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1793 [ 17 ] CVE-2010-1807 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1807 [ 18 ] CVE-2010-1812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1812 [ 19 ] CVE-2010-1814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1814 [ 20 ] CVE-2010-1815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1815 [ 21 ] CVE-2010-2526 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2526 [ 22 ] CVE-2010-2901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2901 [ 23 ] CVE-2010-3255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3255 [ 24 ] CVE-2010-3257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3257 [ 25 ] CVE-2010-3259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3259 [ 26 ] CVE-2010-3362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3362 [ 27 ] CVE-2010-3374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3374 [ 28 ] CVE-2010-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3389 [ 29 ] CVE-2010-3812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3812 [ 30 ] CVE-2010-3813 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3813 [ 31 ] CVE-2010-3999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3999 [ 32 ] CVE-2010-4042 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4042 [ 33 ] CVE-2010-4197 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4197 [ 34 ] CVE-2010-4198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4198 [ 35 ] CVE-2010-4204 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4204 [ 36 ] CVE-2010-4206 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4206 [ 37 ] CVE-2010-4492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4492 [ 38 ] CVE-2010-4493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4493 [ 39 ] CVE-2010-4577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4577 [ 40 ] CVE-2010-4578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4578 [ 41 ] CVE-2011-0007 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0007 [ 42 ] CVE-2011-0465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0465 [ 43 ] CVE-2011-0482 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0482 [ 44 ] CVE-2011-0721 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0721 [ 45 ] CVE-2011-0727 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0727 [ 46 ] CVE-2011-0904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0904 [ 47 ] CVE-2011-0905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0905 [ 48 ] CVE-2011-1072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1072 [ 49 ] CVE-2011-1097 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1097 [ 50 ] CVE-2011-1144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1144 [ 51 ] CVE-2011-1425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1425 [ 52 ] CVE-2011-1572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1572 [ 53 ] CVE-2011-1760 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1760 [ 54 ] CVE-2011-1951 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1951 [ 55 ] CVE-2011-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2471 [ 56 ] CVE-2011-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2472 [ 57 ] CVE-2011-2473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2473 [ 58 ] CVE-2011-2524 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2524 [ 59 ] CVE-2011-3365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3365 [ 60 ] CVE-2011-3366 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3366 [ 61 ] CVE-2011-3367 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3367 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201412-09.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-1195-1 August 23, 2011 webkit vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: Multiple security vulnerabilities were fixed in WebKit. Software Description: - webkit: Web content engine library for GTK+ Details: A large number of security issues were discovered in the WebKit browser and JavaScript engines. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 10.10: libwebkit-1.0-2 1.2.7-0ubuntu0.10.10.1 Ubuntu 10.04 LTS: libwebkit-1.0-2 1.2.7-0ubuntu0.10.04.1 After a standard system update you need to restart any applications that use WebKit, such as Epiphany and Midori, to make all the necessary changes

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the History object, which allows remote attackers to spoof the location bar's URL or add URLs to the history via a cross-origin attack. WebKit is prone to a same-origin validation bypass vulnerability. Attackers can exploit this issue by enticing an unsuspecting user into visiting a malicious webpage. Successful exploits will allow attackers to spoof addresses in the location bar or add arbitrary locations to the history. NOTE: This issue was previously covered in BID 44938 (Apple Safari Prior to 5.0.3 and 4.1.3 Multiple Security Vulnerabilities) but has been given its own record to better document it. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Apple Safari Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42264 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42264/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42264 RELEASE DATE: 2010-11-19 DISCUSS ADVISORY: http://secunia.com/advisories/42264/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42264/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42264 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities and weaknesses have been reported in Apple Safari, which can be exploited by malicious people to bypass certain security restrictions, conduct spoofing attacks, or compromise a user's system. 