Newest Plugins

Oracle VM VirtualBox < 4.1.32 / 4.2.24 / 4.3.10 WDDM Graphics Driver Flaw


Synopsis:

The remote host has an application that is affected by a flaw in the
WDDM graphics driver.

Description:

The remote host contains a version of Oracle VM VirtualBox that is
prior to 4.1.32, 4.2.24, or 4.3.10. It is, therefore, potentially
affected by a flaw in the WDDM graphics driver.

A flaw exists in the graphics driver for Windows guests, WDDM. It
could allow local users to affect the confidentiality, integrity, and
availability of the application.

Note that Nessus has not tested for this issue, but has instead relied
only on the application's self-reported version number.

See also :

http://www.nessus.org/u?23999f63
https://www.virtualbox.org/wiki/Changelog

Solution :

Upgrade Oracle VM VirtualBox to 4.1.32 / 4.2.24 / 4.3.10 or later.

Risk factor :

Medium / CVSS Base Score : 4.4
(CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 3.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle Database April 2014 Critical Patch Update


Synopsis:

The remote database server is affected by multiple vulnerabilities.

Description:

The remote Oracle database server is missing the April 2014 Critical
Patch Update (CPU) and is, therefore, potentially affected by security
issues in the Core RDBMS component.

See also :

http://www.nessus.org/u?ef1fc2a6

Solution :

Apply the April 2014 CPU.

Risk factor :

High / CVSS Base Score : 8.5
(CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Splunk 6.x < 6.0.3 Multiple OpenSSL Vulnerabilities (including Heartbleed)


Synopsis:

An application on the remote host may be affected by multiple OpenSSL-
related vulnerabilities.

Description:

According to its version number, the remote Splunk install is later
than 6.x but prior to 6.0.3. It is, therefore, affected by multiple
OpenSSL-related vulnerabilities :

- A flaw exists with the OpenSSL version being used by
Splunk with the 'ssl3_take_mac' in 'ssl/s3_both.c'. This
could allow a remote attacker to cause a denial of
service with a specially crafted request.
(CVE-2013-4353)

- A flaw exists with the OpenSSL version being used by
Splunk, where Heartbeat Extension packets are not
properly handled. This could allow a remote attacker
with a specially crafted request to obtain sensitive
information from the process memory. (CVE-2014-0160)

Note that Nessus has not tested for these issues, but has instead
relied only on the application's self-reported version number.

See also :

http://www.splunk.com/view/SP-CAAAJD5
http://docs.splunk.com/Documentation/Splunk/6.0.3/ReleaseNotes/6.0.3

Solution :

Upgrade to Splunk 6.0.3 or later.

Risk factor :

High / CVSS Base Score : 9.4
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N)
CVSS Temporal Score : 8.2
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

MySQL 5.6.x < 5.6.17 Multiple Vulnerabilities


Synopsis:

The remote database server is potentially affected by multiple
vulnerabilities.

Description:

The version of MySQL installed on the remote host is version 5.6.x
prior to 5.6.17. It is, therefore, potentially affected by
vulnerabilities in the following components :

- Client
- InnoDB
- Options
- Performance Schema
- RBR

See also :

https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-17.html
http://www.nessus.org/u?ef1fc2a6

Solution :

Upgrade to MySQL 5.6.17 or later.

Risk factor :

Medium / CVSS Base Score : 6.0
(CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

MySQL 5.6.x < 5.6.16 Multiple Vulnerabilities


Synopsis:

The remote database server is potentially affected by multiple
vulnerabilities.

Description:

The version of MySQL installed on the remote host is version 5.6.x
prior to 5.6.16. It is, therefore, potentially affected by
vulnerabilities in the following components :

- DML
- Federated
- MyISAM
- Optimizer
- Partition
- Privileges
- Replication
- XML

See also :

https://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-16.html
http://www.nessus.org/u?ef1fc2a6

Solution :

Upgrade to MySQL 5.6.16 or later.

Risk factor :

Medium / CVSS Base Score : 6.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

MySQL 5.5.x < 5.5.36 Multiple Vulnerabilities


Synopsis:

The remote database server is potentially affected by multiple
vulnerabilities.

Description:

The version of MySQL installed on the remote host is version 5.5.x
prior to 5.5.36. It is, therefore, potentially affected by
vulnerabilities in the following components :

- Federated
- Partition
- Replication
- XML

See also :

http://www.nessus.org/u?ef1fc2a6
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-36.html

Solution :

Upgrade to MySQL 5.5.36 or later.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle Java SE Multiple Vulnerabilities (April 2014 CPU) (Unix)


Synopsis:

The remote Unix host contains a programming platform that is
potentially affected by multiple vulnerabilities.

