Sebastien Delafond | 22 Jul 11:16 2016
Picon
Gravatar

[SECURITY] [DSA 3625-1] squid3 security update


-------------------------------------------------------------------------
Debian Security Advisory DSA-3625-1                   security <at> debian.org
https://www.debian.org/security/                       Sebastien Delafond
July 22, 2016                         https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package        : squid3
CVE ID         : CVE-2016-4051 CVE-2016-4052 CVE-2016-4053 CVE-2016-4054 
                 CVE-2016-4554 CVE-2016-4555 CVE-2016-4556
Debian Bug     : 823968

Several security issues have been discovered in the Squid caching proxy.

CVE-2016-4051:

  CESG and Yuriy M. Kaminskiy discovered that Squid cachemgr.cgi was
  vulnerable to a buffer overflow when processing remotely supplied
  inputs relayed through Squid.

CVE-2016-4052:

  CESG discovered that a buffer overflow made Squid vulnerable to a
  Denial of Service (DoS) attack when processing ESI responses.

CVE-2016-4053:

  CESG found that Squid was vulnerable to public information
  disclosure of the server stack layout when processing ESI responses.

(Continue reading)

wwiinngd | 22 Jul 05:45 2016
Picon

Dreammail 5 mail client XSS Vulnerability

Title: Dreammail 5 mail client XSS Vulnerability
Software : Dreammail 

Software Version : v5.16

Vendor: www.dreammail.org

Vulnerability Published : 2016-03-21

Author&#65306;zhenwei_qi 
Email:wwiinngd <at> gmail.com
Impact : Medium(CVSS2 Base : 4.3, AV:N/AC:M/Au:N/C:N/I:P/A:N)

Bug Description :
DreamMail is an email client application, which allows its users to send, receive, and 

manage emails.
Dreammail (ver 5.16) may be compromised by cross-site scripting attacks. Once attackers 

send emails attaching specific JavaScript codes, the victims who receive those emails may 

lose personal credentials, or the browsers of the victims may be hijacked. 

PoC:
#The email becomes a malicious email when containing the code below.
<img src=x onerror=alert(/xss/) />

Solution :
Using such encode functions as htmlencode() or filtering those certain symbols regarding 

(Continue reading)

Slackware Security Team | 22 Jul 01:38 2016

[slackware-security] gimp (SSA:2016-203-01)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  gimp (SSA:2016-203-01)

New gimp packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix a security issue.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/gimp-2.8.18-i586-1_slack14.2.txz:  Upgraded.
  This release fixes a security issue:
  Use-after-free vulnerability in the xcf_load_image function in
  app/xcf/xcf-load.c in GIMP allows remote attackers to cause a denial of
  service (program crash) or possibly execute arbitrary code via a crafted
  XCF file.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4994
  (* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
(Continue reading)

Slackware Security Team | 22 Jul 01:38 2016

[slackware-security] php (SSA:2016-203-02)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  php (SSA:2016-203-02)

New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.

Here are the details from the Slackware 14.2 ChangeLog:
+--------------------------+
patches/packages/php-5.6.24-i586-1_slack14.2.txz:  Upgraded.
  This release fixes bugs and security issues.
  For more information, see:
    http://php.net/ChangeLog-5.php#5.6.24
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5385
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6207
  (* Security fix *)
+--------------------------+

Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

(Continue reading)

security-alert | 22 Jul 00:17 2016

[security bulletin] HPSBGN03631 rev.1 - HPE IceWall Identity Manager and HPE IceWall SSO Password Reset Option running Apache Commons FileUpload, Remote Denial of Service (DoS)


Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n
a-c05204371

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05204371
Version: 1

HPSBGN03631 rev.1 - HPE IceWall Identity Manager and HPE IceWall SSO Password
Reset Option running Apache Commons FileUpload, Remote Denial of Service
(DoS)

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2016-07-21
Last Updated: 2016-07-21

Potential Security Impact: Remote Denial of Service (DoS)

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY
A potential security vulnerability has been identified with HPE IceWall
Identity Manager and HPE IceWall SSO Password Reset Option running Apache
Commons FileUpload. The vulnerability could be exploited remotely resulting
in a Denial of Service (DoS).

(Continue reading)

lem.nikolas | 21 Jul 23:36 2016
Picon

MySQL zero-day vulnerabilities (July 2016 CPU)

MySQL is the most popular and most widely used database in the world. MySQL customers include NASA, US Navy,
Google, Facebook, Twitter just to cite a few..

In partnership with Oracle Inc. we have worked delicately to enhance the security of the open-source
product, and to identify and mitigate those vulnerabilities. 

Sincere thanks to Oracle Inc for the prompt response and adequate mitigation to the issues.

You can get a copy of the report here:

https://packetstormsecurity.com/files/download/138007/MySQL-Zerodays.pdf

The report corresponds to Oracle's (July 2016 CPU), in which we have discovered over 14 zero-day
vulnerabilities affecting MySQL. CVE's, versions affected and all relevant information are enlisted
in the CPU. 

Here's a link to Oracle's Critical Patch Update / July 2016 .

http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

There are a number of issues affecting third-party technologies used by other popular products which
would gather the interest of the community, but those will not be released as of yet, until the maintainers
of those are informed...