1) An integer overflow error in the handling of strings can be exploited to corrupt memory and potentially execute arbitrary code. 2) A weakness in the random number generator for JavaScript applications can be exploited to e.g. track users. 3) Multiple vulnerabilities in WebKit can be exploited by malicious people to compromise a user's system. For more information: SA41328 4) An integer underflow error in the handling of WebSockets can be exploited to corrupt memory and potentially execute arbitrary code. 5) An unspecified error in the handling of images created from "canvas" elements can be exploited to conduct cross-origin image thefts. This is related to vulnerability #12 in: SA41242 6) An invalid cast in the handling of editing commands can potentially be exploited to execute arbitrary code. 7) An invalid cast in the handling of inline styling can potentially be exploited to execute arbitrary code. 9) A use-after-free error in the handling of element attributes can be exploited to corrupt memory and potentially execute arbitrary code. 10) An integer overflow error in the handling of Text objects can be exploited to corrupt memory and potentially execute arbitrary code. 11) A weakness is caused due to WebKit performing DNS prefetching for HTML Link elements even when it is disabled. 12) Multiple use-after-free errors in the handling of plugins can be exploited to corrupt memory and potentially execute arbitrary code. This is related to vulnerability #5 in: SA41014 13) A use-after-free error in the handling of element focus can be exploited to corrupt memory and potentially execute arbitrary code. This is related to vulnerability #10 in: SA41242 14) A use-after-free error in the handling of scrollbars can be exploited to corrupt memory and potentially execute arbitrary code. 15) An invalid cast in the handling of CSS 3D transforms can potentially be exploited to execute arbitrary code. 16) A use-after-free error in the handling of inline text boxes can be exploited to corrupt memory and potentially execute arbitrary code. 17) An invalid cast in the handling of CSS boxes can potentially be exploited to execute arbitrary code. 18) An unspecified error in the handling of editable elements can be exploited to trigger an access of uninitialised memory and potentially execute arbitrary code. 19) An unspecified error in the handling of the ':first-letter' pseudo-element in cascading stylesheets can be exploited to corrupt memory and potentially execute arbitrary code. 20) An uninitialised pointer error in the handling of CSS counter styles can potentially be exploited to execute arbitrary code. 21) A use-after-free error in the handling of Geolocation objects can be exploited to corrupt memory and potentially execute arbitrary code. 22) A use-after-free error in the handling of "use" elements in SVG documents can be exploited to corrupt memory and potentially execute arbitrary code. 23) An invalid cast in the handling of SVG elements in non-SVG documents can potentially be exploited to execute arbitrary code. This is related to vulnerability #2 in: SA41443 24) An invalid cast in the handling of colors in SVG documents can potentially be exploited to execute arbitrary code. SOLUTION: Update to Safari 5.0.3 (Mac OS X 10.5.8, Mac OS X 10.6.4 or later, Windows 7, Vista, XP) or Safari 4.1.3 (Mac OS X 10.4.11). PROVIDED AND/OR DISCOVERED BY: 2) Amit Klein, Trusteer The vendor credits: 1, 10) J23 3) Jose A. Vazquez of spa-s3c.blogspot.com, Csaba Osztrogonac of University of Szeged, and also thabermann and chipplyman 4) Keith Campbell, and Cris Neckar, Google Chrome Security Team 5) Isaac Dawson, and James Qiu, Microsoft and Microsoft Vulnerability Research (MSVR) 6, 22, 23) wushi, team509 7, 15 - 17, 19, 24) Abhishek Arya (Inferno), Google Chrome Security Team 8) Mike Taylor, Opera Software 9) Michal Zalewski 11) Jeff Johnson, Rogue Amoeba Software 13) Vupen 14) Rohit Makasana, Google Inc. 20, 21) kuzzcc ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4455 Trusteer: http://www.trusteer.com/sites/default/files/Temporary_User_Tracking_in_Major_Browsers.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . For more information: SA40257 SA41328 SA42151 SA42312 SOLUTION: Upgrade to iOS 4.2 (downloadable and installable via iTunes). For more information: SA32349 SA33495 SA35095 SA35379 SA35411 SA35449 SA35758 SA36269 SA36677 SA37273 SA37346 SA37769 SA38061 SA38545 SA38932 SA39029 SA39091 SA39384 SA39661 SA39937 SA40002 SA40072 SA40105 SA40112 SA40148 SA40196 SA40257 SA40664 SA40783 SA41014 SA41085 SA41242 SA41328 SA41390 SA41443 SA41535 SA41841 SA41888 SA41968 SA42151 SA42264 SA42290 SA42312 SA42443 SA42461 SA42658 SA42769 SA42886 SA42956 SA43053 SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server

