1 <vuln vid="c3d43001-8064-11e4-801f-0022156e8794"> 2 <topic>mutt -- denial of service via crafted mail message</topic> 3 <affects> 4 <package> 5 <name>mutt</name> 6 <range><ge>1.5.22</ge><lt>1.5.23_7</lt></range> 7 </package> 8 <package> 9 <name>ja-mutt</name> 10 <range><ge>1.5.22</ge><lt>1.5.23_7</lt></range> 11 </package> 12 <package> 13 <name>zh-mutt</name> 14 <range><ge>1.5.22</ge><lt>1.5.23_7</lt></range> 15 </package> 16 </affects> 17 <description> 18 <body xmlns="http://www.w3.org/1999/xhtml"> 19 <p>NVD reports:</p> 20 <blockquote cite="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9116"> 21 <p>The write_one_header function in mutt 1.5.23 does not 22 properly handle newline characters at the beginning of a 23 header, which allows remote attackers to cause a denial of 24 service (crash) via a header with an empty body, which 25 triggers a heap-based buffer overflow in the mutt_substrdup 26 function.</p> 27 </blockquote> 28 </body> 29 </description> 30 <references> 31 <bid>71334</bid> 32 <cvename>CVE-2014-9116</cvename> 33 <url>https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771125</url> 34 <url>http://dev.mutt.org/trac/ticket/3716</url> 35 </references> 36 <dates> 37 <discovery>2014-11-26</discovery> 38 <entry>2014-12-23</entry> 39 </dates> 40 </vuln> 41 42 <vuln vid="4033d826-87dd-11e4-9079-3c970e169bc2"> 43 <topic>ntp -- multiple vulnerabilities</topic> 44 <affects> 45 <package> 46 <name>ntp</name> 47 <name>ntp-devel</name> 48 <range><lt>4.2.8</lt></range> 49 </package> 50 </affects> 51 <description> 52 <body xmlns="http://www.w3.org/1999/xhtml"> 53 <p>CERT reports:</p> 54 <blockquote cite="http://www.kb.cert.org/vuls/id/852879"> 55 <p>The Network Time Protocol (NTP) provides networked 56 systems with a way to synchronize time for various 57 services and applications. ntpd version 4.2.7 and 58 previous versions allow attackers to overflow several 59 buffers in a way that may allow malicious code to 60 be executed. ntp-keygen prior to version 4.2.7p230 61 also uses a non-cryptographic random number generator 62 when generating symmetric keys.</p> 63 <p>The buffer overflow vulnerabilities in ntpd may 64 allow a remote unauthenticated attacker to execute 65 arbitrary malicious code with the privilege level 66 of the ntpd process. The weak default key and 67 non-cryptographic random number generator in 68 ntp-keygen may allow an attacker to gain 69 information regarding the integrity checking 70 and authentication encryption schemes.</p> 71 </blockquote> 72 </body> 73 </description> 74 <references> 75 <cvename>CVE-2014-9293</cvename> 76 <cvename>CVE-2014-9294</cvename> 77 <cvename>CVE-2014-9295</cvename> 78 <cvename>CVE-2014-9296</cvename> 79 <url>http://www.kb.cert.org/vuls/id/852879</url> 80 </references> 81 <dates> 82 <discovery>2014-12-19</discovery> 83 <entry>2014-12-20</entry> 84 </dates> 85 </vuln> 86 87 <vuln vid="1d567278-87a5-11e4-879c-000c292ee6b8"> 88 <topic>git -- Arbitrary command execution on case-insensitive filesystems</topic> 89 <affects> 90 <package> 91 <name>git</name> 92 <range><lt>2.2.1</lt></range> 93 </package> 94 </affects> 95 <description> 96 <body xmlns="http://www.w3.org/1999/xhtml"> 97 <p>The Git Project reports:</p> 98 <blockquote cite="http://article.gmane.org/gmane.linux.kernel/1853266"> 99 <p>When using a case-insensitive filesystem an attacker can 100 craft a malicious Git tree that will cause Git to overwrite 101 its own .git/config file when cloning or checking out a 102 repository, leading to arbitrary command execution in the 103 client machine. If you are a hosting service whose users 104 may fetch from your service to Windows or Mac OS X machines, 105 you are strongly encouraged to update to protect such users 106 who use existing versions of Git.</p> 107 </blockquote> 108 </body> 109 </description> 110 <references> 111 <cvename>CVE-2014-9390</cvename> 112 <url>https://github.com/blog/1938-git-client-vulnerability-announced</url> 113 <url>http://article.gmane.org/gmane.linux.kernel/1853266</url> 114 </references> 115 <dates> 116 <discovery>2014-12-19</discovery> 117 <entry>2014-12-19</entry> 118 </dates> 119 </vuln> 120 121 <vuln vid="0c5cf7c4-856e-11e4-a089-60a44c524f57"> 122 <topic>otrs -- Incomplete Access Control</topic> 123 <affects> 124 <package> 125 <name>otrs</name> 126 <range><gt>3.2.*</gt><lt>3.2.17</lt></range> 127 <range><gt>3.3.*</gt><lt>3.3.11</lt></range> 128 <range><gt>4.0.*</gt><lt>4.0.3</lt></range> 129 </package> 130 </affects> 131 <description> 132 <body xmlns="http://www.w3.org/1999/xhtml"> 133 <p>The OTRS project reports:</p> 134 <blockquote cite="http://www.otrs.com/security-advisory-2014-06-incomplete-access-control/"> 135 <p>An attacker with valid OTRS credentials could access and manipulate ticket data 136 of other users via the GenericInterface, if a ticket webservice is configured 137 and not additionally secured.</p> 138 </blockquote> 139 </body> 140 </description> 141 <references> 142 <url>http://www.otrs.com/security-advisory-2014-06-incomplete-access-control/</url> 143 <cvename>CVE-2014-9324</cvename> 144 </references> 145 <dates> 146 <discovery>2014-12-16</discovery> 147 <entry>2014-12-16</entry> 148 </dates> 149 </vuln> 150 151 <vuln vid="f5561ade-846c-11e4-b7a7-20cf30e32f6d"> 152 <topic>subversion -- DoS vulnerabilities</topic> 153 <affects> 154 <package> 155 <name>mod_dav_svn</name> 156 <range><ge>1.8.0</ge><lt>1.8.11</lt></range> 157 </package> 158 <package> 159 <name>subversion16</name> 160 <range><ge>1.0.0</ge><lt>1.7.19</lt></range> 161 </package> 162 <package> 163 <name>subversion17</name> 164 <range><ge>1.0.0</ge><lt>1.7.19</lt></range> 165 </package> 166 <package> 167 <name>subversion</name> 168 <range><ge>1.0.0</ge><lt>1.7.19</lt></range> 169 <range><ge>1.8.0</ge><lt>1.8.11</lt></range> 170 </package> 171 </affects> 172 <description> 173 <body xmlns="http://www.w3.org/1999/xhtml"> 174 <p>Subversion Project reports:</p> 175 <blockquote cite="http://subversion.apache.org/security/"> 176 <p>Subversion's mod_dav_svn Apache HTTPD server module will crash when it 177 receives a REPORT request for some invalid formatted special URIs.</p> 178 <p>Subversion's mod_dav_svn Apache HTTPD server module will crash when it 179 receives a request for some invalid formatted special URIs.</p> 180 <p>We consider this to be a medium risk vulnerability. Repositories which 181 allow for anonymous reads will be vulnerable without authentication. 182 Unfortunately, no special configuration is required and all mod_dav_svn 183 servers are vulnerable.</p> 184 </blockquote> 185 </body> 186 </description> 187 <references> 188 <cvename>CVE-2014-3580</cvename> 189 <cvename>CVE-2014-8108</cvename> 190 <url>http://subversion.apache.org/security/CVE-2014-3580-advisory.txt</url> 191 <url>http://subversion.apache.org/security/CVE-2014-8108-advisory.txt</url> 192 </references> 193 <dates> 194 <discovery>2014-12-13</discovery> 195 <entry>2014-12-15</entry> 196 </dates> 197 </vuln> 198 199 <vuln vid="fdf72a0e-8371-11e4-bc20-001636d274f3"> 200 <topic>NVIDIA UNIX driver -- remote denial of service or arbitrary code execution</topic> 201 <affects> 202 <package> 203 <name>nvidia-driver</name> 204 <range><lt>340.65</lt></range> 205 </package> 206 <package> 207 <name>nvidia-driver-304</name> 208 <range><lt>304.125</lt></range> 209 </package> 210 <package> 211 <name>nvidia-driver-173</name> 212 <range><le>173.14.35_3</le></range> 213 </package> 214 <package> 215 <name>nvidia-driver-96</name> 216 <range><le>96.43.23_2</le></range> 217 </package> 218 <package> 219 <name>nvidia-driver-71</name> 220 <range><le>71.86.15_4</le></range> 221 </package> 222 </affects> 223 <description> 224 <body xmlns="http://www.w3.org/1999/xhtml"> 225 <p>NVIDIA Unix security team reports:</p> 226 <blockquote cite="http://nvidia.custhelp.com/app/answers/detail/a_id/3610"> 227 <p>The GLX indirect rendering support supplied on NVIDIA products 228 is subject to the recently disclosed X.Org vulnerabilities 229 (CVE-2014-8093, CVE-2014-8098) as well as internally identified 230 vulnerabilities (CVE-2014-8298).</p> 231 <p>Depending on how it is configured, the X server typically runs 232 with raised privileges, and listens for GLX indirect rendering 233 protocol requests from a local socket and potentially a TCP/IP 234 port. The vulnerabilities could be exploited in a way that 235 causes the X server to access uninitialized memory or overwrite 236 arbitrary memory in the X server process. This can cause a 237 denial of service (e.g., an X server segmentation fault), or 238 could be exploited to achieve arbitrary code execution.</p> 239 </blockquote> 240 </body> 241 </description> 242 <references> 243 <cvename>CVE-2014-8298</cvename> 244 <cvename>CVE-2014-8093</cvename> 245 <cvename>CVE-2014-8098</cvename> 246 </references> 247 <dates> 248 <discovery>2014-12-03</discovery> 249 <entry>2014-12-14</entry> 250 </dates> 251 </vuln> 252 253 <vuln vid="ab3e98d9-8175-11e4-907d-d050992ecde8"> 254 <topic>bind -- denial of service vulnerability</topic> 255 <affects> 256 <package> 257 <name>bind99</name> 258 <name>bind99-base</name> 259 <range><lt>9.9.6</lt></range> 260 </package> 261 <package> 262 <name>bind98</name> 263 <name>bind98-base</name> 264 <name>bind96</name> 265 <name>bind96-base</name> 266 <range><gt>0</gt></range> 267 </package> 268 <package> 269 <name>FreeBSD</name> 270 <range><ge>9.3</ge><lt>9.3_6</lt></range> 271 <range><ge>9.2</ge><lt>9.2_16</lt></range> 272 <range><ge>9.1</ge><lt>9.1_23</lt></range> 273 <range><ge>8.4</ge><lt>8.4_20</lt></range> 274 </package> 275 </affects> 276 <description> 277 <body xmlns="http://www.w3.org/1999/xhtml"> 278 <p>ISC reports:</p> 279 <blockquote cite="https://www.isc.org/blogs/important-security-advisory-posted/"> 280 <p>We have today posted updated versions of 9.9.6 and 9.10.1 281 to address a significant security vulnerability in DNS 282 resolution. The flaw was discovered by Florian Maury of 283 ANSSI, and applies to any recursive resolver that does not 284 support a limit on the number of recursions. [<a href="http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html">CERTFR-2014-AVI-512</a>], 285 [USCERT <a href="www.kb.cert.org/vuls/id/264212">VU#264212</a>]</p> 286 <p>A flaw in delegation handling could be exploited to put named 287 into an infinite loop, in which each lookup of a name server 288 triggered additional lookups of more name servers. This has 289 been addressed by placing limits on the number of levels of 290 recursion named will allow (default 7), and on the number of 291 queries that it will send before terminating a recursive query 292 (default 50). The recursion depth limit is configured via the 293 max-recursion-depth option, and the query limit via the 294 max-recursion-queries option. For more information, see the 295 security advisory at <a href="https://kb.isc.org/article/AA-01216/">https://kb.isc.org/article/AA-01216/</a>. 296 <a href="https://kb.isc.org/article/AA-01216/">[CVE-2014-8500]</a> 297 [RT #37580]</p> 298 <p>In addition, we have also corrected a potential security 299 vulnerability in the GeoIP feature in the 9.10.1 release only. 300 For more information on this issue, see the security advisory 301 at <a href="https://kb.isc.org/article/AA-01217">https://kb.isc.org/article/AA-01217</a>. 302 <a href="https://kb.isc.org/article/AA-01217">[CVE-2014-8680]</a></p> 303 </blockquote> 304 </body> 305 </description> 306 <references> 307 <freebsdsa>SA-14:29.bind</freebsdsa> 308 <cvename>CVE-2014-8500</cvename> 309 <cvename>CVE-2014-8680</cvename> 310 <url>https://www.isc.org/blogs/important-security-advisory-posted/</url> 311 </references> 312 <dates> 313 <discovery>2014-12-08</discovery> 314 <entry>2014-12-11</entry> 315 <modified>2016-08-09</modified> 316 </dates> 317 </vuln> 318 319 <vuln vid="94268da0-8118-11e4-a180-001999f8d30b"> 320 <topic>asterisk -- Remote Crash Vulnerability in WebSocket Server</topic> 321 <affects> 322 <package> 323 <name>asterisk11</name> 324 <range><lt>11.14.2</lt></range> 325 </package> 326 </affects> 327 <description> 328 <body xmlns="http://www.w3.org/1999/xhtml"> 329 <p>The Asterisk project reports:</p> 330 <blockquote cite="http://www.asterisk.org/downloads/security-advisories"> 331 <p>When handling a WebSocket frame the res_http_websocket 332 module dynamically changes the size of the memory used 333 to allow the provided payload to fit. If a payload length 334 of zero was received the code would incorrectly attempt 335 to resize to zero. This operation would succeed and end 336 up freeing the memory but be treated as a failure. When 337 the session was subsequently torn down this memory would 338 get freed yet again causing a crash.</p> 339 <p>Users of the WebSocket functionality also did not take 340 into account that provided text frames are not guaranteed 341 to be NULL terminated. This has been fixed in chan_sip 342 and chan_pjsip in the applicable versions.</p> 343 </blockquote> 344 </body> 345 </description> 346 <references> 347 <url>http://downloads.asterisk.org/pub/security/AST-2014-019.html</url> 348 <cvename>CVE-2014-9374</cvename> 349 </references> 350 <dates> 351 <discovery>2014-10-30</discovery> 352 <entry>2014-12-11</entry> 353 <modified>2015-01-29</modified> 354 </dates> 355 </vuln> 356 357 <vuln vid="27b9b2f0-8081-11e4-b4ca-bcaec565249c"> 358 <topic>xserver -- multiple issue with X client request handling</topic> 359 <affects> 360 <package> 361 <name>xorg-server</name> 362 <range><lt>1.12.4_10,1</lt></range> 363 </package> 364 </affects> 365 <description> 366 <body xmlns="http://www.w3.org/1999/xhtml"> 367 <p>Alan Coopersmith reports:</p> 368 <blockquote cite="http://lists.x.org/archives/xorg-announce/2014-December/002500.html"> 369 <p>Ilja van Sprundel, a security researcher with IOActive, has 370 discovered a large number of issues in the way the X server 371 code base handles requests from X clients, and has worked 372 with X.Org's security team to analyze, confirm, and fix 373 these issues.</p> 374 375 <p>The vulnerabilities could be exploited to cause the X server 376 to access uninitialized memory or overwrite arbitrary memory 377 in the X server process. This can cause a denial of service 378 (e.g., an X server segmentation fault), or could be exploited 379 to achieve arbitrary code execution.</p> 380 381 <p>The GLX extension to the X Window System allows an X client 382 to send X protocol to the X server, to request that the X 383 server perform OpenGL rendering on behalf of the X client. 384 This is known as "GLX indirect rendering", as opposed to 385 "GLX direct rendering" where the X client submits OpenGL 386 rendering commands directly to the GPU, bypassing the X 387 server and avoiding the X server code for GLX protocol 388 handling.</p> 389 390 <p>Most GLX indirect rendering implementations share some 391 common ancestry, dating back to "Sample Implementation" 392 code from Silicon Graphics, Inc (SGI), which SGI 393 originally commercially licensed to other Unix workstation 394 and graphics vendors, and later released as open source, so 395 those vulnerabilities may affect other licensees of SGI's 396 code base beyond those running code from the X.Org Foundation 397 or the XFree86 Project.</p> 398 </blockquote> 399 </body> 400 </description> 401 <references> 402 <url>http://lists.x.org/archives/xorg-announce/2014-December/002500.html</url> 403 <cvename>CVE-2014-8091</cvename> 404 <cvename>CVE-2014-8092</cvename> 405 <cvename>CVE-2014-8093</cvename> 406 <cvename>CVE-2014-8094</cvename> 407 <cvename>CVE-2014-8095</cvename> 408 <cvename>CVE-2014-8096</cvename> 409 <cvename>CVE-2014-8097</cvename> 410 <cvename>CVE-2014-8098</cvename> 411 <cvename>CVE-2014-8099</cvename> 412 <cvename>CVE-2014-8100</cvename> 413 <cvename>CVE-2014-8101</cvename> 414 <cvename>CVE-2014-8102</cvename> 415 </references> 416 <dates> 417 <discovery>2014-12-09</discovery> 418 <entry>2014-12-10</entry> 419 </dates> 420 </vuln> 421 422 <vuln vid="10d73529-7f4b-11e4-af66-00215af774f0"> 423 <topic>unbound -- can be tricked into following an endless series of delegations, this consumes a lot of resources</topic> 424 <affects> 425 <package> 426 <name>unbound</name> 427 <range><lt>1.5.1</lt></range> 428 </package> 429 <package> 430 <name>FreeBSD</name> 431 <range><ge>10.0</ge><lt>10.0_14</lt></range> 432 <range><ge>10.1</ge><lt>10.1_2</lt></range> 433 </package> 434 </affects> 435 <description> 436 <body xmlns="http://www.w3.org/1999/xhtml"> 437 <p>Unbound developer reports:</p> 438 <blockquote cite="http://unbound.net/downloads/CVE-2014-8602.txt"> 439 <p>The resolver can be tricked into following an endless series of 440 delegations, this consumes a lot of resources.</p> 441 </blockquote> 442 </body> 443 </description> 444 <references> 445 <url>http://unbound.net/downloads/CVE-2014-8602.txt</url> 446 <freebsdsa>SA-14:30.unbound</freebsdsa> 447 <cvename>CVE-2014-8602</cvename> 448 </references> 449 <dates> 450 <discovery>2014-12-08</discovery> 451 <entry>2014-12-09</entry> 452 <modified>2016-08-09</modified> 453 </dates> 454 </vuln> 455 456 <vuln vid="567beb1e-7e0a-11e4-b9cc-bcaec565249c"> 457 <topic>freetype -- Out of bounds stack-based read/write</topic> 458 <affects> 459 <package> 460 <name>freetype2</name> 461 <range><lt>2.5.4</lt></range> 462 </package> 463 </affects> 464 <description> 465 <body xmlns="http://www.w3.org/1999/xhtml"> 466 <p>Werner LEMBERG reports:</p> 467 <blockquote cite="http://lists.nongnu.org/archive/html/freetype-announce/2014-12/msg00000.html"> 468 <p>The fix for CVE-2014-2240 was not 100% complete to fix the issue 469 from the CVE completly.</p> 470 </blockquote> 471 </body> 472 </description> 473 <references> 474 <url>http://lists.nongnu.org/archive/html/freetype-announce/2014-12/msg00000.html</url> 475 <cvename>CVE-2014-2240</cvename> 476 </references> 477 <dates> 478 <discovery>2014-12-07</discovery> 479 <entry>2014-12-07</entry> 480 </dates> 481 </vuln> 482 483 <vuln vid="c9c46fbf-7b83-11e4-a96e-6805ca0b3d42"> 484 <topic>phpMyAdmin -- XSS and DoS vulnerabilities</topic> 485 <affects> 486 <package> 487 <name>phpMyAdmin</name> 488 <range><ge>4.2.0</ge><lt>4.2.13.1</lt></range> 489 </package> 490 </affects> 491 <description> 492 <body xmlns="http://www.w3.org/1999/xhtml"> 493 <p>The phpMyAdmin development team reports:</p> 494 <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php"> 495 <p>DoS vulnerability with long passwords.</p> 496 <p>With very long passwords it was possible to initiate a 497 denial of service attack on phpMyAdmin.</p> 498 <p>We consider this vulnerability to be serious.</p> 499 <p>This vulnerability can be mitigated by configuring 500 throttling in the webserver.</p> 501 </blockquote> 502 503 <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php"> 504 <p>XSS vulnerability in redirection mechanism.</p> 505 <p>With a crafted URL it was possible to trigger an XSS in 506 the redirection mechanism in phpMyAdmin.</p> 507 <p>We consider this vulnerability to be non critical.</p> 508 </blockquote> 509 </body> 510 </description> 511 <references> 512 <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php</url> 513 <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php</url> 514 <cvename>CVE-2014-9218</cvename> 515 <cvename>CVE-2014-9219</cvename> 516 </references> 517 <dates> 518 <discovery>2014-12-03</discovery> 519 <entry>2014-12-04</entry> 520 </dates> 521 </vuln> 522 523 <vuln vid="7ae61870-9dd2-4884-a2f2-f19bb5784d09"> 524 <topic>mozilla -- multiple vulnerabilities</topic> 525 <affects> 526 <package> 527 <name>firefox</name> 528 <range><lt>34.0,1</lt></range> 529 </package> 530 <package> 531 <name>firefox-esr</name> 532 <range><lt>31.3.0,1</lt></range> 533 </package> 534 <package> 535 <name>linux-firefox</name> 536 <range><lt>34.0,1</lt></range> 537 </package> 538 <package> 539 <name>linux-seamonkey</name> 540 <range><lt>2.31</lt></range> 541 </package> 542 <package> 543 <name>linux-thunderbird</name> 544 <range><lt>31.3.0</lt></range> 545 </package> 546 <package> 547 <name>seamonkey</name> 548 <range><lt>2.31</lt></range> 549 </package> 550 <package> 551 <name>thunderbird</name> 552 <range><lt>31.3.0</lt></range> 553 </package> 554 <package> 555 <name>libxul</name> 556 <range><lt>31.3.0</lt></range> 557 </package> 558 <package> 559 <name>nss</name> 560 <range><lt>3.17.3</lt></range> 561 </package> 562 </affects> 563 <description> 564 <body xmlns="http://www.w3.org/1999/xhtml"> 565 <p>The Mozilla Project reports:</p> 566 <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> 567 <p>ASN.1 DER decoding of lengths is too permissive, allowing 568 undetected smuggling of arbitrary data</p> 569 <p>MFSA-2014-90 Apple CoreGraphics framework on OS X 10.10 570 logging input data to /tmp directory</p> 571 <p>MFSA-2014-89 Bad casting from the BasicThebesLayer to 572 BasicContainerLayer</p> 573 <p>MFSA-2014-88 Buffer overflow while parsing media content</p> 574 <p>MFSA-2014-87 Use-after-free during HTML5 parsing</p> 575 <p>MFSA-2014-86 CSP leaks redirect data via violation reports</p> 576 <p>MFSA-2014-85 XMLHttpRequest crashes with some input streams</p> 577 <p>MFSA-2014-84 XBL bindings accessible via improper CSS 578 declarations</p> 579 <p>MFSA-2014-83 Miscellaneous memory safety hazards (rv:34.0 580 / rv:31.3)</p> 581 </blockquote> 582 </body> 583 </description> 584 <references> 585 <cvename>CVE-2014-1587</cvename> 586 <cvename>CVE-2014-1588</cvename> 587 <cvename>CVE-2014-1589</cvename> 588 <cvename>CVE-2014-1590</cvename> 589 <cvename>CVE-2014-1591</cvename> 590 <cvename>CVE-2014-1592</cvename> 591 <cvename>CVE-2014-1593</cvename> 592 <cvename>CVE-2014-1594</cvename> 593 <cvename>CVE-2014-1595</cvename> 594 <cvename>CVE-2014-1569</cvename> 595 <url>https://www.mozilla.org/security/advisories/mfsa2014-83</url> 596 <url>https://www.mozilla.org/security/advisories/mfsa2014-84</url> 597 <url>https://www.mozilla.org/security/advisories/mfsa2014-85</url> 598 <url>https://www.mozilla.org/security/advisories/mfsa2014-86</url> 599 <url>https://www.mozilla.org/security/advisories/mfsa2014-87</url> 600 <url>https://www.mozilla.org/security/advisories/mfsa2014-88</url> 601 <url>https://www.mozilla.org/security/advisories/mfsa2014-89</url> 602 <url>https://www.mozilla.org/security/advisories/mfsa2014-90</url> 603 <url>https://www.mozilla.org/security/advisories/</url> 604 </references> 605 <dates> 606 <discovery>2014-12-01</discovery> 607 <entry>2014-12-02</entry> 608 </dates> 609 </vuln> 610 611 <vuln vid="23ab5c3e-79c3-11e4-8b1e-d050992ecde8"> 612 <topic>OpenVPN -- denial of service security vulnerability</topic> 613 <affects> 614 <package> 615 <name>openvpn</name> 616 <range><lt>2.0.11</lt></range> 617 <range><ge>2.1.0</ge><lt>2.2.3</lt></range> 618 <range><ge>2.3.0</ge><lt>2.3.6</lt></range> 619 </package> 620 </affects> 621 <description> 622 <body xmlns="http://www.w3.org/1999/xhtml"> 623 <p>The OpenVPN project reports:</p> 624 <blockquote cite="https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b"> 625 <p>In late November 2014 Dragana Damjanovic notified OpenVPN 626 developers of a critical denial of service security vulnerability 627 (CVE-2014-8104). The vulnerability allows an tls-authenticated 628 client to crash the server by sending a too-short control channel 629 packet to the server. In other words this vulnerability is denial 630 of service only.</p> 631 </blockquote> 632 </body> 633 </description> 634 <references> 635 <cvename>CVE-2014-8104</cvename> 636 <url>https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b</url> 637 </references> 638 <dates> 639 <discovery>2014-12-01</discovery> 640 <entry>2014-12-02</entry> 641 </dates> 642 </vuln> 643 644 <vuln vid="a33addf6-74e6-11e4-a615-f8b156b6dcc8"> 645 <topic>flac -- Multiple vulnerabilities</topic> 646 <affects> 647 <package> 648 <name>flac</name> 649 <range><lt>1.3.0_3</lt></range> 650 </package> 651 <package> 652 <name>linux-c6-flac</name> 653 <range><lt>1.2.1_3</lt></range> 654 </package> 655 </affects> 656 <description> 657 <body xmlns="http://www.w3.org/1999/xhtml"> 658 <p>Erik de Castro Lopo reports:</p> 659 <blockquote cite="http://lists.xiph.org/pipermail/flac-dev/2014-November/005226.html"> 660 <p>Google Security Team member, Michele Spagnuolo, recently 661 found two potential problems in the FLAC code base. They are:</p> 662 <ul> 663 <li>CVE-2014-9028: Heap buffer write overflow.</li> 664 <li>CVE-2014-8962: Heap buffer read overflow.</li> 665 </ul> 666 </blockquote> 667 </body> 668 </description> 669 <references> 670 <url>https://git.xiph.org/?p=flac.git;a=commit;h=5b3033a2b355068c11fe637e14ac742d273f076e</url> 671 <cvename>CVE-2014-8962</cvename> 672 <url>https://git.xiph.org/?p=flac.git;a=commit;h=fcf0ba06ae12ccd7c67cee3c8d948df15f946b85</url> 673 <cvename>CVE-2014-9028</cvename> 674 </references> 675 <dates> 676 <discovery>2014-11-25</discovery> 677 <entry>2014-11-25</entry> 678 <modified>2015-07-15</modified> 679 </dates> 680 </vuln> 681 682 <vuln vid="7bfd797c-716d-11e4-b008-001999f8d30b"> 683 <topic>asterisk -- Multiple vulnerabilities</topic> 684 <affects> 685 <package> 686 <name>asterisk11</name> 687 <range><lt>11.14.1</lt></range> 688 </package> 689 </affects> 690 <description> 691 <body xmlns="http://www.w3.org/1999/xhtml"> 692 <p>The Asterisk project reports:</p> 693 <blockquote cite="http://www.asterisk.org/downloads/security-advisories"> 694 <p>AST-2014-014 - High call load may result in hung 695 channels in ConfBridge.</p> 696 <p>AST-2014-017 - Permission escalation through ConfBridge 697 actions/dialplan functions.</p> 698 </blockquote> 699 </body> 700 </description> 701 <references> 702 <url>http://downloads.asterisk.org/pub/security/AST-2014-014.html</url> 703 <cvename>CVE-2014-8414</cvename> 704 <url>http://downloads.asterisk.org/pub/security/AST-2014-017.html</url> 705 <cvename>CVE-2014-8417</cvename> 706 </references> 707 <dates> 708 <discovery>2014-11-21</discovery> 709 <entry>2014-11-21</entry> 710 </dates> 711 </vuln> 712 713 <vuln vid="a92ed304-716c-11e4-b008-001999f8d30b"> 714 <topic>asterisk -- Multiple vulnerabilities</topic> 715 <affects> 716 <package> 717 <name>asterisk</name> 718 <range><lt>1.8.32.1</lt></range> 719 </package> 720 <package> 721 <name>asterisk11</name> 722 <range><lt>11.14.1</lt></range> 723 </package> 724 </affects> 725 <description> 726 <body xmlns="http://www.w3.org/1999/xhtml"> 727 <p>The Asterisk project reports:</p> 728 <blockquote cite="https://www.asterisk.org/security"> 729 <p>AST-2014-012 - Mixed IP address families in access 730 control lists may permit unwanted traffic.</p> 731 <p>AST-2014-018 - AMI permission escalation through DB 732 dialplan function.</p> 733 </blockquote> 734 </body> 735 </description> 736 <references> 737 <url>http://downloads.asterisk.org/pub/security/AST-2014-012.html</url> 738 <cvename>CVE-2014-8412</cvename> 739 <url>http://downloads.asterisk.org/pub/security/AST-2014-018.html</url> 740 <cvename>CVE-2014-8418</cvename> 741 </references> 742 <dates> 743 <discovery>2014-11-21</discovery> 744 <entry>2014-11-21</entry> 745 </dates> 746 </vuln> 747 748 <vuln vid="a5d4a82a-7153-11e4-88c7-6805ca0b3d42"> 749 <topic>phpMyAdmin -- XSS and information disclosure vulnerabilities</topic> 750 <affects> 751 <package> 752 <name>phpMyAdmin</name> 753 <range><ge>4.2.0</ge><lt>4.2.12</lt></range> 754 </package> 755 </affects> 756 <description> 757 <body xmlns="http://www.w3.org/1999/xhtml"> 758 <p>The phpMyAdmin development team reports:</p> 759 <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-13.php"> 760 <ul> 761 <li>With a crafted database, table or column name it is 762 possible to trigger an XSS attack in the table browse 763 page.</li> 764 <li>With a crafted ENUM value it is possible to trigger 765 XSS attacks in the table print view and zoom search 766 pages.</li> 767 <li>With a crafted value for font size it is possible to 768 trigger an XSS attack in the home page.</li> 769 </ul> 770 <p>These vulnerabilities can be triggered only by someone 771 who is logged in to phpMyAdmin, as the usual token 772 protection prevents non-logged-in users from accessing the 773 required pages. Moreover, exploitation of the XSS 774 vulnerability related to the font size requires forgery of 775 the pma_fontsize cookie.</p> 776 </blockquote> 777 <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-14.php"> 778 <p> In the GIS editor feature, a parameter specifying the 779 geometry type was not correcly validated, opening the door 780 to a local file inclusion attack.</p> 781 <p>This vulnerability can be triggered only by someone who 782 is logged in to phpMyAdmin, as the usual token protection 783 prevents non-logged-in users from accessing the required 784 page.</p> 785 </blockquote> 786 <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php"> 787 <p>With a crafted file name it is possible to trigger an 788 XSS in the error reporting page.</p> 789 <p>This vulnerability can be triggered only by someone who 790 is logged in to phpMyAdmin, as the usual token protection 791 prevents non-logged-in users from accessing the required 792 page.</p> 793 </blockquote> 794 <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php"> 795 <p>In the error reporting feature, a parameter specifying 796 the file was not correctly validated, allowing the 797 attacker to derive the line count of an arbitrary file</p> 798 <p>This vulnerability can be triggered only by someone who 799 is logged in to phpMyAdmin, as the usual token protection 800 prevents non-logged-in users from accessing the required 801 page.</p> 802 </blockquote> 803 </body> 804 </description> 805 <references> 806 <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-13.php</url> 807 <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-14.php</url> 808 <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php</url> 809 <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php</url> 810 <cvename>CVE-2014-8958</cvename> 811 <cvename>CVE-2014-8959</cvename> 812 <cvename>CVE-2014-8960</cvename> 813 <cvename>CVE-2014-8961</cvename> 814 </references> 815 <dates> 816 <discovery>2014-11-20</discovery> 817 <entry>2014-11-21</entry> 818 </dates> 819 </vuln> 820 821 <vuln vid="890b6b22-70fa-11e4-91ae-5453ed2e2b49"> 822 <topic>kwebkitpart, kde-runtime -- insufficient input validation</topic> 823 <affects> 824 <package> 825 <name>kde-runtime</name> 826 <range><lt>4.14.2_2</lt></range> 827 </package> 828 <package> 829 <name>kwebkitpart</name> 830 <range><lt>1.3.2_4</lt></range> 831 </package> 832 </affects> 833 <description> 834 <body xmlns="http://www.w3.org/1999/xhtml"> 835 <p>Albert Aastals Cid reports:</p> 836 <blockquote cite="https://www.kde.org/info/security/advisory-20141113-1.txt"> 837 <p>kwebkitpart and the bookmarks:// io slave were not sanitizing 838 input correctly allowing to some javascript being executed on the 839 context of the referenced hostname.