Description:

The version of Oracle (formerly Sun) Java SE or Java for Business
installed on the remote host is earlier than 8 Update 5, 7 Update 55,
6 Update 75, or 5 Update 65. It is, therefore, potentially affected by security
issues in the following components :

- 2D
- AWT
- Deployment
- Hotspot
- JAX-WS
- JAXB
- JAXP
- JNDI
- JavaFX
- Javadoc
- Libraries
- Scripting
- Security
- Sound

See also :

http://www.nessus.org/u?1e3ee66a
http://www.nessus.org/u?e09f916a
http://www.nessus.org/u?6de19bd1
http://www.nessus.org/u?726f7054
http://www.nessus.org/u?6086d976

Solution :

Update to JDK / JRE 8 Update 5, 7 Update 55, 6 Update 75, or
5 Update 65 or later and, if necessary, remove any affected versions.

Note that an Extended Support contract with Oracle is needed to obtain
JDK / JRE 5 Update 65 or later or 6 Update 75 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Oracle Java SE Multiple Vulnerabilities (April 2014 CPU)


Synopsis:

The remote Windows host contains a programming platform that is
potentially affected by multiple vulnerabilities.

Description:

The version of Oracle (formerly Sun) Java SE or Java for Business
installed on the remote host is earlier than 8 Update 5, 7 Update 55,
6 Update 75, or 5 Update 65. It is, therefore, potentially affected
by security issues in the following components :

- 2D
- AWT
- Deployment
- Hotspot
- JAX-WS
- JAXB
- JAXP
- JNDI
- JavaFX
- Javadoc
- Libraries
- Scripting
- Security
- Sound

See also :

http://www.nessus.org/u?1e3ee66a
http://www.nessus.org/u?e09f916a
http://www.nessus.org/u?6de19bd1
http://www.nessus.org/u?726f7054
http://www.nessus.org/u?6086d976

Solution :

Update to JDK / JRE 8 Update 5, 7 Update 55, 6 Update 75, or
5 Update 65 or later and, if necessary, remove any affected versions.

Note that an Extended Support contract with Oracle is needed to obtain
JDK / JRE 5 Update 65 or later or 6 Update 75 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Amazon Linux AMI Update: kernel / openssh Denial of Service (ALAS-2014-319)


Synopsis:

The remote Amazon Linux AMI host is missing a security update.

Description:

Due to a problem with the configuration of kernels 3.10.34-37 and
3.10.34-38 and their interaction with the authentication modules
stack, the sshd daemon that is part of the openssh package will no
longer allow remote logins following a restart of the sshd service.

See also :

http://www.nessus.org/u?70e74915

Solution :

Run 'yum update openssh kernel' to update the system. A reboot will be
necessary for the new kernel on the instance.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

MediaWiki Unsupported Version Detection


Synopsis:

The remote host contains one or more unsupported versions of
MediaWiki.

Description:

According to its self-reported version number, there is at least one
unsupported MediaWiki release installed on the remote host. This
version of the software is no longer actively maintained.

Lack of support implies that no new security patches will be released.

See also :

http://www.mediawiki.org/wiki/Version_lifecycle

Solution :

Upgrade to an actively maintained version.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

BACnet Protocol Detection


Synopsis:

The remote device is running a building automation and control network
protocol.

Description:

The remote host is running a protocol used for building automation and
control networks.

See also :

http://www.bacnet.org/

Solution :

n/a

Risk factor :

None

This script is Copyright (C) 2014 Tenable Network Security, Inc.

AIX OpenSSL Advisory : ssl_advisory.asc


Synopsis:

The remote AIX host is running a vulnerable version of OpenSSL.

Description:

The version of OpenSSL running on the remote host is affected by the
following vulnerabilities :

- A vulnerability in the way SSL and TLS protocols allow
renegotiation requests may allow an attacker to inject
plaintext into an application protocol stream. This
could result in a situation where the attacker may be
able to issue commands to the server that appear to be
coming from a legitimate source.

- A remote, unauthenticated attacker may be able to inject
an arbitrary amount of chosen plaintext into the
beginning of the application protocol stream. This could
allow an attacker to issue HTTP requests or take action
impersonating the user, among other consequences.

Please note that the recommended fixes will disable all session
renegotiation.

See also :

http://aix.software.ibm.com/aix/efixes/security/ssl_advisory.asc
https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp

Solution :

A fix is available, and it can be downloaded from the AIX website.