Multiple Hitachi products have vulnerabilities that allow malicious users to conduct denial of service attacks. There is an unspecified error in the Collaboration file sharing component, and WebDav needs to be enabled to successfully exploit the vulnerability. A remote attacker can leverage this issue to cause denial-of-service condition. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Hitachi Products Collaboration Server Denial of Service Vulnerability SECUNIA ADVISORY ID: SA42299 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42299/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42299 RELEASE DATE: 2010-11-17 DISCUSS ADVISORY: http://secunia.com/advisories/42299/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42299/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42299 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in multiple Hitachi products, which can be exploited by malicious people to cause a DoS (Denial of Service). No further information is currently available. Successful exploitation requires WebDav to be enabled. Please see the vendor's advisory for the list of affected products. SOLUTION: Apply patches. Please see the vendor's advisory for more details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HS10-029: http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-029/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cisco Unified Videoconferencing is prone to multiple remote vulnerabilities and a weakness. An attacker can exploit these issue to gain unauthorized access to the affected device, gain access to sensitive information, compromise the affected device, and hijack a user's session. Other attacks are also possible. The following products are affected: Cisco Unified Videoconferencing 5110 System Cisco Unified Videoconferencing 5115 System Cisco Unified Videoconferencing 5230 System Cisco Unified Videoconferencing 3545 System Cisco Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway Cisco Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway Cisco Unified Videoconferencing 3515 Multipoint Control Unit (MCU) This BID is being retired. The following individual records exist to better document the issues: 44922 Cisco Unified Videoconferencing Multiple Remote Command Injection Vulnerabilities 44923 Cisco Unified Videoconferencing Password Obfuscation Vulnerability 44924 Cisco Unified Videoconferencing Hardcoded User Credentials Authentication Bypass Vulnerability 44925 Cisco Unified Videoconferencing Security Bypass Vulnerability 44926 Cisco Unified Videoconferencing Web Interface Weak Session Cookie Session Hijacking Vulnerability 44927 Cisco Unified Videoconferencing Local Information Disclosure Vulnerability 44928 Cisco Unified Videoconferencing FTP Server Security Weakness 44929 Cisco Unified Videoconferencing Security Bypass Vulnerability 44936 Cisco Unified Videoconferencing Local Information Disclosure Vulnerability

SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. The ConnectionMonitorServlet and CatalogBufferMonitorServlet scripts included in SAP NetWeaver lack sufficient filtering for the connid and reqTableColumns parameters. Attackers can send links to administrators to obtain sensitive information such as COOKIE. The SQL Monitor of SAP NetWeaver is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks

SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. The SAP Netweaver Metamodel Repository is accessible by default in the old SAP ECC version without authentication. The attacker can access the test performance page: http://sapserver:8000/mmr/MMR?page=MMRPerformance if used max. Data size for performance testing, the server will consume 100% CPU. The attacker writes a script that calls this script 100, and the server will not respond for a long time. SAP NetWeaver is prone to a remote denial-of-service vulnerability An attacker can exploit this issue to cause a high CPU load and make the application unresponsive, denying service to legitimate users

Vtiger CRM is prone to an arbitrary-file-upload vulnerability, multiple local file-include vulnerabilities, and multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. Attackers can exploit these issues to upload and execute arbitrary code in the context of the webserver process, view and execute arbitrary local files within the context of the webserver process, steal cookie-based authentication information, execute arbitrary client-side scripts in the context of the browser, and obtain sensitive information. Other attacks are also possible. Vtiger CRM 5.2.0 is vulnerable; other versions may also be affected.

Cisco Unified Videoconferencing (Cisco Video Conferencing Products) is Cisco's web conferencing solution. There are multiple vulnerabilities in Cisco's universal video conferencing products that can be exploited by malicious local users to disclose sensitive information, gain higher privileges, manipulate affected systems, hijack another user's session, and secretly manipulate affected systems. 1. There are multiple hardcoded accounts that cannot be disabled. (\"root\", \"cs\", and \"develop\") 2. The value entered into goform/websXMLAdminRequestCgi.cgi via the \"username\" parameter is not properly filtered before being used as a command line argument. 3. The reversible password hashing method is used in the configuration file /opt/rv/Versions/CurrentVersion/Mcu/Config/Mcu.val to obtain the administrator password and operator account information. 4. A globally readable shadow password. 5. Create a session ID based on the time counter to hijack another user session, for example: use a barbarian attack to retell all possible time values from the last system boot time. 6, Base64 encoded cookies or plain text storage certificates to obtain device permissions, such as: steal network traffic or man-in-the-middle attacks. Note: In addition, there are some configuration issues in the FTP, Web, and OpenSSH servers. An attacker can exploit this issue to obtain sensitive information that may lead to further attacks. This issue is being tracked by Cisco bug ID CSCti54052