</p> 840 <p>Whilst in most cases, the JavaScript will be executed in an 841 untrusted context, with the bookmarks IO slave, it will be executed 842 in the context of the referenced hostname. It should however be 843 noted that KDE mitigates this risk by attempting to ensure that 844 such URLs cannot be embedded directly into Internet hosted 845 content.</p> 846 </blockquote> 847 </body> 848 </description> 849 <references> 850 <url>https://www.kde.org/info/security/advisory-20141113-1.txt</url> 851 <cvename>CVE-2014-8600</cvename> 852 </references> 853 <dates> 854 <discovery>2014-11-13</discovery> 855 <entry>2014-11-20</entry> 856 </dates> 857 </vuln> 858 859 <vuln vid="5a35bc56-7027-11e4-a4a3-001999f8d30b"> 860 <topic>yii -- Remote arbitrary PHP code execution</topic> 861 <affects> 862 <package> 863 <name>yii</name> 864 <range><lt>1.1.15</lt></range> 865 </package> 866 </affects> 867 <description> 868 <body xmlns="http://www.w3.org/1999/xhtml"> 869 <p>Yii PHP Framework developers report:</p> 870 <blockquote cite="http://www.yiiframework.com/news/78/yii-1-1-15-is-released-security-fix/"> 871 <p>We are releasing Yii 1.1.15 to fix a security issue 872 found in 1.1.14. We urge all 1.1.14 users to upgrade their 873 Yii to this latest release. Note that the issue only 874 affects 1.1.14. All previous releases are not affected. 875 Upgrading to this release from 1.1.14 is very safe and 876 will not break your existing code.</p> 877 <p>The vulnerability is in the CDetailView widget. When 878 a Yii application uses this widget and configures the 879 "value" property of a CDetailView attribute using end 880 user inputs, it may allow attackers to potentially execute 881 arbitrary PHP scripts on the server. We are not showing 882 how to exploit it here to allow users to upgrade before 883 details about the exploit become publicly known. To our 884 knowledge the details of this issue are only known to 885 core team members.</p> 886 </blockquote> 887 </body> 888 </description> 889 <references> 890 <cvename>CVE-2014-4672</cvename> 891 <url>http://www.yiiframework.com/news/78/yii-1-1-15-is-released-security-fix</url> 892 </references> 893 <dates> 894 <discovery>2014-07-03</discovery> 895 <entry>2014-11-19</entry> 896 </dates> 897 </vuln> 898 899 <vuln vid="d395e44f-6f4f-11e4-a444-00262d5ed8ee"> 900 <topic>chromium -- multiple vulnerabilities</topic> 901 <affects> 902 <package> 903 <name>chromium</name> 904 <range><lt>39.0.2171.65</lt></range> 905 </package> 906 <package> 907 <name>chromium-pulse</name> 908 <range><lt>39.0.2171.65</lt></range> 909 </package> 910 </affects> 911 <description> 912 <body xmlns="http://www.w3.org/1999/xhtml"> 913 <p>Google Chrome Releases reports:</p> 914 <blockquote cite="http://googlechromereleases.blogspot.nl/2014/11/stable-channel-update_18.html"> 915 <p>42 security fixes in this release, including:</p> 916 <ul> 917 <li>[389734] High CVE-2014-7899: Address bar spoofing. Credit to 918 Eli Grey.</li> 919 <li>[406868] High CVE-2014-7900: Use-after-free in pdfium. Credit 920 to Atte Kettunen from OUSPG.</li> 921 <li>[413375] High CVE-2014-7901: Integer overflow in pdfium. Credit 922 to cloudfuzzer.</li> 923 <li>[414504] High CVE-2014-7902: Use-after-free in pdfium. Credit 924 to cloudfuzzer.</li> 925 <li>[414525] High CVE-2014-7903: Buffer overflow in pdfium. Credit 926 to cloudfuzzer.</li> 927 <li>[418161] High CVE-2014-7904: Buffer overflow in Skia. Credit to 928 Atte Kettunen from OUSPG.</li> 929 <li>[421817] High CVE-2014-7905: Flaw allowing navigation to 930 intents that do not have the BROWSABLE category. Credit to 931 WangTao(neobyte) of Baidu X-Team.</li> 932 <li>[423030] High CVE-2014-7906: Use-after-free in pepper plugins. 933 Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team.</li> 934 <li>[423703] High CVE-2014-0574: Double-free in Flash. Credit to 935 biloulehibou.</li> 936 <li>[424453] High CVE-2014-7907: Use-after-free in blink. Credit to 937 Chen Zhang (demi6od) of the NSFOCUS Security Team.</li> 938 <li>[425980] High CVE-2014-7908: Integer overflow in media. Credit 939 to Christoph Diehl.</li> 940 <li>[391001] Medium CVE-2014-7909: Uninitialized memory read in 941 Skia. Credit to miaubiz.</li> 942 <li>CVE-2014-7910: Various fixes from internal audits, fuzzing and 943 other initiatives.</li> 944 </ul> 945 </blockquote> 946 </body> 947 </description> 948 <references> 949 <cvename>CVE-2014-0574</cvename> 950 <cvename>CVE-2014-7899</cvename> 951 <cvename>CVE-2014-7900</cvename> 952 <cvename>CVE-2014-7901</cvename> 953 <cvename>CVE-2014-7902</cvename> 954 <cvename>CVE-2014-7903</cvename> 955 <cvename>CVE-2014-7904</cvename> 956 <cvename>CVE-2014-7905</cvename> 957 <cvename>CVE-2014-7906</cvename> 958 <cvename>CVE-2014-7907</cvename> 959 <cvename>CVE-2014-7908</cvename> 960 <cvename>CVE-2014-7909</cvename> 961 <cvename>CVE-2014-7910</cvename> 962 <url>http://googlechromereleases.blogspot.nl/2014/11/stable-channel-update_18.html</url> 963 </references> 964 <dates> 965 <discovery>2014-11-18</discovery> 966 <entry>2014-11-18</entry> 967 </dates> 968 </vuln> 969 970 <vuln vid="dafa13a8-6e9b-11e4-8ef7-5453ed2e2b49"> 971 <topic>kde-workspace -- privilege escalation</topic> 972 <affects> 973 <package> 974 <name>kde-workspace</name> 975 <range><lt>4.11.13_1</lt></range> 976 </package> 977 </affects> 978 <description> 979 <body xmlns="http://www.w3.org/1999/xhtml"> 980 <p>David Edmundson reports:</p> 981 <blockquote cite="https://www.kde.org/info/security/advisory-20141106-1.txt"> 982 <p>KDE workspace configuration module for setting the date and time 983 has a helper program which runs as root for performing actions. 984 This is secured with polkit.</p> 985 <p>This helper takes the name of the ntp utility to run as an 986 argument. This allows a hacker to run any arbitrary command as root 987 under the guise of updating the time.</p> 988 <p>An application can gain root priveledges from an admin user with 989 either misleading information or no interaction.</p> 990 <p>On some systems the user will be shown a prompt to change the 991 time. However, if the system has policykit-desktop-privileges 992 installed, the datetime helper will be invoked by an admin user 993 without any prompts.</p> 994 </blockquote> 995 </body> 996 </description> 997 <references> 998 <cvename>CVE-2014-8651</cvename> 999 <mlist>http://seclists.org/oss-sec/2014/q4/520</mlist> 1000 </references> 1001 <dates> 1002 <discovery>2014-11-06</discovery> 1003 <entry>2014-11-17</entry> 1004 </dates> 1005 </vuln> 1006 1007 <vuln vid="c1930f45-6982-11e4-80e1-bcaec565249c"> 1008 <topic>dbus -- incomplete fix for CVE-2014-3636 part A</topic> 1009 <affects> 1010 <package> 1011 <name>dbus</name> 1012 <range><lt>1.8.10</lt></range> 1013 </package> 1014 </affects> 1015 <description> 1016 <body xmlns="http://www.w3.org/1999/xhtml"> 1017 <p>Simon McVittie reports:</p> 1018 <blockquote cite="http://lists.freedesktop.org/archives/dbus/2014-November/016395.html"> 1019 <p>The patch issued by the D-Bus maintainers for CVE-2014-3636 1020 was based on incorrect reasoning, and does not fully prevent 1021 the attack described as "CVE-2014-3636 part A", which is 1022 repeated below. Preventing that attack requires raising the 1023 system dbus-daemon's RLIMIT_NOFILE (ulimit -n) to a higher 1024 value. CVE-2014-7824 has been allocated for this 1025 vulnerability.</p> 1026 </blockquote> 1027 </body> 1028 </description> 1029 <references> 1030 <cvename>CVE-2014-7824</cvename> 1031 <url>http://lists.freedesktop.org/archives/dbus/2014-November/016395.html</url> 1032 </references> 1033 <dates> 1034 <discovery>2014-11-10</discovery> 1035 <entry>2014-11-11</entry> 1036 </dates> 1037 </vuln> 1038 1039 <vuln vid="ee7b4f9d-66c8-11e4-9ae1-e8e0b722a85e"> 1040 <topic>wget -- path traversal vulnerability in recursive FTP mode</topic> 1041 <affects> 1042 <package> 1043 <name>wget</name> 1044 <range><lt>1.16</lt></range> 1045 </package> 1046 </affects> 1047 <description> 1048 <body xmlns="http://www.w3.org/1999/xhtml"> 1049 <p>MITRE reports:</p> 1050 <blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4877"> 1051 <p>Absolute path traversal vulnerability in GNU Wget before 1052 1.16, when recursion is enabled, allows remote FTP servers 1053 to write to arbitrary files, and consequently execute 1054 arbitrary code, via a LIST response that references the same 1055 filename within two entries, one of which indicates that the 1056 filename is for a symlink. </p> 1057 </blockquote> 1058 </body> 1059 </description> 1060 <references> 1061 <cvename>CVE-2014-4877</cvename> 1062 <certvu>685996</certvu> 1063 </references> 1064 <dates> 1065 <discovery>2014-10-27</discovery> 1066 <entry>2014-11-08</entry> 1067 </dates> 1068 </vuln> 1069 1070 <vuln vid="0167f5ad-64ea-11e4-98c1-00269ee29e57"> 1071 <topic>Konversation -- out-of-bounds read on a heap-allocated array</topic> 1072 <affects> 1073 <package> 1074 <name>konversation</name> 1075 <range><lt>1.5.1</lt></range> 1076 </package> 1077 </affects> 1078 <description> 1079 <body xmlns="http://www.w3.org/1999/xhtml"> 1080 <p>Konversation developers report:</p> 1081 <blockquote cite="https://www.kde.org/info/security/advisory-20141104-1.txt"> 1082 <p>Konversation's Blowfish ECB encryption support assumes incoming blocks 1083 to be the expected 12 bytes. The lack of a sanity-check for the actual 1084 size can cause a denial of service and an information leak to the local 1085 user.</p> 1086 </blockquote> 1087 </body> 1088 </description> 1089 <references> 1090 <cvename>CVE-2014-8483</cvename> 1091 <url>https://www.kde.org/info/security/advisory-20141104-1.txt</url> 1092 </references> 1093 <dates> 1094 <discovery>2014-11-04</discovery> 1095 <entry>2014-11-05</entry> 1096 </dates> 1097 </vuln> 1098 1099 <vuln vid="21ce1840-6107-11e4-9e84-0022156e8794"> 1100 <topic>twiki -- remote Perl code execution</topic> 1101 <affects> 1102 <package> 1103 <name>twiki</name> 1104 <range><lt>5.1.4_1,1</lt></range> 1105 </package> 1106 </affects> 1107 <description> 1108 <body xmlns="http://www.w3.org/1999/xhtml"> 1109 <p>TWiki developers report:</p> 1110 <blockquote cite="http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7236"> 1111 <p>The debugenableplugins request parameter allows arbitrary 1112 Perl code execution.</p> 1113 <p>Using an HTTP GET request towards a TWiki server, 1114 add a specially crafted debugenableplugins request parameter 1115 to TWiki's view script (typically port 80/TCP). 1116 Prior authentication may or may not be necessary.</p> 1117 <p>A remote attacker can execute arbitrary Perl code 1118 to view and modify any file the webserver user has access to.</p> 1119 <p>Example: http://www.example.com/do/view/Main/WebHome?debugenableplugins=BackupRestorePlugin%3bprint("Content-Type:text/html\r\n\r\nVulnerable!")%3bexit</p> 1120 <p>The TWiki site is vulnerable if you see a page with text 1121 "Vulnerable!".</p> 1122 </blockquote> 1123 </body> 1124 </description> 1125 <references> 1126 <cvename>CVE-2014-7236</cvename> 1127 <url>http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7236</url> 1128 </references> 1129 <dates> 1130 <discovery>2014-10-09</discovery> 1131 <entry>2014-10-31</entry> 1132 </dates> 1133 </vuln> 1134 1135 <vuln vid="0dad9114-60cc-11e4-9e84-0022156e8794"> 1136 <topic>jenkins -- slave-originated arbitrary code execution on master servers</topic> 1137 <affects> 1138 <package> 1139 <name>jenkins</name> 1140 <range><lt>1.587</lt></range> 1141 </package> 1142 <package> 1143 <name>jenkins-lts</name> 1144 <range><lt>1.580.1</lt></range> 1145 </package> 1146 </affects> 1147 <description> 1148 <body xmlns="http://www.w3.org/1999/xhtml"> 1149 <p>Kohsuke Kawaguchi from Jenkins team reports:</p> 1150 <blockquote cite="https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-30"> 1151 <p>Historically, Jenkins master and slaves behaved as if 1152 they altogether form a single distributed process. This 1153 means a slave can ask a master to do just about anything 1154 within the confinement of the operating system, such as 1155 accessing files on the master or trigger other jobs on 1156 Jenkins.</p> 1157 <p>This has increasingly become problematic, as larger 1158 enterprise deployments have developed more sophisticated 1159 trust separation model, where the administators of a master 1160 might take slaves owned by other teams. In such an 1161 environment, slaves are less trusted than the master. 1162 Yet the "single distributed process" assumption was not 1163 communicated well to the users, resulting in vulnerabilities 1164 in some deployments.</p> 1165 <p>SECURITY-144 (CVE-2014-3665) introduces a new subsystem 1166 to address this problem. This feature is off by default for 1167 compatibility reasons. See Wiki for more details, who should 1168 turn this on, and implications.</p> 1169 <p>CVE-2014-3566 is rated high. It only affects 1170 installations that accept slaves from less trusted 1171 computers, but this will allow an owner of of such slave to 1172 mount a remote code execution attack on Jenkins.</p> 1173 </blockquote> 1174 </body> 1175 </description> 1176 <references> 1177 <cvename>CVE-2014-3665</cvename> 1178 <url>https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-30</url> 1179 <url>https://wiki.jenkins-ci.org/display/JENKINS/Slave+To+Master+Access+Control</url> 1180 <url>http://www.cloudbees.com/jenkins-security-advisory-2014-10-30</url> 1181 </references> 1182 <dates> 1183 <discovery>2014-10-30</discovery> 1184 <entry>2014-10-31</entry> 1185 </dates> 1186 </vuln> 1187 1188 <vuln vid="f8c88d50-5fb3-11e4-81bd-5453ed2e2b49"> 1189 <topic>libssh -- PRNG state reuse on forking servers</topic> 1190 <affects> 1191 <package> 1192 <name>libssh</name> 1193 <range><lt>0.6.3</lt></range> 1194 </package> 1195 </affects> 1196 <description> 1197 <body xmlns="http://www.w3.org/1999/xhtml"> 1198 <p>Aris Adamantiadis reports:</p> 1199 <blockquote cite="http://www.openwall.com/lists/oss-security/2014/03/05/1"> 1200 <p>When accepting a new connection, the server forks and the 1201 child process handles the request. The RAND_bytes() function 1202 of openssl doesn't reset its state after the fork, but 1203 simply adds the current process id (getpid) to the PRNG 1204 state, which is not guaranteed to be unique.</p> 1205 </blockquote> 1206 </body> 1207 </description> 1208 <references> 1209 <cvename>CVE-2014-0017</cvename> 1210 <mlist>http://www.openwall.com/lists/oss-security/2014/03/05/1</mlist> 1211 <url>http://secunia.com/advisories/57407</url> 1212 </references> 1213 <dates> 1214 <discovery>2014-03-05</discovery> 1215 <entry>2014-10-29</entry> 1216 </dates> 1217 </vuln> 1218 1219 <vuln vid="d057c5e6-5b20-11e4-bebd-000c2980a9f3"> 1220 <topic>libpurple/pidgin -- multiple vulnerabilities</topic> 1221 <affects> 1222 <package> 1223 <name>libpurple</name> 1224 <range><lt>2.10.10</lt></range> 1225 </package> 1226 <package> 1227 <name>pidgin</name> 1228 <range><lt>2.10.10</lt></range> 1229 </package> 1230 </affects> 1231 <description> 1232 <body xmlns="http://www.w3.org/1999/xhtml"> 1233 <p>The pidgin development team reports:</p> 1234 <blockquote cite="https://developer.pidgin.im/wiki/ChangeLog"> 1235 <p>.</p> 1236 </blockquote> 1237 </body> 1238 </description> 1239 <references> 1240 <cvename>CVE-2014-3694</cvename> 1241 <cvename>CVE-2014-3697</cvename> 1242 <cvename>CVE-2014-3696</cvename> 1243 <cvename>CVE-2014-3695</cvename> 1244 <cvename>CVE-2014-3698</cvename> 1245 <url>https://developer.pidgin.im/wiki/ChangeLog</url> 1246 </references> 1247 <dates> 1248 <discovery>2014-10-22</discovery> 1249 <entry>2014-10-24</entry> 1250 </dates> 1251 </vuln> 1252 1253 <vuln vid="25b78f04-59c8-11e4-b711-6805ca0b3d42"> 1254 <topic>phpMyAdmin -- XSS vulnerabilities in SQL debug output and server monitor page.</topic> 1255 <affects> 1256 <package> 1257 <name>phpMyAdmin</name> 1258 <range><ge>4.2.0</ge><lt>4.2.10.1</lt></range> 1259 </package> 1260 </affects> 1261 <description> 1262 <body xmlns="http://www.w3.org/1999/xhtml"> 1263 <p>The phpMyAdmin development team reports:</p> 1264 <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-12.php"> 1265 <p>With a crafted database or table name it is possible to 1266 trigger an XSS in SQL debug output when enabled and in 1267 server monitor page when viewing and analysing executed 1268 queries.</p> 1269 <p>This vulnerability can be triggered only by someone who 1270 is logged in to phpMyAdmin, as the usual token protection 1271 prevents non-logged-in users from accessing the required 1272 pages. Moreover, debugging SQL is a developer option which 1273 is disabled by default and expected to be disabled in 1274 production environments.</p> 1275 </blockquote> 1276 </body> 1277 </description> 1278 <references> 1279 <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-12.php</url> 1280 <cvename>CVE-2014-8326</cvename> 1281 </references> 1282 <dates> 1283 <discovery>2014-10-21</discovery> 1284 <entry>2014-10-22</entry> 1285 </dates> 1286 </vuln> 1287 1288 <vuln vid="76c7a0f5-5928-11e4-adc7-001999f8d30b"> 1289 <topic>asterisk -- Asterisk Susceptibility to POODLE Vulnerability</topic> 1290 <affects> 1291 <package> 1292 <name>asterisk</name> 1293 <range><lt>1.8.31.1</lt></range> 1294 </package> 1295 <package> 1296 <name>asterisk11</name> 1297 <range><lt>11.13.1</lt></range> 1298 </package> 1299 </affects> 1300 <description> 1301 <body xmlns="http://www.w3.org/1999/xhtml"> 1302 <p>The Asterisk project reports:</p> 1303 <blockquote cite="http://www.asterisk.org/downloads/security-advisories"> 1304 <p>The POODLE vulnerability is described under CVE-2014-3566. 1305 This advisory describes the Asterisk's project susceptibility 1306 to this vulnerability.</p> 1307 </blockquote> 1308 </body> 1309 </description> 1310 <references> 1311 <url>http://downloads.asterisk.org/pub/security/AST-2014-011.html</url> 1312 <cvename>CVE-2014-3566</cvename> 1313 </references> 1314 <dates> 1315 <discovery>2014-10-20</discovery> 1316 <entry>2014-10-21</entry> 1317 </dates> 1318 </vuln> 1319 1320 <vuln vid="0642b064-56c4-11e4-8b87-bcaec565249c"> 1321 <topic>libxml2 -- Denial of service</topic> 1322 <affects> 1323 <package> 1324 <name>libxml2</name> 1325 <range><lt>2.9.2</lt></range> 1326 </package> 1327 <package> 1328 <name>linux-c6-libxml2</name> 1329 <range><lt>2.7.6_2</lt></range> 1330 </package> 1331 <package> 1332 <name>linux-f10-libxml2</name> 1333 <range><ge>*</ge></range> 1334 </package> 1335 </affects> 1336 <description> 1337 <body xmlns="http://www.w3.org/1999/xhtml"> 1338 <p>RedHat reports:</p> 1339 <blockquote cite="https://rhn.redhat.com/errata/RHSA-2014-1655.html"> 1340 <p>A denial of service flaw was found in libxml2, a library 1341 providing support to read, modify and write XML and HTML 1342 files. A remote attacker could provide a specially crafted 1343 XML file that, when processed by an application using 1344 libxml2, would lead to excessive CPU consumption (denial of 1345 service) based on excessive entity substitutions, even if 1346 entity substitution was disabled, which is the parser default 1347 behavior.</p> 1348 </blockquote> 1349 </body> 1350 </description> 1351 <references> 1352 <cvename>CVE-2014-3660</cvename> 1353 <url>https://rhn.redhat.com/errata/RHSA-2014-1655.html</url> 1354 </references> 1355 <dates> 1356 <discovery>2014-10-16</discovery> 1357 <entry>2014-10-18</entry> 1358 <modified>2015-07-15</modified> 1359 </dates> 1360 </vuln> 1361 1362 <vuln vid="6f825fa4-5560-11e4-a4c3-00a0986f28c4"> 1363 <topic>drupal7 -- SQL injection</topic> 1364 <affects> 1365 <package> 1366 <name>drupal7</name> 1367 <range><lt>7.32</lt></range> 1368 </package> 1369 </affects> 1370 <description> 1371 <body xmlns="http://www.w3.org/1999/xhtml"> 1372 <p>Drupal Security Team reports:</p> 1373 <blockquote cite="https://drupal.org/SA-CORE-2013-003"> 1374 <p>Drupal 7 includes a database abstraction API to ensure that 1375 queries executed against the database are sanitized to prevent 1376 SQL injection attacks. 1377 A vulnerability in this API allows an attacker to send 1378 specially crafted requests resulting in arbitrary SQL execution. 1379 Depending on the content of the requests this can lead to 1380 privilege escalation, arbitrary PHP execution, or other attacks. 1381 This vulnerability can be exploited by anonymous users.</p> 1382 </blockquote> 1383 </body> 1384 </description> 1385 <references> 1386 <cvename>CVE-2014-3704</cvename> 1387 <url>https://www.drupal.org/SA-CORE-2014-005</url> 1388 <url>https://www.sektioneins.de/en/blog/14-10-15-drupal-sql-injection-vulnerability.html</url> 1389 </references> 1390 <dates> 1391 <discovery>2014-10-15</discovery> 1392 <entry>2014-10-16</entry> 1393 </dates> 1394 </vuln> 1395 1396 <vuln vid="03175e62-5494-11e4-9cc1-bc5ff4fb5e7b"> 1397 <topic>OpenSSL -- multiple vulnerabilities</topic> 1398 <affects> 1399 <package> 1400 <name>openssl</name> 1401 <range><ge>1.0.1</ge><lt>1.0.1_16</lt></range> 1402 </package> 1403 <package> 1404 <name>mingw32-openssl</name> 1405 <range><ge>1.0.1</ge><lt>1.0.1j</lt></range> 1406 </package> 1407 <package> 1408 <name>linux-c6-openssl</name> 1409 <range><lt>1.0.1e_1</lt></range> 1410 </package> 1411 <package> 1412 <name>FreeBSD</name> 1413 <range><ge>8.4</ge><lt>8.4_17</lt></range> 1414 <range><ge>9.1</ge><lt>9.1_20</lt></range> 1415 <range><ge>9.2</ge><lt>9.2_13</lt></range> 1416 <range><ge>9.3</ge><lt>9.3_3</lt></range> 1417 <range><ge>10.0</ge><lt>10.0_10</lt></range> 1418 </package> 1419 </affects> 1420 <description> 1421 <body xmlns="http://www.w3.org/1999/xhtml"> 1422 <p>The OpenSSL Project reports:</p> 1423 <blockquote cite="https://www.openssl.org/news/secadv_20141015.txt"> 1424 <p>A flaw in the DTLS SRTP extension parsing code allows an 1425 attacker, who sends a carefully crafted handshake message, 1426 to cause OpenSSL to fail to free up to 64k of memory causing 1427 a memory leak. This could be exploited in a Denial Of Service 1428 attack. This issue affects OpenSSL 1.0.1 server implementations 1429 for both SSL/TLS and DTLS regardless of whether SRTP is used 1430 or configured. Implementations of OpenSSL that have been 1431 compiled with OPENSSL_NO_SRTP defined are not affected. 1432 [CVE-2014-3513].</p> 1433 <p>When an OpenSSL SSL/TLS/DTLS server receives a session 1434 ticket the integrity of that ticket is first verified. 1435 In the event of a session ticket integrity check failing, 1436 OpenSSL will fail to free memory causing a memory leak. 1437 By sending a large number of invalid session tickets an 1438 attacker could exploit this issue in a Denial Of Service 1439 attack. [CVE-2014-3567].</p> 1440 <p>OpenSSL has added support for TLS_FALLBACK_SCSV to allow 1441 applications to block the ability for a MITM attacker to 1442 force a protocol downgrade.</p> 1443 <p>Some client applications (such as browsers) will reconnect 1444 using a downgraded protocol to work around interoperability 1445 bugs in older servers. This could be exploited by an active 1446 man-in-the-middle to downgrade connections to SSL 3.0 even 1447 if both sides of the connection support higher protocols. 1448 SSL 3.0 contains a number of weaknesses including POODLE 1449 [CVE-2014-3566].</p> 1450 <p>When OpenSSL is configured with "no-ssl3" as a build option, 1451 servers could accept and complete a SSL 3.0 handshake, and 1452 clients could be configured to send them. [CVE-2014-3568].</p> 1453 </blockquote> 1454 </body> 1455 </description> 1456 <references> 1457 <freebsdsa>SA-14:23.openssl</freebsdsa> 1458 <cvename>CVE-2014-3513</cvename> 1459 <cvename>CVE-2014-3566</cvename> 1460 <cvename>CVE-2014-3567</cvename> 1461 <cvename>CVE-2014-3568</cvename> 1462 <url>https://www.openssl.org/news/secadv_20141015.txt</url> 1463 </references> 1464 <dates> 1465 <discovery>2014-10-15</discovery> 1466 <entry>2014-10-15</entry> 1467 <modified>2016-08-09</modified> 1468 </dates> 1469 </vuln> 1470 1471 <vuln vid="9c1495ac-8d8c-4789-a0f3-8ca6b476619c"> 1472 <topic>mozilla -- multiple vulnerabilities</topic> 1473 <affects> 1474 <package> 1475 <name>firefox</name> 1476 <range><lt>33.0,1</lt></range> 1477 </package> 1478 <package> 1479 <name>firefox-esr</name> 1480 <range><lt>31.2.0,1</lt></range> 1481 </package> 1482 <package> 1483 <name>linux-firefox</name> 1484 <range><lt>33.0,1</lt></range> 1485 </package> 1486 <package> 1487 <name>linux-seamonkey</name> 1488 <range><lt>2.30</lt></range> 1489 </package> 1490 <package> 1491 <name>linux-thunderbird</name> 1492 <range><lt>31.2.0</lt></range> 1493 </package> 1494 <package> 1495 <name>seamonkey</name> 1496 <range><lt>2.30</lt></range> 1497 </package> 1498 <package> 1499 <name>thunderbird</name> 1500 <range><lt>31.2.0</lt></range> 1501 </package> 1502 <package> 1503 <name>libxul</name> 1504 <range><lt>31.2.0</lt></range> 1505 </package> 1506 </affects> 1507 <description> 1508 <body xmlns="http://www.w3.org/1999/xhtml"> 1509 <p>The Mozilla Project reports:</p> 1510 <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> 1511 <p>MFSA 2014-74 Miscellaneous memory safety hazards 1512 (rv:33.0 / rv:31.2)</p> 1513 <p>MFSA 2014-75 Buffer overflow during CSS manipulation</p> 1514 <p>MFSA 2014-76 Web Audio memory corruption issues with 1515 custom waveforms</p> 1516 <p>MFSA 2014-78 Further uninitialized memory use during GIF</p> 1517 <p>MFSA 2014-79 Use-after-free interacting with text 1518 directionality</p> 1519 <p>MFSA 2014-80 Key pinning bypasses</p> 1520 <p>MFSA 2014-81 Inconsistent video sharing within iframe</p> 1521 <p>MFSA 2014-82 Accessing cross-origin objects via the 1522 Alarms API</p> 1523 </blockquote> 1524 </body> 1525 </description> 1526 <references> 1527 <cvename>CVE-2014-1574</cvename> 1528 <cvename>CVE-2014-1575</cvename> 1529 <cvename>CVE-2014-1576</cvename> 1530 <cvename>CVE-2014-1577</cvename> 1531 <cvename>CVE-2014-1580</cvename> 1532 <cvename>CVE-2014-1581</cvename> 1533 <cvename>CVE-2014-1582</cvename> 1534 <cvename>CVE-2014-1583</cvename> 1535 <cvename>CVE-2014-1584</cvename> 1536 <cvename>CVE-2014-1585</cvename> 1537 <cvename>CVE-2014-1586</cvename> 1538 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-74.html</url> 1539 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-75.html</url> 1540 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-76.html</url> 1541 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-78.html</url> 1542 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-79.html</url> 1543 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-80.html</url> 1544 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-81.html</url> 1545 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-82.html</url> 1546 <url>https://www.mozilla.org/security/announce/</url> 1547 </references> 1548 <dates> 1549 <discovery>2014-10-14</discovery> 1550 <entry>2014-10-14</entry> 1551 <modified>2015-08-12</modified> 1552 </dates> 1553 </vuln> 1554 1555 <vuln vid="c30c3a2e-4fb1-11e4-b275-14dae9d210b8"> 1556 <topic>foreman-proxy SSL verification issue</topic> 1557 <affects> 1558 <package> 1559 <name>foreman-proxy</name> 1560 <range><lt>1.6.2</lt></range> 1561 </package> 1562 </affects> 1563 <description> 1564 <body xmlns="http://www.w3.org/1999/xhtml"> 1565 <p>Foreman Security reports:</p> 1566 <blockquote cite="http://projects.theforeman.org/issues/7822"> 1567 <p>The smart proxy when running in an SSL-secured mode permits incoming 1568 API calls to any endpoint without requiring, or performing any 1569 verification of an SSL client certificate. This permits any client 1570 with access to the API to make requests and perform actions 1571 permitting control of Puppet CA, DHCP, DNS etc.)</p> 1572 </blockquote> 1573 </body> 1574 </description> 1575 <references> 1576 <cvename>CVE-2014-3691</cvename> 1577 <url>https://groups.google.com/forum/#!topic/foreman-announce/LcjZx25Bl7U</url> 1578 </references> 1579 <dates> 1580 <discovery>2014-05-09</discovery> 1581 <entry>2014-10-09</entry> 1582 </dates> 1583 </vuln> 1584 1585 <vuln vid="b6587341-4d88-11e4-aef9-20cf30e32f6d"> 1586 <topic>Bugzilla multiple security issues</topic> 1587 <affects> 1588 <package> 1589 <name>bugzilla44</name> 1590 <range><lt>4.4.6</lt></range> 1591 </package> 1592 </affects> 1593 <description> 1594 <body xmlns="http://www.w3.org/1999/xhtml"> 1595 <p>Bugzilla Security Advisory</p> 1596 <blockquote cite="http://www.bugzilla.org/security/4.0.14/"> 1597 <h5>Unauthorized Account Creation</h5> 1598 <p>An attacker creating a new Bugzilla account can override certain 1599 parameters when finalizing the account creation that can lead to the 1600 user being created with a different email address than originally 1601 requested. The overridden login name could be automatically added 1602 to groups based on the group's regular expression setting.</p> 1603 <h5>Cross-Site Scripting</h5> 1604 <p>During an audit of the Bugzilla code base, several places 1605 were found where cross-site scripting exploits could occur which 1606 could allow an attacker to access sensitive information.</p> 1607 <h5>Information Leak</h5> 1608 <p>If a new comment was marked private to the insider group, and a flag 1609 was set in the same transaction, the comment would be visible to 1610 flag recipients even if they were not in the insider group.</p> 1611 <h5>Social Engineering</h5> 1612 <p>Search results can be exported as a CSV file which can then be 1613 imported into external spreadsheet programs. Specially formatted 1614 field values can be interpreted as formulas which can be executed 1615 and used to attack a user's computer.</p> 1616 </blockquote> 1617 </body> 1618 </description> 1619 <references> 1620 <cvename>CVE-2014-1572</cvename> 1621 <cvename>CVE-2014-1573</cvename> 1622 <cvename>CVE-2014-1571</cvename> 1623 <url>https://bugzilla.mozilla.org/show_bug.cgi?id=1074812</url> 1624 <url>https://bugzilla.mozilla.org/show_bug.cgi?id=1075578</url> 1625 <url>https://bugzilla.mozilla.org/show_bug.cgi?id=1064140</url> 1626 <url>https://bugzilla.mozilla.org/show_bug.cgi?id=1054702</url> 1627 </references> 1628 <dates> 1629 <discovery>2014-10-06</discovery> 1630 <entry>2014-10-06</entry> 1631 </dates> 1632 </vuln> 1633 1634 <vuln vid="81e2b308-4a6c-11e4-b711-6805ca0b3d42"> 1635 <topic>rt42 -- vulnerabilities related to shellshock</topic> 1636 <affects> 1637 <package> 1638 <name>rt42</name> 1639 <range><ge>4.2.0</ge><lt>4.2.8</lt></range> 1640 </package> 1641 </affects> 1642 <description> 1643 <body xmlns="http://www.w3.org/1999/xhtml"> 1644 <p>Best Practical reports:</p> 1645 <blockquote cite="http://blog.bestpractical.com/2014/10/security-vulnerability-in-rt-42x-cve-2014-7227.html"> 1646 <p>RT 4.2.0 and above may be vulnerable to arbitrary 1647 execution of code by way of CVE-2014-7169, CVE-2014-7186, 1648 CVE-2014-7187, CVE-2014-6277, or CVE-2014-6271 -- 1649 collectively known as "Shellshock." This vulnerability 1650 requires a privileged user with access to an RT instance 1651 running with SMIME integration enabled; it applies to both 1652 mod_perl and fastcgi deployments. If you have already 1653 taken upgrades to bash to resolve "Shellshock," you are 1654 protected from this vulnerability in RT, and there is no 1655 need to apply this patch. This vulnerability has been 1656 assigned CVE-2014-7227.