All articles

October 04, 2012 08:48 Debian: Security update for The Gimp

0

This update of The Gimp fixes a heap overflow that could have been exploited by attackers to cause a Denial of Service (application crash) or to potentially execute arbitrary code. Updated packages are available from security.debian.org.

October 04, 2012 08:46 Debian: Security update for Performance Co-Pilot

0

It was discovered that Performance Co-Pilot (pcp), a framework for performance monitoring, contains several vulnerabilites. Multiple buffer overflows in the PCP protocol decoders can cause PCP clients and servers to crash or, potentially, execute arbitrary code while processing crafted PDUs. The “linux” PMDA used by the pmcd daemon discloses sensitive information from the /proc file system to unauthenticated clients.

Multiple memory leaks processing crafted requests can cause pmcd to consume large amounts of memory and eventually crash. Incorrect event-driven programming allows malicious clients to prevent other clients from accessing the pmcd daemon.

Updated packages are available from security.debian.org.

October 01, 2012 07:49 Debian: Security update for Performance Co-Pilot

0

It was discovered that Performance Co-Pilot (pcp), a framework for performance monitoring, contains several vulnerabilites. Multiple buffer overflows in the PCP protocol decoders can cause PCP clients and servers to crash or, potentially, execute arbitrary code while processing crafted PDUs. The “linux” PMDA used by the pmcd daemon discloses sensitive information from the /proc file system to unauthenticated clients. Multiple memory leaks processing crafted requests can cause pmcd to consume large amounts of memory and eventually crash.

Incorrect event-driven programming allows malicious clients to prevent other clients from accessing the pmcd daemon. Updated packages are available from security.debian.org.

October 01, 2012 07:48 Red Hat: Security update for teTeX

0

teTeX is an implementation of TeX. TeX takes a text file and a set of formatting commands as input, and creates a typesetter-independent DeVice Independent (DVI) file as output. teTeX embeds a copy of t1lib to rasterize bitmaps from PostScript Type 1 fonts. The following issues affect t1lib code: Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics (AFM) files. If a specially-crafted font file was opened by teTeX, it could cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX.

An invalid pointer dereference flaw was found in t1lib. A specially-crafted font file could, when opened, cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX. A use-after-free flaw was found in t1lib. A specially-crafted font file could, when opened, cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX. An off-by-one flaw was found in t1lib. A specially-crafted font file could, when opened, cause teTeX to crash or, potentially, execute arbitrary code with the privileges of the user running teTeX.

An out-of-bounds memory read flaw was found in t1lib. A specially-crafted font file could, when opened, cause teTeX to crash. teTeX embeds a copy of Xpdf, an open source Portable Document Format (PDF) file viewer, to allow adding images in PDF format to the generated PDF documents. The following issues affect Xpdf code: An uninitialized pointer use flaw was discovered in Xpdf. If pdflatex was used to process a TeX document referencing a specially-crafted PDF file, it could cause pdflatex to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex.

An array index error was found in the way Xpdf parsed PostScript Type 1 fonts embedded in PDF documents. If pdflatex was used to process a TeX document referencing a specially-crafted PDF file, it could cause pdflatex to crash or, potentially, execute arbitrary code with the privileges of the user running pdflatex.

Updated packages are available from ftp.redhat.com.

October 01, 2012 07:47 Red Hat: Security update for libvirt

0

The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. A flaw was found in libvirtd’s RPC call handling. An attacker able to establish a read-only connection to libvirtd could trigger this flaw with a specially-crafted RPC command that has the number of parameters set to 0, causing libvirtd to access invalid memory and crash.

Updated packages are available from ftp.redhat.com.

October 01, 2012 07:46 Ubuntu: Security update for ImageMagick

0

Tom Lane discovered that ImageMagick would not always properly allocate memory. If a user or automated system using ImageMagick were tricked into opening a specially crafted PNG image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Updated packages are available from security.ubuntu.com.

October 01, 2012 07:41 Debian: Security update for libapache2-mod-rpaf

0

Sebastien Bocahu discovered that the reverse proxy add forward module for the Apache webserver is vulnerable to a denial of service attack through a single crafted request with many headers. Updated packages are available from security.debian.org.

September 28, 2012 06:36 Red Hat: Security update for the Linux kernel

0

The kernel packages contain the Linux kernel, the core of any Linux operating system.

This update fixes the following security issue:

  • A flaw was found in the way the Linux kernel’s dl2k driver, used by certain D-Link Gigabit Ethernet adapters, restricted IOCTLs. A local, unprivileged user could use this flaw to issue potentially harmful IOCTLs, which could cause Ethernet adapters using the dl2k driver to malfunction (for example, losing network connectivity). (CVE-2012-2313, Low)

Red Hat would like to thank Stephan Mueller for reporting this issue.

This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section.

Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.