Cisco Unified Videoconferencing is an integral part of the Cisco Unified Communications system for organizations and service providers who need a reliable, easy-to-manage, and cost-effective network infrastructure for video conferencing applications. Users with access to the Linux operating system can obtain files for the storage administrator and the Cisco UVC web GUI action account. The passwords in this file use a simple and reversible hash mechanism that allows an attacker to recover the account password. Cisco Unified Videoconferencing is prone to a weak-password obfuscation vulnerability. An attacker can exploit this issue to gain unauthorized access to the affected device. This issue is being tracked by Cisco bug ID CSCti54010. The following products are affected: Cisco Unified Videoconferencing 5110 System Cisco Unified Videoconferencing 5115 System Cisco Unified Videoconferencing 5230 System Cisco Unified Videoconferencing 3545 System Cisco Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway Cisco Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway Cisco Unified Videoconferencing 3515 Multipoint Control Unit (MCU) NOTE: This issue was previously discussed in BID 44908 (Cisco Unified Videoconferencing Multiple Vulnerabilities and Weakness) but has been given its own record to better document it

Cisco Unified Videoconferencing is an integral part of the Cisco Unified Communications system for organizations and service providers who need a reliable, easy-to-manage, and cost-effective network infrastructure for video conferencing applications. The shadow password must only be readable by the root account. This application allows users who have access to the system shell to read the shadow password file. The wrong configuration allows sensitive users accessing the Linux operating system directory to obtain sensitive information. Cisco Unified Videoconferencing is prone to a security bypass vulnerability. Successful exploits compromise the affected device or cause a denial-of-service condition. This issue affects the Linux-based operating system Cisco UVC product. These issues are being tracked by Cisco bug ID CSCti54045. NOTE: This issue was previously discussed in BID 44908 (Cisco Unified Videoconferencing Multiple Vulnerabilities and Weakness) but has been given its own record to better document it

Cisco Unified Videoconferencing is an integral part of the Cisco Unified Communications system for organizations and service providers who need a reliable, easy-to-manage, and cost-effective network infrastructure for video conferencing applications. The SSH server has a restricted shell, but the SSH server configuration allows X.11 to forward and create SOCK proxies. The misconfiguration of this service only affects Linux-based Cisco UVC products. Cisco Unified Videoconferencing is prone to a security bypass vulnerability. Successful exploits compromise the affected device or cause a denial-of-service condition. These issues are being tracked by Cisco bug ID CSCti54047. NOTE: These issue was previously discussed in BID 44908 (Cisco Unified Videoconferencing Multiple Vulnerabilities and Weakness) but has been given its own record to better document it

Cisco Unified Videoconferencing is an integral part of the Cisco Unified Communications system for organizations and service providers who need a reliable, easy-to-manage, and cost-effective network infrastructure for video conferencing applications. The session ID of the Cisco UVC web interface is incremented based on the timer, guessing the session ID, and the attacker hijacks the hijacked target user session. Cisco Unified Videoconferencing is prone to a session-hijacking vulnerability. An attacker can exploit this issue to gain access to the affected application. This issue is being tracked by Cisco bug ID CSCti54048. NOTE: This issue was previously discussed in BID 44908 (Cisco Unified Videoconferencing Multiple Vulnerabilities and Weakness) but has been given its own record to better document it

Cisco Unified Videoconferencing is prone to an information-disclosure vulnerability. An attackers can exploit this issue to obtain sensitive information that may lead to further attacks. This issue is being tracked by Cisco bug ID CSCti54043. The following products are affected: Cisco Unified Videoconferencing 5110 System Cisco Unified Videoconferencing 5115 System Cisco Unified Videoconferencing 5230 System Cisco Unified Videoconferencing 3545 System Cisco Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway Cisco Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway Cisco Unified Videoconferencing 3515 Multipoint Control Unit (MCU) NOTE: This issue was previously discussed in BID 44908 (Cisco Unified Videoconferencing Multiple Vulnerabilities and Weakness) but has been given its own record to better document it.