</p> 1657 </blockquote> 1658 </body> 1659 </description> 1660 <references> 1661 <url>http://blog.bestpractical.com/2014/10/security-vulnerability-in-rt-42x-cve-2014-7227.html</url> 1662 <cvename>CVE-2014-7227</cvename> 1663 </references> 1664 <dates> 1665 <discovery>2014-10-02</discovery> 1666 <entry>2014-10-02</entry> 1667 </dates> 1668 </vuln> 1669 1670 <vuln vid="549a2771-49cc-11e4-ae2c-c80aa9043978"> 1671 <topic>jenkins -- remote execution, privilege escalation, XSS, password exposure, ACL hole, DoS</topic> 1672 <affects> 1673 <package> 1674 <name>jenkins</name> 1675 <range><lt>1.583</lt></range> 1676 </package> 1677 <package> 1678 <name>jenkins-lts</name> 1679 <range><lt>1.565.3</lt></range> 1680 </package> 1681 </affects> 1682 <description> 1683 <body xmlns="http://www.w3.org/1999/xhtml"> 1684 <p>Jenkins Security Advisory:</p> 1685 <blockquote cite="https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01"> 1686 <p>Please reference CVE/URL list for details</p> 1687 </blockquote> 1688 </body> 1689 </description> 1690 <references> 1691 <url>https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01</url> 1692 <cvename>CVE-2014-3661</cvename> 1693 <cvename>CVE-2014-3662</cvename> 1694 <cvename>CVE-2014-3663</cvename> 1695 <cvename>CVE-2014-3664</cvename> 1696 <cvename>CVE-2014-3680</cvename> 1697 <cvename>CVE-2014-3681</cvename> 1698 <cvename>CVE-2014-3666</cvename> 1699 <cvename>CVE-2014-3667</cvename> 1700 <cvename>CVE-2013-2186</cvename> 1701 <cvename>CVE-2014-1869</cvename> 1702 <cvename>CVE-2014-3678</cvename> 1703 <cvename>CVE-2014-3679</cvename> 1704 </references> 1705 <dates> 1706 <discovery>2014-10-01</discovery> 1707 <entry>2014-10-01</entry> 1708 </dates> 1709 </vuln> 1710 1711 <vuln vid="512d1301-49b9-11e4-ae2c-c80aa9043978"> 1712 <topic>bash -- remote code execution</topic> 1713 <affects> 1714 <package> 1715 <name>bash</name> 1716 <name>bash-static</name> 1717 <range><lt>4.3.25_2</lt></range> 1718 </package> 1719 </affects> 1720 <description> 1721 <body xmlns="http://www.w3.org/1999/xhtml"> 1722 <p>Note that this is different than the public "Shellshock" 1723 issue.</p> 1724 <p>Specially crafted environment variables could lead to remote 1725 arbitrary code execution. This was fixed in bash 4.3.27, however 1726 the port was patched with a mitigation in 4.3.25_2.</p> 1727 </body> 1728 </description> 1729 <references> 1730 <url>http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html</url> 1731 <cvename>CVE-2014-6277</cvename> 1732 <cvename>CVE-2014-6278</cvename> 1733 </references> 1734 <dates> 1735 <discovery>2014-09-27</discovery> 1736 <entry>2014-10-01</entry> 1737 </dates> 1738 </vuln> 1739 1740 <vuln vid="3e8b7f8a-49b0-11e4-b711-6805ca0b3d42"> 1741 <topic>phpMyAdmin -- XSS vulnerabilities</topic> 1742 <affects> 1743 <package> 1744 <name>phpMyAdmin</name> 1745 <range><ge>4.2.0</ge><lt>4.2.9.1</lt></range> 1746 </package> 1747 </affects> 1748 <description> 1749 <body xmlns="http://www.w3.org/1999/xhtml"> 1750 <p>The phpMyAdmin development team reports:</p> 1751 <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-11.php"> 1752 <p>With a crafted ENUM value it is possible to trigger an 1753 XSS in table search and table structure pages. This 1754 vulnerability can be triggered only by someone who is 1755 logged in to phpMyAdmin, as the usual token protection 1756 prevents non-logged-in users from accessing the required 1757 pages.</p> 1758 </blockquote> 1759 </body> 1760 </description> 1761 <references> 1762 <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-11.php</url> 1763 <cvename>CVE-2014-7217</cvename> 1764 </references> 1765 <dates> 1766 <discovery>2014-10-01</discovery> 1767 <entry>2014-10-01</entry> 1768 </dates> 1769 </vuln> 1770 1771 <vuln vid="4a4e9f88-491c-11e4-ae2c-c80aa9043978"> 1772 <topic>bash -- out-of-bounds memory access in parser</topic> 1773 <affects> 1774 <package> 1775 <name>bash</name> 1776 <name>bash-static</name> 1777 <range><lt>4.3.27_1</lt></range> 1778 </package> 1779 </affects> 1780 <description> 1781 <body xmlns="http://www.w3.org/1999/xhtml"> 1782 <p>RedHat security team reports:</p> 1783 <blockquote cite="https://access.redhat.com/security/cve/CVE-2014-7186"> 1784 <p>It was discovered that the fixed-sized redir_stack could be forced 1785 to overflow in the Bash parser, resulting in memory corruption, and 1786 possibly leading to arbitrary code execution when evaluating 1787 untrusted input that would not otherwise be run as code.</p> 1788 </blockquote> 1789 <blockquote cite="https://access.redhat.com/security/cve/CVE-2014-7187"> 1790 <p>An off-by-one error was discovered in the way Bash was handling 1791 deeply nested flow control constructs. Depending on the layout of 1792 the .bss segment, this could allow arbitrary execution of code that 1793 would not otherwise be executed by Bash.</p> 1794 </blockquote> 1795 </body> 1796 </description> 1797 <references> 1798 <url>https://access.redhat.com/security/cve/CVE-2014-7186</url> 1799 <cvename>CVE-2014-7186</cvename> 1800 <cvename>CVE-2014-7187</cvename> 1801 </references> 1802 <dates> 1803 <discovery>2014-09-25</discovery> 1804 <entry>2014-10-01</entry> 1805 </dates> 1806 </vuln> 1807 1808 <vuln vid="8e0e86ff-48b5-11e4-ab80-000c29f6ae42"> 1809 <topic>rsyslog -- remote syslog PRI vulnerability</topic> 1810 <affects> 1811 <package> 1812 <name>rsyslog</name> 1813 <range><lt>7.6.7</lt></range> 1814 </package> 1815 <package> 1816 <name>rsyslog8</name> 1817 <range><lt>8.4.2</lt></range> 1818 </package> 1819 </affects> 1820 <description> 1821 <body xmlns="http://www.w3.org/1999/xhtml"> 1822 <p>The rsyslog project reports:</p> 1823 <blockquote cite="http://www.rsyslog.com/remote-syslog-pri-vulnerability/"> 1824 <p>potential abort when a message with PRI > 191 was processed 1825 if the "pri-text" property was used in active templates, 1826 this could be abused to a remote denial of service from 1827 permitted senders</p> 1828 <p>The original fix for CVE-2014-3634 was not adequate.</p> 1829 </blockquote> 1830 </body> 1831 </description> 1832 <references> 1833 <url>http://www.rsyslog.com/remote-syslog-pri-vulnerability/</url> 1834 <cvename>CVE-2014-3634</cvename> 1835 </references> 1836 <dates> 1837 <discovery>2014-09-30</discovery> 1838 <entry>2014-09-30</entry> 1839 <modified>2014-10-02</modified> 1840 </dates> 1841 </vuln> 1842 1843 <vuln vid="6c083cf8-4830-11e4-ae2c-c80aa9043978"> 1844 <topic>fish -- local privilege escalation and remote code execution</topic> 1845 <affects> 1846 <package> 1847 <name>fish</name> 1848 <range><ge>1.6.0</ge><lt>2.1.1</lt></range> 1849 </package> 1850 </affects> 1851 <description> 1852 <body xmlns="http://www.w3.org/1999/xhtml"> 1853 <p>Fish developer David Adam reports:</p> 1854 <blockquote cite="http://www.openwall.com/lists/oss-security/2014/09/28/8"> 1855 <p>This release fixes a number of local privilege escalation 1856 vulnerability and one remote code execution vulnerability.</p> 1857 </blockquote> 1858 </body> 1859 </description> 1860 <references> 1861 <url>http://www.openwall.com/lists/oss-security/2014/09/28/8</url> 1862 <cvename>CVE-2014-2905</cvename> 1863 <url>https://github.com/fish-shell/fish-shell/issues/1436</url> 1864 <cvename>CVE-2014-2906</cvename> 1865 <cvename>CVE-2014-3856</cvename> 1866 <url>https://github.com/fish-shell/fish-shell/issues/1437</url> 1867 <cvename>CVE-2014-2914</cvename> 1868 <url>https://github.com/fish-shell/fish-shell/issues/1438</url> 1869 <cvename>CVE-2014-3219</cvename> 1870 <url>https://github.com/fish-shell/fish-shell/issues/1440</url> 1871 </references> 1872 <dates> 1873 <discovery>2014-09-28</discovery> 1874 <entry>2014-09-29</entry> 1875 </dates> 1876 </vuln> 1877 1878 <vuln vid="ca44b64c-4453-11e4-9ea1-c485083ca99c"> 1879 <topic>Flash player -- Multiple security vulnerabilities in www/linux-*-flashplugin11</topic> 1880 <affects> 1881 <package> 1882 <name>linux-f10-flashplugin</name> 1883 <range><lt>11.2r202.400</lt></range> 1884 </package> 1885 <package> 1886 <name>linux-c6-flashplugin</name> 1887 <range><lt>11.2r202.400</lt></range> 1888 </package> 1889 </affects> 1890 <description> 1891 <body xmlns="http://www.w3.org/1999/xhtml"> 1892 <p>Adobe reports:</p> 1893 <blockquote cite="https://helpx.adobe.com/security/products/flash-player/apsb14-21.html"> 1894 <p>These updates address vulnerabilities that could cause a crash 1895 and potentially allow an attacker to take control of the affected system.</p> 1896 </blockquote> 1897 </body> 1898 </description> 1899 <references> 1900 <cvename>CVE-2014-0547</cvename> 1901 <cvename>CVE-2014-0548</cvename> 1902 <cvename>CVE-2014-0549</cvename> 1903 <cvename>CVE-2014-0550</cvename> 1904 <cvename>CVE-2014-0551</cvename> 1905 <cvename>CVE-2014-0552</cvename> 1906 <cvename>CVE-2014-0553</cvename> 1907 <cvename>CVE-2014-0554</cvename> 1908 <cvename>CVE-2014-0555</cvename> 1909 <cvename>CVE-2014-0556</cvename> 1910 <cvename>CVE-2014-0557</cvename> 1911 <cvename>CVE-2014-0559</cvename> 1912 <url>http://helpx.adobe.com/security/products/flash-player/apsb14-21.html</url> 1913 </references> 1914 <dates> 1915 <discovery>2014-09-09</discovery> 1916 <entry>2014-09-25</entry> 1917 </dates> 1918 </vuln> 1919 1920 <vuln vid="48108fb0-751c-4cbb-8f33-09239ead4b55"> 1921 <topic>NSS -- RSA Signature Forgery</topic> 1922 <affects> 1923 <package> 1924 <name>linux-firefox</name> 1925 <range><lt>32.0.3,1</lt></range> 1926 </package> 1927 <package> 1928 <name>linux-thunderbird</name> 1929 <range><lt>31.1.2</lt></range> 1930 </package> 1931 <package> 1932 <name>linux-seamonkey</name> 1933 <range><lt>2.29.1</lt></range> 1934 </package> 1935 <package> 1936 <name>nss</name> 1937 <range><lt>3.17.1</lt></range> 1938 </package> 1939 <package> 1940 <name>linux-c6-nss</name> 1941 <range><lt>3.16.1</lt></range> 1942 </package> 1943 </affects> 1944 <description> 1945 <body xmlns="http://www.w3.org/1999/xhtml"> 1946 <p>The Mozilla Project reports:</p> 1947 <blockquote cite="https://www.mozilla.org/security/announce/2014/mfsa2014-73.html"> 1948 <p>Antoine Delignat-Lavaud discovered that NSS is vulnerable 1949 to a variant of a signature forgery attack previously 1950 published by Daniel Bleichenbacher. This is due to lenient 1951 parsing of ASN.1 values involved in a signature and could 1952 lead to the forging of RSA certificates.</p> 1953 </blockquote> 1954 </body> 1955 </description> 1956 <references> 1957 <cvename>CVE-2014-1568</cvename> 1958 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-73.html</url> 1959 </references> 1960 <dates> 1961 <discovery>2014-09-23</discovery> 1962 <entry>2014-09-25</entry> 1963 </dates> 1964 </vuln> 1965 1966 <vuln vid="fb25333d-442f-11e4-98f3-5453ed2e2b49"> 1967 <topic>krfb -- Multiple security issues in bundled libvncserver</topic> 1968 <affects> 1969 <package> 1970 <name>krfb</name> 1971 <range><lt>4.12.5_4</lt></range> 1972 </package> 1973 </affects> 1974 <description> 1975 <body xmlns="http://www.w3.org/1999/xhtml"> 1976 <p>Martin Sandsmark reports:</p> 1977 <blockquote cite="http://lists.kde.org/?l=kde-announce&m=141153917319769&w=2"> 1978 <p>krfb 4.14 [and earlier] embeds libvncserver which has had 1979 several security issues.</p> 1980 <p>Several remotely exploitable security issues have been 1981 uncovered in libvncserver, some of which might allow a 1982 remote authenticated user code execution or application 1983 crashes.</p> 1984 </blockquote> 1985 </body> 1986 </description> 1987 <references> 1988 <cvename>CVE-2014-6055</cvename> 1989 <mlist>http://lists.kde.org/?l=kde-announce&m=141153917319769&w=2</mlist> 1990 </references> 1991 <dates> 1992 <discovery>2014-09-23</discovery> 1993 <entry>2014-09-25</entry> 1994 </dates> 1995 </vuln> 1996 1997 <vuln vid="71ad81da-4414-11e4-a33e-3c970e169bc2"> 1998 <topic>bash -- remote code execution vulnerability</topic> 1999 <affects> 2000 <package> 2001 <name>bash</name> 2002 <name>bash-static</name> 2003 <range><gt>3.0</gt><le>3.0.17</le></range> 2004 <range><gt>3.1</gt><le>3.1.18</le></range> 2005 <range><gt>3.2</gt><le>3.2.52</le></range> 2006 <range><gt>4.0</gt><le>4.0.39</le></range> 2007 <range><gt>4.1</gt><le>4.1.12</le></range> 2008 <range><gt>4.2</gt><le>4.2.48</le></range> 2009 <range><gt>4.3</gt><lt>4.3.25_1</lt></range> 2010 </package> 2011 <package> 2012 <name>linux_base-c6</name> 2013 <range><lt>6.5_1</lt></range> 2014 </package> 2015 </affects> 2016 <description> 2017 <body xmlns="http://www.w3.org/1999/xhtml"> 2018 <p>Chet Ramey reports:</p> 2019 <blockquote cite="https://lists.gnu.org/archive/html/bug-bash/2014-09/msg00081.html"> 2020 <p>Under certain circumstances, bash will execute user code 2021 while processing the environment for exported function 2022 definitions.</p> 2023 </blockquote> 2024 <p>The original fix released for CVE-2014-6271 was not adequate. A 2025 similar vulnerability was discovered and tagged as CVE-2014-7169.</p> 2026 </body> 2027 </description> 2028 <references> 2029 <cvename>CVE-2014-6271</cvename> 2030 <cvename>CVE-2014-7169</cvename> 2031 <url>https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/</url> 2032 <url>https://lists.gnu.org/archive/html/bug-bash/2014-09/msg00081.html</url> 2033 <url>http://seclists.org/oss-sec/2014/q3/690</url> 2034 </references> 2035 <dates> 2036 <discovery>2014-09-24</discovery> 2037 <entry>2014-09-24</entry> 2038 <modified>2014-09-25</modified> 2039 </dates> 2040 </vuln> 2041 2042 <vuln vid="e60d9e65-3f6b-11e4-ad16-001999f8d30b"> 2043 <topic>asterisk -- Remotely triggered crash</topic> 2044 <affects> 2045 <package> 2046 <name>asterisk11</name> 2047 <range><lt>11.12.1</lt></range> 2048 </package> 2049 </affects> 2050 <description> 2051 <body xmlns="http://www.w3.org/1999/xhtml"> 2052 <p>The Asterisk project reports:</p> 2053 <blockquote cite="https://www.asterisk.org/security"> 2054 <p>When an out of call message - delivered by either the 2055 SIP or PJSIP channel driver or the XMPP stack - is handled 2056 in Asterisk, a crash can occur if the channel servicing 2057 the message is sent into the ReceiveFax dialplan application 2058 while using the res_fax_spandsp module.</p> 2059 <p>Note that this crash does not occur when using the 2060 res_fax_digium module. While this crash technically 2061 occurs due to a configuration issue, as attempting to 2062 receive a fax from a channel driver that only contains 2063 textual information will never succeed, the likelihood 2064 of having it occur is sufficiently high as to warrant 2065 this advisory.</p> 2066 </blockquote> 2067 </body> 2068 </description> 2069 <references> 2070 <url>http://downloads.asterisk.org/pub/security/AST-2014-010.pdf</url> 2071 <url>https://issues.asterisk.org/jira/browse/ASTERISK-24301</url> 2072 <url>https://www.asterisk.org/security</url> 2073 </references> 2074 <dates> 2075 <discovery>2014-09-05</discovery> 2076 <entry>2014-09-18</entry> 2077 </dates> 2078 </vuln> 2079 2080 <vuln vid="d3324c55-3f11-11e4-ad16-001999f8d30b"> 2081 <topic>squid -- Buffer overflow in SNMP processing</topic> 2082 <affects> 2083 <package> 2084 <name>squid</name> 2085 <range><lt>3.4.8</lt></range> 2086 </package> 2087 <package> 2088 <name>squid32</name> 2089 <range><gt>0</gt></range> 2090 </package> 2091 <package> 2092 <name>squid33</name> 2093 <range><lt>3.3.13_2</lt></range> 2094 </package> 2095 </affects> 2096 <description> 2097 <body xmlns="http://www.w3.org/1999/xhtml"> 2098 <p>The squid-cache project reports:</p> 2099 <blockquote cite="http://www.squid-cache.org/Advisories/SQUID-2014_3.txt"> 2100 <p>Due to incorrect buffer management Squid can be caused 2101 by an attacker to write outside its allocated SNMP buffer.</p> 2102 </blockquote> 2103 </body> 2104 </description> 2105 <references> 2106 <url>http://www.squid-cache.org/Advisories/SQUID-2014_3.txt</url> 2107 <cvename>CVE-2014-6270</cvename> 2108 </references> 2109 <dates> 2110 <discovery>2014-09-15</discovery> 2111 <entry>2014-09-18</entry> 2112 </dates> 2113 </vuln> 2114 2115 <vuln vid="38242d51-3e58-11e4-ac2f-bcaec565249c"> 2116 <topic>dbus -- multiple vulnerabilities</topic> 2117 <affects> 2118 <package> 2119 <name>dbus</name> 2120 <range><lt>1.8.8</lt></range> 2121 </package> 2122 </affects> 2123 <description> 2124 <body xmlns="http://www.w3.org/1999/xhtml"> 2125 <p>Simon McVittie reports:</p> 2126 <blockquote cite="http://lists.freedesktop.org/archives/dbus/2014-September/016343.html"> 2127 <p>Do not accept an extra fd in the padding of a cmsg message, 2128 which could lead to a 4-byte heap buffer overrun 2129 (CVE-2014-3635).</p> 2130 <p>Reduce default for maximum Unix file descriptors passed per 2131 message from 1024 to 16, preventing a uid with the default 2132 maximum number of connections from exhausting the system 2133 bus' file descriptors under Linux's default rlimit 2134 (CVE-2014-3636).</p> 2135 <p>Disconnect connections that still have a fd pending 2136 unmarshalling after a new configurable limit, 2137 pending_fd_timeout (defaulting to 150 seconds), removing 2138 the possibility of creating an abusive connection that 2139 cannot be disconnected by setting up a circular reference 2140 to a connection's file descriptor (CVE-2014-3637).</p> 2141 <p>Reduce default for maximum pending replies per connection 2142 from 8192 to 128, mitigating an algorithmic complexity 2143 denial-of-service attack (CVE-2014-3638).</p> 2144 <p>Reduce default for authentication timeout on the system 2145 bus from 30 seconds to 5 seconds, avoiding denial of service 2146 by using up all unauthenticated connection slots; and when 2147 all unauthenticated connection slots are used up, make new 2148 connection attempts block instead of disconnecting them 2149 (CVE-2014-3639).</p> 2150 </blockquote> 2151 </body> 2152 </description> 2153 <references> 2154 <cvename>CVE-2014-3635</cvename> 2155 <cvename>CVE-2014-3636</cvename> 2156 <cvename>CVE-2014-3637</cvename> 2157 <cvename>CVE-2014-3638</cvename> 2158 <cvename>CVE-2014-3639</cvename> 2159 <url>http://lists.freedesktop.org/archives/dbus/2014-September/016343.html</url> 2160 </references> 2161 <dates> 2162 <discovery>2014-09-16</discovery> 2163 <entry>2014-09-17</entry> 2164 </dates> 2165 </vuln> 2166 2167 <vuln vid="77b784bb-3dc6-11e4-b191-f0def16c5c1b"> 2168 <topic>nginx -- inject commands into SSL session vulnerability</topic> 2169 <affects> 2170 <package> 2171 <name>nginx</name> 2172 <range><ge>0.6.0</ge><lt>1.6.2,2</lt></range> 2173 </package> 2174 <package> 2175 <name>nginx-devel</name> 2176 <range><ge>0.5.6</ge><lt>1.7.5</lt></range> 2177 </package> 2178 </affects> 2179 <description> 2180 <body xmlns="http://www.w3.org/1999/xhtml"> 2181 <p>The nginx project reports:</p> 2182 <blockquote cite="http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"> 2183 <p>Security: it was possible to reuse SSL sessions in unrelated contexts 2184 if a shared SSL session cache or the same TLS session ticket key was 2185 used for multiple "server" blocks (CVE-2014-3616).</p> 2186 </blockquote> 2187 </body> 2188 </description> 2189 <references> 2190 <cvename>CVE-2014-3616</cvename> 2191 <url>http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html</url> 2192 </references> 2193 <dates> 2194 <discovery>2014-09-16</discovery> 2195 <entry>2014-09-16</entry> 2196 </dates> 2197 </vuln> 2198 2199 <vuln vid="cc627e6c-3b89-11e4-b629-6805ca0b3d42"> 2200 <topic>phpMyAdmin -- XSRF/CSRF due to DOM based XSS in the micro history feature</topic> 2201 <affects> 2202 <package> 2203 <name>phpMyAdmin</name> 2204 <range><ge>4.2.0</ge><lt>4.2.8.1</lt></range> 2205 </package> 2206 </affects> 2207 <description> 2208 <body xmlns="http://www.w3.org/1999/xhtml"> 2209 <p>The phpMyAdmin development team reports:</p> 2210 <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php"> 2211 <p>XSRF/CSRF due to DOM based XSS in the micro history feature.</p> 2212 <p>By deceiving a logged-in user to click on a crafted URL, 2213 it is possible to perform remote code execution and in some 2214 cases, create a root account due to a DOM based XSS 2215 vulnerability in the micro history feature.</p> 2216 </blockquote> 2217 </body> 2218 </description> 2219 <references> 2220 <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php</url> 2221 <cvename>CVE-2014-6300</cvename> 2222 </references> 2223 <dates> 2224 <discovery>2014-09-13</discovery> 2225 <entry>2014-09-13</entry> 2226 </dates> 2227 </vuln> 2228 2229 <vuln vid="36858e78-3963-11e4-ad84-000c29f6ae42"> 2230 <topic>security/ossec-hids-* -- root escalation via temp files</topic> 2231 <affects> 2232 <package> 2233 <name>ossec-hids-server</name> 2234 <name>ossec-hids-client</name> 2235 <name>ossec-hids-local</name> 2236 <range><lt>2.8.1</lt></range> 2237 </package> 2238 </affects> 2239 <description> 2240 <body xmlns="http://www.w3.org/1999/xhtml"> 2241 <p>OSSEC reports:</p> 2242 <blockquote cite="http://www.ossec.net/?p=1135"> 2243 <p>This correction will create the temp file for the hosts deny file 2244 in /var/ossec and will use mktemp where available to create 2245 NON-predictable temp file name. In cases where mktemp is not 2246 available we have written a BAD version of mktemp, but should be a 2247 little better then just process id.</p> 2248 </blockquote> 2249 </body> 2250 </description> 2251 <references> 2252 <cvename>CVE-2014-5284</cvename> 2253 <url>http://www.ossec.net/?p=1135</url> 2254 </references> 2255 <dates> 2256 <discovery>2014-09-09</discovery> 2257 <entry>2014-09-11</entry> 2258 </dates> 2259 </vuln> 2260 2261 <vuln vid="6318b303-3507-11e4-b76c-0011d823eebd"> 2262 <topic>trafficserver -- unspecified vulnerability</topic> 2263 <affects> 2264 <package> 2265 <name>trafficserver</name> 2266 <range><lt>5.0.1</lt></range> 2267 </package> 2268 </affects> 2269 <description> 2270 <body xmlns="http://www.w3.org/1999/xhtml"> 2271 <p>Bryan Call reports:</p> 2272 <blockquote cite="http://mail-archives.apache.org/mod_mbox/trafficserver-users/201407.mbox/%3CBFCEC9C8-1BE9-4DCA-AF9C-B8FE798EEC07@yahoo-inc.com%3E"> 2273 <p>Below is our announcement for the security issue reported to us 2274 from Yahoo! Japan. All versions of Apache Traffic Server are 2275 vulnerable. We urge users to upgrade to either 4.2.1.1 or 5.0.1 2276 immediately.</p> 2277 <p>This fixes CVE-2014-3525 and limits access to how the health 2278 checks are performed.</p> 2279 </blockquote> 2280 </body> 2281 </description> 2282 <references> 2283 <cvename>CVE-2014-3525</cvename> 2284 <url>http://mail-archives.apache.org/mod_mbox/trafficserver-users/201407.mbox/%3CBFCEC9C8-1BE9-4DCA-AF9C-B8FE798EEC07@yahoo-inc.com%3E</url> 2285 </references> 2286 <dates> 2287 <discovery>2014-07-23</discovery> 2288 <entry>2014-09-05</entry> 2289 </dates> 2290 </vuln> 2291 2292 <vuln vid="84203724-296b-11e4-bebd-000c2980a9f3"> 2293 <topic>file -- buffer overruns and missing buffer size tests</topic> 2294 <affects> 2295 <package> 2296 <name>file</name> 2297 <range><lt>5.19</lt></range> 2298 </package> 2299 </affects> 2300 <description> 2301 <body xmlns="http://www.w3.org/1999/xhtml"> 2302 <p>Christos Zoulas reports:</p> 2303 <blockquote cite="http://mx.gw.com/pipermail/file/2014/001553.html"> 2304 <p>A specially crafted file can cause a segmentation fault.</p> 2305 </blockquote> 2306 </body> 2307 </description> 2308 <references> 2309 <url>http://mx.gw.com/pipermail/file/2014/001553.html</url> 2310 </references> 2311 <dates> 2312 <discovery>2014-06-09</discovery> 2313 <entry>2014-08-21</entry> 2314 </dates> 2315 </vuln> 2316 2317 <vuln vid="3c5579f7-294a-11e4-99f6-00e0814cab4e"> 2318 <topic>django -- multiple vulnerabilities</topic> 2319 <affects> 2320 <package> 2321 <name>py27-django</name> 2322 <range><ge>1.6</ge><lt>1.6.6</lt></range> 2323 </package> 2324 <package> 2325 <name>py27-django15</name> 2326 <range><ge>1.5</ge><lt>1.5.9</lt></range> 2327 </package> 2328 <package> 2329 <name>py27-django14</name> 2330 <range><ge>1.4</ge><lt>1.4.14</lt></range> 2331 </package> 2332 <package> 2333 <name>py32-django</name> 2334 <range><ge>1.6</ge><lt>1.6.6</lt></range> 2335 </package> 2336 <package> 2337 <name>py32-django15</name> 2338 <range><ge>1.5</ge><lt>1.5.9</lt></range> 2339 </package> 2340 <package> 2341 <name>py33-django</name> 2342 <range><ge>1.6</ge><lt>1.6.6</lt></range> 2343 </package> 2344 <package> 2345 <name>py33-django15</name> 2346 <range><ge>1.5</ge><lt>1.5.9</lt></range> 2347 </package> 2348 <package> 2349 <name>py34-django</name> 2350 <range><ge>1.6</ge><lt>1.6.6</lt></range> 2351 </package> 2352 <package> 2353 <name>py34-django15</name> 2354 <range><ge>1.5</ge><lt>1.5.9</lt></range> 2355 </package> 2356 <package> 2357 <name>py27-django-devel</name> 2358 <range><lt>20140821,1</lt></range> 2359 </package> 2360 <package> 2361 <name>py32-django-devel</name> 2362 <range><lt>20140821,1</lt></range> 2363 </package> 2364 <package> 2365 <name>py33-django-devel</name> 2366 <range><lt>20140821,1</lt></range> 2367 </package> 2368 <package> 2369 <name>py34-django-devel</name> 2370 <range><lt>20140821,1</lt></range> 2371 </package> 2372 </affects> 2373 <description> 2374 <body xmlns="http://www.w3.org/1999/xhtml"> 2375 <p>The Django project reports:</p> 2376 <blockquote cite="https://www.djangoproject.com/weblog/2014/aug/20/security/"> 2377 <p>These releases address an issue with reverse() generating external 2378 URLs; a denial of service involving file uploads; a potential 2379 session hijacking issue in the remote-user middleware; and a data 2380 leak in the administrative interface. We encourage all users of 2381 Django to upgrade as soon as possible.</p> 2382 </blockquote> 2383 </body> 2384 </description> 2385 <references> 2386 <url>https://www.djangoproject.com/weblog/2014/aug/20/security/</url> 2387 <cvename>CVE-2014-0480</cvename> 2388 <cvename>CVE-2014-0481</cvename> 2389 <cvename>CVE-2014-0482</cvename> 2390 <cvename>CVE-2014-0483</cvename> 2391 </references> 2392 <dates> 2393 <discovery>2014-08-20</discovery> 2394 <entry>2014-08-21</entry> 2395 </dates> 2396 </vuln> 2397 2398 <vuln vid="d2a892b9-2605-11e4-9da0-00a0986f28c4"> 2399 <topic>PHP multiple vulnerabilities</topic> 2400 <affects> 2401 <package> 2402 <name>php53</name> 2403 <range><lt>5.3.29</lt></range> 2404 </package> 2405 </affects> 2406 <description> 2407 <body xmlns="http://www.w3.org/1999/xhtml"> 2408 <p>The PHP Team reports:</p> 2409 <blockquote cite="http://php.net/ChangeLog-5.php#5.3.29"> 2410 <p>insecure temporary file use in the configure script</p> 2411 <p>unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion 2412 </p> 2413 <p>Heap buffer over-read in DateInterval</p> 2414 <p>fileinfo: cdf_read_short_sector insufficient boundary check</p> 2415 <p>fileinfo: CDF infinite loop in nelements DoS</p> 2416 <p>fileinfo: fileinfo: numerous file_printf calls resulting in 2417 performance degradation)</p> 2418 <p>Fix potential segfault in dns_check_record()</p> 2419 </blockquote> 2420 </body> 2421 </description> 2422 <references> 2423 <cvename>CVE-2013-6712</cvename> 2424 <cvename>CVE-2014-0207</cvename> 2425 <cvename>CVE-2014-0237</cvename> 2426 <cvename>CVE-2014-0238</cvename> 2427 <cvename>CVE-2014-3515</cvename> 2428 <cvename>CVE-2014-3981</cvename> 2429 <cvename>CVE-2014-4049</cvename> 2430 <url>http://php.net/ChangeLog-5.php#5.3.29</url> 2431 <url>https://www.sektioneins.de/en/blog/14-07-04-phpinfo-infoleak.html</url> 2432 </references> 2433 <dates> 2434 <discovery>2014-08-14</discovery> 2435 <entry>2014-08-18</entry> 2436 </dates> 2437 </vuln> 2438 2439 <vuln vid="fbb01289-2645-11e4-bc44-6805ca0b3d42"> 2440 <topic>phpMyAdmin -- XSS vulnerabilities</topic> 2441 <affects> 2442 <package> 2443 <name>phpMyAdmin</name> 2444 <range><ge>4.2.0</ge><lt>4.2.7.1</lt></range> 2445 </package> 2446 </affects> 2447 <description> 2448 <body xmlns="http://www.w3.org/1999/xhtml"> 2449 <p>The phpMyAdmin development team reports:</p> 2450 <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-8.php"> 2451 <p>Multiple XSS vulnerabilities in browse table, ENUM 2452 editor, monitor, query charts and table relations pages.</p> 2453 <p> With a crafted database, table or a primary/unique key 2454 column name it is possible to trigger an XSS when dropping 2455 a row from the table. With a crafted column name it is 2456 possible to trigger an XSS in the ENUM editor dialog. With 2457 a crafted variable name or a crafted value for unit field 2458 it is possible to trigger a self-XSS when adding a new 2459 chart in the monitor page. With a crafted value for x-axis 2460 label it is possible to trigger a self-XSS in the query 2461 chart page. With a crafted relation name it is possible to 2462 trigger an XSS in table relations page.</p> 2463 </blockquote> 2464 <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-9.php"> 2465 <p>XSS in view operations page.</p> 2466 <p>With a crafted view name it is possible to trigger an 2467 XSS when dropping the view in view operation page.</p> 2468 </blockquote> 2469 </body> 2470 </description> 2471 <references> 2472 <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-8.php</url> 2473 <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-9.php</url> 2474 <cvename>CVE-2014-5273</cvename> 2475 <cvename>CVE-2014-5274</cvename> 2476 </references> 2477 <dates> 2478 <discovery>2014-08-17</discovery> 2479 <entry>2014-08-17</entry> 2480 </dates> 2481 </vuln> 2482 2483 <vuln vid="69048656-2187-11e4-802c-20cf30e32f6d"> 2484 <topic>serf -- SSL Certificate Null Byte Poisoning</topic> 2485 <affects> 2486 <package> 2487 <name>serf</name> 2488 <range><lt>1.3.7</lt></range> 2489 </package> 2490 </affects> 2491 <description> 2492 <body xmlns="http://www.w3.org/1999/xhtml"> 2493 <p>serf Development list reports:</p> 2494 <blockquote cite="https://groups.google.com/forum/#!topic/serf-dev/NvgPoK6sFsc"> 2495 <p>Serf provides APIs to retrieve information about a certificate. These 2496 APIs return the information as NUL terminated strings (commonly called C 2497 strings). X.509 uses counted length strings which may include a NUL byte. 2498 This means that a library user will interpret any information as ending 2499 upon seeing this NUL byte and will only see a partial value for that field. 2500 </p> 2501 <p>Attackers could exploit this vulnerability to create a certificate that a 2502 client will accept for a different hostname than the full certificate is 2503 actually for by embedding a NUL byte in the certificate.</p> 2504 <p>This can lead to a man-in-the-middle attack. There are no known instances 2505 of this problem being exploited in the wild and in practice it should be 2506 difficult to actually exploit this vulnerability.