To extract the fixes from the tar file :

zcat openssl.0.9.8.1102.tar.Z | tar xvf -
or
zcat openssl-fips.12.9.8.1102.tar.Z | tar xvf -
or
zcat openssl.0.9.8.805.tar.Z | tar xvf -

IMPORTANT : If possible, it is recommended that a mksysb backup of
the system be created. Verify it is both bootable and readable
before proceeding.

To preview the fix installation :

installp -apYd . openssl

To install the fix package :

installp -aXYd . openssl

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

AIX OpenSSH Advisory : ssh_advisory.asc


Synopsis:

The remote AIX host is running a vulnerable version of OpenSSH.

Description:

The version of OpenSSH running on the remote host is affected by the
following vulnerabilities :

- OpenSSH 4.3p2, and probably other versions, allows local
users to hijack forwarded X connections by causing ssh
to set DISPLAY to :10, even when another process is
listening on the associated port, as demonstrated by
opening TCP port 6010 (IPv4) and sniffing a cookie sent
by Emacs. (CVE-2008-1483)

- OpenSSH before 4.9 allows remote authenticated users to
bypass the sshd_config ForceCommand directive by
modifying the .ssh/rc session file. (CVE-2008-1657)

See also :

http://aix.software.ibm.com/aix/efixes/security/ssh_advisory.asc
http://downloads.sourceforge.net/openssh-aix/

Solution :

A fix is available and can be downloaded from the OpenSSH sourceforge
website for the AIX release.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

AIX OpenSSL Advisory : openssl_advisory6.asc


Synopsis:

The remote AIX host is running a vulnerable version of OpenSSL.

Description:

The version of OpenSSL running on the remote host is affected by the
following vulnerabilities :

- A carefully crafted invalid TLS handshake could crash
OpenSSL with a NULL pointer exception. A malicious
server could use this flaw to crash a connecting client.
This issue only affected OpenSSL 1.0.1 versions.
(CVE-2013-4353)

- A flaw in DTLS handling can cause an application using
OpenSSL and DTLS to crash. This is not a vulnerability
for OpenSSL prior to 1.0.0. OpenSSL is vulnerable to a
denial of service, caused by the failure to properly
maintain data structures for digest and encryption
contexts by the DTLS retransmission implementation. A
remote attacker could exploit this vulnerability to
cause the daemon to crash. (CVE-2013-6450)

- A flaw in OpenSSL can cause an application using
OpenSSL to crash when using TLS version 1.2. This issue
only affected OpenSSL 1.0.1 versions. OpenSSL is
vulnerable to a denial of service, caused by an error in
the ssl_get_algorithm2 function. A remote attacker could
exploit this vulnerability using specially-crafted
traffic from a TLS 1.2 client to cause the daemon to
crash. (CVE-2013-6449)

See also :

http://aix.software.ibm.com/aix/efixes/security/openssl_advisory6.asc
https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp

Solution :

A fix is available, and it can be downloaded from the AIX website.

To extract the fixes from the tar file :

zcat openssl-1.0.1.501.tar.Z | tar xvf -

IMPORTANT : If possible, it is recommended that a mksysb backup of
the system be created. Verify it is both bootable and readable
before proceeding.

To preview the fix installation :

installp -apYd . openssl

To install the fix package :

installp -aXYd . openssl

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

AIX OpenSSL Advisory : openssl_advisory5.asc


Synopsis:

The remote AIX host is running a vulnerable version of OpenSSL.

Description:

The version of OpenSSL running on the remote host is affected by the
following vulnerabilities :

- The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0
and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and
other products, do not properly consider timing side-
channel attacks on a MAC check requirement during the
processing of malformed CBC padding, which allows
remote attackers to conduct distinguishing attacks and
plaintext-recovery attacks via statistical analysis of
timing data for crafted packets, aka the 'Lucky
Thirteen' issue. (CVE-2013-0169)

- OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1
before 1.0.1d does not properly perform signature
verification for OCSP responses, which allows remote
attackers to cause a denial of service (NULL pointer
dereference and application crash) via an invalid key.
(CVE-2013-0166)

See also :

http://aix.software.ibm.com/aix/efixes/security/openssl_advisory5.asc
https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp

Solution :

A fix is available, and it can be downloaded from the AIX website.

To extract the fixes from the tar file :

zcat openssl-0.9.8.2500.tar.Z | tar xvf -
or
zcat openssl-fips-12.9.8.2500.tar.Z | tar xvf -

IMPORTANT : If possible, it is recommended that a mksysb backup of
the system be created. Verify it is both bootable and readable
before proceeding.