Cisco Unified Videoconferencing is an integral part of the Cisco Unified Communications system for organizations and service providers who need a reliable, easy-to-manage, and cost-effective network infrastructure for video conferencing applications. The default Cisco UVC system enables the FTP server, and an attacker can use the FTP server to obtain the /etc/shadow file. The FTP access to the device can be controlled through the \"Security mode\" field in the WEB GUI of the Cisco UVC product. If the security settings are configured to be high or medium, the device will not receive FTP connections. Cisco Unified Videoconferencing is prone to a security weakness. The weakness can potentially be used to leverage other latent vulnerabilities in the affected device. This issue affects Linux-based operating system Cisco UVC products and VxWorks-based Cisco UVC products. This issue is being tracked by Cisco bug ID CSCti72032. NOTE: This issue was previously discussed in BID 44908 (Cisco Unified Videoconferencing Multiple Vulnerabilities and Weakness) but has been given its own record to better document it

The Hitachi Groupmax client product has vulnerabilities that allow malicious users to conduct denial of service attacks or execute arbitrary code. An unknown error when processing a file can cause a buffer overflow. Successful exploitation of the vulnerability could execute arbitrary code in the application security context. Multiple Hitachi Groupmax products are prone to an unspecified buffer-overflow vulnerability. Successful exploits will compromise the application and possibly the underlying system. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Hitachi Groupmax Client Products Unspecified Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA42303 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42303/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42303 RELEASE DATE: 2010-11-17 DISCUSS ADVISORY: http://secunia.com/advisories/42303/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42303/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42303 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in multiple Hitachi Groupmax Client products, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a user's system. Please see the vendor's advisory for the list of affected products. SOLUTION: Apply patches. Please see the vendor's advisory for more details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HS10-028: http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-028/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

goform/websXMLAdminRequestCgi.cgi in Cisco Unified Videoconferencing (UVC) System 5110 and 5115, and possibly Unified Videoconferencing System 3545 and 5230, Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway, Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway, and Unified Videoconferencing 3515 Multipoint Control Unit (MCU), allows remote authenticated administrators to execute arbitrary commands via the username field, related to a "shell command injection vulnerability," aka Bug ID CSCti54059. Cisco Unified Videoconferencing is an integral part of the Cisco Unified Communications system for organizations and service providers who need a reliable, easy-to-manage, and cost-effective network infrastructure for video conferencing applications. The script lacks proper filtering for multiple parameters, including but not limited to the \"username\" field. Obviously, the WEB service runs with ROOT privileges, which can lead to an attacker having complete control over the device. Cisco Unified Videoconferencing is prone to multiple remote command-injection vulnerabilities because it fails to properly sanitize user-supplied input. These issues are being tracked by Cisco bug ID CSCti54059. NOTE: These issues were previously discussed in BID 44908 (Cisco Unified Videoconferencing Multiple Vulnerabilities and Weakness) but have been given their own record for better documentation. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. 1) Multiple hard-coded accounts exist ("root", "cs", and "develop") that cannot be disabled, which can be exploited to potentially gain access to the device via e.g. brute force attacks. Successful exploitation requires administrative credentials. using a brute force attack to iterate over all possible time values from last system boot time. sniffing network traffic or a Man-in-the-Middle (MitM) attack. NOTE: Additionally, some configuration issues exists in the FTP, Web, and OpenSSH servers. PROVIDED AND/OR DISCOVERED BY: Florent Daigniere, Matta Consulting. ORIGINAL ADVISORY: Matta (MATTA-2010-001): http://www.trustmatta.com/advisories/MATTA-2010-001.txt Cisco: http://www.cisco.com/warp/public/707/cisco-sr-20101117-cuvc.