</p> 2507 </blockquote> 2508 </body> 2509 </description> 2510 <references> 2511 <cvename>CVE-2014-3504</cvename> 2512 </references> 2513 <dates> 2514 <discovery>2014-08-06</discovery> 2515 <entry>2014-08-11</entry> 2516 </dates> 2517 </vuln> 2518 2519 <vuln vid="83a418cc-2182-11e4-802c-20cf30e32f6d"> 2520 <topic>subversion -- several vulnerabilities</topic> 2521 <affects> 2522 <package> 2523 <name>subversion16</name> 2524 <range><ge>1.0.0</ge><lt>1.7.18</lt></range> 2525 </package> 2526 <package> 2527 <name>subversion17</name> 2528 <range><ge>1.0.0</ge><lt>1.7.18</lt></range> 2529 </package> 2530 <package> 2531 <name>subversion</name> 2532 <range><ge>1.0.0</ge><lt>1.7.18</lt></range> 2533 <range><ge>1.8.0</ge><lt>1.8.10</lt></range> 2534 </package> 2535 </affects> 2536 <description> 2537 <body xmlns="http://www.w3.org/1999/xhtml"> 2538 <p>Subversion Project reports:</p> 2539 <blockquote cite="http://subversion.apache.org/security/CVE-2014-3522-advisory.txt"> 2540 <p>Using the Serf RA layer of Subversion for HTTPS uses the apr_fnmatch API 2541 to handle matching wildcards in certificate Common Names and Subject 2542 Alternate Names. However, apr_fnmatch is not designed for this purpose. 2543 Instead it is designed to behave like common shell globbing. In particular 2544 this means that '*' is not limited to a single label within a hostname 2545 (i.e. it will match '.'). But even further apr_fnmatch supports '?' and 2546 character classes (neither of which are part of the RFCs defining how 2547 certificate validation works).</p> 2548 <p>Subversion stores cached credentials by an MD5 hash based on the URL and 2549 the authentication realm of the server the credentials are cached for. 2550 MD5 has been shown to be subject to chosen plaintext hash collisions. 2551 This means it may be possible to generate an authentication realm which 2552 results in the same MD5 hash for a different URL.</p> 2553 </blockquote> 2554 </body> 2555 </description> 2556 <references> 2557 <cvename>CVE-2014-3522</cvename> 2558 <cvename>CVE-2014-3528</cvename> 2559 <url>http://subversion.apache.org/security/CVE-2014-3522-advisory.txt</url> 2560 <url>http://subversion.apache.org/security/CVE-2014-3528-advisory.txt</url> 2561 </references> 2562 <dates> 2563 <discovery>2014-08-06</discovery> 2564 <entry>2014-08-11</entry> 2565 </dates> 2566 </vuln> 2567 2568 <vuln vid="ad747a01-1fee-11e4-8ff1-f0def16c5c1b"> 2569 <topic>nginx -- inject commands into SSL session vulnerability</topic> 2570 <affects> 2571 <package> 2572 <name>nginx</name> 2573 <range><ge>1.6.0,2</ge><lt>1.6.1,2</lt></range> 2574 </package> 2575 <package> 2576 <name>nginx-devel</name> 2577 <range><ge>1.5.6</ge><lt>1.7.4</lt></range> 2578 </package> 2579 </affects> 2580 <description> 2581 <body xmlns="http://www.w3.org/1999/xhtml"> 2582 <p>The nginx project reports:</p> 2583 <blockquote cite="http://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html"> 2584 <p>Security: pipelined commands were not discarded after STARTTLS 2585 command in SMTP proxy (CVE-2014-3556); the bug had appeared in 1.5.6.</p> 2586 </blockquote> 2587 </body> 2588 </description> 2589 <references> 2590 <cvename>CVE-2014-3556</cvename> 2591 <url>http://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html</url> 2592 </references> 2593 <dates> 2594 <discovery>2014-08-05</discovery> 2595 <entry>2014-08-09</entry> 2596 </dates> 2597 </vuln> 2598 2599 <vuln vid="8aff07eb-1dbd-11e4-b6ba-3c970e169bc2"> 2600 <topic>OpenSSL -- multiple vulnerabilities</topic> 2601 <affects> 2602 <package> 2603 <name>openssl</name> 2604 <range><ge>1.0.1</ge><lt>1.0.1_14</lt></range> 2605 </package> 2606 <package> 2607 <name>mingw32-openssl</name> 2608 <range><ge>1.0.1</ge><lt>1.0.1i</lt></range> 2609 </package> 2610 <package> 2611 <name>FreeBSD</name> 2612 <range><ge>8.4</ge><lt>8.4_15</lt></range> 2613 <range><ge>9.1</ge><lt>9.1_18</lt></range> 2614 <range><ge>9.2</ge><lt>9.2_11</lt></range> 2615 <range><ge>9.3</ge><lt>9.3_1</lt></range> 2616 <range><ge>10.0</ge><lt>10.0_8</lt></range> 2617 </package> 2618 </affects> 2619 <description> 2620 <body xmlns="http://www.w3.org/1999/xhtml"> 2621 <p>The OpenSSL Project reports:</p> 2622 <blockquote cite="https://www.openssl.org/news/secadv_20140806.txt"> 2623 <p>A flaw in OBJ_obj2txt may cause pretty printing functions 2624 such as X509_name_oneline, X509_name_print_ex et al. to leak 2625 some information from the stack. [CVE-2014-3508]</p> 2626 <p>The issue affects OpenSSL clients and allows a malicious 2627 server to crash the client with a null pointer dereference 2628 (read) by specifying an SRP ciphersuite even though it was 2629 not properly negotiated with the client. [CVE-2014-5139]</p> 2630 <p>If a multithreaded client connects to a malicious server 2631 using a resumed session and the server sends an ec point 2632 format extension it could write up to 255 bytes to freed 2633 memory. [CVE-2014-3509]</p> 2634 <p>An attacker can force an error condition which causes 2635 openssl to crash whilst processing DTLS packets due to 2636 memory being freed twice. This can be exploited through 2637 a Denial of Service attack. [CVE-2014-3505]</p> 2638 <p>An attacker can force openssl to consume large amounts 2639 of memory whilst processing DTLS handshake messages. 2640 This can be exploited through a Denial of Service 2641 attack. [CVE-2014-3506]</p> 2642 <p>By sending carefully crafted DTLS packets an attacker 2643 could cause openssl to leak memory. This can be exploited 2644 through a Denial of Service attack. [CVE-2014-3507]</p> 2645 <p>OpenSSL DTLS clients enabling anonymous (EC)DH 2646 ciphersuites are subject to a denial of service attack. 2647 A malicious server can crash the client with a null pointer 2648 dereference (read) by specifying an anonymous (EC)DH 2649 ciphersuite and sending carefully crafted handshake 2650 messages. [CVE-2014-3510]</p> 2651 <p>A flaw in the OpenSSL SSL/TLS server code causes the 2652 server to negotiate TLS 1.0 instead of higher protocol 2653 versions when the ClientHello message is badly 2654 fragmented. This allows a man-in-the-middle attacker 2655 to force a downgrade to TLS 1.0 even if both the server 2656 and the client support a higher protocol version, by 2657 modifying the client's TLS records. [CVE-2014-3511]</p> 2658 <p>A malicious client or server can send invalid SRP 2659 parameters and overrun an internal buffer. Only 2660 applications which are explicitly set up for SRP 2661 use are affected. [CVE-2014-3512]</p> 2662 </blockquote> 2663 </body> 2664 </description> 2665 <references> 2666 <url>https://www.openssl.org/news/secadv_20140806.txt</url> 2667 <freebsdsa>SA-14:18.openssl</freebsdsa> 2668 <cvename>CVE-2014-3505</cvename> 2669 <cvename>CVE-2014-3506</cvename> 2670 <cvename>CVE-2014-3507</cvename> 2671 <cvename>CVE-2014-3508</cvename> 2672 <cvename>CVE-2014-3509</cvename> 2673 <cvename>CVE-2014-3510</cvename> 2674 <cvename>CVE-2014-3511</cvename> 2675 <cvename>CVE-2014-3512</cvename> 2676 <cvename>CVE-2014-5139</cvename> 2677 </references> 2678 <dates> 2679 <discovery>2014-08-06</discovery> 2680 <entry>2014-08-06</entry> 2681 <modified>2016-08-09</modified> 2682 </dates> 2683 </vuln> 2684 2685 <vuln vid="be5421ab-1b56-11e4-a767-5453ed2e2b49"> 2686 <topic>krfb -- Possible Denial of Service or code execution via integer overflow</topic> 2687 <affects> 2688 <package> 2689 <name>krfb</name> 2690 <range><lt>4.12.5_1</lt></range> 2691 </package> 2692 </affects> 2693 <description> 2694 <body xmlns="http://www.w3.org/1999/xhtml"> 2695 <p>Albert Aastals Cid reports:</p> 2696 <blockquote cite="http://lists.kde.org/?l=kde-announce&m=140709940701878&w=2"> 2697 <p>krfb embeds libvncserver which embeds liblzo2, it contains various 2698 flaws that result in integer overflow problems.</p> 2699 <p>This potentially allows a malicious application to create a 2700 possible denial of service or code execution. Due to the need to 2701 exploit precise details of the target architecture and threading it 2702 is unlikely that remote code execution can be achieved in 2703 practice.</p> 2704 </blockquote> 2705 </body> 2706 </description> 2707 <references> 2708 <cvename>CVE-2014-4607</cvename> 2709 <mlist>http://lists.kde.org/?l=kde-announce&m=140709940701878&w=2</mlist> 2710 </references> 2711 <dates> 2712 <discovery>2014-08-03</discovery> 2713 <entry>2014-08-03</entry> 2714 </dates> 2715 </vuln> 2716 2717 <vuln vid="89ff45e3-1a57-11e4-bebd-000c2980a9f3"> 2718 <topic>samba -- remote code execution</topic> 2719 <affects> 2720 <package> 2721 <name>samba4</name> 2722 <range><ge>4.0.0</ge><lt>4.0.21</lt></range> 2723 </package> 2724 <package> 2725 <name>samba41</name> 2726 <range><ge>4.1.0</ge><lt>4.1.11</lt></range> 2727 </package> 2728 </affects> 2729 <description> 2730 <body xmlns="http://www.w3.org/1999/xhtml"> 2731 <p>Samba developers report:</p> 2732 <blockquote cite="http://www.samba.org/samba/security/CVE-2014-3560"> 2733 <p>A malicious browser can send packets that may overwrite the heap of 2734 the target nmbd NetBIOS name services daemon. It may be possible to 2735 use this to generate a remote code execution vulnerability as the 2736 superuser (root).</p> 2737 </blockquote> 2738 </body> 2739 </description> 2740 <references> 2741 <cvename>CVE-2014-3560</cvename> 2742 <url>http://www.samba.org/samba/security/CVE-2014-3560</url> 2743 </references> 2744 <dates> 2745 <discovery>2014-07-31</discovery> 2746 <entry>2014-08-02</entry> 2747 </dates> 2748 </vuln> 2749 2750 <vuln vid="90ca3ba5-19e6-11e4-8616-001b3856973b"> 2751 <topic>gpgme -- heap-based buffer overflow in gpgsm status handler</topic> 2752 <affects> 2753 <package> 2754 <name>gpgme</name> 2755 <range><lt>1.5.0</lt></range> 2756 </package> 2757 </affects> 2758 <description> 2759 <body xmlns="http://www.w3.org/1999/xhtml"> 2760 <p>Tomas Trnka reports:</p> 2761 <blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=1113267"> 2762 <p>Gpgme contains a buffer overflow in the gpgsm status handler 2763 that could possibly be exploited using a specially crafted certificate.</p> 2764 </blockquote> 2765 </body> 2766 </description> 2767 <references> 2768 <cvename>CVE-2014-3564</cvename> 2769 <url>https://bugzilla.redhat.com/show_bug.cgi?id=1113267</url> 2770 </references> 2771 <dates> 2772 <discovery>2014-06-25</discovery> 2773 <entry>2014-08-02</entry> 2774 </dates> 2775 </vuln> 2776 2777 <vuln vid="2f90556f-18c6-11e4-9cc4-5453ed2e2b49"> 2778 <topic>kdelibs -- KAuth PID Reuse Flaw</topic> 2779 <affects> 2780 <package> 2781 <name>kdelibs</name> 2782 <range><lt>4.12.5_3</lt></range> 2783 </package> 2784 </affects> 2785 <description> 2786 <body xmlns="http://www.w3.org/1999/xhtml"> 2787 <p>Martin Sandsmark reports:</p> 2788 <blockquote cite="http://lists.kde.org/?l=kde-announce&m=140674898412923&w=2"> 2789 <p>The KAuth framework uses polkit-1 API which tries to authenticate 2790 using the requestors PID. This is prone to PID reuse race 2791 conditions.</p> 2792 <p>This potentially allows a malicious application to pose as another 2793 for authentication purposes when executing privileged actions.</p> 2794 </blockquote> 2795 </body> 2796 </description> 2797 <references> 2798 <cvename>CVE-2014-5033</cvename> 2799 <mlist>http://lists.kde.org/?l=kde-announce&m=140674898412923&w=2</mlist> 2800 </references> 2801 <dates> 2802 <discovery>2014-07-30</discovery> 2803 <entry>2014-07-31</entry> 2804 </dates> 2805 </vuln> 2806 2807 <vuln vid="31c09848-1829-11e4-bf04-60a44c524f57"> 2808 <topic>tor -- traffic confirmation attack</topic> 2809 <affects> 2810 <package> 2811 <name>tor</name> 2812 <range><lt>0.2.4.23</lt></range> 2813 </package> 2814 <package> 2815 <name>tor-devel</name> 2816 <range><lt>0.2.5.6.a</lt></range> 2817 </package> 2818 </affects> 2819 <description> 2820 <body xmlns="http://www.w3.org/1999/xhtml"> 2821 <p>The Tor Project reports:</p> 2822 <blockquote cite="https://lists.torproject.org/pipermail/tor-announce/2014-July/000094.html"> 2823 <p>Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a 2824 circuit after an inbound RELAY_EARLY cell is received by a client, 2825 which makes it easier for remote attackers to conduct 2826 traffic-confirmation attacks by using the pattern of RELAY and 2827 RELAY_EARLY cells as a means of communicating information about 2828 hidden service names.</p> 2829 </blockquote> 2830 </body> 2831 </description> 2832 <references> 2833 <url>https://lists.torproject.org/pipermail/tor-announce/2014-July/000094.html</url> 2834 <url>https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack</url> 2835 <cvename>CVE-2014-5117</cvename> 2836 </references> 2837 <dates> 2838 <discovery>2014-07-30</discovery> 2839 <entry>2014-07-30</entry> 2840 </dates> 2841 </vuln> 2842 2843 <vuln vid="13419364-1685-11e4-bf04-60a44c524f57"> 2844 <topic>i2p -- Multiple Vulnerabilities</topic> 2845 <affects> 2846 <package> 2847 <name>i2p</name> 2848 <range><lt>0.9.14</lt></range> 2849 </package> 2850 </affects> 2851 <description> 2852 <body xmlns="http://www.w3.org/1999/xhtml"> 2853 <p>The i2p project reports:</p> 2854 <blockquote cite="http://geti2p.net/en/blog/post/2014/07/26/0.9.14-Release"> 2855 <p>XSS and remote execution vulnerabilities reported by Exodus Intelligence.</p> 2856 </blockquote> 2857 <p>Exodus Intelligence reports:</p> 2858 <blockquote cite="http://blog.exodusintel.com/2014/07/23/silverbullets_and_fairytails/"> 2859 <p>The vulnerability we have found is able to perform remote code 2860 execution with a specially crafted payload. This payload can be 2861 customized to unmask a user and show the public IP address in 2862 which the user connected from within 'a couple of seconds.'</p> 2863 </blockquote> 2864 </body> 2865 </description> 2866 <references> 2867 <url>http://blog.exodusintel.com/2014/07/23/silverbullets_and_fairytails/</url> 2868 <url>http://geti2p.net/en/blog/post/2014/07/26/0.9.14-Release</url> 2869 </references> 2870 <dates> 2871 <discovery>2014-07-24</discovery> 2872 <entry>2014-07-28</entry> 2873 </dates> 2874 </vuln> 2875 2876 <vuln vid="9defb2d6-1404-11e4-8cae-20cf30e32f6d"> 2877 <topic>bugzilla -- Cross Site Request Forgery</topic> 2878 <affects> 2879 <package> 2880 <name>bugzilla44</name> 2881 <range><lt>4.4.5</lt></range> 2882 </package> 2883 </affects> 2884 <description> 2885 <body xmlns="http://www.w3.org/1999/xhtml"> 2886 <h1>A Bugzilla Security Advisory reports:</h1> 2887 <blockquote cite="http://www.bugzilla.org/security/4.0.13/"> 2888 <p>Adobe does not properly restrict the SWF file format, 2889 which allows remote attackers to conduct cross-site 2890 request forgery (CSRF) attacks against Bugzilla's JSONP 2891 endpoint, possibly obtaining sensitive bug information, 2892 via a crafted OBJECT element with SWF content satisfying 2893 the character-set requirements of a callback API.</p> 2894 </blockquote> 2895 </body> 2896 </description> 2897 <references> 2898 <cvename>CVE-2014-1546</cvename> 2899 </references> 2900 <dates> 2901 <discovery>2014-07-24</discovery> 2902 <entry>2014-07-25</entry> 2903 </dates> 2904 </vuln> 2905 2906 <vuln vid="f927e06c-1109-11e4-b090-20cf30e32f6d"> 2907 <topic>apache22 -- several vulnerabilities</topic> 2908 <affects> 2909 <package> 2910 <name>apache22</name> 2911 <range><gt>2.2.0</gt><lt>2.2.29</lt></range> 2912 </package> 2913 <package> 2914 <name>apache22-event-mpm</name> 2915 <range><gt>2.2.0</gt><lt>2.2.29</lt></range> 2916 </package> 2917 <package> 2918 <name>apache22-itk-mpm</name> 2919 <range><gt>2.2.0</gt><lt>2.2.29</lt></range> 2920 </package> 2921 <package> 2922 <name>apache22-peruser-mpm</name> 2923 <range><gt>2.2.0</gt><lt>2.2.29</lt></range> 2924 </package> 2925 <package> 2926 <name>apache22-worker-mpm</name> 2927 <range><gt>2.2.0</gt><lt>2.2.29</lt></range> 2928 </package> 2929 </affects> 2930 <description> 2931 <body xmlns="http://www.w3.org/1999/xhtml"> 2932 <p>Apache HTTP SERVER PROJECT reports:</p> 2933 <blockquote cite="http://www.apache.org/dist/httpd/CHANGES_2.2.29"> 2934 <p> mod_deflate: The DEFLATE input filter (inflates request bodies) now 2935 limits the length and compression ratio of inflated request bodies to 2936 avoid denial of service via highly compressed bodies. See directives 2937 DeflateInflateLimitRequestBody, DeflateInflateRatioLimit, and 2938 DeflateInflateRatioBurst.</p> 2939 <p>mod_cgid: Fix a denial of service against CGI scripts that do not consume 2940 stdin that could lead to lingering HTTPD child processes filling up the 2941 scoreboard and eventually hanging the server. By default, the client I/O 2942 timeout (Timeout directive) now applies to communication with scripts. The 2943 CGIDScriptTimeout directive can be used to set a different timeout for 2944 communication with scripts.</p> 2945 <p>Fix a race condition in scoreboard handling, which could lead to a heap 2946 buffer overflow.</p> 2947 <p>core: HTTP trailers could be used to replace HTTP headers late during 2948 request processing, potentially undoing or otherwise confusing modules 2949 that examined or modified request headers earlier. Adds "MergeTrailers" 2950 directive to restore legacy behavior.</p> 2951 </blockquote> 2952 </body> 2953 </description> 2954 <references> 2955 <cvename>CVE-2014-0118</cvename> 2956 <cvename>CVE-2014-0231</cvename> 2957 <cvename>CVE-2014-0226</cvename> 2958 <cvename>CVE-2013-5704</cvename> 2959 </references> 2960 <dates> 2961 <discovery>2014-07-19</discovery> 2962 <entry>2014-07-24</entry> 2963 <modified>2014-09-03</modified> 2964 </dates> 2965 </vuln> 2966 2967 <vuln vid="81fc1076-1286-11e4-bebd-000c2980a9f3"> 2968 <topic>tomcat -- multiple vulnerabilities</topic> 2969 <affects> 2970 <package> 2971 <name>tomcat</name> 2972 <range><lt>6.0.40</lt></range> 2973 </package> 2974 <package> 2975 <name>tomcat7</name> 2976 <range><lt>7.0.53</lt></range> 2977 </package> 2978 <package> 2979 <name>tomcat8</name> 2980 <range><lt>8.0.4</lt></range> 2981 </package> 2982 </affects> 2983 <description> 2984 <body xmlns="http://www.w3.org/1999/xhtml"> 2985 <p>Tomcat Security Team reports:</p> 2986 <blockquote cite="https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.54"> 2987 <p>Tomcat does not properly restrict XSLT stylesheets, which allows 2988 remote attackers to bypass security-manager restrictions and read 2989 arbitrary files via a crafted web application that provides an XML 2990 external entity declaration in conjunction with an entity 2991 reference, related to an XML External Entity (XXE) issue.</p> 2992 <p>An integer overflow, when operated behind a reverse proxy, allows 2993 remote attackers to conduct HTTP request smuggling attacks via a 2994 crafted Content-Length HTTP header.</p> 2995 <p>An integer overflow in parseChunkHeader allows remote attackers 2996 to cause a denial of service (resource consumption) via a malformed 2997 chunk size in chunked transfer coding of a request during the 2998 streaming of data.</p> 2999 </blockquote> 3000 </body> 3001 </description> 3002 <references> 3003 <cvename>CVE-2014-0096</cvename> 3004 <cvename>CVE-2014-0099</cvename> 3005 <cvename>CVE-2014-0075</cvename> 3006 <url>https://tomcat.apache.org/security-6.html</url> 3007 <url>https://tomcat.apache.org/security-7.html</url> 3008 <url>https://tomcat.apache.org/security-8.html</url> 3009 </references> 3010 <dates> 3011 <discovery>2014-05-23</discovery> 3012 <entry>2014-07-23</entry> 3013 <modified>2017-03-18</modified> 3014 </dates> 3015 </vuln> 3016 3017 <vuln vid="978b0f76-122d-11e4-afe3-bc5ff4fb5e7b"> 3018 <topic>mozilla -- multiple vulnerabilities</topic> 3019 <affects> 3020 <package> 3021 <name>firefox</name> 3022 <range><lt>31.0,1</lt></range> 3023 </package> 3024 <package> 3025 <name>firefox-esr</name> 3026 <range><lt>24.7.0,1</lt></range> 3027 </package> 3028 <package> 3029 <name>linux-firefox</name> 3030 <range><lt>31.0,1</lt></range> 3031 </package> 3032 <package> 3033 <name>linux-thunderbird</name> 3034 <range><lt>24.7.0</lt></range> 3035 </package> 3036 <package> 3037 <name>thunderbird</name> 3038 <range><lt>24.7.0</lt></range> 3039 </package> 3040 <package> 3041 <name>nss</name> 3042 <range><lt>3.16.1_2</lt></range> 3043 <!-- CVE-2014-1544/Bug 963150 --> 3044 </package> 3045 </affects> 3046 <description> 3047 <body xmlns="http://www.w3.org/1999/xhtml"> 3048 <p>The Mozilla Project reports:</p> 3049 <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> 3050 <p>MFSA 2014-66 IFRAME sandbox same-origin access through 3051 redirect</p> 3052 <p>MFSA 2014-65 Certificate parsing broken by non-standard 3053 character encoding</p> 3054 <p>MFSA 2014-64 Crash in Skia library when scaling high 3055 quality images</p> 3056 <p>MFSA 2014-63 Use-after-free while when manipulating 3057 certificates in the trusted cache</p> 3058 <p>MFSA 2014-62 Exploitable WebGL crash with Cesium 3059 JavaScript library</p> 3060 <p>MFSA 2014-61 Use-after-free with FireOnStateChange 3061 event</p> 3062 <p>MFSA 2014-60 Toolbar dialog customization event 3063 spoofing</p> 3064 <p>MFSA 2014-59 Use-after-free in DirectWrite font 3065 handling</p> 3066 <p>MFSA 2014-58 Use-after-free in Web Audio due to 3067 incorrect control message ordering</p> 3068 <p>MFSA 2014-57 Buffer overflow during Web Audio 3069 buffering for playback</p> 3070 <p>MFSA 2014-56 Miscellaneous memory safety hazards 3071 (rv:31.0 / rv:24.7)</p> 3072 </blockquote> 3073 </body> 3074 </description> 3075 <references> 3076 <cvename>CVE-2014-1544</cvename> 3077 <cvename>CVE-2014-1547</cvename> 3078 <cvename>CVE-2014-1548</cvename> 3079 <cvename>CVE-2014-1549</cvename> 3080 <cvename>CVE-2014-1550</cvename> 3081 <cvename>CVE-2014-1551</cvename> 3082 <cvename>CVE-2014-1552</cvename> 3083 <cvename>CVE-2014-1555</cvename> 3084 <cvename>CVE-2014-1556</cvename> 3085 <cvename>CVE-2014-1557</cvename> 3086 <cvename>CVE-2014-1558</cvename> 3087 <cvename>CVE-2014-1559</cvename> 3088 <cvename>CVE-2014-1560</cvename> 3089 <cvename>CVE-2014-1561</cvename> 3090 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-56.html</url> 3091 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-57.html</url> 3092 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-58.html</url> 3093 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-59.html</url> 3094 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-60.html</url> 3095 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-61.html</url> 3096 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-62.html</url> 3097 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-63.html</url> 3098 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-64.html</url> 3099 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-65.html</url> 3100 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-66.html</url> 3101 <url>https://www.mozilla.org/security/announce/</url> 3102 </references> 3103 <dates> 3104 <discovery>2014-07-22</discovery> 3105 <entry>2014-07-23</entry> 3106 </dates> 3107 </vuln> 3108 3109 <vuln vid="ecea9e92-0be5-4931-88da-8772d044972a"> 3110 <topic>mcollective -- cert valication issue</topic> 3111 <affects> 3112 <package> 3113 <name>mcollective</name> 3114 <range><lt>2.5.3</lt></range> 3115 </package> 3116 </affects> 3117 <description> 3118 <body xmlns="http://www.w3.org/1999/xhtml"> 3119 <p>Melissa Stone reports:</p> 3120 <blockquote cite="https://groups.google.com/forum/#!topic/puppet-announce/cPykqUXMmK4"> 3121 <p>The MCollective aes_security public key plugin does not correctly 3122 validate certs against the CA. By exploiting this vulnerability 3123 within a race/initialization window, an attacker with local access 3124 could initiate an unauthorized MCollective client connection with a 3125 server, and thus control the mcollective plugins running on that 3126 server. This vulnerability requires a collective be configured to 3127 use the aes_security plugin. Puppet Enterprise and open source 3128 MCollective are not configured to use the plugin and are not 3129 vulnerable by default.</p> 3130 </blockquote> 3131 </body> 3132 </description> 3133 <references> 3134 <cvename>CVE-2014-3251</cvename> 3135 <url>https://groups.google.com/forum/#!topic/puppet-announce/cPykqUXMmK4</url> 3136 </references> 3137 <dates> 3138 <discovery>2014-07-09</discovery> 3139 <entry>2014-07-21</entry> 3140 </dates> 3141 </vuln> 3142 3143 <vuln vid="904d78b8-0f7e-11e4-8b71-5453ed2e2b49"> 3144 <topic>qt4-imageformats, qt5-gui -- DoS vulnerability in the GIF image handler</topic> 3145 <affects> 3146 <package> 3147 <name>qt4-imageformats</name> 3148 <range><lt>4.8.6_1</lt></range> 3149 </package> 3150 <package> 3151 <name>qt5-gui</name> 3152 <range><lt>5.2.1_4</lt></range> 3153 </package> 3154 </affects> 3155 <description> 3156 <body xmlns="http://www.w3.org/1999/xhtml"> 3157 <p>Richard J. Moore reports:</p> 3158 <blockquote cite="http://lists.qt-project.org/pipermail/announce/2014-April/000045.html"> 3159 <p>The builtin GIF decoder in QtGui prior to Qt 5.3 contained a bug 3160 that would lead to a null pointer dereference when loading certain 3161 hand crafted corrupt GIF files. This in turn would cause the 3162 application loading these hand crafted GIFs to crash.</p> 3163 </blockquote> 3164 </body> 3165 </description> 3166 <references> 3167 <cvename>CVE-2014-0190</cvename> 3168 <bid>67087</bid> 3169 <mlist>http://lists.qt-project.org/pipermail/announce/2014-April/000045.html</mlist> 3170 </references> 3171 <dates> 3172 <discovery>2014-04-24</discovery> 3173 <entry>2014-07-19</entry> 3174 <modified>2014-07-21</modified> 3175 </dates> 3176 </vuln> 3177 3178 <vuln vid="4364e1f1-0f44-11e4-b090-20cf30e32f6d"> 3179 <topic>apache24 -- several vulnerabilities</topic> 3180 <affects> 3181 <package> 3182 <name>apache24</name> 3183 <range><lt>2.4.10</lt></range> 3184 </package> 3185 </affects> 3186 <description> 3187 <body xmlns="http://www.w3.org/1999/xhtml"> 3188 <h1>Apache HTTP SERVER PROJECT reports:</h1> 3189 <blockquote cite="http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?view=markup&pathrev=1610737"> 3190 <p>mod_proxy: Fix crash in Connection header handling which allowed a 3191 denial of service attack against a reverse proxy with a threaded MPM.</p> 3192 <p>Fix a race condition in scoreboard handling, which could lead to a 3193 heap buffer overflow.</p> 3194 <p>mod_deflate: The DEFLATE input filter (inflates request bodies) now 3195 limits the length and compression ratio of inflated request bodies to avoid 3196 denial of sevice via highly compressed bodies. See directives 3197 DeflateInflateLimitRequestBody, DeflateInflateRatioLimit, 3198 and DeflateInflateRatioBurst.</p> 3199 <p>mod_cgid: Fix a denial of service against CGI scripts that do 3200 not consume stdin that could lead to lingering HTTPD child processes 3201 filling up the scoreboard and eventually hanging the server. By 3202 default, the client I/O timeout (Timeout directive) now applies to 3203 communication with scripts. The CGIDScriptTimeout directive can be 3204 used to set a different timeout for communication with scripts.</p> 3205 </blockquote> 3206 </body> 3207 </description> 3208 <references> 3209 <cvename>CVE-2014-0117</cvename> 3210 <cvename>CVE-2014-3523</cvename> 3211 <cvename>CVE-2014-0226</cvename> 3212 <cvename>CVE-2014-0118</cvename> 3213 <cvename>CVE-2014-0231</cvename> 3214 </references> 3215 <dates> 3216 <discovery>2014-07-15</discovery> 3217 <entry>2014-07-19</entry> 3218 </dates> 3219 </vuln> 3220 3221 <vuln vid="3f09ca29-0e48-11e4-b17a-6805ca0b3d42"> 3222 <topic>phpMyAdmin -- multiple XSS vulnerabilities, missing validation</topic> 3223 <affects> 3224 <package> 3225 <name>phpMyAdmin</name> 3226 <range><ge>4.2.0</ge><lt>4.2.6</lt></range> 3227 </package> 3228 </affects> 3229 <description> 3230 <body xmlns="http://www.w3.org/1999/xhtml"> 3231 <p>The phpMyAdmin development team reports:</p> 3232 <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-4.php"> 3233 <p>Self-XSS due to unescaped HTML output in database 3234 structure page.</p> 3235 <p>With a crafted table comment, it is possible to trigger 3236 an XSS in database structure page.</p> 3237 </blockquote> 3238 <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-5.php"> 3239 <p>Self-XSS due to unescaped HTML output in database 3240 triggers page.</p> 3241 <p>When navigating into the database triggers page, it is 3242 possible to trigger an XSS with a crafted trigger 3243 name.</p> 3244 </blockquote> 3245 <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-6.php"> 3246 <p>Multiple XSS in AJAX confirmation messages.</p> 3247 <p>With a crafted column name it is possible to trigger an 3248 XSS when dropping the column in table structure page. With 3249 a crafted table name it is possible to trigger an XSS when 3250 dropping or truncating the table in table operations 3251 page.</p> 3252 </blockquote> 3253 <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php"> 3254 <p>Access for an unprivileged user to MySQL user list.</p> 3255 <p>An unpriviledged user could view the MySQL user list and 3256 manipulate the tabs displayed in phpMyAdmin for them.</p> 3257 </blockquote> 3258 </body> 3259 </description> 3260 <references> 3261 <cvename>CVE-2014-4954</cvename> 3262 <cvename>CVE-2014-4955</cvename> 3263 <cvename>CVE-2014-4986</cvename> 3264 <cvename>CVE-2014-4987</cvename> 3265 <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-4.php</url> 3266 <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-5.php</url> 3267 <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-6.php</url> 3268 <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php</url> 3269 </references> 3270 <dates> 3271 <discovery>2014-07-18</discovery> 3272 <entry>2014-07-18</entry> 3273 <modified>2014-07-20</modified> 3274 </dates> 3275 </vuln> 3276 3277 <vuln vid="4a114331-0d24-11e4-8dd2-5453ed2e2b49"> 3278 <topic>kdelibs4 -- KMail/KIO POP3 SSL Man-in-the-middle Flaw</topic> 3279 <affects> 3280 <package> 3281 <name>kdelibs</name> 3282 <range><ge>4.10.95</ge><lt>4.12.5_2</lt></range> 3283 </package> 3284 </affects> 3285 <description> 3286 <body xmlns="http://www.w3.org/1999/xhtml"> 3287 <p>Richard J. Moore reports:</p> 3288 <blockquote cite="http://www.kde.org/info/security/advisory-20140618-1.txt"> 3289 <p>The POP3 kioslave used by KMail will accept invalid 3290 certificates without presenting a dialog to the user due a 3291 bug that leads to an inability to display the dialog 3292 combined with an error in the way the result is checked.</p> 3293 <p>This flaw allows an active attacker to perform MITM 3294 attacks against the ioslave which could result in the leakage of 3295 sensitive data such as the authentication details and the contents of 3296 emails.