Salvatore Bonaccorso | 2 Aug 14:43 2015
Picon

[SECURITY] [DSA 3326-1] ghostscript security update


-------------------------------------------------------------------------
Debian Security Advisory DSA-3326-1                   security <at> debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
August 02, 2015                       https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package        : ghostscript
CVE ID         : CVE-2015-3228
Debian Bug     : 793489

William Robinet and Stefan Cornelius discovered an integer overflow in
Ghostscript, the GPL PostScript/PDF interpreter, which may result in
denial of service or potentially execution of arbitrary code if a
specially crafted file is opened.

For the oldstable distribution (wheezy), this problem has been fixed
in version 9.05~dfsg-6.3+deb7u2.

For the stable distribution (jessie), this problem has been fixed in
version 9.06~dfsg-2+deb8u1.

For the testing distribution (stretch), this problem has been fixed
in version 9.15~dfsg-1.

For the unstable distribution (sid), this problem has been fixed in
version 9.15~dfsg-1.

We recommend that you upgrade your ghostscript packages.

(Continue reading)

Stefan Fritsch | 2 Aug 00:04 2015
Picon

[SECURITY] [DSA 3325-1] apache2 security update


-------------------------------------------------------------------------
Debian Security Advisory DSA-3325-1                   security <at> debian.org
https://www.debian.org/security/                           Stefan Fritsch
August 01, 2015                       https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package        : apache2
CVE ID         : CVE-2015-3183 CVE-2015-3185

Several vulnerabilities have been found in the Apache HTTPD server.

CVE-2015-3183

    An HTTP request smuggling attack was possible due to a bug in
    parsing of chunked requests. A malicious client could force the
    server to misinterpret the request length, allowing cache poisoning
    or credential hijacking if an intermediary proxy is in use.

CVE-2015-3185

    A design error in the "ap_some_auth_required" function renders the
    API unusuable in apache2 2.4.x. This could lead to modules using
    this API to allow access when they should otherwise not do so.
    The fix backports the new "ap_some_authn_required" API from 2.4.16.
    This issue does not affect the oldstable distribution (wheezy).

In addition, the updated package for the oldstable distribution (wheezy)
removes a limitation of the Diffie-Hellman (DH) parameters to 1024 bits.
This limitation may potentially allow an attacker with very large
(Continue reading)

Alessandro Ghedini | 1 Aug 19:09 2015
Picon

[SECURITY] [DSA 3324-1] icedove security update


-------------------------------------------------------------------------
Debian Security Advisory DSA-3324-1                   security <at> debian.org
https://www.debian.org/security/                       Alessandro Ghedini
August 01, 2015                       https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package        : icedove
CVE ID         : CVE-2015-2721 CVE-2015-2724 CVE-2015-2734 CVE-2015-2735 
                 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 
                 CVE-2015-2740 CVE-2015-4000

Multiple security issues have been found in Icedove, Debian's version
of the Mozilla Thunderbird mail client:  multiple memory safety errors,
use-after-frees and other implementation errors may lead to the
execution of arbitrary code or denial of service. This update also
addresses a vulnerability in DHE key processing commonly known as
the "LogJam" vulnerability.

For the oldstable distribution (wheezy), these problems have been fixed
in version 31.8.0-1~deb7u1.

For the stable distribution (jessie), these problems have been fixed in
version 31.8.0-1~deb8u1.

For the unstable distribution (sid), these problems will be fixed
shortly.

We recommend that you upgrade your icedove packages.

(Continue reading)

Laszlo Boszormenyi | 1 Aug 18:07 2015
Picon

[SECURITY] [DSA 3323-1] icu security update


-------------------------------------------------------------------------
Debian Security Advisory DSA-3323-1                   security <at> debian.org
https://www.debian.org/security/                       Laszlo Boszormenyi
August 01, 2015                       https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package        : icu
CVE ID         : CVE-2014-6585 CVE-2014-8146 CVE-2014-8147 CVE-2015-4760
Debian Bug     : 778511 784773

Several vulnerabilities were discovered in the International Components
for Unicode (ICU) library.