Kind Regards,
Nicholas Lemonias, CEO

Advanced Information Security Corporation

(Continue reading)

Salvatore Bonaccorso | 21 Jul 21:41 2016
Picon

[SECURITY] [DSA 3624-1] mysql-5.5 security update


-------------------------------------------------------------------------
Debian Security Advisory DSA-3624-1                   security <at> debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
July 21, 2016                         https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package        : mysql-5.5
CVE ID         : CVE-2016-3477 CVE-2016-3521 CVE-2016-3615 CVE-2016-5440

Several issues have been discovered in the MySQL database server. The
vulnerabilities are addressed by upgrading MySQL to the new upstream
version 5.5.50. Please see the MySQL 5.5 Release Notes and Oracle's
Critical Patch Update advisory for further details:

 https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-50.html
 http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html

For the stable distribution (jessie), these problems have been fixed in
version 5.5.50-0+deb8u1.

We recommend that you upgrade your mysql-5.5 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce <at> lists.debian.org
Picon

Cisco Security Advisory: Vulnerability in Objective Systems ASN1C Compiler Affecting Cisco Products


Cisco Security Advisory: Vulnerability in Objective Systems ASN1C Compiler Affecting Cisco Products

Advisory ID: cisco-sa-20160721-asn1c

Revision: 1.0

For Public Release: 2016 July 21 19:00  GMT

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the ASN1C compiler by Objective Systems affects Cisco ASR 5000 devices running StarOS
and Cisco Virtualized Packet Core (VPC) systems. The vulnerability could allow an unauthenticated,
remote attacker to create a denial of service (DoS) condition or potentially execute arbitrary code.

The vulnerability is due to unsafe code generation by the ASN1C compiler when creating ASN.1 translation
functions that are subsequently included within affected Cisco products. An attacker could exploit
this vulnerability by submitting a malicious Abstract Syntax Notation One (ASN.1) encoded message
designed to trigger the issue to an affected function.

US-CERT has released Vulnerability Note VU#790839 to document the issue.

Cisco will release software updates that address this vulnerability.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160721-asn1c

(Continue reading)

Summer of Pwnage | 20 Jul 18:17 2016
Picon

Persistent Cross-Site Scripting in WooCommerce using image metadata (EXIF)

------------------------------------------------------------------------
Persistent Cross-Site Scripting in WooCommerce using image metadata
(EXIF)
------------------------------------------------------------------------
Han Sahin, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A persistent Cross-Site Scripting (XSS) vulnerability has been found in
the WooCommerce WordPress Plugin (millions of active installations). An
attacker can create a specially crafted image file which, when uploaded
as a product image in WordPress, injects malicious JavaScript code into
the application. An attacker can use this vulnerability to perform a
wide variety of actions, such as stealing victims' session tokens or
login credentials, and performing arbitrary actions on their behalf.

------------------------------------------------------------------------
OVE ID
------------------------------------------------------------------------
OVE-20160720-0006

------------------------------------------------------------------------
Tested versions
------------------------------------------------------------------------
This issue was successfully tested on WooCommerce version 2.6.2.

------------------------------------------------------------------------
Fix
------------------------------------------------------------------------
(Continue reading)

Summer of Pwnage | 20 Jul 18:17 2016
Picon

Cross-Site Scripting vulnerability in Paid Memberships Pro WordPress Plugin

------------------------------------------------------------------------
Cross-Site Scripting vulnerability in Paid Memberships Pro WordPress
Plugin
------------------------------------------------------------------------
Burak Kelebek, July 2016

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A Cross-Site Scripting vulnerability was found in the Paid Memberships
Pro WordPress Plugin. This issue allows an attacker to perform a wide
variety of actions, such as stealing Administrators' session tokens, or
performing arbitrary actions on their behalf. In order to exploit this
issue, the attacker has to lure/force a logged on WordPress
Administrator into opening a malicious website.

------------------------------------------------------------------------
OVE ID
------------------------------------------------------------------------
OVE-20160714-0015

------------------------------------------------------------------------
Tested versions
------------------------------------------------------------------------
This issue was successfully tested on Paid Memberships Pro WordPress
Plugin version 1.8.9.3.

------------------------------------------------------------------------
Fix
------------------------------------------------------------------------
(Continue reading)

Picon

Cisco Security Advisory: Cisco Unified Computing System Performance Manager Input Validation Vulnerability


Cisco Security Advisory: Cisco Unified Computing System Performance Manager Input Validation Vulnerability

Advisory ID: cisco-sa-20160720-ucsperf

Revision 1.0

For Public Release 2016 July 20 16:00  GMT (UTC)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the web framework of Cisco Unified Computing System (UCS) Performance Manager could
allow an authenticated, remote attacker to execute arbitrary commands.

The vulnerability is due to insufficient input validation performed on parameters that are passed via an
HTTP GET request. An attacker could exploit this vulnerability by sending crafted HTTP GET requests to an
affected system. An exploit could allow the attacker to execute arbitrary commands with the privileges
of the root user.

Cisco has released software updates that address this vulnerability. Workarounds that address this
vulnerability are not available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160720-ucsperf


Gmane