</p> 3297 </blockquote> 3298 </body> 3299 </description> 3300 <references> 3301 <cvename>CVE-2014-3494</cvename> 3302 <bid>68113</bid> 3303 <mlist>http://lists.kde.org/?l=kde-announce&m=140312275318160&w=2</mlist> 3304 </references> 3305 <dates> 3306 <discovery>2014-06-17</discovery> 3307 <entry>2014-07-16</entry> 3308 </dates> 3309 </vuln> 3310 3311 <vuln vid="ff98087f-0a8f-11e4-b00b-5453ed2e2b49"> 3312 <topic>postfixadmin -- SQL injection vulnerability</topic> 3313 <affects> 3314 <package> 3315 <name>postfixadmin</name> 3316 <range><lt>2.3.7</lt></range> 3317 </package> 3318 </affects> 3319 <description> 3320 <body xmlns="http://www.w3.org/1999/xhtml"> 3321 <p>Thijs Kinkhorst reports:</p> 3322 <blockquote cite="http://www.openwall.com/lists/oss-security/2014/03/26/6"> 3323 <p>Postfixadmin has an SQL injection vulnerability. This 3324 vulnerability is only exploitable by authenticated users able to 3325 create new aliases.</p> 3326 </blockquote> 3327 </body> 3328 </description> 3329 <references> 3330 <cvename>CVE-2014-2655</cvename> 3331 <bid>66455</bid> 3332 <freebsdpr>ports/189248</freebsdpr> 3333 <mlist>http://www.openwall.com/lists/oss-security/2014/03/26/6</mlist> 3334 <url>https://www.debian.org/security/2014/dsa-2889</url> 3335 </references> 3336 <dates> 3337 <discovery>2014-03-28</discovery> 3338 <entry>2014-07-13</entry> 3339 <modified>2015-09-28</modified> 3340 </dates> 3341 </vuln> 3342 3343 <vuln vid="e6a7636a-02d0-11e4-88b6-080027671656"> 3344 <topic>dbus -- multiple vulnerabilities</topic> 3345 <affects> 3346 <package> 3347 <name>dbus</name> 3348 <range><lt>1.8.6</lt></range> 3349 </package> 3350 </affects> 3351 <description> 3352 <body xmlns="http://www.w3.org/1999/xhtml"> 3353 <p>Simon McVittie reports:</p> 3354 <blockquote cite="http://lists.freedesktop.org/archives/dbus/2014-July/016235.html"> 3355 <p>Alban Crequy at Collabora Ltd. discovered a bug in dbus-daemon's 3356 support for file descriptor passing. A malicious process could 3357 force system services or user applications to be disconnected 3358 from the D-Bus system bus by sending them a message containing 3359 a file descriptor, then causing that file descriptor to exceed 3360 the kernel's maximum recursion depth (itself introduced to fix 3361 a DoS) before dbus-daemon forwards the message to the victim 3362 process. Most services and applications exit when disconnected 3363 from the system bus, leading to a denial of service.</p> 3364 <p>Additionally, Alban discovered that bug fd.o#79694, a bug 3365 previously reported by Alejandro Martínez Suárez which was n 3366 believed to be security flaw, could be used for a similar denial 3367 of service, by causing dbus-daemon to attempt to forward invalid 3368 file descriptors to a victim process when file descriptors become 3369 associated with the wrong message.</p> 3370 </blockquote> 3371 </body> 3372 </description> 3373 <references> 3374 <cvename>CVE-2014-3532</cvename> 3375 <cvename>CVE-2014-3533</cvename> 3376 <url>http://lists.freedesktop.org/archives/dbus/2014-July/016235.html</url> 3377 </references> 3378 <dates> 3379 <discovery>2014-07-02</discovery> 3380 <entry>2014-07-03</entry> 3381 </dates> 3382 </vuln> 3383 3384 <vuln vid="17dfd984-feba-11e3-b938-5404a68ad561"> 3385 <topic>mencoder -- potential buffer overrun when processing malicious lzo compressed input</topic> 3386 <affects> 3387 <package> 3388 <name>mencoder</name> 3389 <range><lt>1.1.r20140418_1</lt></range> 3390 </package> 3391 </affects> 3392 <description> 3393 <body xmlns="http://www.w3.org/1999/xhtml"> 3394 <p>Michael Niedermayer and Luca Barbato report in upstream ffmpeg:</p> 3395 <blockquote> 3396 <p>avutil/lzo: Fix integer overflow</p> 3397 </blockquote> 3398 </body> 3399 </description> 3400 <references> 3401 <url>http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ccda51b14c0fcae2fad73a24872dce75a7964996</url> 3402 <url>http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6af26c55c1ea30f85a7d9edbc373f53be1743ee</url> 3403 <cvename>CVE-2014-4610</cvename> 3404 </references> 3405 <dates> 3406 <discovery>2014-06-24</discovery> 3407 <entry>2014-06-28</entry> 3408 </dates> 3409 </vuln> 3410 3411 <vuln vid="9ab3a22c-feb8-11e3-b938-5404a68ad561"> 3412 <topic>mplayer -- potential buffer overrun when processing malicious lzo compressed input</topic> 3413 <affects> 3414 <package> 3415 <name>mplayer</name> 3416 <range><lt>1.1.r20140418_3</lt></range> 3417 </package> 3418 </affects> 3419 <description> 3420 <body xmlns="http://www.w3.org/1999/xhtml"> 3421 <p>Michael Niedermayer and Luca Barbato report in upstream ffmpeg:</p> 3422 <blockquote> 3423 <p>avutil/lzo: Fix integer overflow</p> 3424 </blockquote> 3425 </body> 3426 </description> 3427 <references> 3428 <url>http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ccda51b14c0fcae2fad73a24872dce75a7964996</url> 3429 <url>http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6af26c55c1ea30f85a7d9edbc373f53be1743ee</url> 3430 <cvename>CVE-2014-4610</cvename> 3431 </references> 3432 <dates> 3433 <discovery>2014-06-24</discovery> 3434 <entry>2014-06-28</entry> 3435 </dates> 3436 </vuln> 3437 3438 <vuln vid="d1f5e12a-fd5a-11e3-a108-080027ef73ec"> 3439 <topic>LZO -- potential buffer overrun when processing malicious input data</topic> 3440 <affects> 3441 <package> 3442 <name>lzo2</name> 3443 <range><lt>2.07</lt></range> 3444 </package> 3445 <package> 3446 <name>busybox</name> 3447 <range><lt>1.22.1_2</lt></range> 3448 </package> 3449 </affects> 3450 <description> 3451 <body xmlns="http://www.w3.org/1999/xhtml"> 3452 <p>Markus Franz Xaver Johannes Oberhumer reports, in the package's NEWS file:</p> 3453 <blockquote> 3454 <p>Fixed a potential integer overflow condition in the "safe" 3455 decompressor variants which could result in a possible buffer 3456 overrun when processing maliciously crafted compressed input 3457 data.</p> 3458 3459 <p>As this issue only affects 32-bit systems and also can only happen 3460 if you use uncommonly huge buffer sizes where you have to decompress 3461 more than 16 MiB (2^24 bytes) compressed bytes within a single 3462 function call, the practical implications are limited.</p> 3463 </blockquote> 3464 </body> 3465 </description> 3466 <references> 3467 <url>http://www.oberhumer.com/opensource/lzo/download/lzo-2.07.tar.gz</url> 3468 <cvename>CVE-2014-4608</cvename> 3469 </references> 3470 <dates> 3471 <discovery>2014-06-25</discovery> 3472 <entry>2014-06-26</entry> 3473 <modified>2015-01-06</modified> 3474 </dates> 3475 </vuln> 3476 3477 <vuln vid="1c840eb9-fb32-11e3-866e-b499baab0cbe"> 3478 <topic>gnupg -- possible DoS using garbled compressed data packets</topic> 3479 <affects> 3480 <package> 3481 <name>gnupg1</name> 3482 <range><lt>1.4.17</lt></range> 3483 </package> 3484 <package> 3485 <name>gnupg</name> 3486 <range><lt>2.0.24</lt></range> 3487 </package> 3488 </affects> 3489 <description> 3490 <body xmlns="http://www.w3.org/1999/xhtml"> 3491 <p>Werner Koch reports:</p> 3492 <blockquote cite="http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html"> 3493 <p>This release includes a *security fix* to stop 3494 a possible DoS using garbled compressed data packets which can be used 3495 to put gpg into an infinite loop.</p> 3496 </blockquote> 3497 </body> 3498 </description> 3499 <references> 3500 <url>http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html</url> 3501 <url>http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html</url> 3502 </references> 3503 <dates> 3504 <discovery>2014-06-23</discovery> 3505 <entry>2014-06-23</entry> 3506 </dates> 3507 </vuln> 3508 3509 <vuln vid="6ad309d9-fb03-11e3-bebd-000c2980a9f3"> 3510 <topic>samba -- multiple vulnerabilities</topic> 3511 <affects> 3512 <package> 3513 <name>samba36</name> 3514 <range><lt>3.6.24</lt></range> 3515 </package> 3516 <package> 3517 <name>samba4</name> 3518 <range><lt>4.0.19</lt></range> 3519 </package> 3520 <package> 3521 <name>samba41</name> 3522 <range><lt>4.1.9</lt></range> 3523 </package> 3524 </affects> 3525 <description> 3526 <body xmlns="http://www.w3.org/1999/xhtml"> 3527 <p>The samba project reports:</p> 3528 <blockquote cite="https://www.samba.org/samba/history/"> 3529 <p>A malformed packet can cause the nmbd server to loop the CPU and 3530 prevent any further NetBIOS name service.</p> 3531 <p>Valid unicode path names stored on disk can cause smbd to 3532 crash if an authenticated client attempts to read them 3533 using a non-unicode request.</p> 3534 </blockquote> 3535 </body> 3536 </description> 3537 <references> 3538 <cvename>CVE-2014-0244</cvename> 3539 <cvename>CVE-2014-3493</cvename> 3540 <url>https://www.samba.org/samba/security/CVE-2014-0244</url> 3541 <url>https://www.samba.org/samba/security/CVE-2014-3493</url> 3542 </references> 3543 <dates> 3544 <discovery>2014-06-23</discovery> 3545 <entry>2014-06-23</entry> 3546 </dates> 3547 </vuln> 3548 3549 <vuln vid="c4892644-f8c6-11e3-9f45-6805ca0b3d42"> 3550 <topic>phpMyAdmin -- two XSS vulnerabilities due to unescaped db/table names</topic> 3551 <affects> 3552 <package> 3553 <name>phpMyAdmin</name> 3554 <range><ge>4.1.0</ge><lt>4.2.4</lt></range> 3555 </package> 3556 </affects> 3557 <description> 3558 <body xmlns="http://www.w3.org/1999/xhtml"> 3559 <p>The phpMyAdmin development team reports:</p> 3560 <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-2.php"> 3561 <p>Self-XSS due to unescaped HTML output in recent/favorite 3562 tables navigation.</p> 3563 3564 <p>When marking a crafted database or table name as 3565 favorite or having it in recent tables, it is possible to 3566 trigger an XSS.</p> 3567 3568 3569 <p>This vulnerability can be triggered only by someone who 3570 logged in to phpMyAdmin, as the usual token protection 3571 prevents non-logged-in users from accessing the required 3572 form.</p> 3573 3574 </blockquote> 3575 <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-3.php"> 3576 <p>Self-XSS due to unescaped HTML output in navigation items 3577 hiding feature.</p> 3578 3579 <p>When hiding or unhiding a crafted table name in the 3580 navigation, it is possible to trigger an XSS.</p> 3581 3582 <p>This vulnerability can be triggered only by someone who 3583 logged in to phpMyAdmin, as the usual token protection 3584 prevents non-logged-in users from accessing the required 3585 form.</p> 3586 </blockquote> 3587 </body> 3588 </description> 3589 <references> 3590 <cvename>CVE-2014-4348</cvename> 3591 <cvename>CVE-2014-4349</cvename> 3592 <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-2.php</url> 3593 <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-3.php</url> 3594 </references> 3595 <dates> 3596 <discovery>2014-06-20</discovery> 3597 <entry>2014-06-20</entry> 3598 <modified>2014-06-24</modified> 3599 </dates> 3600 </vuln> 3601 3602 <vuln vid="0981958a-f733-11e3-8276-071f1604ef8a"> 3603 <topic>iodined -- authentication bypass</topic> 3604 <affects> 3605 <package> 3606 <name>iodine</name> 3607 <range><lt>0.7.0</lt></range> 3608 </package> 3609 </affects> 3610 <description> 3611 <body xmlns="http://www.w3.org/1999/xhtml"> 3612 <p>Erik Ekman of the iodine project reports:</p> 3613 <blockquote cite="https://github.com/yarrick/iodine/commit/b715be5cf3978fbe589b03b09c9398d0d791f850"> 3614 <p>The client could bypass the password check by continuing after 3615 getting error from the server and guessing the network parameters. 3616 The server would still accept the rest of the setup and also network 3617 traffic.</p> 3618 </blockquote> 3619 </body> 3620 </description> 3621 <references> 3622 <url>https://github.com/yarrick/iodine/commit/b715be5cf3978fbe589b03b09c9398d0d791f850</url> 3623 </references> 3624 <dates> 3625 <discovery>2014-06-16</discovery> 3626 <entry>2014-06-18</entry> 3627 </dates> 3628 </vuln> 3629 3630 <vuln vid="f109b02f-f5a4-11e3-82e9-00a098b18457"> 3631 <topic>asterisk -- multiple vulnerabilities</topic> 3632 <affects> 3633 <package> 3634 <name>asterisk11</name> 3635 <range><lt>11.10.1</lt></range> 3636 </package> 3637 <package> 3638 <name>asterisk18</name> 3639 <range><lt>1.8.28.1</lt></range> 3640 </package> 3641 </affects> 3642 <description> 3643 <body xmlns="http://www.w3.org/1999/xhtml"> 3644 <p>The Asterisk project reports:</p> 3645 <blockquote cite="https://www.asterisk.org/security"> 3646 <p>Asterisk Manager User Unauthorized Shell Access. Manager users can 3647 execute arbitrary shell commands with the MixMonitor manager action. 3648 Asterisk does not require system class authorization for a manager 3649 user to use the MixMonitor action, so any manager user who is 3650 permitted to use manager commands can potentially execute shell 3651 commands as the user executing the Asterisk process.</p> 3652 <p>Exhaustion of Allowed Concurrent HTTP Connections. Establishing a 3653 TCP or TLS connection to the configured HTTP or HTTPS port 3654 respectively in http.conf and then not sending or completing a HTTP 3655 request will tie up a HTTP session. By doing this repeatedly until the 3656 maximum number of open HTTP sessions is reached, legitimate requests 3657 are blocked.</p> 3658 </blockquote> 3659 </body> 3660 </description> 3661 <references> 3662 <cvename>CVE-2014-4046</cvename> 3663 <cvename>CVE-2014-4047</cvename> 3664 <url>http://downloads.asterisk.org/pub/security/AST-2014-006.pdf</url> 3665 <url>http://downloads.asterisk.org/pub/security/AST-2014-007.pdf</url> 3666 <url>https://www.asterisk.org/security</url> 3667 </references> 3668 <dates> 3669 <discovery>2014-06-12</discovery> 3670 <entry>2014-06-17</entry> 3671 </dates> 3672 </vuln> 3673 3674 <vuln vid="52bbc7e8-f13c-11e3-bc09-bcaec565249c"> 3675 <topic>dbus -- local DoS</topic> 3676 <affects> 3677 <package> 3678 <name>dbus</name> 3679 <range><ge>1.8.0</ge><lt>1.8.4</lt></range> 3680 <range><lt>1.6.20</lt></range> 3681 </package> 3682 </affects> 3683 <description> 3684 <body xmlns="http://www.w3.org/1999/xhtml"> 3685 <p>Simon MvVittie reports:</p> 3686 <blockquote cite="http://lists.freedesktop.org/archives/dbus/2014-June/016220.html"> 3687 <p>Alban Crequy at Collabora Ltd. discovered and fixed a 3688 denial-of-service flaw in dbus-daemon, part of the reference 3689 implementation of D-Bus. Additionally, in highly unusual 3690 environments the same flaw could lead to a side channel between 3691 processes that should not be able to communicate.</p> 3692 </blockquote> 3693 </body> 3694 </description> 3695 <references> 3696 <cvename>CVE-2014-3477</cvename> 3697 <url>http://lists.freedesktop.org/archives/dbus/2014-June/016220.html</url> 3698 </references> 3699 <dates> 3700 <discovery>2014-06-10</discovery> 3701 <entry>2014-06-14</entry> 3702 </dates> 3703 </vuln> 3704 3705 <vuln vid="888a0262-f0d9-11e3-ba0c-b4b52fce4ce8"> 3706 <topic>mozilla -- multiple vulnerabilities</topic> 3707 <affects> 3708 <package> 3709 <name>firefox</name> 3710 <range><lt>30.0,1</lt></range> 3711 </package> 3712 <package> 3713 <name>firefox-esr</name> 3714 <range><lt>24.6.0,1</lt></range> 3715 </package> 3716 <package> 3717 <name>seamonkey</name> 3718 <range><lt>2.26.1</lt></range> 3719 </package> 3720 <package> 3721 <name>linux-firefox</name> 3722 <range><lt>30.0,1</lt></range> 3723 </package> 3724 <package> 3725 <name>linux-seamonkey</name> 3726 <range><lt>2.26.1</lt></range> 3727 </package> 3728 <package> 3729 <name>linux-thunderbird</name> 3730 <range><lt>24.6.0</lt></range> 3731 </package> 3732 <package> 3733 <name>nspr</name> 3734 <range><lt>4.10.6</lt></range> 3735 </package> 3736 <package> 3737 <name>thunderbird</name> 3738 <range><lt>24.6.0</lt></range> 3739 </package> 3740 </affects> 3741 <description> 3742 <body xmlns="http://www.w3.org/1999/xhtml"> 3743 <p>The Mozilla Project reports:</p> 3744 <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> 3745 <p>MFSA 2014-48 Miscellaneous memory safety hazards 3746 (rv:30.0 / rv:24.6)</p> 3747 <p>MFSA 2014-49 Use-after-free and out of bounds 3748 issues found using Address Sanitizer</p> 3749 <p>MFSA 2014-51 Use-after-free in Event Listener 3750 Manager</p> 3751 <p>MFSA 2014-52 Use-after-free with SMIL Animation 3752 Controller</p> 3753 <p>MFSA 2014-53 Buffer overflow in Web Audio Speex 3754 resampler</p> 3755 <p>MFSA 2014-54 Buffer overflow in Gamepad API</p> 3756 <p>MFSA 2014-55 Out of bounds write in NSPR</p> 3757 </blockquote> 3758 </body> 3759 </description> 3760 <references> 3761 <cvename>CVE-2014-1533</cvename> 3762 <cvename>CVE-2014-1534</cvename> 3763 <cvename>CVE-2014-1536</cvename> 3764 <cvename>CVE-2014-1537</cvename> 3765 <cvename>CVE-2014-1540</cvename> 3766 <cvename>CVE-2014-1541</cvename> 3767 <cvename>CVE-2014-1542</cvename> 3768 <cvename>CVE-2014-1543</cvename> 3769 <cvename>CVE-2014-1545</cvename> 3770 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-48.html</url> 3771 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-49.html</url> 3772 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-51.html</url> 3773 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-52.html</url> 3774 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-53.html</url> 3775 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-54.html</url> 3776 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-55.html</url> 3777 </references> 3778 <dates> 3779 <discovery>2014-06-10</discovery> 3780 <entry>2014-06-10</entry> 3781 </dates> 3782 </vuln> 3783 3784 <vuln vid="5ac53801-ec2e-11e3-9cf3-3c970e169bc2"> 3785 <topic>OpenSSL -- multiple vulnerabilities</topic> 3786 <affects> 3787 <package> 3788 <name>openssl</name> 3789 <range><ge>1.0.1</ge><lt>1.0.1_13</lt></range> 3790 </package> 3791 <package> 3792 <name>mingw32-openssl</name> 3793 <range><ge>1.0.1</ge><lt>1.0.1h</lt></range> 3794 </package> 3795 <package> 3796 <name>FreeBSD</name> 3797 <range><ge>8.0</ge><lt>8.4_12</lt></range> 3798 <range><ge>9.1</ge><lt>9.1_15</lt></range> 3799 <range><ge>9.2</ge><lt>9.2_8</lt></range> 3800 <range><ge>10.0</ge><lt>10.0_5</lt></range> 3801 </package> 3802 </affects> 3803 <description> 3804 <body xmlns="http://www.w3.org/1999/xhtml"> 3805 <p>The OpenSSL Project reports:</p> 3806 <blockquote cite="http://www.openssl.org/news/secadv_20140605.txt"> 3807 <p>An attacker using a carefully crafted handshake can force 3808 the use of weak keying material in OpenSSL SSL/TLS clients 3809 and servers. This can be exploited by a Man-in-the-middle 3810 (MITM) attack where the attacker can decrypt and modify 3811 traffic from the attacked client and server. [CVE-2014-0224]</p> 3812 <p>By sending an invalid DTLS handshake to an OpenSSL DTLS 3813 client the code can be made to recurse eventually crashing 3814 in a DoS attack. [CVE-2014-0221]</p> 3815 <p>A buffer overrun attack can be triggered by sending invalid 3816 DTLS fragments to an OpenSSL DTLS client or server. This is 3817 potentially exploitable to run arbitrary code on a vulnerable 3818 client or server. [CVE-2014-0195]</p> 3819 <p>OpenSSL TLS clients enabling anonymous ECDH ciphersuites are 3820 subject to a denial of service attack. [CVE-2014-3470]</p> 3821 </blockquote> 3822 </body> 3823 </description> 3824 <references> 3825 <cvename>CVE-2014-0195</cvename> 3826 <cvename>CVE-2014-0221</cvename> 3827 <cvename>CVE-2014-0224</cvename> 3828 <cvename>CVE-2014-3470</cvename> 3829 <freebsdsa>SA-14:14.openssl</freebsdsa> 3830 <url>http://www.openssl.org/news/secadv_20140605.txt</url> 3831 </references> 3832 <dates> 3833 <discovery>2014-06-05</discovery> 3834 <entry>2014-06-05</entry> 3835 </dates> 3836 </vuln> 3837 3838 <vuln vid="9733c480-ebff-11e3-970b-206a8a720317"> 3839 <topic>gnutls -- client-side memory corruption</topic> 3840 <affects> 3841 <package> 3842 <name>gnutls</name> 3843 <range><lt>2.12.23_6</lt></range> 3844 </package> 3845 </affects> 3846 <description> 3847 <body xmlns="http://www.w3.org/1999/xhtml"> 3848 <p>GnuTLS project reports:</p> 3849 <blockquote cite="www.gnutls.org/security.html#GNUTLS-SA-2014-3"> 3850 <p>This vulnerability affects the client side of the gnutls library. 3851 A server that sends a specially crafted ServerHello could corrupt 3852 the memory of a requesting client.</p> 3853 </blockquote> 3854 </body> 3855 </description> 3856 <references> 3857 <cvename>CVE-2014-3466</cvename> 3858 <url>http://www.gnutls.org/security.html#GNUTLS-SA-2014-3</url> 3859 </references> 3860 <dates> 3861 <discovery>2014-05-14</discovery> 3862 <entry>2014-06-04</entry> 3863 </dates> 3864 </vuln> 3865 3866 <vuln vid="027af74d-eb56-11e3-9032-000c2980a9f3"> 3867 <topic>gnutls -- client-side memory corruption</topic> 3868 <affects> 3869 <package> 3870 <name>gnutls3</name> 3871 <range><ge>3.1</ge><lt>3.1.25</lt></range> 3872 </package> 3873 </affects> 3874 <description> 3875 <body xmlns="http://www.w3.org/1999/xhtml"> 3876 <p>GnuTLS project reports:</p> 3877 <blockquote cite="www.gnutls.org/security.html#GNUTLS-SA-2014-3"> 3878 <p>This vulnerability affects the client side of the gnutls library. 3879 A server that sends a specially crafted ServerHello could corrupt 3880 the memory of a requesting client.</p> 3881 </blockquote> 3882 </body> 3883 </description> 3884 <references> 3885 <cvename>CVE-2014-3466</cvename> 3886 <url>http://www.gnutls.org/security.html#GNUTLS-SA-2014-3</url> 3887 </references> 3888 <dates> 3889 <discovery>2014-05-14</discovery> 3890 <entry>2014-06-03</entry> 3891 </dates> 3892 </vuln> 3893 3894 <vuln vid="77e2e631-e742-11e3-9a25-5404a6a6412c"> 3895 <topic>mumble -- multiple vulnerabilities</topic> 3896 <affects> 3897 <package> 3898 <name>mumble</name> 3899 <range><ge>1.2.0</ge><lt>1.2.6</lt></range> 3900 </package> 3901 </affects> 3902 <description> 3903 <body xmlns="http://www.w3.org/1999/xhtml"> 3904 <p>Mumble reports:</p> 3905 <blockquote cite="http://blog.mumble.info/mumble-1-2-6/"> 3906 <p>SVG images with local file references could trigger client DoS</p> 3907 <p>The Mumble client did not properly HTML-escape some external strings 3908 before using them in a rich-text (HTML) context.</p> 3909 </blockquote> 3910 </body> 3911 </description> 3912 <references> 3913 <url>http://mumble.info/security/Mumble-SA-2014-005.txt</url> 3914 <url>http://mumble.info/security/Mumble-SA-2014-006.txt</url> 3915 </references> 3916 <dates> 3917 <discovery>2014-04-16</discovery> 3918 <entry>2014-05-29</entry> 3919 </dates> 3920 </vuln> 3921 3922 <vuln vid="c2c8c84b-e734-11e3-9a25-5404a6a6412c"> 3923 <topic>mumble -- NULL pointer dereference and heap-based buffer overflow</topic> 3924 <affects> 3925 <package> 3926 <name>mumble</name> 3927 <range><ge>1.2.4</ge><le>1.2.4_6</le></range> 3928 </package> 3929 </affects> 3930 <description> 3931 <body xmlns="http://www.w3.org/1999/xhtml"> 3932 <p>Mumble reports:</p> 3933 <blockquote cite="http://blog.mumble.info/mumble-1-2-5/"> 3934 <p>A malformed Opus voice packet sent to a Mumble client could trigger 3935 a NULL pointer dereference or an out-of-bounds array access.</p> 3936 <p>A malformed Opus voice packet sent to a Mumble client could trigger a 3937 heap-based buffer overflow.</p> 3938 </blockquote> 3939 </body> 3940 </description> 3941 <references> 3942 <cvename>CVE-2014-0044</cvename> 3943 <cvename>CVE-2014-0045</cvename> 3944 <url>http://mumble.info/security/Mumble-SA-2014-001.txt</url> 3945 <url>http://mumble.info/security/Mumble-SA-2014-002.txt</url> 3946 </references> 3947 <dates> 3948 <discovery>2014-01-25</discovery> 3949 <entry>2014-05-29</entry> 3950 </dates> 3951 </vuln> 3952 3953 <vuln vid="f99a4686-e694-11e3-9032-000c2980a9f3"> 3954 <cancelled/> 3955 </vuln> 3956 3957 <vuln vid="688e73a2-e514-11e3-a52a-98fc11cdc4f5"> 3958 <topic>linux-flashplugin -- multiple vulnerabilities</topic> 3959 <affects> 3960 <package> 3961 <name>linux-f10-flashplugin</name> 3962 <range><lt>11.2r202.359</lt></range> 3963 </package> 3964 </affects> 3965 <description> 3966 <body xmlns="http://www.w3.org/1999/xhtml"> 3967 <p>Adobe reports:</p> 3968 <blockquote cite="https://helpx.adobe.com/security/products/flash-player/apsb14-14.html"> 3969 <p>These updates address vulnerabilities that could cause a crash 3970 and potentially allow an attacker to take control of the affected system.</p> 3971 </blockquote> 3972 </body> 3973 </description> 3974 <references> 3975 <cvename>CVE-2014-0510</cvename> 3976 <cvename>CVE-2014-0516</cvename> 3977 <cvename>CVE-2014-0517</cvename> 3978 <cvename>CVE-2014-0518</cvename> 3979 <cvename>CVE-2014-0519</cvename> 3980 <cvename>CVE-2014-0520</cvename> 3981 <url>https://helpx.adobe.com/security/products/flash-player/apsb14-14.html</url> 3982 </references> 3983 <dates> 3984 <discovery>2014-03-13</discovery> 3985 <entry>2014-05-26</entry> 3986 </dates> 3987 </vuln> 3988 3989 <vuln vid="02db20d7-e34a-11e3-bd92-bcaec565249c"> 3990 <topic>openjpeg -- Multiple vulnerabilities</topic> 3991 <affects> 3992 <package> 3993 <name>openjpeg</name> 3994 <range><lt>1.5.2</lt></range> 3995 </package> 3996 </affects> 3997 <description> 3998 <body xmlns="http://www.w3.org/1999/xhtml"> 3999 <p>Openjpeg release notes report:</p> 4000 <blockquote cite="http://openjpeg.googlecode.com/svn/tags/version.1.5.1/NEWS"> 4001 <p>That CVE-2012-3535 and CVE-2012-3358 are fixed in the 1.5.1 4002 release.</p> 4003 </blockquote> 4004 <blockquote cite="http://openjpeg.googlecode.com/svn/tags/version.1.5.2/NEWS"> 4005 <p>That CVE-2013-4289, CVE-2013-4290, CVE-2013-1447, CVE-2013-6045, 4006 CVE-2013-6052, CVE-2013-6054, CVE-2013-6053, CVE-2013-6887, 4007 where fixed in the 1.5.2 release.</p> 4008 </blockquote> 4009 </body> 4010 </description> 4011 <references> 4012 <cvename>CVE-2012-3358</cvename> 4013 <cvename>CVE-2012-3535</cvename> 4014 <cvename>CVE-2013-1447</cvename> 4015 <cvename>CVE-2013-4289</cvename> 4016 <cvename>CVE-2013-4290</cvename> 4017 <cvename>CVE-2013-6045</cvename> 4018 <cvename>CVE-2013-6052</cvename> 4019 <cvename>CVE-2013-6053</cvename> 4020 <cvename>CVE-2013-6054</cvename> 4021 <cvename>CVE-2013-6887</cvename> 4022 <url>http://openjpeg.googlecode.com/svn/tags/version.1.5.1/NEWS</url> 4023 <url>http://openjpeg.googlecode.com/svn/tags/version.1.5.2/NEWS</url> 4024 </references> 4025 <dates> 4026 <discovery>2012-05-13</discovery> 4027 <entry>2014-05-24</entry> 4028 </dates> 4029 </vuln> 4030 4031 <vuln vid="b060ee50-daba-11e3-99f2-bcaec565249c"> 4032 <topic>libXfont -- X Font Service Protocol and Font metadata file handling issues</topic> 4033 <affects> 4034 <package> 4035 <name>libXfont</name> 4036 <range><lt>1.4.7_3</lt></range> 4037 </package> 4038 <package> 4039 <name>linux-c6-xorg-libs</name> 4040 <range><lt>7.4_2</lt></range> 4041 </package> 4042 <package> 4043 <name>linux-f10-xorg-libs</name> 4044 <range><ge>*</ge></range> 4045 </package> 4046 </affects> 4047 <description> 4048 <body xmlns="http://www.w3.org/1999/xhtml"> 4049 <p>Alan Coopersmith reports:</p> 4050 <blockquote cite="http://lists.x.org/archives/xorg-announce/2014-May/002431.html"> 4051 <p>Ilja van Sprundel, a security researcher with IOActive, has 4052 discovered several issues in the way the libXfont library 4053 handles the responses it receives from xfs servers, and has 4054 worked with X.Org's security team to analyze, confirm, and fix 4055 these issues.</p> 4056 <p>Most of these issues stem from libXfont trusting the font server 4057 to send valid protocol data, and not verifying that the values 4058 will not overflow or cause other damage. This code is commonly 4059 called from the X server when an X Font Server is active in the 4060 font path, so may be running in a setuid-root process depending 4061 on the X server in use. Exploits of this path could be used by 4062 a local, authenticated user to attempt to raise privileges; or 4063 by a remote attacker who can control the font server to attempt 4064 to execute code with the privileges of the X server.</p> 4065 </blockquote> 4066 </body> 4067 </description> 4068 <references> 4069 <cvename>CVE-2014-0209</cvename> 4070 <cvename>CVE-2014-0210</cvename> 4071 <cvename>CVE-2014-0211</cvename> 4072 <url>http://lists.x.org/archives/xorg-announce/2014-May/002431.html</url> 4073 </references> 4074 <dates> 4075 <discovery>2014-05-13</discovery> 4076 <entry>2014-05-13</entry> 4077 <modified>2015-07-15</modified> 4078 </dates> 4079 </vuln> 4080 4081 <vuln vid="e7bb3885-da40-11e3-9ecb-2c4138874f7d"> 4082 <topic>libxml2 -- lack of end-of-document check DoS</topic> 4083 <affects> 4084 <package> 4085 <name>libxml2</name> 4086 <range><lt>2.9.1</lt></range> 4087 </package> 4088 <package> 4089 <name>linux-c6-libxml2</name> 4090 <range><lt>2.7.6_2</lt></range> 4091 </package> 4092 <package> 4093 <name>linux-f10-libxml2</name> 4094 <range><ge>*</ge></range> 4095 </package> 4096 </affects> 4097 <description> 4098 <body xmlns="http://www.w3.org/1999/xhtml"> 4099 <p>CVE MITRE reports:</p> 4100 <blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2877"> 4101 <p>parser.c in libxml2 before 2.9.0, as used in Google 4102 Chrome before 28.0.1500.71 and other products, allows remote 4103 attackers to cause a denial of service (out-of-bounds read) 4104 via a document that ends abruptly, related to the lack of 4105 certain checks for the XML_PARSER_EOF state.</p> 4106 </blockquote> 4107 </body> 4108 </description> 4109 <references> 4110 <cvename>CVE-2013-2877</cvename> 4111 <url>https://git.gnome.org/browse/libxml2/tag/?id=CVE-2013-2877</url> 4112 <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2877</url> 4113 <url>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2877</url> 4114 </references> 4115 <dates> 4116 <discovery>2013-04-11</discovery> 4117 <entry>2013-07-10</entry> 4118 <modified>2015-07-15</modified> 4119 </dates> 4120 </vuln> 4121 4122 <vuln vid="efdd0edc-da3d-11e3-9ecb-2c4138874f7d"> 4123 <topic>libxml2 -- entity substitution DoS</topic> 4124 <affects> 4125 <package> 4126 <name>libxml2</name> 4127 <range><lt>2.9.1</lt></range> 4128 </package> 4129 <package> 4130 <name>linux-c6-libxml2</name> 4131 <range><lt>2.7.6_2</lt></range> 4132 </package> 4133 <package> 4134 <name>linux-f10-libxml2</name> 4135 <range><ge>*</ge></range> 4136 </package> 4137 </affects> 4138 <description> 4139 <body xmlns="http://www.w3.org/1999/xhtml"> 4140 <p>Stefan Cornelius reports:</p> 4141 <blockquote cite="http://www.openwall.com/lists/oss-security/2014/05/06/4"> 4142 <p>It was discovered that libxml2, a library providing 4143 support to read, modify and write XML files, incorrectly 4144 performs entity substitution in the doctype prolog, even if 4145 the application using libxml2 disabled any entity 4146 substitution. A remote attacker could provide a 4147 specially-crafted XML file that, when processed, would lead 4148 to the exhaustion of CPU and memory resources or file 4149 descriptors.</p> 4150 <p>This issue was discovered by Daniel Berrange of Red Hat.