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Matta Consulting - Matta Advisory http://www.trustmatta.com Cisco Unified Videoconferencing multiple vulnerabilities Advisory ID: MATTA-2010-001 CVE reference: CVE-2010-3037 CVE-2010-3038 Affected platforms: Cisco Unified Videoconferencing 3515,3522,3527,5230,3545, 5110,5115 Systems and unspecified Radvision systems Version: 7.0.1.13.3 at least and more likely all Date: 2010-August-03 Security risk: Critical Exploitable from: Remote Vulnerability: Multiple vulnerabilities Researcher: Florent Daigniere Vendor Status: Notified, working on a patch Vulnerability Disclosure Policy: http://www.trustmatta.com/advisories/matta-disclosure-policy-01.txt Permanent URL: http://www.trustmatta.com/advisories/MATTA-2010-001.txt ===================================================================== Description: During an external pentest exercise for one of our clients, multiple vulnerabilities and weaknesses were found on the Cisco CUVC-5110-HD10 which allowed us to ultimately gain access to the internal network. - - Hard-coded credentials - CVE-2010-3038 Three accounts have a login shell and a password the administrator can neither disable nor change. The affected accounts are "root", "cs" and "develop". Matta didn't spend the CPU cycles required to get those passwords but will provide the salted hashes to interested parties. - - Services misconfiguration There is an FTP daemon (vsftpd) running but no mention in the documentation of what it might be useful for. User credentials created from the web-interface allow to explore the filesystem/firmware of the device. The file /etc/shadow has read permissions for all. The ssh daemon (openssh) has a non-default but curious configuration. It allows port-forwarding and socks proxies to be created, X11 to be forwarded... even with the restricted shells. The daemon binding the port of the web-interface is running as root. There are numerous ways of remotely gathering the remote time and uptime, the easiest being to ask over RPC... Assuming that a user or an administrator logged into the device shortly after it was powered up, and that the network connectivity is fast, it is practical to bruteforce a valid session id. Using this vulnerability, a non-authenticated attacker can authenticate. Over http in default configuration. While users are not expected to reuse their credentials, in practice they do; this is an information-disclosure bug. This is an information-disclosure bug. Best practices recommend using PBKDF2 to store passwords. ===================================================================== Impact If successful, a malicious third party can get full control of the device and harvest user passwords with little to no effort. The Attacker might reposition and launch an attack against other parts of the target infrastructure from there. All deployed versions are probably vulnerable. ===================================================================== Threat mitigation Until a patch is issued by the vendor, Matta recommends you unplug the device from its network socket. ===================================================================== Base64 encoded decryption script for the credentials: IyEvYmluL2Jhc2gKIyBTbWFsbCBzY3JpcHQgdG8gZGVvYmZ1c2NhdGUgQ2lzY28gQ1VWQy01MTEw LUhEMTAncyBwYXNzd29yZHMKIyBAc2VlIE1BVFRBLTIwMTAtMDAxCiMKIyAkMSBpcyB0aGUgb2Jm dXNjYXRlZCBwYXNzd29yZAojIGV4YW1wbGUgdXNhZ2U6CiMKIyAkLi9kZWNvZGUtcGFzc3dvcmQu c2ggZDVjNGQ2ZDZkMmNhZDdjMQojIHBhc3N3b3JkCiMKIwoKZWNobyAtbiAkMXxzZWQgJ3MvXCgu LlwpL1wxXG4vZyd8d2hpbGUgcmVhZCBsaW5lCmRvCgljYXNlICIkbGluZSIgaW4KCQljNCkgbD1h IDs7CgkJZTQpIGw9QSA7OwoJCWM3KSBsPWIgOzsKCQllNykgbD1CIDs7CgkJYzYpIGw9YyA7OwoJ CWU2KSBsPUMgOzsKCQljMSkgbD1kIDs7CgkJZTEpIGw9RCA7OwoJCWMwKSBsPWUgOzsKCQllMCkg bD1FIDs7CgkJYzMpIGw9ZiA7OwoJCWUzKSBsPUYgOzsKCQljMikgbD1nIDs7CgkJZTIpIGw9RyA7 OwoJCWNkKSBsPWggOzsKCQllZCkgbD1IIDs7CgkJY2MpIGw9aSA7OwoJCWVjKSBsPUkgOzsKCQlj ZikgbD1qIDs7CgkJZWYpIGw9SiA7OwoJCWNlKSBsPWsgOzsKCQllZSkgbD1LIDs7CgkJYzkpIGw9 bCA7OwoJCWU5KSBsPUwgOzsKCQljOCkgbD1tIDs7CgkJZTgpIGw9TSA7OwoJCWNiKSBsPW4gOzsK CQllYikgbD1OIDs7CgkJY2EpIGw9byA7OwoJCWRhKSBsPU8gOzsKCQlkNSkgbD1wIDs7CgkJZjUp IGw9UCA7OwoJCWQ0KSBsPXEgOzsKCQlmNCkgbD1RIDs7CgkJZDcpIGw9ciA7OwoJCWY3KSBsPVIg OzsKCQlkNikgbD1zIDs7CgkJZjYpIGw9UyA7OwoJCWQxKSBsPXQgOzsKCQlmMSkgbD1UIDs7CgkJ ZDApIGw9dSA7OwoJCWYwKSBsPVUgOzsKCQlkMykgbD12IDs7CgkJZjMpIGw9ViA7OwoJCWQyKSBs PXcgOzsKCQlmMikgbD1XIDs7CgkJZGQpIGw9eCA7OwoJCWZkKSBsPVggOzsKCQlkYykgbD15IDs7 CgkJZmMpIGw9WSA7OwoJCWRmKSBsPXogOzsKCQlmZikgbD1aIDs7CgoJCTk1KSBsPTAgOzsKCQk5 NCkgbD0xIDs7CgkJOTcpIGw9MiA7OwoJCTk2KSBsPTMgOzsKCQk5MSkgbD00IDs7CgkJOTApIGw9 NSA7OwoJCTkzKSBsPTYgOzsKCQk5MikgbD03IDs7CgkJOWQpIGw9OCA7OwoJCTljKSBsPTkgOzsK CQkqKSAgbD0/OzsKCWVzYWMKCWVjaG8gLW4gIiRsIjsKZG9uZQplY2hvICIiCg== ===================================================================== Credits This vulnerability was discovered and researched by Florent Daigniere from Matta Consulting. Thank you to Paul Oxman and Matthew Cerha from the Cisco PSIRT for the coordination effort. ===================================================================== History 30-07-10 initial discovery 05-08-10 our client has mitigated the risk for his infrastructure ... 