September 28, 2012 06:35 Ubuntu: Security update for Config::IniFiles

0

It was discovered that the perl Config::IniFiles module created temporary files in an unsafe manner. A local user with write access to the directory containing a configuration file that Config-IniFiles manipulates could exploit this to overwrite arbitrary files. Updated packages are available from security.ubuntu.com.

September 28, 2012 06:34 Ubuntu: Security update for PostgreSQL

0

Peter Eisentraut discovered that the XSLT functionality in the optional XML2 extension would allow unprivileged database users to both read and write data with the privileges of the database server. Noah Misch and Tom Lane discovered that the XML functionality in the optional XML2 extension would allow unprivileged database users to read data with the privileges of the database server.

Updated packages are available from security.ubuntu.com.

September 28, 2012 06:32 Red Hat: Security update for The GIMP

0

The GIMP (GNU Image Manipulation Program) is an image composition and editing program. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the GIMP’s Adobe Photoshop (PSD) image file plug-in. An attacker could create a specially-crafted PSD image file that, when opened, could cause the PSD plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the GIMP’s GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP.

A heap-based buffer overflow flaw was found in the Lempel-Ziv-Welch (LZW) decompression algorithm implementation used by the GIMP’s GIF image format plug-in. An attacker could create a specially-crafted GIF image file that, when opened, could cause the GIF plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP. A heap-based buffer overflow flaw was found in the GIMP’s KiSS CEL file format plug-in. An attacker could create a specially-crafted KiSS palette file that, when opened, could cause the CEL plug-in to crash or, potentially, execute arbitrary code with the privileges of the user running the GIMP.

Updated packages are available from ftp.redhat.com.

September 28, 2012 06:30 Debian: Security update for Xen

0

Several denial-of-service vulnerabilities have been discovered in Xen, the popular virtualization software. Guest mode unprivileged code, which has been granted the privilege to access MMIO regions, may leverage that access to crash the whole guest. Since this be used to crash a client from within, this vulnerability is consider with low impact. A guest kernel can cause the host to become unresponsive for a period of time, potentially leading to a DoS. Since an attacker with full control in the guest can impact on the host, this vulnerability is consider with high impact.

Updated packages are available from security.debian.org.

September 26, 2012 07:23 Ubuntu: Security update for NSS

0

Kaspar Brand discovered a vulnerability in how the Network Security Services (NSS) ASN.1 decoder handles zero length items. If the user were tricked into opening a specially crafted certificate, an attacker could possibly exploit this to cause a denial of service via application crash. Updated packages are available from security.ubuntu.com.

September 26, 2012 07:18 Red Hat: Security update for flash player

0

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes one vulnerability in Adobe Flash Player. Specially-crafted SWF content could cause flash-plugin to crash or, potentially, execute arbitrary code when a victim loads a page containing the malicious SWF content. Updated packages are available from ftp.redhat.com.

September 26, 2012 07:17 Debian: Security update for rssh

0

Henrik Erkkonen discovered that rssh, a restricted shell for SSH, does not properly restrict shell access. Updated packages are available from security.debian.org.

September 26, 2012 07:16 Debian: Security update for Django

0

Jeroen Dekkers and others reported several vulnerabilities in Django, a Python Web framework. Two functions do not validate the scheme of a redirect target, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via a data: URL. The ImageField class completely decompresses image data during image validation, which allows remote attackers to cause a denial of service (memory consumption) by uploading an image file.

The get_image_dimensions function in the image-handling functionality uses a constant chunk size in all attempts to determine dimensions, which allows remote attackers to cause a denial of service (process or thread consumption) via a large TIFF image.

Updated packages are available from security.debian.org.

September 26, 2012 07:15 Debian: Security update for Icedove

0

Several vulnerabilities were discovered in Icedove, Debian’s version of the Mozilla Thunderbird mail and news client. Multiple unspecified vulnerabilities in the browser engine were fixed. The underlying browser engine allows address bar spoofing through drag-and-drop. A use-after-free vulnerability in the nsDocument::AdoptNode function allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code.

An error in the implementation of the Javascript sandbox allows execution of Javascript code with improper privileges using javascript: URLs.

Updated packages are available from security.debian.org.

September 24, 2012 12:59 Red Hat: Security update for Linux kernel

0

The kernel packages contain the Linux kernel, the core of any Linux operating system. An integer overflow flaw was found in the i915_gem_execbuffer2() function in the Intel i915 driver. A local, unprivileged user could use this flaw to cause a denial of service. This issue only affected 32-bit systems. A missing initialization flaw was found in the sco_sock_getsockopt_old() function in the Bluetooth implementation. A local, unprivileged user could use this flaw to cause an information leak. Updated packages are available from ftp.redhat.com.

September 24, 2012 12:58 Ubuntu: Security update for LibreOffice

0

It was discovered that LibreOffice incorrectly handled certain encryption tags in Open Document Text (.odt) files. If a user were tricked into opening a specially crafted file, an attacker could cause LibreOffice to crash or possibly execute arbitrary code with the privileges of the user invoking the program. Updated packages are available from security.ubuntu.com.