</p> 4151 </blockquote> 4152 </body> 4153 </description> 4154 <references> 4155 <cvename>CVE-2014-0191</cvename> 4156 <url>http://www.openwall.com/lists/oss-security/2014/05/06/4</url> 4157 <url>https://git.gnome.org/browse/libxml2/tag/?id=CVE-2014-0191</url> 4158 <url>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0191</url> 4159 </references> 4160 <dates> 4161 <discovery>2013-12-03</discovery> 4162 <entry>2014-05-06</entry> 4163 <modified>2015-07-15</modified> 4164 </dates> 4165 </vuln> 4166 4167 <vuln vid="1959e847-d4f0-11e3-84b0-0018fe623f2b"> 4168 <topic>OpenSSL -- NULL pointer dereference / DoS</topic> 4169 <affects> 4170 <package> 4171 <name>openssl</name> 4172 <range><ge>1.0.1</ge><lt>1.0.1_12</lt></range> 4173 </package> 4174 <package> 4175 <name>FreeBSD</name> 4176 <range><ge>10.0</ge><lt>10.0_3</lt></range> 4177 </package> 4178 </affects> 4179 <description> 4180 <body xmlns="http://www.w3.org/1999/xhtml"> 4181 <p>OpenBSD and David Ramos reports:</p> 4182 <blockquote cite="http://www.openwall.com/lists/oss-security/2014/05/02/5"> 4183 <p>Applications that use SSL_MODE_RELEASE_BUFFERS, such as nginx/apache, 4184 are prone to a race condition which may allow a remote attacker to 4185 crash the current service.</p> 4186 </blockquote> 4187 </body> 4188 </description> 4189 <references> 4190 <url>http://www.openwall.com/lists/oss-security/2014/05/02/5</url> 4191 <url>https://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=3321</url> 4192 <freebsdsa>SA-14:10.openssl</freebsdsa> 4193 <cvename>CVE-2014-0198</cvename> 4194 </references> 4195 <dates> 4196 <discovery>2014-05-02</discovery> 4197 <entry>2014-05-03</entry> 4198 <modified>2016-08-09</modified> 4199 </dates> 4200 </vuln> 4201 4202 <vuln vid="89709e58-d497-11e3-a3d5-5453ed2e2b49"> 4203 <topic>qt4-xml -- XML Entity Expansion Denial of Service</topic> 4204 <affects> 4205 <package> 4206 <name>qt4-xml</name> 4207 <range><lt>4.8.6</lt></range> 4208 </package> 4209 </affects> 4210 <description> 4211 <body xmlns="http://www.w3.org/1999/xhtml"> 4212 <p>Richard J. Moore reports:</p> 4213 <blockquote cite="http://lists.qt-project.org/pipermail/announce/2013-December/000036.html"> 4214 <p>QXmlSimpleReader in Qt versions prior to 5.2 supports 4215 expansion of internal entities in XML documents without 4216 placing restrictions to ensure the document does not cause 4217 excessive memory usage. If an application using this API 4218 processes untrusted data then the application may use 4219 unexpected amounts of memory if a malicious document is 4220 processed.</p> 4221 <p>It is possible to construct XML documents using internal 4222 entities that consume large amounts of memory and other 4223 resources to process, this is known as the 'Billion Laughs' 4224 attack. Qt versions prior to 5.2 did not offer protection 4225 against this issue.</p> 4226 </blockquote> 4227 </body> 4228 </description> 4229 <references> 4230 <cvename>CVE-2013-4549</cvename> 4231 <url>http://lists.qt-project.org/pipermail/announce/2013-December/000036.html</url> 4232 </references> 4233 <dates> 4234 <discovery>2013-12-05</discovery> 4235 <entry>2014-05-05</entry> 4236 </dates> 4237 </vuln> 4238 4239 <vuln vid="6fb521b0-d388-11e3-a790-000c2980a9f3"> 4240 <topic>strongswan -- Remote Authentication Bypass</topic> 4241 <affects> 4242 <package> 4243 <name>strongswan</name> 4244 <range><lt>5.1.3</lt></range> 4245 </package> 4246 </affects> 4247 <description> 4248 <body xmlns="http://www.w3.org/1999/xhtml"> 4249 <p>strongSwan developers report:</p> 4250 <blockquote cite="www.strongswan.org/blog/2014/04/14/strongswan-authentication-bypass-vulnerability-(cve-2014-2338).html"> 4251 <p>Remote attackers are able to bypass authentication by rekeying an 4252 IKE_SA during (1) initiation or (2) re-authentication, which 4253 triggers the IKE_SA state to be set to established.</p> 4254 <p>Only installations that actively initiate or re-authenticate IKEv2 4255 IKE_SAs are affected.</p> 4256 </blockquote> 4257 </body> 4258 </description> 4259 <references> 4260 <cvename>CVE-2014-2338</cvename> 4261 <url>http://www.strongswan.org/blog/2014/04/14/strongswan-authentication-bypass-vulnerability-%28cve-2014-2338%29.html</url> 4262 </references> 4263 <dates> 4264 <discovery>2014-03-12</discovery> 4265 <entry>2014-05-04</entry> 4266 </dates> 4267 </vuln> 4268 4269 <vuln vid="670d732a-cdd4-11e3-aac2-0022fb6fcf92"> 4270 <topic>mohawk -- multiple vulnerabilities</topic> 4271 <affects> 4272 <package> 4273 <name>mohawk</name> 4274 <range><lt>2.0.12</lt></range> 4275 </package> 4276 </affects> 4277 <description> 4278 <body xmlns="http://www.w3.org/1999/xhtml"> 4279 <p>The mohawk project reports:</p> 4280 <blockquote cite="http://fossil.bsdsx.fr/mohawk/tktview?name=1707f0e351"> 4281 <p>Segfault when parsing malformed / unescaped url, coredump when setting syslog facility.</p> 4282 </blockquote> 4283 </body> 4284 </description> 4285 <references> 4286 <url>http://fossil.bsdsx.fr/mohawk/tktview?name=1707f0e351</url> 4287 <url>http://fossil.bsdsx.fr/mohawk/tktview?name=1c7565019e</url> 4288 </references> 4289 <dates> 4290 <discovery>2014-04-10</discovery> 4291 <entry>2014-04-30</entry> 4292 </dates> 4293 </vuln> 4294 4295 <vuln vid="985d4d6c-cfbd-11e3-a003-b4b52fce4ce8"> 4296 <topic>mozilla -- multiple vulnerabilities</topic> 4297 <affects> 4298 <package> 4299 <name>firefox</name> 4300 <range><lt>29.0,1</lt></range> 4301 </package> 4302 <package> 4303 <name>firefox-esr</name> 4304 <range><lt>24.5.0,1</lt></range> 4305 </package> 4306 <package> 4307 <name>linux-firefox</name> 4308 <range><lt>29.0,1</lt></range> 4309 </package> 4310 <package> 4311 <name>linux-seamonkey</name> 4312 <range><lt>2.26</lt></range> 4313 </package> 4314 <package> 4315 <name>linux-thunderbird</name> 4316 <range><lt>24.5.0</lt></range> 4317 </package> 4318 <package> 4319 <name>seamonkey</name> 4320 <range><lt>2.26</lt></range> 4321 </package> 4322 <package> 4323 <name>thunderbird</name> 4324 <range><lt>24.5.0</lt></range> 4325 </package> 4326 </affects> 4327 <description> 4328 <body xmlns="http://www.w3.org/1999/xhtml"> 4329 <p>The Mozilla Project reports:</p> 4330 <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> 4331 <p>MFSA 2014-34 Miscellaneous memory safety hazards 4332 (rv:29.0 / rv:24.5)</p> 4333 <p>MFSA 2014-35 Privilege escalation through Mozilla Maintenance 4334 Service Installer</p> 4335 <p>MFSA 2014-36 Web Audio memory corruption issues</p> 4336 <p>MFSA 2014-37 Out of bounds read while decoding JPG images</p> 4337 <p>MFSA 2014-38 Buffer overflow when using non-XBL object as 4338 XBL</p> 4339 <p>MFSA 2014-39 Use-after-free in the Text Track Manager 4340 for HTML video</p> 4341 <p>MFSA 2014-41 Out-of-bounds write in Cairo</p> 4342 <p>MFSA 2014-42 Privilege escalation through Web Notification 4343 API</p> 4344 <p>MFSA 2014-43 Cross-site scripting (XSS) using history 4345 navigations</p> 4346 <p>MFSA 2014-44 Use-after-free in imgLoader while resizing 4347 images</p> 4348 <p>MFSA 2014-45 Incorrect IDNA domain name matching for 4349 wildcard certificates</p> 4350 <p>MFSA 2014-46 Use-after-free in nsHostResolve</p> 4351 <p>MFSA 2014-47 Debugger can bypass XrayWrappers 4352 with JavaScript</p> 4353 </blockquote> 4354 </body> 4355 </description> 4356 <references> 4357 <cvename>CVE-2014-1492</cvename> 4358 <cvename>CVE-2014-1518</cvename> 4359 <cvename>CVE-2014-1519</cvename> 4360 <cvename>CVE-2014-1520</cvename> 4361 <cvename>CVE-2014-1522</cvename> 4362 <cvename>CVE-2014-1523</cvename> 4363 <cvename>CVE-2014-1524</cvename> 4364 <cvename>CVE-2014-1525</cvename> 4365 <cvename>CVE-2014-1526</cvename> 4366 <cvename>CVE-2014-1527</cvename> 4367 <cvename>CVE-2014-1528</cvename> 4368 <cvename>CVE-2014-1529</cvename> 4369 <cvename>CVE-2014-1530</cvename> 4370 <cvename>CVE-2014-1531</cvename> 4371 <cvename>CVE-2014-1532</cvename> 4372 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-34.html</url> 4373 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-35.html</url> 4374 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-36.html</url> 4375 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-37.html</url> 4376 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-38.html</url> 4377 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-39.html</url> 4378 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-41.html</url> 4379 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-42.html</url> 4380 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-43.html</url> 4381 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-44.html</url> 4382 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-45.html</url> 4383 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-46.html</url> 4384 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-47.html</url> 4385 <url>http://www.mozilla.org/security/known-vulnerabilities/</url> 4386 </references> 4387 <dates> 4388 <discovery>2014-04-29</discovery> 4389 <entry>2014-04-29</entry> 4390 </dates> 4391 </vuln> 4392 4393 <vuln vid="59e72db2-cae6-11e3-8420-00e0814cab4e"> 4394 <topic>django -- multiple vulnerabilities</topic> 4395 <affects> 4396 <package> 4397 <name>py26-django</name> 4398 <range><ge>1.6</ge><lt>1.6.3</lt></range> 4399 </package> 4400 <package> 4401 <name>py27-django</name> 4402 <range><ge>1.6</ge><lt>1.6.3</lt></range> 4403 </package> 4404 <package> 4405 <name>py31-django</name> 4406 <range><ge>1.6</ge><lt>1.6.3</lt></range> 4407 </package> 4408 <package> 4409 <name>py32-django</name> 4410 <range><ge>1.6</ge><lt>1.6.3</lt></range> 4411 </package> 4412 <package> 4413 <name>py33-django</name> 4414 <range><ge>1.6</ge><lt>1.6.3</lt></range> 4415 </package> 4416 <package> 4417 <name>py34-django</name> 4418 <range><ge>1.6</ge><lt>1.6.3</lt></range> 4419 </package> 4420 <package> 4421 <name>py26-django15</name> 4422 <range><ge>1.5</ge><lt>1.5.6</lt></range> 4423 </package> 4424 <package> 4425 <name>py27-django15</name> 4426 <range><ge>1.5</ge><lt>1.5.6</lt></range> 4427 </package> 4428 <package> 4429 <name>py31-django15</name> 4430 <range><ge>1.5</ge><lt>1.5.6</lt></range> 4431 </package> 4432 <package> 4433 <name>py32-django15</name> 4434 <range><ge>1.5</ge><lt>1.5.6</lt></range> 4435 </package> 4436 <package> 4437 <name>py33-django15</name> 4438 <range><ge>1.5</ge><lt>1.5.6</lt></range> 4439 </package> 4440 <package> 4441 <name>py34-django15</name> 4442 <range><ge>1.5</ge><lt>1.5.6</lt></range> 4443 </package> 4444 <package> 4445 <name>py26-django14</name> 4446 <range><ge>1.4</ge><lt>1.4.11</lt></range> 4447 </package> 4448 <package> 4449 <name>py27-django14</name> 4450 <range><ge>1.4</ge><lt>1.4.11</lt></range> 4451 </package> 4452 <package> 4453 <name>py31-django14</name> 4454 <range><ge>1.4</ge><lt>1.4.11</lt></range> 4455 </package> 4456 <package> 4457 <name>py32-django14</name> 4458 <range><ge>1.4</ge><lt>1.4.11</lt></range> 4459 </package> 4460 <package> 4461 <name>py33-django14</name> 4462 <range><ge>1.4</ge><lt>1.4.11</lt></range> 4463 </package> 4464 <package> 4465 <name>py34-django14</name> 4466 <range><ge>1.4</ge><lt>1.4.11</lt></range> 4467 </package> 4468 <package> 4469 <name>py26-django-devel</name> 4470 <range><lt>20140423,1</lt></range> 4471 </package> 4472 <package> 4473 <name>py27-django-devel</name> 4474 <range><lt>20140423,1</lt></range> 4475 </package> 4476 </affects> 4477 <description> 4478 <body xmlns="http://www.w3.org/1999/xhtml"> 4479 <p>The Django project reports:</p> 4480 <blockquote cite="https://www.djangoproject.com/weblog/2014/apr/21/security/"> 4481 <p>These releases address an unexpected code-execution issue, a 4482 caching issue which can expose CSRF tokens and a MySQL typecasting 4483 issue. While these issues present limited risk and may not affect 4484 all Django users, we encourage all users to evaluate their own 4485 risk and upgrade as soon as possible.</p> 4486 </blockquote> 4487 </body> 4488 </description> 4489 <references> 4490 <url>https://www.djangoproject.com/weblog/2014/apr/21/security/</url> 4491 <cvename>CVE-2014-0472</cvename> 4492 <cvename>CVE-2014-0473</cvename> 4493 <cvename>CVE-2014-0474</cvename> 4494 </references> 4495 <dates> 4496 <discovery>2014-04-21</discovery> 4497 <entry>2014-04-23</entry> 4498 <modified>2014-04-30</modified> 4499 </dates> 4500 </vuln> 4501 4502 <vuln vid="0b8d7194-ca88-11e3-9d8d-c80aa9043978"> 4503 <topic>OpenSSL -- Remote Data Injection / DoS</topic> 4504 <affects> 4505 <package> 4506 <name>openssl</name> 4507 <range><ge>1.0.1</ge><lt>1.0.1_11</lt></range> 4508 </package> 4509 <package> 4510 <name>mingw32-openssl</name> 4511 <range><ge>1.0.1</ge><le>1.0.1g</le></range> 4512 </package> 4513 <package> 4514 <name>FreeBSD</name> 4515 <range><ge>10.0</ge><lt>10.0_2</lt></range> 4516 </package> 4517 </affects> 4518 <description> 4519 <body xmlns="http://www.w3.org/1999/xhtml"> 4520 <p>Applications that use SSL_MODE_RELEASE_BUFFERS, such as nginx, are 4521 prone to a race condition which may allow a remote attacker to 4522 inject random data into other connections.</p> 4523 </body> 4524 </description> 4525 <references> 4526 <url>https://rt.openssl.org/Ticket/Display.html?id=2167</url> 4527 <url>http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse</url> 4528 <freebsdsa>SA-14:09.openssl</freebsdsa> 4529 <cvename>CVE-2010-5298</cvename> 4530 </references> 4531 <dates> 4532 <discovery>2010-02-09</discovery> 4533 <entry>2014-04-23</entry> 4534 <modified>2016-08-09</modified> 4535 </dates> 4536 </vuln> 4537 4538 <vuln vid="608ed765-c700-11e3-848c-20cf30e32f6d"> 4539 <topic>bugzilla -- Cross-Site Request Forgery</topic> 4540 <affects> 4541 <package> 4542 <name>bugzilla40</name> 4543 <range><ge>2.0.0</ge><lt>4.4.3</lt></range> 4544 </package> 4545 <package> 4546 <name>bugzilla42</name> 4547 <range><ge>2.0.0</ge><lt>4.4.3</lt></range> 4548 </package> 4549 <package> 4550 <name>bugzilla44</name> 4551 <range><ge>2.0.0</ge><lt>4.4.3</lt></range> 4552 </package> 4553 </affects> 4554 <description> 4555 <body xmlns="http://www.w3.org/1999/xhtml"> 4556 <h1>A Bugzilla Security Advisory reports:</h1> 4557 <blockquote cite="http://www.bugzilla.org/security/4.0.11/"> 4558 <p>The login form had no CSRF protection, meaning that 4559 an attacker could force the victim to log in using the 4560 attacker's credentials. If the victim then reports a new 4561 security sensitive bug, the attacker would get immediate 4562 access to this bug.</p> 4563 <p> 4564 Due to changes involved in the Bugzilla API, this fix is 4565 not backported to the 4.0 and 4.2 branches, meaning that 4566 Bugzilla 4.0.12 and older, and 4.2.8 and older, will 4567 remain vulnerable to this issue.</p> 4568 </blockquote> 4569 </body> 4570 </description> 4571 <references> 4572 <cvename>CVE-2014-1517</cvename> 4573 <url>https://bugzilla.mozilla.org/show_bug.cgi?id=713926</url> 4574 </references> 4575 <dates> 4576 <discovery>2014-04-17</discovery> 4577 <entry>2014-04-18</entry> 4578 <modified>2014-04-18</modified> 4579 </dates> 4580 </vuln> 4581 4582 <vuln vid="60bfa396-c702-11e3-848c-20cf30e32f6d"> 4583 <topic>bugzilla -- Social Engineering</topic> 4584 <affects> 4585 <package> 4586 <name>bugzilla40</name> 4587 <range><ge>2.0.0</ge><lt>4.0.12</lt></range> 4588 </package> 4589 <package> 4590 <name>bugzilla42</name> 4591 <range><ge>4.1.1</ge><lt>4.2.8</lt></range> 4592 </package> 4593 <package> 4594 <name>bugzilla44</name> 4595 <range><ge>4.4.0</ge><lt>4.4.3</lt></range> 4596 </package> 4597 </affects> 4598 <description> 4599 <body xmlns="http://www.w3.org/1999/xhtml"> 4600 <h1>A Bugzilla Security Advisory reports:</h1> 4601 <blockquote cite="http://www.bugzilla.org/security/4.0.11/"> 4602 <p>Dangerous control characters can be inserted into 4603 Bugzilla, notably into bug comments. If the text, which 4604 may look safe, is copied into a terminal such as xterm or 4605 gnome-terminal, then unexpected commands could be executed 4606 on the local machine.</p> 4607 </blockquote> 4608 </body> 4609 </description> 4610 <references> 4611 <url>https://bugzilla.mozilla.org/show_bug.cgi?id=968576</url> 4612 </references> 4613 <dates> 4614 <discovery>2014-04-17</discovery> 4615 <entry>2014-04-18</entry> 4616 <modified>2014-04-18</modified> 4617 </dates> 4618 </vuln> 4619 4620 <vuln vid="abad20bf-c1b4-11e3-a5ac-001b21614864"> 4621 <topic>OpenLDAP -- incorrect handling of NULL in certificate Common Name</topic> 4622 <affects> 4623 <package> 4624 <name>openldap24-client</name> 4625 <range><lt>2.4.18</lt></range> 4626 </package> 4627 <package> 4628 <name>linux-f10-openldap</name> 4629 <range><lt>2.4.18</lt></range> 4630 </package> 4631 </affects> 4632 <description> 4633 <body xmlns="http://www.w3.org/1999/xhtml"> 4634 <p>Jan Lieskovsky reports:</p> 4635 <blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3767"> 4636 <p>OpenLDAP does not properly handle a '\0' character in a domain name 4637 in the subject's Common Name (CN) field of an X.509 certificate, 4638 which allows man-in-the-middle attackers to spoof arbitrary SSL 4639 servers via a crafted certificate issued by a legitimate 4640 Certification Authority</p> 4641 </blockquote> 4642 </body> 4643 </description> 4644 <references> 4645 <cvename>CVE-2009-3767</cvename> 4646 <url>https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3767</url> 4647 </references> 4648 <dates> 4649 <discovery>2009-08-07</discovery> 4650 <entry>2014-04-11</entry> 4651 </dates> 4652 </vuln> 4653 4654 <vuln vid="9aecb94c-c1ad-11e3-a5ac-001b21614864"> 4655 <topic>cURL -- inappropriate GSSAPI delegation</topic> 4656 <affects> 4657 <package> 4658 <name>curl</name> 4659 <range><ge>7.10.6</ge><le>7.21.6</le></range> 4660 </package> 4661 <package> 4662 <name>linux-f10-curl</name> 4663 <range><ge>7.10.6</ge><le>7.21.6</le></range> 4664 </package> 4665 </affects> 4666 <description> 4667 <body xmlns="http://www.w3.org/1999/xhtml"> 4668 <p>cURL reports:</p> 4669 <blockquote cite="http://curl.haxx.se/docs/adv_20110623.html"> 4670 <p>When doing GSSAPI authentication, libcurl unconditionally performs 4671 credential delegation. This hands the server a copy of the client's 4672 security credentials, allowing the server to impersonate the client 4673 to any other using the same GSSAPI mechanism.</p> 4674 </blockquote> 4675 </body> 4676 </description> 4677 <references> 4678 <cvename>CVE-2011-2192</cvename> 4679 <url>http://curl.haxx.se/docs/adv_20110623.html</url> 4680 </references> 4681 <dates> 4682 <discovery>2011-06-23</discovery> 4683 <entry>2014-04-11</entry> 4684 <modified>2014-04-30</modified> 4685 </dates> 4686 </vuln> 4687 4688 <vuln vid="77bb0541-c1aa-11e3-a5ac-001b21614864"> 4689 <topic>dbus-glib -- privledge escalation</topic> 4690 <affects> 4691 <package> 4692 <name>dbus-glib</name> 4693 <range><lt>0.100.1</lt></range> 4694 </package> 4695 <package> 4696 <name>linux-f10-dbus-glib</name> 4697 <range><lt>0.100.1</lt></range> 4698 </package> 4699 </affects> 4700 <description> 4701 <body xmlns="http://www.w3.org/1999/xhtml"> 4702 <p>Sebastian Krahmer reports:</p> 4703 <blockquote cite="https://bugs.freedesktop.org/show_bug.cgi?id=60916"> 4704 <p>A privilege escalation flaw was found in the way dbus-glib, the 4705 D-Bus add-on library to integrate the standard D-Bus library with 4706 the GLib thread abstraction and main loop, performed filtering of 4707 the message sender (message source subject), when the 4708 NameOwnerChanged signal was received. A local attacker could use 4709 this flaw to escalate their privileges.</p> 4710 </blockquote> 4711 </body> 4712 </description> 4713 <references> 4714 <cvename>CVE-2013-0292</cvename> 4715 <url>https://bugs.freedesktop.org/show_bug.cgi?id=60916</url> 4716 </references> 4717 <dates> 4718 <discovery>2013-02-15</discovery> 4719 <entry>2014-04-11</entry> 4720 <modified>2014-04-30</modified> 4721 </dates> 4722 </vuln> 4723 4724 <vuln vid="bf7912f5-c1a8-11e3-a5ac-001b21614864"> 4725 <topic>nas -- multiple vulnerabilities</topic> 4726 <affects> 4727 <package> 4728 <name>nas</name> 4729 <range><lt>1.9.4</lt></range> 4730 </package> 4731 <package> 4732 <name>linux-f10-nas-libs</name> 4733 <range><lt>1.9.4</lt></range> 4734 </package> 4735 </affects> 4736 <description> 4737 <body xmlns="http://www.w3.org/1999/xhtml"> 4738 <p>Hamid Zamani reports:</p> 4739 <blockquote cite="http://radscan.com/pipermail/nas/2013-August/001270.html"> 4740 <p>multiple security problems (buffer overflows, format string 4741 vulnerabilities and missing input sanitising), which could lead to 4742 the execution of arbitrary code.</p> 4743 </blockquote> 4744 </body> 4745 </description> 4746 <references> 4747 <cvename>CVE-2013-4256</cvename> 4748 <cvename>CVE-2013-4257</cvename> 4749 <cvename>CVE-2013-4258</cvename> 4750 <url>http://radscan.com/pipermail/nas/2013-August/001270.html</url> 4751 </references> 4752 <dates> 4753 <discovery>2013-08-07</discovery> 4754 <entry>2014-04-11</entry> 4755 </dates> 4756 </vuln> 4757 4758 <vuln vid="09f47c51-c1a6-11e3-a5ac-001b21614864"> 4759 <topic>libaudiofile -- heap-based overflow in Microsoft ADPCM compression module</topic> 4760 <affects> 4761 <package> 4762 <name>libaudiofile</name> 4763 <range><lt>0.2.7</lt></range> 4764 </package> 4765 <package> 4766 <name>linux-f10-libaudiofile</name> 4767 <range><lt>0.2.7</lt></range> 4768 </package> 4769 </affects> 4770 <description> 4771 <body xmlns="http://www.w3.org/1999/xhtml"> 4772 <p>Debian reports:</p> 4773 <blockquote cite="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510205"> 4774 <p>Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile 4775 0.2.6 allows context-dependent attackers to cause a denial of service 4776 (application crash) or possibly execute arbitrary code via a crafted 4777 WAV file.</p> 4778 </blockquote> 4779 </body> 4780 </description> 4781 <references> 4782 <cvename>CVE-2014-0159</cvename> 4783 <url>https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510205</url> 4784 </references> 4785 <dates> 4786 <discovery>2008-12-30</discovery> 4787 <entry>2014-04-11</entry> 4788 <modified>2014-04-30</modified> 4789 </dates> 4790 </vuln> 4791 4792 <vuln vid="972837fc-c304-11e3-8758-00262d5ed8ee"> 4793 <topic>ChaSen -- buffer overflow</topic> 4794 <affects> 4795 <package> 4796 <name>chasen-base</name> 4797 <range><lt>2.4.5</lt></range> 4798 </package> 4799 <package> 4800 <name>chasen</name> 4801 <range><lt>2.4.5</lt></range> 4802 </package> 4803 </affects> 4804 <description> 4805 <body xmlns="http://www.w3.org/1999/xhtml"> 4806 <p>JVN iPedia reports:</p> 4807 <blockquote cite="http://jvn.jp/en/jp/JVN16901583/index.html"> 4808 <p>ChaSen provided by Nara Institute of Science and Technology is a 4809 software for morphologically analyzing Japanese. ChaSen contains an 4810 issue when reading in strings, which may lead to a buffer 4811 overflow.</p> 4812 <p>An arbitrary script may be executed by an attacker with access to 4813 a system that is running a product listed in "Products 4814 Affected."</p> 4815 </blockquote> 4816 </body> 4817 </description> 4818 <references> 4819 <cvename>CVE-2011-4000</cvename> 4820 <url>http://jvn.jp/en/jp/JVN16901583/index.html</url> 4821 </references> 4822 <dates> 4823 <discovery>2011-11-08</discovery> 4824 <entry>2014-04-13</entry> 4825 </dates> 4826 </vuln> 4827 4828 <vuln vid="7ccd4def-c1be-11e3-9d09-000c2980a9f3"> 4829 <topic>OpenSSL -- Local Information Disclosure</topic> 4830 <affects> 4831 <package> 4832 <name>openssl</name> 4833 <range><ge>1.0.1</ge><lt>1.0.1_10</lt></range> 4834 </package> 4835 <package> 4836 <name>mingw32-openssl</name> 4837 <range><ge>1.0.1</ge><lt>1.0.1g</lt></range> 4838 </package> 4839 <package> 4840 <name>FreeBSD</name> 4841 <range><ge>8.3</ge><lt>8.3_15</lt></range> 4842 <range><ge>8.4</ge><lt>8.4_8</lt></range> 4843 <range><ge>9.1</ge><lt>9.1_11</lt></range> 4844 <range><ge>9.2</ge><lt>9.2_4</lt></range> 4845 <range><ge>10.0</ge><lt>10.0_1</lt></range> 4846 </package> 4847 </affects> 4848 <description> 4849 <body xmlns="http://www.w3.org/1999/xhtml"> 4850 <p>OpenSSL reports:</p> 4851 <blockquote cite="https://www.openssl.org/news/vulnerabilities.html#2014-0076"> 4852 <p>A flaw in the implementation of Montgomery Ladder Approach would 4853 create a side-channel that leaks sensitive timing information.</p> 4854 <p>A local attacker might be able to snoop a signing process and 4855 might recover the signing key from it.</p> 4856 </blockquote> 4857 </body> 4858 </description> 4859 <references> 4860 <cvename>CVE-2014-0076</cvename> 4861 <freebsdsa>SA-14:06.openssl</freebsdsa> 4862 <url>https://www.openssl.org/news/vulnerabilities.html#2014-0076</url> 4863 </references> 4864 <dates> 4865 <discovery>2014-04-07</discovery> 4866 <entry>2014-04-11</entry> 4867 </dates> 4868 </vuln> 4869 4870 <vuln vid="c0c31b27-bff3-11e3-9d09-000c2980a9f3"> 4871 <topic>openafs -- Denial of Service</topic> 4872 <affects> 4873 <package> 4874 <name>openafs</name> 4875 <range><ge>1.4.8</ge><lt>1.6.7</lt></range> 4876 </package> 4877 </affects> 4878 <description> 4879 <body xmlns="http://www.w3.org/1999/xhtml"> 4880 <p>The OpenAFS development team reports:</p> 4881 <blockquote cite="http://openafs.org/security/OPENAFS-SA-2014-001.txt"> 4882 <p>An attacker with the ability to connect to an OpenAFS fileserver can 4883 trigger a buffer overflow, crashing the server.</p> 4884 <p>The buffer overflow can be triggered by sending an unauthenticated 4885 request for file server statistical information.</p> 4886 <p>Clients are not affected.</p> 4887 </blockquote> 4888 </body> 4889 </description> 4890 <references> 4891 <cvename>CVE-2014-0159</cvename> 4892 <url>http://openafs.org/security/OPENAFS-SA-2014-001.txt</url> 4893 </references> 4894 <dates> 4895 <discovery>2014-04-09</discovery> 4896 <entry>2014-04-09</entry> 4897 </dates> 4898 </vuln> 4899 4900 <vuln vid="5631ae98-be9e-11e3-b5e3-c80aa9043978"> 4901 <topic>OpenSSL -- Remote Information Disclosure</topic> 4902 <affects> 4903 <package> 4904 <name>openssl</name> 4905 <range><ge>1.0.1</ge><lt>1.0.1_10</lt></range> 4906 </package> 4907 <package> 4908 <name>mingw32-openssl</name> 4909 <range><ge>1.0.1</ge><lt>1.0.1g</lt></range> 4910 </package> 4911 <package> 4912 <name>FreeBSD</name> 4913 <range><ge>10.0</ge><lt>10.0_1</lt></range> 4914 </package> 4915 </affects> 4916 <description> 4917 <body xmlns="http://www.w3.org/1999/xhtml"> 4918 <p>OpenSSL Reports:</p> 4919 <blockquote cite="https://www.openssl.org/news/secadv_20140407.txt"> 4920 <p>A missing bounds check in the handling of the TLS heartbeat extension can be 4921 used to reveal up to 64k of memory to a connected client or server.</p> 4922 <p>Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately 4923 upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.</p> 4924 </blockquote> 4925 <blockquote cite="http://www.heartbleed.com"> 4926 <p>The bug allows anyone on the Internet to read the memory of the 4927 systems protected by the vulnerable versions of the OpenSSL software. 4928 This compromises the secret keys used to identify the service 4929 providers and to encrypt the traffic, the names and passwords of the 4930 users and the actual content. This allows attackers to eavesdrop 4931 communications, steal data directly from the services and users and 4932 to impersonate services and users.</p> 4933 </blockquote> 4934 <blockquote cite="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:06.openssl.asc"> 4935 <p>The code used to handle the Heartbeat Extension does not do 4936 sufficient boundary checks on record length, which allows reading 4937 beyond the actual payload.</p> 4938 </blockquote> 4939 </body> 4940 </description> 4941 <references> 4942 <cvename>CVE-2014-0160</cvename> 4943 <freebsdsa>SA-14:06.openssl</freebsdsa> 4944 <url>https://www.openssl.org/news/secadv_20140407.txt</url> 4945 <url>https://www.openssl.org/news/vulnerabilities.html#2014-0076</url> 4946 <url>http://www.heartbleed.com</url> 4947 </references> 4948 <dates> 4949 <discovery>2014-04-07</discovery> 4950 <entry>2014-04-07</entry> 4951 <modified>2014-04-11</modified> 4952 </dates> 4953 </vuln> 4954 4955 <vuln vid="ffa7c6e4-bb29-11e3-8136-60a44c524f57"> 4956 <topic>otrs -- Clickjacking issue</topic> 4957 <affects> 4958 <package> 4959 <name>otrs</name> 4960 <range><lt>3.1.21</lt></range> 4961 <range><gt>3.2.*</gt><lt>3.2.16</lt></range> 4962 <range><gt>3.3.*</gt><lt>3.3.6</lt></range> 4963 </package> 4964 </affects> 4965 <description> 4966 <body xmlns="http://www.w3.org/1999/xhtml"> 4967 <p>The OTRS Project reports:</p> 4968 <blockquote cite="http://www.otrs.com/security-advisory-2014-05-clickjacking-issue/"> 4969 <p>An attacker could embed OTRS in a hidden iframe tag of another 4970 page, tricking the user into clicking links in OTRS.</p> 4971 </blockquote> 4972 </body> 4973 </description> 4974 <references> 4975 <url>http://www.w3.org/1999/xhtml</url> 4976 <cvename>CVE-2014-2554</cvename> 4977 </references> 4978 <dates> 4979 <discovery>2014-04-01</discovery> 4980 <entry>2014-04-03</entry> 4981 </dates> 4982 </vuln> 4983 4984 <vuln vid="580cc46b-bb1e-11e3-b144-2c4138874f7d"> 4985 <topic>LibYAML input sanitization errors</topic> 4986 <affects> 4987 <package> 4988 <name>libyaml</name> 4989 <range><lt>0.1.6</lt></range> 4990 </package> 4991 <package> 4992 <name>mingw32-libyaml</name> 4993 <range><lt>0.1.6</lt></range> 4994 </package> 4995 </affects> 4996 <description> 4997 <body xmlns="http://www.w3.org/1999/xhtml"> 4998 <p>oCERT reports:</p> 4999 <blockquote cite="http://www.ocert.org/advisories/ocert-2014-003.html"> 5000 <p>The LibYAML project is an open source YAML 1.1 parser and 5001 emitter written in C.</p> 5002 <p>The library is affected by a heap-based buffer overflow 5003 which can lead to arbitrary code execution. The 5004 vulnerability is caused by lack of proper expansion for the 5005 string passed to the yaml_parser_scan_uri_escapes() 5006 function.</p> 5007 <p>A specially crafted YAML file, with a long sequence of 5008 percent-encoded characters in a URL, can be used to trigger 5009 the overflow.</p> 5010 </blockquote> 5011 </body> 5012 </description> 5013 <references> 5014 <cvename>CVE-2014-2525</cvename> 5015 <url>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2525</url> 5016 </references> 5017 <dates> 5018 <discovery>2014-03-11</discovery> 5019 <entry>2014-03-26</entry> 5020 </dates> 5021 </vuln> 5022 5023 <vuln vid="4e95eb4e-b737-11e3-87cd-f0def10dca57"> 5024 <topic>Icinga -- buffer overflow in classic web interface</topic> 5025 <affects> 5026 <package> 5027 <name>icinga</name> 5028 <range><lt>1.11.1</lt></range> 5029 </package> 5030 </affects> 5031 <description> 5032 <body xmlns="http://www.w3.org/1999/xhtml"> 5033 <p>The Icinga Team reports:</p> 5034 <blockquote cite="https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=73285093b71a5551abdaab0a042d3d6bae093b0d"> 5035 <p>Wrong strlen check against MAX_INPUT_BUFFER without taking '\0' into account [...]</p> 5036 </blockquote> 5037 </body> 5038 </description> 5039 <references> 5040 <cvename>CVE-2014-2386</cvename> 5041 <url>http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2386</url> 5042 </references> 5043 <dates> 5044 <discovery>2014-02-18</discovery> 5045 <entry>2014-03-29</entry> 5046 </dates> 5047 </vuln> 5048 5049 <vuln vid="7e61a839-b714-11e3-8195-001966155bea"> 5050 <topic>file -- out-of-bounds access in search rules with offsets from input file</topic> 5051 <affects> 5052 <package> 5053 <name>file</name> 5054 <range><lt>5.18</lt></range> 5055 </package> 5056 </affects> 5057 <description> 5058 <body xmlns="http://www.w3.org/1999/xhtml"> 5059 <p>Aaron Reffett reports:</p> 5060 <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270"> 5061 <p>softmagic.c in file ... and libmagic allows context-dependent 5062 attackers to cause a denial of service (out-of-bounds memory access and 5063 crash) via crafted offsets in the softmagic of a PE executable.