CVE-2014-8146

    The Unicode Bidirectional Algorithm implementation does not properly
    track directionally isolated pieces of text, which allows remote
    attackers to cause a denial of service (heap-based buffer overflow)
    or possibly execute arbitrary code via crafted text.

CVE-2014-8147

    The Unicode Bidirectional Algorithm implementation uses an integer
    data type that is inconsistent with a header file, which allows
    remote attackers to cause a denial of service (incorrect malloc
    followed by invalid free) or possibly execute arbitrary code via
    crafted text.

CVE-2015-4760
(Continue reading)

hyp3rlinx | 1 Aug 06:25 2015
Picon

Multiple XSS vulnerabilities in FortiSandbox WebUI

[+] Credits: John Page aka hyp3rlinx

[+] Website: hyp3rlinx.altervista.org

[+] Source:  http://hyp3rlinx.altervista.org/advisories/AS-FORTISANDBOX-0801.txt

Vendor:
================================
www.fortinet.com
PSIRT ID: 1418018

Product:
==================================
FortiSandbox 3000D v2.02 build0042

Vulnerability Type:
===================
XSS

CVE Reference:
==============
Pending

Advisory Information:
===========================================================================
Multiple XSS vulnerabilities in FortiSandbox WebUI

Impact

A remote unauthenticated attacker may be able to execute arbitrary code in
(Continue reading)

Salvatore Bonaccorso | 31 Jul 21:50 2015
Picon

[SECURITY] [DSA 3322-1] ruby-rack security update


-------------------------------------------------------------------------
Debian Security Advisory DSA-3322-1                   security <at> debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
July 31, 2015                         https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package        : ruby-rack
CVE ID         : CVE-2015-3225
Debian Bug     : 789311

Tomek Rabczak from the NCC Group discovered a flaw in the
normalize_params() method in Rack, a modular Ruby webserver interface.
A remote attacker can use this flaw via specially crafted requests to
cause a `SystemStackError` and potentially cause a denial of service
condition for the service.

For the oldstable distribution (wheezy), this problem has been fixed
in version 1.4.1-2.1+deb7u1.

For the stable distribution (jessie), this problem has been fixed in
version 1.5.2-3+deb8u1.

For the unstable distribution (sid), this problem has been fixed in
version 1.5.2-4.

We recommend that you upgrade your ruby-rack packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
(Continue reading)

hyp3rlinx | 31 Jul 19:12 2015
Picon

phpFileManager 0.9.8 Remote Command Execution

[+] Credits: John Page ( hyp3rlinx )

[+] Domains: hyp3rlinx.altervista.org

[+] Source:  http://hyp3rlinx.altervista.org/advisories/AS-PHPFILEMANAGER0728.txt

Vendor:
================================
phpfm.sourceforge.net

Product:
================================
phpFileManager version 0.9.8

Vulnerability Type:
========================
Remote Command Execution

CVE Reference:
==============
N/A

Advisory Information:
=======================================================
Remote Command Execution Vulnerability

Vulnerability Details:
=====================
PHPFileManager is vulnerable to remote command execution 
and will call operating system commands via GET requests
(Continue reading)

roberto | 31 Jul 05:14 2015

HP ArcSight Logger provides incorrect/invalid/incomplete results for queries with boolean operators

HP ArcSight Logger is a log management software used to collect and analyze logs from multiple sources to
aid in investigations and audit. 

There are several flaws in the search capabilities in the software that cause it to provide invalid search
results for any query that uses boolean expressions. This means that ANY query to search thru data in the
logs ArcSight collected is potentially incorrect if the query contains more than one search term. 

The impact of these bugs are huge. Any court case where forensics evidence was provided via HP ArcSight
Logger is compromised as the resulting data is potentially incorrect and not forensically valid.
Intrusions and attacks can go undetected as log data relative to the attack can be missing from searches
performed by ArcSight Logger. 