September 24, 2012 12:57 Ubuntu: Security update for OpenOffice.org

0

It was discovered that OpenOffice.org incorrectly handled certain encryption tags in Open Document Text (.odt) files. If a user were tricked into opening a specially crafted file, an attacker could cause OpenOffice.org to crash or possibly execute arbitrary code with the privileges of the user invoking the program. Updated packages are available from security.ubuntu.com.

September 24, 2012 12:56 Debian: Security update for PHP

0

Several vulnerabilities have been discovered in PHP, the web scripting language. A buffer overflow in the scandir() function could lead to denial of service of the execution of arbitrary code. It was discovered that inconsistent parsing of PDO prepared statements could lead to denial of service. Updated packages are available from security.debian.org.

September 24, 2012 12:54 Ubuntu: Security update for libotr

0

Just Ferguson discovered that libotr, an off-the-record (OTR) messaging library, can be forced to perform zero-length allocations for heap buffers that are used in base64 decoding routines. An attacker can exploit this flaw by sending crafted messages to an application that is using libotr to perform denial of service attacks or potentially execute arbitrary code. Updated packages are available from security.debian.org.

September 21, 2012 06:20 Ubuntu: Security update for the Linux kernel

0

A flaw was discovered in the macvtap device driver, which is used in KVM (Kernel-based Virtual Machine) to create a network bridge between host and guest. A privleged user in a guest could exploit this flaw to crash the host, if the vhost_net module is loaded with the experimental_zcopytx option enabled. An error was discovered in the network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. A flaw was found in how the KVM (Kernel-based Virtual Machine) subsystem handled MSI (Message Signaled Interrupts). A local unprivileged user could exploit this flaw to cause a denial of service or potentially elevate privileges.

A flaw was found in the Reliable Datagram Sockets (RDS) protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service. Ulrich Obergfell discovered an error in the memory management subsystem on 32 bit PAE systems with more than 4GB of memory installed. A local unprivileged user could exploit this flaw to crash the system. Dan Rosenberg discovered flaws in the NCI (Near Field Communication Controller Interface). A remote attacker could exploit these flaws to crash the system or potentially execute privileged code.

A flaw was discovered in the epoll system call. An unprivileged local user could use this flaw to crash the system. Some errors where discovered in the UDF file system, which is used to mount some CD-ROMs and DVDs. An unprivileged local user could use these flaws to crash the system.

Updated packages are available from security.ubuntu.com.

September 21, 2012 06:19 Ubuntu: Security update for Expat

0

It was discovered that Expat computed hash values without restricting the ability to trigger hash collisions predictably. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive CPU resources. Tim Boddy discovered that Expat did not properly handle memory reallocation when processing XML files. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessive memory resources.

Updated packages are available from security.ubuntu.com.

September 21, 2012 06:18 Ubuntu: Security update for Calligra

0

It was discovered that Calligra incorrectly handled certain malformed MS Word documents. If a user or automated system were tricked into opening a crafted MS Word file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. Updated packages are available from security.ubuntu.com.

September 21, 2012 06:17 Ubuntu: Security update for KOffice

0

It was discovered that KOffice incorrectly handled certain malformed MS Word documents. If a user or automated system were tricked into opening a crafted MS Word file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. Updated packages are available from security.ubuntu.com.

September 21, 2012 06:16 Ubuntu: Security update for WebKit

0

A large number of security issues were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Updated packages are available from security.ubuntu.com.

September 19, 2012 22:09 Red Hat: Security update for OpenLDAP

0

OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications and development tools. It was found that the OpenLDAP server daemon ignored olcTLSCipherSuite settings. This resulted in the default cipher suite always being used, which could lead to weaker than expected ciphers being accepted during Transport Layer Security (TLS) negotiation with OpenLDAP clients. Updated packages are available from ftp.redhat.com.

September 19, 2012 22:08 Red Hat: Security update for sudo

0

The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root. An insecure temporary file use flaw was found in the sudo package’s post-uninstall script. A local attacker could possibly use this flaw to overwrite an arbitrary file via a symbolic link attack, or modify the contents of the “/etc/nsswitch.conf” file during the upgrade or removal of the sudo package. Updated packages are available from ftp.redhat.com.

September 19, 2012 22:02 Red Hat: Security update for the Linux kernel

0

The kernel packages contain the Linux kernel, the core of any Linux operating system. A NULL pointer dereference flaw was found in the nf_ct_frag6_reasm() function in netfilter IPv6 connection tracking implementation. A remote attacker could use this flaw to send specially-crafted packets to a target system that is using IPv6 and also has the nf_conntrack_ipv6 kernel module loaded, causing it to crash. Updated packages are available from ftp.redhat.com.

Screenshot

Project Spotlight

Jolokia

A JMX remoting alternative to JSR-160 connectors.

Screenshot

Project Spotlight

MSS Code Factory

A rule-based expert system for manufacturing source code.