</p> 5064 </blockquote> 5065 </body> 5066 </description> 5067 <references> 5068 <cvename>CVE-2014-2270</cvename> 5069 <url>http://bugs.gw.com/view.php?id=31</url> 5070 </references> 5071 <dates> 5072 <discovery>2013-12-20</discovery> 5073 <entry>2014-03-29</entry> 5074 </dates> 5075 </vuln> 5076 5077 <vuln vid="9fa1a0ac-b2e0-11e3-bb07-6cf0490a8c18"> 5078 <topic>Joomla! -- Core - Multiple Vulnerabilities</topic> 5079 <affects> 5080 <package> 5081 <name>joomla2</name> 5082 <range><ge>2.5.*</ge><le>2.5.18</le></range> 5083 </package> 5084 <package> 5085 <name>joomla3</name> 5086 <range><ge>3.0.*</ge><le>3.2.2</le></range> 5087 </package> 5088 </affects> 5089 <description> 5090 <body xmlns="http://www.w3.org/1999/xhtml"> 5091 <p>The JSST and the Joomla! Security Center report:</p> 5092 <blockquote cite="http://developer.joomla.org/security/578-20140301-core-sql-injection.html"> 5093 <h2>[20140301] - Core - SQL Injection</h2> 5094 <p>Inadequate escaping leads to SQL injection vulnerability.</p> 5095 </blockquote> 5096 <blockquote cite="http://developer.joomla.org/security/579-20140302-core-xss-vulnerability.html"> 5097 <h2>[20140302] - Core - XSS Vulnerability</h2> 5098 <p>Inadequate escaping leads to XSS vulnerability in com_contact.</p> 5099 </blockquote> 5100 <blockquote cite="http://developer.joomla.org/security/580-20140303-core-xss-vulnerability.html"> 5101 <h2>[20140303] - Core - XSS Vulnerability</h2> 5102 <p>Inadequate escaping leads to XSS vulnerability.</p> 5103 </blockquote> 5104 <blockquote cite="http://developer.joomla.org/security/581-20140304-core-unauthorised-logins.html"> 5105 <h2>[20140304] - Core - Unauthorised Logins</h2> 5106 <p>Inadequate checking allowed unauthorised logins via GMail authentication.</p> 5107 </blockquote> 5108 </body> 5109 </description> 5110 <references> 5111 <url>http://developer.joomla.org/security/578-20140301-core-sql-injection.html</url> 5112 <url>http://developer.joomla.org/security/579-20140302-core-xss-vulnerability.html</url> 5113 <url>http://developer.joomla.org/security/580-20140303-core-xss-vulnerability.html</url> 5114 <url>http://developer.joomla.org/security/581-20140304-core-unauthorised-logins.html</url> 5115 </references> 5116 <dates> 5117 <discovery>2014-03-01</discovery> 5118 <entry>2014-03-23</entry> 5119 <modified>2014-04-30</modified> 5120 </dates> 5121 </vuln> 5122 5123 <vuln vid="36f9ac43-b2ac-11e3-8752-080027ef73ec"> 5124 <topic>mail/trojita -- may leak mail contents (not user credentials) over unencrypted connection</topic> 5125 <affects> 5126 <package> 5127 <name>trojita</name> 5128 <range><lt>0.4.1</lt></range> 5129 </package> 5130 </affects> 5131 <description> 5132 <body xmlns="http://www.w3.org/1999/xhtml"> 5133 <p>Jan Kundrát reports:</p> 5134 <blockquote cite="http://jkt.flaska.net/blog/Trojita_0_4_1__a_security_update_for_CVE_2014_2567.html"> 5135 <p>An SSL stripping vulnerability was discovered in Trojitá, a fast Qt 5136 IMAP e-mail client. User's credentials are never leaked, but if a 5137 user tries to send an e-mail, the automatic saving into the "sent" 5138 or "draft" folders could happen over a plaintext connection even if 5139 the user's preferences specify STARTTLS as a requirement.</p> 5140 </blockquote> 5141 </body> 5142 </description> 5143 <references> 5144 <cvename>CVE-2014-2567</cvename> 5145 <url>http://jkt.flaska.net/blog/Trojita_0_4_1__a_security_update_for_CVE_2014_2567.html</url> 5146 </references> 5147 <dates> 5148 <discovery>2014-03-20</discovery> 5149 <entry>2014-03-23</entry> 5150 </dates> 5151 </vuln> 5152 5153 <vuln vid="da4b89ad-b28f-11e3-99ca-f0def16c5c1b"> 5154 <topic>nginx-devel -- SPDY heap buffer overflow</topic> 5155 <affects> 5156 <package> 5157 <name>nginx-devel</name> 5158 <range><ge>1.3.15</ge><lt>1.5.12</lt></range> 5159 </package> 5160 </affects> 5161 <description> 5162 <body xmlns="http://www.w3.org/1999/xhtml"> 5163 <p>The nginx project reports:</p> 5164 <blockquote cite="http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html"> 5165 <p>A bug in the experimental SPDY implementation in nginx was found, which 5166 might allow an attacker to cause a heap memory buffer overflow in a 5167 worker process by using a specially crafted request, potentially 5168 resulting in arbitrary code execution (CVE-2014-0133).</p> 5169 5170 <p>The problem affects nginx 1.3.15 - 1.5.11, compiled with the 5171 ngx_http_spdy_module module (which is not compiled by default) and 5172 without --with-debug configure option, if the "spdy" option of the 5173 "listen" directive is used in a configuration file.</p> 5174 5175 <p>The problem is fixed in nginx 1.5.12, 1.4.7.</p> 5176 </blockquote> 5177 </body> 5178 </description> 5179 <references> 5180 <cvename>CVE-2014-0133</cvename> 5181 <url>http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html</url> 5182 </references> 5183 <dates> 5184 <discovery>2014-03-18</discovery> 5185 <entry>2014-03-23</entry> 5186 </dates> 5187 </vuln> 5188 5189 <vuln vid="fc28df92-b233-11e3-99ca-f0def16c5c1b"> 5190 <topic>nginx -- SPDY heap buffer overflow</topic> 5191 <affects> 5192 <package> 5193 <name>nginx</name> 5194 <range><lt>1.4.7</lt></range> 5195 </package> 5196 </affects> 5197 <description> 5198 <body xmlns="http://www.w3.org/1999/xhtml"> 5199 <p>The nginx project reports:</p> 5200 <blockquote cite="http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html"> 5201 <p>A bug in the experimental SPDY implementation in nginx was found, which 5202 might allow an attacker to cause a heap memory buffer overflow in a 5203 worker process by using a specially crafted request, potentially 5204 resulting in arbitrary code execution (CVE-2014-0133).</p> 5205 5206 <p>The problem affects nginx 1.3.15 - 1.5.11, compiled with the 5207 ngx_http_spdy_module module (which is not compiled by default) and 5208 without --with-debug configure option, if the "spdy" option of the 5209 "listen" directive is used in a configuration file.</p> 5210 5211 <p>The problem is fixed in nginx 1.5.12, 1.4.7.</p> 5212 </blockquote> 5213 </body> 5214 </description> 5215 <references> 5216 <cvename>CVE-2014-0133</cvename> 5217 <url>http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html</url> 5218 </references> 5219 <dates> 5220 <discovery>2014-03-18</discovery> 5221 <entry>2014-03-23</entry> 5222 </dates> 5223 </vuln> 5224 5225 <vuln vid="91ecb546-b1e6-11e3-980f-20cf30e32f6d"> 5226 <topic>apache -- several vulnerabilities</topic> 5227 <affects> 5228 <package> 5229 <name>apache24</name> 5230 <range><gt>2.4.0</gt><lt>2.4.9</lt></range> 5231 </package> 5232 <package> 5233 <name>apache22</name> 5234 <range><gt>2.2.0</gt><lt>2.2.27</lt></range> 5235 </package> 5236 <package> 5237 <name>apache22-event-mpm</name> 5238 <range><gt>2.2.0</gt><lt>2.2.27</lt></range> 5239 </package> 5240 <package> 5241 <name>apache22-itk-mpm</name> 5242 <range><gt>2.2.0</gt><lt>2.2.27</lt></range> 5243 </package> 5244 <package> 5245 <name>apache22-peruser-mpm</name> 5246 <range><gt>2.2.0</gt><lt>2.2.27</lt></range> 5247 </package> 5248 <package> 5249 <name>apache22-worker-mpm</name> 5250 <range><gt>2.2.0</gt><lt>2.2.27</lt></range> 5251 </package> 5252 </affects> 5253 <description> 5254 <body xmlns="http://www.w3.org/1999/xhtml"> 5255 <h1>Apache HTTP SERVER PROJECT reports:</h1> 5256 <blockquote cite="http://www.apache.org/dist/httpd/CHANGES_2.2.27"> 5257 <p>Clean up cookie logging with fewer redundant string parsing passes. 5258 Log only cookies with a value assignment. Prevents segfaults when 5259 logging truncated cookies.</p> 5260 <p>mod_dav: Keep track of length of cdata properly when removing leading 5261 spaces. Eliminates a potential denial of service from specifically 5262 crafted DAV WRITE requests.</p> 5263 </blockquote> 5264 </body> 5265 </description> 5266 <references> 5267 <cvename>CVE-2014-0098</cvename> 5268 <cvename>CVE-2013-6438</cvename> 5269 </references> 5270 <dates> 5271 <discovery>2014-02-25</discovery> 5272 <entry>2014-03-22</entry> 5273 </dates> 5274 </vuln> 5275 5276 <vuln vid="610de647-af8d-11e3-a25b-b4b52fce4ce8"> 5277 <topic>mozilla -- multiple vulnerabilities</topic> 5278 <affects> 5279 <package> 5280 <name>firefox</name> 5281 <range><lt>28.0,1</lt></range> 5282 </package> 5283 <package> 5284 <name>firefox-esr</name> 5285 <range><lt>24.4.0,1</lt></range> 5286 </package> 5287 <package> 5288 <name>linux-firefox</name> 5289 <range><lt>28.0,1</lt></range> 5290 </package> 5291 <package> 5292 <name>linux-seamonkey</name> 5293 <range><lt>2.25</lt></range> 5294 </package> 5295 <package> 5296 <name>linux-thunderbird</name> 5297 <range><lt>24.4.0</lt></range> 5298 </package> 5299 <package> 5300 <name>seamonkey</name> 5301 <range><lt>2.25</lt></range> 5302 </package> 5303 <package> 5304 <name>thunderbird</name> 5305 <range><lt>24.4.0</lt></range> 5306 </package> 5307 </affects> 5308 <description> 5309 <body xmlns="http://www.w3.org/1999/xhtml"> 5310 <p>The Mozilla Project reports:</p> 5311 <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> 5312 <p>MFSA 2014-15 Miscellaneous memory safety hazards 5313 (rv:28.0 / rv:24.4)</p> 5314 <p>MFSA 2014-16 Files extracted during updates are not always 5315 read only</p> 5316 <p>MFSA 2014-17 Out of bounds read during WAV file decoding</p> 5317 <p>MFSA 2014-18 crypto.generateCRMFRequest does not validate 5318 type of key</p> 5319 <p>MFSA 2014-19 Spoofing attack on WebRTC permission prompt</p> 5320 <p>MFSA 2014-20 onbeforeunload and Javascript navigation DOS</p> 5321 <p>MFSA 2014-21 Local file access via Open Link in new tab</p> 5322 <p>MFSA 2014-22 WebGL content injection from one domain to 5323 rendering in another</p> 5324 <p>MFSA 2014-23 Content Security Policy for data: documents 5325 not preserved by session restore</p> 5326 <p>MFSA 2014-24 Android Crash Reporter open to manipulation</p> 5327 <p>MFSA 2014-25 Firefox OS DeviceStorageFile object vulnerable 5328 to relative path escape</p> 5329 <p>MFSA 2014-26 Information disclosure through polygon 5330 rendering in MathML</p> 5331 <p>MFSA 2014-27 Memory corruption in Cairo during PDF font 5332 rendering</p> 5333 <p>MFSA 2014-28 SVG filters information disclosure through 5334 feDisplacementMap</p> 5335 <p>MFSA 2014-29 Privilege escalation using WebIDL-implemented 5336 APIs</p> 5337 <p>MFSA 2014-30 Use-after-free in TypeObject</p> 5338 <p>MFSA 2014-31 Out-of-bounds read/write through neutering 5339 ArrayBuffer objects</p> 5340 <p>MFSA 2014-32 Out-of-bounds write through TypedArrayObject 5341 after neutering</p> 5342 </blockquote> 5343 </body> 5344 </description> 5345 <references> 5346 <cvename>CVE-2014-1493</cvename> 5347 <cvename>CVE-2014-1494</cvename> 5348 <cvename>CVE-2014-1496</cvename> 5349 <cvename>CVE-2014-1497</cvename> 5350 <cvename>CVE-2014-1498</cvename> 5351 <cvename>CVE-2014-1499</cvename> 5352 <cvename>CVE-2014-1500</cvename> 5353 <cvename>CVE-2014-1501</cvename> 5354 <cvename>CVE-2014-1502</cvename> 5355 <cvename>CVE-2014-1504</cvename> 5356 <cvename>CVE-2014-1505</cvename> 5357 <cvename>CVE-2014-1506</cvename> 5358 <cvename>CVE-2014-1507</cvename> 5359 <cvename>CVE-2014-1508</cvename> 5360 <cvename>CVE-2014-1509</cvename> 5361 <cvename>CVE-2014-1510</cvename> 5362 <cvename>CVE-2014-1511</cvename> 5363 <cvename>CVE-2014-1512</cvename> 5364 <cvename>CVE-2014-1513</cvename> 5365 <cvename>CVE-2014-1514</cvename> 5366 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-15.html</url> 5367 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-16.html</url> 5368 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-17.html</url> 5369 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-18.html</url> 5370 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-19.html</url> 5371 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-20.html</url> 5372 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-21.html</url> 5373 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-22.html</url> 5374 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-23.html</url> 5375 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-24.html</url> 5376 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-25.html</url> 5377 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-26.html</url> 5378 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-27.html</url> 5379 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-28.html</url> 5380 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-29.html</url> 5381 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-30.html</url> 5382 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-31.html</url> 5383 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-32.html</url> 5384 <url>http://www.mozilla.org/security/known-vulnerabilities/</url> 5385 </references> 5386 <dates> 5387 <discovery>2014-03-19</discovery> 5388 <entry>2014-03-19</entry> 5389 <modified>2014-03-20</modified> 5390 </dates> 5391 </vuln> 5392 5393 <vuln vid="eb426e82-ab68-11e3-9d09-000c2980a9f3"> 5394 <topic>mutt -- denial of service, potential remote code execution</topic> 5395 <affects> 5396 <package> 5397 <name>mutt</name> 5398 <range><lt>1.5.23</lt></range> 5399 </package> 5400 </affects> 5401 <description> 5402 <body xmlns="http://www.w3.org/1999/xhtml"> 5403 <p>Beatrice Torracca and Evgeni Golov report:</p> 5404 <blockquote cite="http://www.securityfocus.com/archive/1/531431"> 5405 <p>A buffer overflow has been discovered that could result in 5406 denial of service or potential execution of arbitrary code.</p> 5407 <p>This condition can be triggered by malformed RFC2047 header 5408 lines</p> 5409 </blockquote> 5410 </body> 5411 </description> 5412 <references> 5413 <cvename>CVE-2014-0467</cvename> 5414 <url>http://packetstormsecurity.com/files/cve/CVE-2014-0467</url> 5415 <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0467</url> 5416 </references> 5417 <dates> 5418 <discovery>2014-03-12</discovery> 5419 <entry>2014-03-14</entry> 5420 </dates> 5421 </vuln> 5422 5423 <vuln vid="777d7b9e-ab02-11e3-841e-60a44c524f57"> 5424 <topic>wemux -- read-only can be bypassed</topic> 5425 <affects> 5426 <package> 5427 <name>wemux</name> 5428 <range><lt>3.2.0</lt></range> 5429 </package> 5430 </affects> 5431 <description> 5432 <body xmlns="http://www.w3.org/1999/xhtml"> 5433 <p>JonApps reports:</p> 5434 <blockquote cite="https://github.com/zolrath/wemux/issues/36"> 5435 <p>The read-only mode can be bypassed and any command sent to bash session</p> 5436 </blockquote> 5437 </body> 5438 </description> 5439 <references> 5440 <url>https://github.com/zolrath/wemux/issues/36</url> 5441 </references> 5442 <dates> 5443 <discovery>2013-12-24</discovery> 5444 <entry>2014-03-13</entry> 5445 </dates> 5446 </vuln> 5447 5448 <vuln vid="03e48bf5-a96d-11e3-a556-3c970e169bc2"> 5449 <topic>samba -- multiple vulnerabilities</topic> 5450 <affects> 5451 <package> 5452 <name>samba34</name> 5453 <range><gt>0</gt></range> 5454 </package> 5455 <package> 5456 <name>samba35</name> 5457 <range><gt>0</gt></range> 5458 </package> 5459 <package> 5460 <name>samba36</name> 5461 <range><gt>3.6.*</gt><lt>3.6.23</lt></range> 5462 </package> 5463 <package> 5464 <name>samba4</name> 5465 <range><gt>4.0.*</gt><lt>4.0.16</lt></range> 5466 </package> 5467 <package> 5468 <name>samba41</name> 5469 <range><gt>4.1.*</gt><lt>4.1.6</lt></range> 5470 </package> 5471 </affects> 5472 <description> 5473 <body xmlns="http://www.w3.org/1999/xhtml"> 5474 <p>Samba project reports:</p> 5475 <blockquote cite="http://www.samba.org/samba/security/CVE-2013-4496"> 5476 <p>In Samba's SAMR server we neglect to ensure that attempted 5477 password changes will update the bad password count, nor set 5478 the lockout flags. This would allow a user unlimited attempts 5479 against the password by simply calling ChangePasswordUser2 5480 repeatedly.</p> 5481 <p>This is available without any other authentication.</p> 5482 </blockquote> 5483 <blockquote cite="http://www.samba.org/samba/security/CVE-2013-6442"> 5484 <p>smbcacls can remove a file or directory ACL by mistake.</p> 5485 </blockquote> 5486 </body> 5487 </description> 5488 <references> 5489 <cvename>CVE-2013-4496</cvename> 5490 <cvename>CVE-2013-6442</cvename> 5491 <url>http://www.samba.org/samba/security/CVE-2013-4496</url> 5492 <url>http://www.samba.org/samba/security/CVE-2013-6442</url> 5493 </references> 5494 <dates> 5495 <discovery>2014-03-11</discovery> 5496 <entry>2014-03-11</entry> 5497 </dates> 5498 </vuln> 5499 5500 <vuln vid="03159886-a8a3-11e3-8f36-0025905a4771"> 5501 <topic>asterisk -- multiple vulnerabilities</topic> 5502 <affects> 5503 <package> 5504 <name>asterisk11</name> 5505 <range><lt>11.8.1</lt></range> 5506 </package> 5507 <package> 5508 <name>asterisk18</name> 5509 <range><lt>1.8.26.1</lt></range> 5510 </package> 5511 </affects> 5512 <description> 5513 <body xmlns="http://www.w3.org/1999/xhtml"> 5514 <p>The Asterisk project reports:</p> 5515 <blockquote cite="https://www.asterisk.org/security"> 5516 <p>Stack Overflow in HTTP Processing of Cookie Headers. Sending a HTTP 5517 request that is handled by Asterisk with a large number of Cookie 5518 headers could overflow the stack. You could even exhaust memory if you 5519 sent an unlimited number of headers in the request.</p> 5520 <p>Denial of Service Through File Descriptor Exhaustion with chan_sip 5521 Session-Timers. An attacker can use all available file descriptors 5522 using SIP INVITE requests. Asterisk will respond with code 400, 420, 5523 or 422 for INVITEs meeting this criteria. 5524 Each INVITE meeting these conditions will leak a channel and several 5525 file descriptors. The file descriptors cannot be released without 5526 restarting Asterisk which may allow intrusion detection systems to be 5527 bypassed by sending the requests slowly.</p> 5528 <p>Remote Crash Vulnerability in PJSIP channel driver. A remotely 5529 exploitable crash vulnerability exists in the PJSIP channel driver if 5530 the "qualify_frequency" configuration option is enabled on an AOR and 5531 the remote SIP server challenges for authentication of the resulting 5532 OPTIONS request. The response handling code wrongly assumes that a 5533 PJSIP endpoint will always be associated with an outgoing request which 5534 is incorrect.</p> 5535 </blockquote> 5536 </body> 5537 </description> 5538 <references> 5539 <cvename>CVE-2014-2286</cvename> 5540 <cvename>CVE-2014-2287</cvename> 5541 <cvename>CVE-2014-2288</cvename> 5542 <url>http://downloads.asterisk.org/pub/security/AST-2014-001.pdf</url> 5543 <url>http://downloads.asterisk.org/pub/security/AST-2014-002.pdf</url> 5544 <url>http://downloads.asterisk.org/pub/security/AST-2014-003.pdf</url> 5545 <url>https://www.asterisk.org/security</url> 5546 </references> 5547 <dates> 5548 <discovery>2014-03-10</discovery> 5549 <entry>2014-03-10</entry> 5550 </dates> 5551 </vuln> 5552 5553 <vuln vid="1a0de610-a761-11e3-95fe-bcaec565249c"> 5554 <topic>freetype2 -- Out of bounds read/write</topic> 5555 <affects> 5556 <package> 5557 <name>freetype2</name> 5558 <range><lt>2.5.3</lt></range> 5559 </package> 5560 </affects> 5561 <description> 5562 <body xmlns="http://www.w3.org/1999/xhtml"> 5563 <p>Mateusz Jurczyk reports:</p> 5564 <blockquote cite="http://savannah.nongnu.org/bugs/?41697"> 5565 <p>Out of bounds stack-based read/write in 5566 cf2_hintmap_build.</p> 5567 <p>This is a critical vulnerability in the CFF Rasterizer 5568 code recently contributed by Adobe, leading to potential 5569 arbitrary code execution in the context of the FreeType2 5570 library client.</p> 5571 </blockquote> 5572 </body> 5573 </description> 5574 <references> 5575 <url>http://savannah.nongnu.org/bugs/?41697</url> 5576 </references> 5577 <dates> 5578 <discovery>2014-02-25</discovery> 5579 <entry>2014-03-09</entry> 5580 </dates> 5581 </vuln> 5582 5583 <vuln vid="20e23b65-a52e-11e3-ae3a-00224d7c32a2"> 5584 <topic>xmms -- Integer Overflow And Underflow Vulnerabilities</topic> 5585 <affects> 5586 <package> 5587 <name>xmms</name> 5588 <range><le>1.2.11_20</le></range> 5589 </package> 5590 </affects> 5591 <description> 5592 <body xmlns="http://www.w3.org/1999/xhtml"> 5593 <p>Secunia reports:</p> 5594 <blockquote cite="http://secunia.com/secunia_research/2007-47/advisory/"> 5595 <p>Secunia Research has discovered two vulnerabilities in XMMS, which can 5596 be exploited by malicious people to compromise a user's system.</p> 5597 5598 <p>1) An integer underflow error exists in the processing of skin bitmap 5599 images. This can be exploited to cause a stack-based buffer overflow 5600 via specially crafted skin images containing manipulated header 5601 information.</p> 5602 5603 <p>Successful exploitation allows execution of arbitrary code.</p> 5604 5605 <p>2) An integer overflow error exists in the processing of skin bitmap 5606 images. This can be exploited to cause memory corruption via specially 5607 crafted skin images containing manipulated header information.</p> 5608 5609 <p>Successful exploitation may allow the execution of arbitrary code.</p> 5610 </blockquote> 5611 </body> 5612 </description> 5613 <references> 5614 <cvename>CVE-2007-0653</cvename> 5615 <cvename>CVE-2007-0654</cvename> 5616 </references> 5617 <dates> 5618 <discovery>2007-02-06</discovery> 5619 <entry>2014-03-06</entry> 5620 </dates> 5621 </vuln> 5622 5623 <vuln vid="89db3b31-a4c3-11e3-978f-f0def16c5c1b"> 5624 <topic>nginx -- SPDY memory corruption</topic> 5625 <affects> 5626 <package> 5627 <name>nginx-devel</name> 5628 <range><eq>1.5.10</eq></range> 5629 </package> 5630 </affects> 5631 <description> 5632 <body xmlns="http://www.w3.org/1999/xhtml"> 5633 <p>The nginx project reports:</p> 5634 <blockquote cite="http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html"> 5635 <p>A bug in the experimental SPDY implementation in nginx 1.5.10 was found, 5636 which might allow an attacker to corrupt worker process memory by using 5637 a specially crafted request, potentially resulting in arbitrary code 5638 execution (CVE-2014-0088).</p> 5639 5640 <p>The problem only affects nginx 1.5.10 on 32-bit platforms, compiled with 5641 the ngx_http_spdy_module module (which is not compiled by default), if 5642 the "spdy" option of the "listen" directive is used in a configuration 5643 file.</p> 5644 </blockquote> 5645 </body> 5646 </description> 5647 <references> 5648 <cvename>CVE-2014-0088</cvename> 5649 <url>http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html</url> 5650 </references> 5651 <dates> 5652 <discovery>2014-03-04</discovery> 5653 <entry>2014-03-06</entry> 5654 </dates> 5655 </vuln> 5656 5657 <vuln vid="f645aa90-a3e8-11e3-a422-3c970e169bc2"> 5658 <topic>gnutls -- multiple certificate verification issues</topic> 5659 <affects> 5660 <package> 5661 <name>gnutls</name> 5662 <range><lt>2.12.23_4</lt></range> 5663 </package> 5664 <package> 5665 <name>linux-f10-gnutls</name> 5666 <range><lt>2.12.23_4</lt></range> 5667 </package> 5668 <package> 5669 <name>gnutls-devel</name> 5670 <range><lt>3.1.22</lt></range> 5671 <range><gt>3.2.0</gt><lt>3.2.12</lt></range> 5672 </package> 5673 <package> 5674 <name>gnutls3</name> 5675 <range><lt>3.1.22</lt></range> 5676 <range><gt>3.2.0</gt><lt>3.2.12</lt></range> 5677 </package> 5678 </affects> 5679 <description> 5680 <body xmlns="http://www.w3.org/1999/xhtml"> 5681 <p>GnuTLS project reports:</p> 5682 <blockquote cite="http://www.gnutls.org/security.html#GNUTLS-SA-2014-2"> 5683 <p>A vulnerability was discovered that affects the 5684 certificate verification functions of all gnutls 5685 versions. A specially crafted certificate could 5686 bypass certificate validation checks. The 5687 vulnerability was discovered during an audit of 5688 GnuTLS for Red Hat.</p> 5689 </blockquote> 5690 <blockquote cite="http://www.gnutls.org/security.html#GNUTLS-SA-2014-1"> 5691 <p>Suman Jana reported a vulnerability that affects 5692 the certificate verification functions of 5693 gnutls 2.11.5 and later versions. A version 1 5694 intermediate certificate will be considered as 5695 a CA certificate by default (something that 5696 deviates from the documented behavior).</p> 5697 </blockquote> 5698 </body> 5699 </description> 5700 <references> 5701 <cvename>CVE-2014-0092</cvename> 5702 <cvename>CVE-2014-1959</cvename> 5703 <url>http://www.gnutls.org/security.html#GNUTLS-SA-2014-1</url> 5704 <url>http://www.gnutls.org/security.html#GNUTLS-SA-2014-2</url> 5705 </references> 5706 <dates> 5707 <discovery>2014-03-03</discovery> 5708 <entry>2014-03-04</entry> 5709 <modified>2014-04-30</modified> 5710 </dates> 5711 </vuln> 5712 5713 <vuln vid="815dbcf9-a2d6-11e3-8088-002590860428"> 5714 <topic>file -- denial of service</topic> 5715 <affects> 5716 <package> 5717 <name>file</name> 5718 <range><lt>5.17</lt></range> 5719 </package> 5720 </affects> 5721 <description> 5722 <body xmlns="http://www.w3.org/1999/xhtml"> 5723 <p>The Fine Free file project reports:</p> 5724 <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943"> 5725 <p>file before 5.17 allows context-dependent attackers to 5726 cause a denial of service (infinite recursion, CPU consumption, and 5727 crash) via a crafted indirect offset value in the magic of a file.</p> 5728 </blockquote> 5729 </body> 5730 </description> 5731 <references> 5732 <cvename>CVE-2014-1943</cvename> 5733 <mlist>http://mx.gw.com/pipermail/file/2014/001327.html</mlist> 5734 </references> 5735 <dates> 5736 <discovery>2014-02-16</discovery> 5737 <entry>2014-03-03</entry> 5738 </dates> 5739 </vuln> 5740 5741 <vuln vid="8e5e6d42-a0fa-11e3-b09a-080027f2d077"> 5742 <topic>Python -- buffer overflow in socket.recvfrom_into()</topic> 5743 <affects> 5744 <package> 5745 <name>python27</name> 5746 <range><le>2.7.6_3</le></range> 5747 </package> 5748 <package> 5749 <name>python31</name> 5750 <range><le>3.1.5_10</le></range> 5751 </package> 5752 <package> 5753 <name>python32</name> 5754 <range><le>3.2.5_7</le></range> 5755 </package> 5756 <package> 5757 <name>python33</name> 5758 <range><le>3.3.3_2</le></range> 5759 </package> 5760 </affects> 5761 <description> 5762 <body xmlns="http://www.w3.org/1999/xhtml"> 5763 <p>Vincent Danen via Red Hat Issue Tracker reports:</p> 5764 <blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=1062370"> 5765 <p>A vulnerability was reported in Python's socket module, due to a 5766 boundary error within the sock_recvfrom_into() function, which could be 5767 exploited to cause a buffer overflow. This could be used to crash a 5768 Python application that uses the socket.recvfrom_info() function or, 5769 possibly, execute arbitrary code with the permissions of the user 5770 running vulnerable Python code.</p> 5771 5772 <p>This vulnerable function, socket.recvfrom_into(), was introduced in 5773 Python 2.5. Earlier versions are not affected by this flaw.</p> 5774 </blockquote> 5775 </body> 5776 </description> 5777 <references> 5778 <bid>65379</bid> 5779 <cvename>CVE-2014-1912</cvename> 5780 <mlist>https://mail.python.org/pipermail/python-dev/2014-February/132758.html</mlist> 5781 <url>http://bugs.python.org/issue20246</url> 5782 <url>https://bugzilla.redhat.com/show_bug.cgi?id=1062370</url> 5783 </references> 5784 <dates> 5785 <discovery>2014-01-14</discovery> 5786 <entry>2014-03-01</entry> 5787 </dates> 5788 </vuln> 5789 5790 <vuln vid="1839f78c-9f2b-11e3-980f-20cf30e32f6d"> 5791 <topic>subversion -- mod_dav_svn vulnerability</topic> 5792 <affects> 5793 <package> 5794 <name>subversion</name> 5795 <range><ge>1.3.0</ge><lt>1.7.16</lt></range> 5796 <range><ge>1.8.0</ge><lt>1.8.8</lt></range> 5797 </package> 5798 <package> 5799 <name>subversion16</name> 5800 <range><ge>1.3.0</ge><lt>1.7.16</lt></range> 5801 </package> 5802 <package> 5803 <name>subversion17</name> 5804 <range><ge>1.3.0</ge><lt>1.7.16</lt></range> 5805 </package> 5806 </affects> 5807 <description> 5808 <body xmlns="http://www.w3.org/1999/xhtml"> 5809 <p>Subversion Project reports:</p> 5810 <blockquote cite="http://subversion.apache.org/security/"> 5811 <p>Subversion's mod_dav_svn Apache HTTPD server module will crash when it 5812 receives an OPTIONS request against the server root and Subversion is 5813 configured to handle the server root and SVNListParentPath is on. 5814 This can lead to a DoS. There are no known instances of this 5815 problem being exploited in the wild, but the details of how to exploit 5816 it have been disclosed on the Subversion development mailing list.</p> 5817 </blockquote> 5818 </body> 5819 </description> 5820 <references> 5821 <url>CVE-2014-0032</url> 5822 <url>https://subversion.apache.org/security/CVE-2014-0032-advisory.txt</url> 5823 </references> 5824 <dates> 5825 <discovery>2014-01-10</discovery> 5826 <entry>2014-02-26</entry> 5827 <modified>2014-04-30</modified> 5828 </dates> 5829 </vuln> 5830 5831 <vuln vid="70b72a52-9e54-11e3-babe-60a44c524f57"> 5832 <topic>otrs -- XSS Issue</topic> 5833 <affects> 5834 <package> 5835 <name>otrs</name> 5836 <range><lt>3.1.20</lt></range> 5837 <range><gt>3.2.*</gt><lt>3.2.15</lt></range> 5838 <range><gt>3.3.*</gt><lt>3.3.5</lt></range> 5839 </package> 5840 </affects> 5841 <description> 5842 <body xmlns="http://www.w3.org/1999/xhtml"> 5843 <p>The OTRS Project reports:</p> 5844 <blockquote cite="https://www.otrs.com/security-advisory-2014-03-xss-issue/"> 5845 <p>An attacker could send a specially prepared HTML email to OTRS. If 5846he can then trick an agent into following a special link to display this email, 5847JavaScript code would be executed.</p> 5848 </blockquote> 5849 </body> 5850 </description> 5851 <references> 5852 <url>https://www.otrs.com/security-advisory-2014-03-xss-issue/</url> 5853 <cvename>CVE-2014-1695</cvename> 5854 </references> 5855 <dates> 5856 <discovery>2014-02-25</discovery> 5857 <entry>2014-02-25</entry> 5858 </dates> 5859 </vuln> 5860 5861 <vuln vid="42d42090-9a4d-11e3-b029-08002798f6ff"> 5862 <topic>PostgreSQL -- multiple privilege issues</topic> 5863 <affects> 5864 <package> 5865 <name>postgresql-server</name> 5866 <range><lt>8.4.20</lt></range> 5867 <range><ge>9.0.0</ge><lt>9.0.16</lt></range> 5868 <range><ge>9.1.0</ge><lt>9.1.12</lt></range> 5869 <range><ge>9.2.0</ge><lt>9.2.7</lt></range> 5870 <range><ge>9.3.0</ge><lt>9.3.3</lt></range> 5871 </package> 5872 </affects> 5873 <description> 5874 <body xmlns="http://www.w3.org/1999/xhtml"> 5875 <p>PostgreSQL Project reports:</p> 5876 <blockquote cite="http://www.postgresql.org/about/news/1506/"> 5877 <p>This update fixes CVE-2014-0060, in which PostgreSQL did not 5878 properly enforce the WITH ADMIN OPTION permission for ROLE management. 