The above are just some examples. The main problem is that the user/investigator is unaware that the
results are incorrect as usually such searches result in millions of returned records that need to be
filtered by applying conditions to remove non-relevant data. The bugs present in ArcSight result in
incorrect filtering thus preventing the display of relevant records that should have been returned but
have not. This will prevent such data fro ever being seen by an investigator/administrator thus missing
the attack/intrusion, or even missing exculpatory evidence in case someone is unjustly accused. 

HP has confirmed several of the bugs affecting their product, and identified them as bugs with the
following identifiers: 

LOG-14814 - deals with ArcSight Logger providing incorrect results when using the boolean operators
"AND" "OR" "NOT" to find records 

LOG-14897 - deals with ArcSight Logger incorrectly allowing users to use the GUI to drill down record
results by clicking on some result fields, when in fact those fields are not searchable. This results in
incorrect results since the user is not informed that the boolean expression will not yield the data being
looked for. 

(Continue reading)

Alessandro Ghedini | 30 Jul 22:02 2015
Picon

[SECURITY] [DSA 3321-1] xmltooling security update


-------------------------------------------------------------------------
Debian Security Advisory DSA-3321-1                   security <at> debian.org
https://www.debian.org/security/                       Alessandro Ghedini
July 30, 2015                         https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package        : xmltooling
CVE ID         : CVE-2015-0851
Debian Bug     : 793855

The InCommon Shibboleth Training team discovered that XMLTooling, a
C++ XML parsing library, did not properly handle an exception when
parsing well-formed but schema-invalid XML. This could allow remote
attackers to cause a denial of service (crash) via crafted XML data.

For the oldstable distribution (wheezy), this problem has been fixed
in version 1.4.2-5+deb7u1.

For the stable distribution (jessie), this problem has been fixed in
version 1.5.3-2+deb8u1.

For the unstable distribution (sid), this problem will be fixed shortly.

We recommend that you upgrade your xmltooling packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

(Continue reading)

Sebastien Delafond | 30 Jul 20:28 2015
Picon

[SECURITY] [DSA 3320-1] openafs security update


-------------------------------------------------------------------------
Debian Security Advisory DSA-3320-1                   security <at> debian.org
https://www.debian.org/security/                       Sebastien Delafond
July 30, 2015                         https://www.debian.org/security/faq
-------------------------------------------------------------------------

Package        : openafs
CVE ID         : CVE-2015-3282 CVE-2015-3283 CVE-2015-3284 CVE-2015-3285 
                 CVE-2015-3287

It was discovered that OpenAFS, the implementation of the distributed
filesystem AFS, contained several flaws that could result in
information leak, denial-of-service or kernel panic.

For the oldstable distribution (wheezy), these problems have been fixed
in version 1.6.1-3+deb7u3.

For the stable distribution (jessie), these problems have been fixed in
version 1.6.9-2+deb8u3.

We recommend that you upgrade your openafs packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce <at> lists.debian.org
Picon

Cisco Security Advisory: Cisco ASR 1000 Series Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability


Cisco Security Advisory: Cisco ASR 1000 Series Aggregation Services Routers Fragmented Packet Denial of
Service Vulnerability

Advisory ID: cisco-sa-20150730-asr1k

Revision 1.0

For Public Release 2015 July 30 16:00  UTC (GMT)

+-----------------------------------------------------------------------

Summary
=======
A vulnerability in the code handling the reassembly of fragmented IP version 4 (IPv4) or IP version 6 (IPv6)
packets of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers could allow an
unauthenticated, remote attacker to cause a crash of the Embedded Services Processor (ESP) processing
the packet.

The vulnerability is due to improper processing of crafted, fragmented packets. An attacker could
exploit this vulnerability by sending a crafted sequence of fragmented packets. An exploit could allow
the attacker to cause a reload of the affected platform.

Cisco has released software updates that address this vulnerability.

There are no workarounds to mitigate this vulnerability.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150730-asr1k

(Continue reading)


Gmane