23-08-10 initial attempt to contact the vendor 23-08-10 sent pre-advisory to the vendor PSIRT on psirt@cisco.com using PGP id 0xCF14FEE0 23-08-10 reply from the vendor, case PSIRT-0217563645 is open ... 21-09-10 agreement on the public disclosure date ... 08-11-10 planned disclosure date (missed), CVE assignments ... 17-11-10 public disclosure ===================================================================== About Matta Matta is a privately held company with Headquarters in London, and a European office in Amsterdam. Established in 2001, Matta operates in Europe, Asia, the Middle East and North America using a respected team of senior consultants. Matta is an accredited provider of Tigerscheme training; conducts regular research and is the developer behind the webcheck application scanner, and colossus network scanner. http://www.trustmatta.com http://www.trustmatta.com/webapp_va.html http://www.trustmatta.com/network_va.html ===================================================================== Disclaimer and Copyright Copyright (c) 2010 Matta Consulting Limited. All rights reserved. This advisory may be distributed as long as its distribution is free-of-charge and proper credit is given. Matta Consulting disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Matta Consulting or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Matta Consulting or its suppliers have been advised of the possibility of such damages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Response: Multiple Vulnerabilities in Cisco Unified Videoconferencing Products http://www.cisco.com/warp/public/707/cisco-sr-20101117-cuvc.shtml Revision 1.0 For Public Release 2010 November 17 1600 UTC (GMT) +--------------------------------------------------------------------- Cisco Response ============== This is the Cisco Product Security Incident Response Team (PSIRT) response to a posting entitled "Cisco Unified Videoconferencing multiple vulnerabilities" by Florent Daigniere of Matta Consulting regarding vulnerabilities in the Cisco Unified Videoconferencing (Cisco UVC) 5100 series products. The original report is available at the following links: http://seclists.org/fulldisclosure/2010/Nov/167 http://www.trustmatta.com/advisories/MATTA-2010-001.txt Cisco would like to thank Florent Daigniere of Matta Consulting for reporting these vulnerabilities to us. Cisco greatly appreciate the opportunity to work with researchers on security vulnerabilities and welcome the opportunity to review and assist in product reports. All versions of system software prior to the first fixed, which is indicated in the Software Version and Fixes Table, are affected. To view the version of system software that is currently running on Cisco Unified Videoconferencing 5100 Series Products, access the Cisco UVC device via the web GUI interface. On the status screen, the "Software Version" field below the "Product Information" section indicates the current system software. Details for Reported Vulnerabilities ==================================== Hard-Coded Credentials in Cisco UVC Products +------------------------------------------- The Linux shell contains three hard-coded usernames and passwords. The passwords cannot be changed, and the accounts cannot be deleted. Attackers could leverage these accounts to obtain remote access to a device by using permitted remote access protocols. This vulnerability only affects Linux-based operating system Cisco UVC products. Exploitation of this vulnerability could result in a complete compromise of the device. This vulnerability affects Linux-based operating system Cisco UVC products. It may also affect VxWorks-based Cisco UVC products. The passwords in this file are obfuscated using an easily reversible hashing scheme. Exploit code that assists in recovering the passwords exists. This vulnerability affects only Linux-based operating system Cisco UVC products. FTP Server Accessible by Default in Cisco UVC Products +----------------------------------------------------- The FTP server is enabled by default on Cisco UVC systems. An attacker can leverage the FTP server to exploit other vulnerabilities in this Cisco Security Response. Authentication is required to log into the device via the FTP server. FTP access to the device can be controlled via the "Security mode" field of the Cisco UVC products web GUI. If the Security setting is configured as "High" or "Maximum," the device will not accept FTP connections. For further information, consult the Configuration Guide for Cisco Unified Videoconferencing 5000 MCU Release 7.0 at the following link: http://www.cisco.com/en/US/docs/video/cuvc/7_0/configuration_guide/setup.html#wp1690479 This service misconfiguration affects both Linux-based operating system Cisco UVC