5879 Before this fix, any member of a ROLE was able to grant others access 5880 to the same ROLE regardless if the member was given the WITH ADMIN 5881 OPTION permission. It also fixes multiple privilege escalation issues, 5882 including: CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, 5883 CVE-2014-0065, and CVE-2014-0066. More information on these issues can 5884 be found on our security page and the security issue detail wiki page. 5885 </p> 5886 <p> 5887 With this release, we are also alerting users to a known security hole 5888 that allows other users on the same machine to gain access to an 5889 operating system account while it is doing "make check": 5890 CVE-2014-0067. "Make check" is normally part of building PostgreSQL 5891 from source code. As it is not possible to fix this issue without 5892 causing significant issues to our testing infrastructure, a patch will 5893 be released separately and publicly. Until then, users are strongly 5894 advised not to run "make check" on machines where untrusted users have 5895 accounts.</p> 5896 </blockquote> 5897 </body> 5898 </description> 5899 <references> 5900 <cvename>CVE-2014-0060</cvename> 5901 <cvename>CVE-2014-0061</cvename> 5902 <cvename>CVE-2014-0062</cvename> 5903 <cvename>CVE-2014-0063</cvename> 5904 <cvename>CVE-2014-0064</cvename> 5905 <cvename>CVE-2014-0065</cvename> 5906 <cvename>CVE-2014-0066</cvename> 5907 <cvename>CVE-2014-0067</cvename> 5908 </references> 5909 <dates> 5910 <discovery>2014-02-20</discovery> 5911 <entry>2014-02-20</entry> 5912 </dates> 5913 </vuln> 5914 5915 <vuln vid="0871d18b-9638-11e3-a371-6805ca0b3d42"> 5916 <topic>phpMyAdmin -- Self-XSS due to unescaped HTML output in import.</topic> 5917 <affects> 5918 <package> 5919 <name>phpMyAdmin</name> 5920 <range><ge>3.3.1</ge><lt>4.1.7</lt></range> 5921 </package> 5922 </affects> 5923 <description> 5924 <body xmlns="http://www.w3.org/1999/xhtml"> 5925 <p>The phpMyAdmin development team reports:</p> 5926 <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-1.php"> 5927 <p> When importing a file with crafted filename, it is 5928 possible to trigger an XSS. We consider this vulnerability 5929 to be non critical.</p> 5930 </blockquote> 5931 </body> 5932 </description> 5933 <references> 5934 <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-1.php</url> 5935 <cvename>CVE-2014-1879</cvename> 5936 </references> 5937 <dates> 5938 <discovery>2014-02-15</discovery> 5939 <entry>2014-02-15</entry> 5940 </dates> 5941 </vuln> 5942 5943 <vuln vid="3e0507c6-9614-11e3-b3a5-00e0814cab4e"> 5944 <topic>jenkins -- multiple vulnerabilities</topic> 5945 <affects> 5946 <package> 5947 <name>jenkins</name> 5948 <range><lt>1.551</lt></range> 5949 </package> 5950 <package> 5951 <name>jenkins-lts</name> 5952 <range><lt>1.532.2</lt></range> 5953 </package> 5954 </affects> 5955 <description> 5956 <body xmlns="http://www.w3.org/1999/xhtml"> 5957 <p>Jenkins Security Advisory reports:</p> 5958 <blockquote cite="https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14"> 5959 <p>This advisory announces multiple security vulnerabilities that 5960 were found in Jenkins core.</p> 5961 <p>Please reference CVE/URL list for details</p> 5962 </blockquote> 5963 </body> 5964 </description> 5965 <references> 5966 <url>https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14</url> 5967 <cvename>CVE-2013-5573</cvename> 5968 <cvename>CVE-2013-7285</cvename> 5969 </references> 5970 <dates> 5971 <discovery>2014-02-14</discovery> 5972 <entry>2014-02-15</entry> 5973 </dates> 5974 </vuln> 5975 5976 <vuln vid="90b27045-9530-11e3-9d09-000c2980a9f3"> 5977 <topic>lighttpd -- multiple vulnerabilities</topic> 5978 <affects> 5979 <package> 5980 <name>lighttpd</name> 5981 <range><lt>1.4.34</lt></range> 5982 </package> 5983 </affects> 5984 <description> 5985 <body xmlns="http://www.w3.org/1999/xhtml"> 5986 <p>lighttpd security advisories report:</p> 5987 <blockquote cite="http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_01.txt"> 5988 <p>It is possible to inadvertantly enable vulnerable ciphers when using 5989 ssl.cipher-list.</p> 5990 </blockquote> 5991 <blockquote cite="http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_02.txt"> 5992 <p>In certain cases setuid() and similar can fail, potentially triggering 5993 lighttpd to restart running as root.</p> 5994 </blockquote> 5995 <blockquote cite="http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_03.txt"> 5996 <p>If FAMMonitorDirectory fails, the memory intended to store the context is 5997 released; some lines below the "version" compoment of that context is read. 5998 Reading invalid data doesn't matter, but the memory access could trigger a 5999 segfault.</p> 6000 </blockquote> 6001 </body> 6002 </description> 6003 <references> 6004 <url>http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_01.txt</url> 6005 <url>http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_02.txt</url> 6006 <url>http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_03.txt</url> 6007 <cvename>CVE-2013-4508</cvename> 6008 <cvename>CVE-2013-4559</cvename> 6009 <cvename>CVE-2013-4560</cvename> 6010 </references> 6011 <dates> 6012 <discovery>2013-11-28</discovery> 6013 <entry>2014-02-14</entry> 6014 </dates> 6015 </vuln> 6016 6017 <vuln vid="4dd575b8-8f82-11e3-bb11-0025905a4771"> 6018 <topic>phpmyfaq -- multiple vulnerabilities</topic> 6019 <affects> 6020 <package> 6021 <name>phpmyfaq</name> 6022 <range><lt>2.8.6</lt></range> 6023 </package> 6024 </affects> 6025 <description> 6026 <body xmlns="http://www.w3.org/1999/xhtml"> 6027 <p>The phpMyFAQ team reports:</p> 6028 <blockquote cite="http://www.phpmyfaq.de/advisory_2014-02-04.php"> 6029 <p> An arbitrary script may be executed on the user's Internet 6030 Explorer when using an older version of the browser. If a user views 6031 a malicious page while logged in, settings may be changed 6032 unintentionally.</p> 6033 </blockquote> 6034 </body> 6035 </description> 6036 <references> 6037 <cvename>CVE-2014-0813</cvename> 6038 <cvename>CVE-2014-0814</cvename> 6039 <url>http://www.phpmyfaq.de/advisory_2014-02-04.php</url> 6040 </references> 6041 <dates> 6042 <discovery>2014-02-04</discovery> 6043 <entry>2014-02-06</entry> 6044 </dates> 6045 </vuln> 6046 6047 <vuln vid="b7a7576d-8e0a-11e3-9976-9c4e36909cc0"> 6048 <topic>linux-flashplugin -- multiple vulnerabilities</topic> 6049 <affects> 6050 <package> 6051 <name>linux-f10-flashplugin</name> 6052 <range><lt>11.2r202.336</lt></range> 6053 </package> 6054 </affects> 6055 <description> 6056 <body xmlns="http://www.w3.org/1999/xhtml"> 6057 <p>Adobe reports:</p> 6058 <blockquote cite="http://www.adobe.com/support/security/bulletins/apsb14-04.html"> 6059 <p>These updates address vulnerabilities that could cause a crash 6060 and potentially allow an attacker to take control of the affected system.</p> 6061 </blockquote> 6062 </body> 6063 </description> 6064 <references> 6065 <cvename>CVE-2014-0497</cvename> 6066 <url>http://www.adobe.com/support/security/bulletins/apsb14-04.html</url> 6067 </references> 6068 <dates> 6069 <discovery>2014-02-04</discovery> 6070 <entry>2014-02-04</entry> 6071 <modified>2014-02-05</modified> 6072 </dates> 6073 </vuln> 6074 6075 <vuln vid="1753f0ff-8dd5-11e3-9b45-b4b52fce4ce8"> 6076 <topic>mozilla -- multiple vulnerabilities</topic> 6077 <affects> 6078 <package> 6079 <name>firefox</name> 6080 <range><gt>25.0,1</gt><lt>27.0,1</lt></range> 6081 <range><lt>24.3.0,1</lt></range> 6082 </package> 6083 <package> 6084 <name>linux-firefox</name> 6085 <range><lt>27.0,1</lt></range> 6086 </package> 6087 <package> 6088 <name>linux-seamonkey</name> 6089 <range><lt>2.24</lt></range> 6090 </package> 6091 <package> 6092 <name>linux-thunderbird</name> 6093 <range><lt>24.3.0</lt></range> 6094 </package> 6095 <package> 6096 <name>seamonkey</name> 6097 <range><lt>2.24</lt></range> 6098 </package> 6099 <package> 6100 <name>thunderbird</name> 6101 <range><lt>24.3.0</lt></range> 6102 </package> 6103 </affects> 6104 <description> 6105 <body xmlns="http://www.w3.org/1999/xhtml"> 6106 <p>The Mozilla Project reports:</p> 6107 <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> 6108 <p>MFSA 2014-01 Miscellaneous memory safety hazards 6109 (rv:27.0 / rv:24.3)</p> 6110 <p>MFSA 2014-02 Clone protected content with XBL scopes</p> 6111 <p>MFSA 2014-03 UI selection timeout missing on download 6112 prompts</p> 6113 <p>MFSA 2014-04 Incorrect use of discarded images by 6114 RasterImage</p> 6115 <p>MFSA 2014-05 Information disclosure with *FromPoint on 6116 iframes</p> 6117 <p>MFSA 2014-06 Profile path leaks to Android system log</p> 6118 <p>MFSA 2014-07 XSLT stylesheets treated as styles in Content 6119 Security Policy</p> 6120 <p>MFSA 2014-08 Use-after-free with imgRequestProxy and image 6121 proccessing</p> 6122 <p>MFSA 2014-09 Cross-origin information leak through web 6123 workers</p> 6124 <p>MFSA 2014-10 Firefox default start page UI content invokable 6125 by script</p> 6126 <p>MFSA 2014-11 Crash when using web workers with asm.js</p> 6127 <p>MFSA 2014-12 NSS ticket handling issues</p> 6128 <p>MFSA 2014-13 Inconsistent JavaScript handling of access to 6129 Window objects</p> 6130 </blockquote> 6131 </body> 6132 </description> 6133 <references> 6134 <cvename>CVE-2014-1477</cvename> 6135 <cvename>CVE-2014-1478</cvename> 6136 <cvename>CVE-2014-1479</cvename> 6137 <cvename>CVE-2014-1480</cvename> 6138 <cvename>CVE-2014-1481</cvename> 6139 <cvename>CVE-2014-1482</cvename> 6140 <cvename>CVE-2014-1483</cvename> 6141 <cvename>CVE-2014-1484</cvename> 6142 <cvename>CVE-2014-1485</cvename> 6143 <cvename>CVE-2014-1486</cvename> 6144 <cvename>CVE-2014-1487</cvename> 6145 <cvename>CVE-2014-1488</cvename> 6146 <cvename>CVE-2014-1489</cvename> 6147 <cvename>CVE-2014-1490</cvename> 6148 <cvename>CVE-2014-1491</cvename> 6149 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-01.html</url> 6150 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-02.html</url> 6151 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-03.html</url> 6152 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-04.html</url> 6153 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-05.html</url> 6154 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-06.html</url> 6155 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-07.html</url> 6156 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-08.html</url> 6157 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-09.html</url> 6158 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-10.html</url> 6159 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-11.html</url> 6160 <url>https://www.mozilla.org/security/announce/2014/mfsa2014-12.html</url> 6161 <url>http://www.mozilla.org/security/known-vulnerabilities/</url> 6162 </references> 6163 <dates> 6164 <discovery>2014-02-04</discovery> 6165 <entry>2014-02-04</entry> 6166 </dates> 6167 </vuln> 6168 6169 <vuln vid="111f1f84-1d14-4ff2-a9ea-cf07119c0d3b"> 6170 <topic>libyaml heap overflow resulting in possible code execution</topic> 6171 <affects> 6172 <package> 6173 <name>libyaml</name> 6174 <range><lt>0.1.4_3</lt></range> 6175 </package> 6176 <package> 6177 <name>pkg</name> 6178 <range><lt>1.2.6</lt></range> 6179 </package> 6180 <package> 6181 <name>pkg-devel</name> 6182 <range><lt>1.2.6</lt></range> 6183 </package> 6184 </affects> 6185 <description> 6186 <body xmlns="http://www.w3.org/1999/xhtml"> 6187 <p>libyaml was prone to a heap overflow that could result in 6188 arbitrary code execution. Pkg uses libyaml to parse 6189 the package manifests in some cases. Pkg also used libyaml 6190 to parse the remote repository until 1.2.</p> 6191 <p>RedHat Product Security Team reports on libyaml:</p> 6192 <blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=1033990"> 6193 <p>A heap-based buffer overflow flaw was found in the way libyaml 6194 parsed YAML tags. A remote attacker could provide a 6195 specially-crafted YAML document that, when parsed by an application 6196 using libyaml, would cause the application to crash or, potentially, 6197 execute arbitrary code with the privileges of the user running the 6198 application.</p> 6199 </blockquote> 6200 </body> 6201 </description> 6202 <references> 6203 <cvename>CVE-2013-6393</cvename> 6204 <url>https://bugzilla.redhat.com/show_bug.cgi?id=1033990</url> 6205 </references> 6206 <dates> 6207 <discovery>2013-11-24</discovery> 6208 <entry>2014-02-01</entry> 6209 <modified>2014-02-01</modified> 6210 </dates> 6211 </vuln> 6212 6213 <vuln vid="a4c9e12d-88b7-11e3-8ada-10bf48e1088e"> 6214 <topic>socat -- buffer overflow with data from command line</topic> 6215 <affects> 6216 <package> 6217 <name>socat</name> 6218 <range><lt>1.7.2.3</lt></range> 6219 </package> 6220 </affects> 6221 <description> 6222 <body xmlns="http://www.w3.org/1999/xhtml"> 6223 <p>Florian Weimer of the Red Hat Product Security Team reports:</p> 6224 <blockquote cite="http://www.dest-unreach.org/socat/contrib/socat-secadv5.txt"> 6225 <p>Due to a missing check during assembly of the HTTP request line a long 6226 target server name in the PROXY-CONNECT address can cause a stack buffer 6227 overrun. Exploitation requires that the attacker is able to provide the 6228 target server name to the PROXY-CONNECT address in the command line. 6229 This can happen for example in scripts that receive data from untrusted 6230 sources.</p> 6231 </blockquote> 6232 </body> 6233 </description> 6234 <references> 6235 <cvename>CVE-2014-0019</cvename> 6236 <url>http://www.dest-unreach.org/socat/contrib/socat-secadv5.txt</url> 6237 </references> 6238 <dates> 6239 <discovery>2014-01-24</discovery> 6240 <entry>2014-01-29</entry> 6241 </dates> 6242 </vuln> 6243 6244 <vuln vid="c7b5d72b-886a-11e3-9533-60a44c524f57"> 6245 <topic>otrs -- multiple vulnerabilities</topic> 6246 <affects> 6247 <package> 6248 <name>otrs</name> 6249 <range><lt>3.1.19</lt></range> 6250 <range><gt>3.2.*</gt><lt>3.2.14</lt></range> 6251 <range><gt>3.3.*</gt><lt>3.3.4</lt></range> 6252 </package> 6253 </affects> 6254 <description> 6255 <body xmlns="http://www.w3.org/1999/xhtml"> 6256 <p>The OTRS Project reports:</p> 6257 <blockquote cite="https://www.otrs.com/security-advisory-2014-02-sql-injection-issue/"> 6258 <p>SQL injection issue</p> 6259 </blockquote> 6260 <blockquote cite="https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface/"> 6261 <p>An attacker that managed to take over the session of a logged in customer 6262 could create tickets and/or send follow-ups to existing tickets due to 6263 missing challenge token checks.</p> 6264 </blockquote> 6265 </body> 6266 </description> 6267 <references> 6268 <cvename>CVE-2014-1471</cvename> 6269 <url>https://www.otrs.com/security-advisory-2014-02-sql-injection-issue/</url> 6270 <url>https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface/</url> 6271 </references> 6272 <dates> 6273 <discovery>2014-01-28</discovery> 6274 <entry>2014-01-28</entry> 6275 <modified>2014-02-06</modified> 6276 </dates> 6277 </vuln> 6278 6279 <vuln vid="080c5370-886a-11e3-9533-60a44c524f57"> 6280 <cancelled superseded="c7b5d72b-886a-11e3-9533-60a44c524f57"/> 6281 </vuln> 6282 6283 <vuln vid="d1dfc4c7-8791-11e3-a371-6805ca0b3d42"> 6284 <topic>rt42 -- denial-of-service attack via the email gateway</topic> 6285 <affects> 6286 <package> 6287 <name>rt42</name> 6288 <range><ge>4.2</ge><lt>4.2.1_3</lt></range> 6289 <range><ge>4.2.2</ge><lt>4.2.2_2</lt></range> 6290 </package> 6291 <package> 6292 <name>p5-Email-Address-List</name> 6293 <range><lt>0.02</lt></range> 6294 </package> 6295 </affects> 6296 <description> 6297 <body xmlns="http://www.w3.org/1999/xhtml"> 6298 <p>The RT development team reports:</p> 6299 <blockquote cite="http://blog.bestpractical.com/2014/01/security-vulnerability-in-rt-42.html"> 6300 <p>Versions of RT between 4.2.0 and 4.2.2 (inclusive) are 6301 vulnerable to a denial-of-service attack via the email 6302 gateway; any installation which accepts mail from untrusted 6303 sources is vulnerable, regardless of the permissions 6304 configuration inside RT. This vulnerability is assigned 6305 CVE-2014-1474.</p> 6306 <p>This vulnerability is caused by poor parsing performance 6307 in the Email::Address::List module, which RT depends on. We 6308 recommend that affected users upgrade their version of 6309 Email::Address::List to v0.02 or above, which resolves the 6310 issue. Due to a communications mishap, the release on CPAN 6311 will temporarily appear as "unauthorized," and the 6312 command-line cpan client will hence not install it. We 6313 expect this to be resolved shortly; in the meantime, the 6314 release is also available from our server.</p> 6315 </blockquote> 6316 </body> 6317 </description> 6318 <references> 6319 <cvename>CVE-2014-1474</cvename> 6320 <url>http://blog.bestpractical.com/2014/01/security-vulnerability-in-rt-42.html</url> 6321 </references> 6322 <dates> 6323 <discovery>2014-01-27</discovery> 6324 <entry>2014-01-27</entry> 6325 </dates> 6326 </vuln> 6327 6328 <vuln vid="efa663eb-8754-11e3-9a47-00163e1ed244"> 6329 <topic>strongswan -- multiple DoS vulnerabilities</topic> 6330 <affects> 6331 <package> 6332 <name>strongswan</name> 6333 <range><lt>5.1.1</lt></range> 6334 </package> 6335 </affects> 6336 <description> 6337 <body xmlns="http://www.w3.org/1999/xhtml"> 6338 <p>strongSwan Project reports:</p> 6339 <blockquote cite="http://www.strongswan.org/blog/2013/11/01/strongswan-denial-of-service-vulnerability-%28cve-2013-6076%29.html"> 6340 <p>A DoS vulnerability triggered by crafted IKEv1 fragmentation 6341 payloads was discovered in strongSwan's IKE daemon charon. All 6342 versions since 5.0.2 are affected.</p> 6343 </blockquote> 6344 <blockquote cite="http://www.strongswan.org/blog/2013/11/01/strongswan-denial-of-service-vulnerability-%28cve-2013-6075%29.html"> 6345 <p>A DoS vulnerability and potential authorization bypass triggered 6346 by a crafted ID_DER_ASN1_DN ID payload was discovered in strongSwan. 6347 All versions since 4.3.3 are affected.</p> 6348 </blockquote> 6349 <blockquote cite="http://www.strongswan.org/blog/2013/08/01/strongswan-denial-of-service-vulnerability-%28cve-2013-5018%29.html"> 6350 <p>A DoS vulnerability in strongSwan was discovered, which is 6351 triggered by XAuth usernames and EAP identities in versions 6352 5.0.3 and 5.0.4.</p> 6353 </blockquote> 6354 </body> 6355 </description> 6356 <references> 6357 <cvename>CVE-2013-5018</cvename> 6358 <cvename>CVE-2013-6075</cvename> 6359 <cvename>CVE-2013-6076</cvename> 6360 <url>http://www.strongswan.org/blog/2013/08/01/strongswan-denial-of-service-vulnerability-%28cve-2013-5018%29.html</url> 6361 <url>http://www.strongswan.org/blog/2013/11/01/strongswan-denial-of-service-vulnerability-%28cve-2013-6075%29.html</url> 6362 <url>http://www.strongswan.org/blog/2013/11/01/strongswan-denial-of-service-vulnerability-%28cve-2013-6076%29.html</url> 6363 </references> 6364 <dates> 6365 <discovery>2013-11-01</discovery> 6366 <entry>2014-01-27</entry> 6367 </dates> 6368 </vuln> 6369 6370 <vuln vid="d9dbe6e8-84da-11e3-98bd-080027f2d077"> 6371 <topic>varnish -- DoS vulnerability in Varnish HTTP cache</topic> 6372 <affects> 6373 <package> 6374 <name>varnish</name> 6375 <range><lt>3.0.5</lt></range> 6376 </package> 6377 </affects> 6378 <description> 6379 <body xmlns="http://www.w3.org/1999/xhtml"> 6380 <p>Varnish Cache Project reports:</p> 6381 <blockquote cite="https://www.varnish-cache.org/lists/pipermail/varnish-announce/2013-October/000686.html"> 6382 <p>If Varnish receives a certain illegal request, and the subroutine 6383 'vcl_error{}' restarts the request, the varnishd worker process 6384 will crash with an assert. 6385 </p> 6386 <p>The varnishd management process will restart the worker process, but 6387 there will be a brief interruption of service and the cache will be 6388 emptied, causing more traffic to go to the backend. 6389 </p> 6390 <p>We are releasing this advisory because restarting from vcl_error{} is 6391 both fairly common and documented.</p> 6392 <p>This is purely a denial of service vulnerability, there is no risk of 6393 privilege escalation.</p> 6394 <p>Workaround</p> 6395 <p>Insert this at the top of your VCL file:</p> 6396 <pre> 6397 sub vcl_error { 6398 if (obj.status == 400 || obj.status == 413) { 6399 return(deliver); 6400 } 6401 } 6402 6403 Or add this test at the top of your existing vcl_error{}. 6404 </pre> 6405 </blockquote> 6406 </body> 6407 </description> 6408 <references> 6409 <cvename>CVE-2013-4484</cvename> 6410 <mlist>https://www.varnish-cache.org/lists/pipermail/varnish-announce/2013-October/000686.html</mlist> 6411 </references> 6412 <dates> 6413 <discovery>2013-10-30</discovery> 6414 <entry>2014-01-25</entry> 6415 </dates> 6416 </vuln> 6417 6418 <vuln vid="c0ef849e-84ac-11e3-bec4-9c4e36909cc0"> 6419 <topic>linux-flashplugin -- multiple vulnerabilities</topic> 6420 <affects> 6421 <package> 6422 <name>linux-f10-flashplugin</name> 6423 <range><lt>11.2r202.335</lt></range> 6424 </package> 6425 </affects> 6426 <description> 6427 <body xmlns="http://www.w3.org/1999/xhtml"> 6428 <p>Adobe reports:</p> 6429 <blockquote cite="http://helpx.adobe.com/security/products/flash-player/apsb14-02.html"> 6430 <p>These updates address vulnerabilities that could cause a crash 6431 and potentially allow an attacker to take control of the affected system.</p> 6432 </blockquote> 6433 </body> 6434 </description> 6435 <references> 6436 <cvename>CVE-2014-0491</cvename> 6437 <cvename>CVE-2014-0492</cvename> 6438 <url>http://helpx.adobe.com/security/products/flash-player/apsb14-02.html</url> 6439 </references> 6440 <dates> 6441 <discovery>2014-01-14</discovery> 6442 <entry>2014-01-24</entry> 6443 </dates> 6444 </vuln> 6445 6446 <vuln vid="6d08fa63-83bf-11e3-bdba-080027ef73ec"> 6447 <topic>HTMLDOC -- buffer overflow issues when reading AFM files and parsing page sizes</topic> 6448 <affects> 6449 <package> 6450 <name>htmldoc</name> 6451 <range><lt>1.8.28</lt></range> 6452 </package> 6453 </affects> 6454 <description> 6455 <body xmlns="http://www.w3.org/1999/xhtml"> 6456 <p>Michael Sweet reports:</p> 6457 <blockquote cite="http://www.msweet.org/projects.php?Z1"> 6458 <p>HTMLDOC 1.8.28 fixes some known security issues and 6459 formatting bugs. Changes include:</p> 6460 <ul> 6461 <li>SECURITY: Fixed three buffer overflow issues when 6462 reading AFM files and parsing page sizes.</li> 6463 </ul> 6464 </blockquote> 6465 </body> 6466 </description> 6467 <references> 6468 <url>http://www.msweet.org/projects.php?Z1</url> 6469 </references> 6470 <dates> 6471 <discovery>2014-01-06</discovery> 6472 <entry>2014-01-22</entry> 6473 <modified>2014-01-23</modified> 6474 </dates> 6475 </vuln> 6476 6477 <vuln vid="81f1fdc2-7ec7-11e3-a6c6-00163e1ed244"> 6478 <topic>virtualbox-ose -- local vulnerability</topic> 6479 <affects> 6480 <package> 6481 <name>virtualbox-ose</name> 6482 <range><lt>4.2.22</lt></range> 6483 </package> 6484 </affects> 6485 <description> 6486 <body xmlns="http://www.w3.org/1999/xhtml"> 6487 <p>Oracle reports:</p> 6488 <blockquote cite="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"> 6489 <p>Unspecified vulnerability in the Oracle VM VirtualBox 6490 component in Oracle Virtualization VirtualBox prior to 6491 3.2.20, 4.0.22, 4.1.30, 4.2.22, and 4.3.6 allows local 6492 users to affect confidentiality, integrity, and availability 6493 via unknown vectors related to Core.</p> 6494 </blockquote> 6495 </body> 6496 </description> 6497 <references> 6498 <cvename>CVE-2013-5892</cvename> 6499 <url>http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</url> 6500 </references> 6501 <dates> 6502 <discovery>2014-01-15</discovery> 6503 <entry>2014-01-16</entry> 6504 </dates> 6505 </vuln> 6506 6507 <vuln vid="3d95c9a7-7d5c-11e3-a8c1-206a8a720317"> 6508 <topic>ntpd DRDoS / Amplification Attack using ntpdc monlist command</topic> 6509 <affects> 6510 <package> 6511 <name>ntp</name> 6512 <range><lt>4.2.7p26</lt></range> 6513 </package> 6514 <package> 6515 <name>FreeBSD</name> 6516 <range><ge>8.3</ge><lt>8.3_14</lt></range> 6517 <range><ge>8.4</ge><lt>8.4_7</lt></range> 6518 <range><ge>9.1</ge><lt>9.1_10</lt></range> 6519 <range><ge>9.2</ge><lt>9.2_3</lt></range> 6520 </package> 6521 </affects> 6522 <description> 6523 <body xmlns="http://www.w3.org/1999/xhtml"> 6524 <p>ntp.org reports:</p> 6525 <blockquote cite="http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using"> 6526 <p>Unrestricted access to the monlist feature in 6527 ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote 6528 attackers to cause a denial of service (traffic 6529 amplification) via forged (1) REQ_MON_GETLIST or (2) 6530 REQ_MON_GETLIST_1 requests, as exploited in the wild in 6531 December 2013</p> 6532 <p>Use noquery to your default restrictions to block all 6533 status queries.</p> 6534 <p>Use disable monitor to disable the ``ntpdc -c monlist'' 6535 command while still allowing other status queries.</p> 6536 </blockquote> 6537 </body> 6538 </description> 6539 <references> 6540 <cvename>CVE-2013-5211</cvename> 6541 <freebsdsa>SA-14:02.ntpd</freebsdsa> 6542 <url>http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using</url> 6543 </references> 6544 <dates> 6545 <discovery>2014-01-01</discovery> 6546 <entry>2014-01-14</entry> 6547 <modified>2016-08-09</modified> 6548 </dates> 6549 </vuln> 6550 6551 <vuln vid="ba04a373-7d20-11e3-8992-00132034b086"> 6552 <topic>nagios -- denial of service vulnerability</topic> 6553 <affects> 6554 <package> 6555 <name>nagios</name> 6556 <range><lt>3.5.1_3</lt></range> 6557 </package> 6558 </affects> 6559 <description> 6560 <body xmlns="http://www.w3.org/1999/xhtml"> 6561 <p>Eric Stanley reports:</p> 6562 <blockquote cite="http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/"> 6563 <p>Most CGIs previously incremented the input variable counter twice 6564 when it encountered a long key value. This could cause the CGI to 6565 read past the end of the list of CGI variables.</p> 6566 </blockquote> 6567 </body> 6568 </description> 6569 <references> 6570 <cvename>CVE-2013-7108</cvename> 6571 <cvename>CVE-2013-7205</cvename> 6572 <url>http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/</url> 6573 <url>https://bugzilla.redhat.com/show_bug.cgi?id=1046113</url> 6574 </references> 6575 <dates> 6576 <discovery>2013-12-20</discovery> 6577 <entry>2014-01-14</entry> 6578 </dates> 6579 </vuln> 6580 6581 <vuln vid="cb252f01-7c43-11e3-b0a6-005056a37f68"> 6582 <topic>bind -- denial of service vulnerability</topic> 6583 <affects> 6584 <package> 6585 <name>bind99</name> 6586 <range><lt>9.9.4.2</lt></range> 6587 </package> 6588 <package> 6589 <name>bind99-base</name> 6590 <range><lt>9.9.4.2</lt></range> 6591 </package> 6592 <package> 6593 <name>bind98</name> 6594 <range><lt>9.8.6.2</lt></range> 6595 </package> 6596 <package> 6597 <name>bind98-base</name> 6598 <range><lt>9.8.6.2</lt></range> 6599 </package> 6600 <package> 6601 <name>bind96</name> 6602 <range><lt>9.6.3.2.ESV.R10.2</lt></range> 6603 </package> 6604 <package> 6605 <name>bind96-base</name> 6606 <range><lt>9.6.3.2.ESV.R10.2</lt></range> 6607 </package> 6608 <package> 6609 <name>FreeBSD</name> 6610 <range><ge>9.2</ge><lt>9.2_3</lt></range> 6611 <range><ge>9.1</ge><lt>9.1_10</lt></range> 6612 <range><ge>8.4</ge><lt>8.4_7</lt></range> 6613 <range><ge>8.3</ge><lt>8.3_14</lt></range> 6614 </package> 6615 </affects> 6616 <description> 6617 <body xmlns="http://www.w3.org/1999/xhtml"> 6618 <p>ISC reports:</p> 6619 <blockquote cite="https://kb.isc.org/article/AA-01078/74/"> 6620 <p>Because of a defect in handling queries for NSEC3-signed zones, 6621 BIND can crash with an "INSIST" failure in name.c when processing 6622 queries possessing certain properties. By exploiting this defect 6623 an attacker deliberately constructing a query with the right 6624 properties could achieve denial of service against an authoritative 6625 nameserver serving NSEC3-signed zones.</p> 6626 </blockquote> 6627 </body> 6628 </description> 6629 <references> 6630 <cvename>CVE-2014-0591</cvename> 6631 <freebsdsa>SA-14:04.bind</freebsdsa> 6632 <url>https://kb.isc.org/article/AA-01078/74/</url> 6633 </references> 6634 <dates> 6635 <discovery>2014-01-08</discovery> 6636 <entry>2014-01-13</entry> 6637 <modified>2016-08-09</modified> 6638 </dates> 6639 </vuln> 6640 6641 <vuln vid="28c575fa-784e-11e3-8249-001cc0380077"> 6642 <topic>libXfont -- Stack buffer overflow in parsing of BDF font files in libXfont</topic> 6643 <affects> 6644 <package> 6645 <name>libXfont</name> 6646 <range><lt>1.4.7,1</lt></range> 6647 </package> 6648 </affects> 6649 <description> 6650 <body xmlns="http://www.w3.org/1999/xhtml"> 6651 <p>freedesktop.org reports:</p> 6652 <blockquote cite="http://lists.x.org/archives/xorg-announce/2014-January/002389.html"> 6653 <p>A BDF font file containing a longer than expected string can cause 6654 a buffer overflow on the stack. Testing in X servers built with 6655 Stack Protector restulted in an immediate crash when reading a 6656 user-proveded specially crafted font.</p> 6657 <p>As libXfont is used to read user-specified font files in all X 6658 servers distributed by X.Org, including the Xorg server which is 6659 often run with root privileges or as setuid-root in order to access 6660 hardware, this bug may lead to an unprivileged user acquiring root 6661 privileges in some systems.</p> 6662 </blockquote> 6663 </body> 6664 </description> 6665 <references> 6666 <cvename>CVE-2013-6462</cvename> 6667 <url>http://lists.x.org/archives/xorg-announce/2014-January/002389.html</url> 6668 </references> 6669 <dates> 6670 <discovery>2013-12-24</discovery> 6671 <entry>2014-01-08</entry> 6672 </dates> 6673 </vuln> 6674 6675 <vuln vid="5aaa257e-772d-11e3-a65a-3c970e169bc2"> 6676 <topic>openssl -- multiple vulnerabilities</topic> 6677 <affects> 6678 <package> 6679 <name>openssl</name> 6680 <range><lt>1.0.1_9</lt></range> 6681 </package> 6682 </affects> 6683 <description> 6684 <body xmlns="http://www.w3.org/1999/xhtml"> 6685 <p>OpenSSL development team reports:</p> 6686 <blockquote cite="http://www.openssl.org/news/openssl-1.0.1-notes.html"> 6687 <p>Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014]:</p> 6688 <ul> 6689 <li>Fix for TLS record tampering bug [CVE-2013-4353]</li> 6690 <li>Fix for TLS version checking bug [CVE-2013-6449]</li> 6691 <li>Fix for DTLS retransmission bug [CVE-2013-6450]</li> 6692 </ul> 6693 </blockquote> 6694 </body> 6695 </description> 6696 <references> 6697 <freebsdsa>SA-14:03.openssl</freebsdsa> 6698 <cvename>CVE-2013-4353</cvename> 6699 <cvename>CVE-2013-6449</cvename> 6700 <cvename>CVE-2013-6450</cvename> 6701 <url>http://www.openssl.org/news/openssl-1.0.1-notes.html</url> 6702 </references> 6703 <dates> 6704 <discovery>2014-01-06</discovery> 6705 <entry>2014-01-06</entry> 6706 <modified>2016-08-09</modified> 6707 </dates> 6708 </vuln> 6709