products and VxWorks-based Cisco UVC products. Shadow Password File has Read Permissions for All Users in Cisco UVC Products +---------------------------------------------------------------------------- The shadow password file should only be readable by the root account. Allowing read access to the shadow password file allows other users of the system with shell access to retrieve the shadow password file. An authenticated user who has access to the Linux operating system directories, may be able to retrieve the shadow password file. This service misconfiguration only affects Linux-based operating system Cisco UVC products. Lock Down OpenSSH Configuration in Cisco UVC Products +---------------------------------------------------- The SSH server has a restricted shell, however the configuration of the SSH server allows for X.11 forwarding and socks proxies to be created. This service misconfiguration affects only Linux-based operating system Cisco UVC products. Daemon That Binds the Port of the Web Interface Runs as root in Cisco UVC Products In the event that all attacker exploits a flaw in a script running with root's permissions that allows them to write to files, gain access to the system or cause a denial of service. This service misconfiguration affects only Linux-based operating system Cisco UVC products. Weak Session IDs on the Web Interface in Cisco UVC Products +---------------------------------------------------------- The Cisco UVC web interface has session IDs that are incremented based on a time counter. Having predictable session IDs, assists in the hijacking of user sessions. This vulnerability affects both Linux-based operating system Cisco UVC products and VxWorks-based Cisco UVC products. Usage of Cookies to Store Credentials in Cisco UVC Products +---------------------------------------------------------- On Linux-based Cisco UVC products, web interface credentials are stored in Base64 format in the cookie that is sent to a browser. On VxWorks-based Cisco UVC products, web interface credentials are stored in Base64 format or in clear text. This vulnerability affects both Linux-based operating system Cisco UVC products and VxWorks-based Cisco UVC products. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. All Cisco UVC software versions prior to the first fixed software release, which is indicated in the following table, are affected by the associated vulnerabilities. This software table will be updated as software fixes become available. +---------------------------------------+ | Linux Cisco UVC Operating System | | Versions | |---------------------------------------| | Product: | First Fixed | | | Release | |-------------------+-------------------| | | Currently no | | Cisco Unified | fixed code | | Videoconferencing | available. | | 5110 and 5115 | Contact your | | Systems | support | | | organization. | |---------------------------------------| | VxWorks Cisco UVC Operating System | | Versions | |---------------------------------------| | Product: | First Fixed | | | Release | |-------------------+-------------------| | | Currently no | | Cisco Unified | fixed code | | Videoconferencing | available. | | 5230 System: | Contact your | | | support | | | organization. | | 3545 System: | Contact your | | | support | | | organization. | | 3515 MCU: | Contact your | | | support | | | organization. | | 3522 BRI Gateway: | Contact your | | | support | | | organization. | | 3527 PRI Gateway: | Contact your | | | support | | | organization. | +---------------------------------------+ Workarounds =========== There are no workarounds for the vulnerabilities that are described in this Cisco Security Response. Administrators can mitigate these vulnerabilities by limiting access to Cisco UVC web server to trusted hosts by disabling FTP, SSH, and Telnet services and by setting the "Security mode" field in the "Security" section of the Cisco UVC web GUI to "Maximum." For further information, consult the Configuration Guide for Cisco Unified Videoconferencing 5000 MCU Release 7.0 at the following link: http://www.cisco.com/en/US/docs/video/cuvc/7_0/configuration_guide/setup.html#wp1690479 THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. Status of this Notice: INTERIM ============================== THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE.YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.CISCO EXPECTS TO UPDATE THIS DOCUMENT AS NEW INFORMATION BECOMES AVAILABLE. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Revision History ================ +------------------------------------------------------------+ | Revision 1.0 | 2010-November-17 | Initial public release. | +------------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iF4EAREIAAYFAkzj6GAACgkQQXnnBKKRMNBMtwEAhEp+BKb+iRvXhPCBw/SGJSjx mM5ljSrDefGSCtlhkawA/Ap85VdNrVcb3lVWb5rtXoqGbrqDnDozK6DGKejmQd8M =f751 -----END PGP SIGNATURE-----