To preview the fix installation :

installp -apYd . openssl

To install the fix package :

installp -aXYd . openssl

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

AIX OpenSSL Advisory : openssl_advisory4.asc


Synopsis:

The remote AIX host is running a vulnerable version of OpenSSL.

Description:

The version of OpenSSL running on the remote host is affected by the
following vulnerabilities :

- The implementation of Cryptographic Message Syntax (CMS)
and PKCS #7 in OpenSSL does not properly restrict
certain oracle behavior, which makes it easier for
context-dependent attackers to decrypt data via a
Million Message Attack (MMA) adaptive chosen ciphertext
attack. (CVE-2012-0884)

- The mime_param_cmp function in crypto/asn1/asn_mime.c in
OpenSSL allows remote attackers to cause a denial of
service (NULL pointer dereference and application crash)
via a crafted S/MIME message, a different vulnerability
than CVE-2006-7250. (CVE-2012-1165)

- The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c
in OpenSSL does not properly interpret integer data,
which allows remote attackers to conduct buffer overflow
attacks, and cause a denial of service (memory
corruption) or possibly have unspecified other impact,
via crafted DER data, as demonstrated by an X.509
certificate or an RSA public key. (CVE-2012-2110)

- Multiple integer signedness errors in
crypto/buffer/buffer.c in OpenSSL allow remote attackers
to conduct buffer overflow attacks, and cause a denial
of service (memory corruption) or possibly have
unspecified other impact, via crafted DER data, as
demonstrated by an X.509 certificate or an RSA public
key. NOTE: this vulnerability exists because of an
incomplete fix for CVE-2012-2110. (CVE-2012-2131)

- Integer underflow in OpenSSL when TLS 1.1, TLS 1.2, or
DTLS is used with CBC encryption, allows remote
attackers to cause a denial of service (buffer over-
read) or possibly have unspecified other impact via a
crafted TLS packet that is not properly handled during a
certain explicit IV calculation. (CVE-2012-2333)

See also :

http://aix.software.ibm.com/aix/efixes/security/openssl_advisory4.asc
https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp

Solution :

A fix is available, and it can be downloaded from the AIX website.

To extract the fixes from the tar file :

zcat openssl-0.9.8.1802.tar.Z | tar xvf -
or
zcat openssl-fips-12.9.8.1802.tar.Z | tar xvf -

IMPORTANT : If possible, it is recommended that a mksysb backup of
the system be created. Verify it is both bootable and readable
before proceeding.

To preview the fix installation :

installp -apYd . openssl

To install the fix package :

installp -aXYd . openssl

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

AIX OpenSSL Advisory : openssl_advisory3.asc


Synopsis:

The remote AIX host is running a vulnerable version of OpenSSL.

Description:

The version of OpenSSL running on the remote host is affected by the
following vulnerabilities :

- The DTLS implementation in OpenSSL before 0.9.8s and 1.x
before 1.0.0f performs a MAC check only if certain
padding is valid, which makes it easier for remote
attackers to recover plaintext via a padding oracle
attack. (CVE-2011-4108)

- Double free vulnerability in OpenSSL 0.9.8 before
0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows
remote attackers to have an unspecified impact by
triggering failure of a policy check. (CVE-2011-4109)

- The SSL 3.0 implementation in OpenSSL before 0.9.8s and
1.x before 1.0.0f does not properly initialize data
structures for block cipher padding, which might allow
remote attackers to obtain sensitive information by
decrypting the padding data sent by an SSL peer.
(CVE-2011-4576)

- The Server Gated Cryptography (SGC) implementation in
OpenSSL before 0.9.8s and 1.x before 1.0.0f does not
properly handle handshake restarts, which allows remote
attackers to cause a denial of service via unspecified
vectors. (CVE-2011-4619)

- OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS
applications, which allows remote attackers to cause a
denial of service via unspecified vectors. NOTE: this
vulnerability exists because of an incorrect fix for
CVE-2011-4108. (CVE-2012-0050)

See also :

http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc
https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp

Solution :

A fix is available, and it can be downloaded from the AIX website.

To extract the fixes from the tar file :

zcat openssl.0.9.8.1801.tar.Z | tar xvf -
or
zcat openssl-fips.12.9.8.1801.tar.Z | tar xvf -
or
zcat openssl.0.9.8.809.tar.Z | tar xvf -

IMPORTANT : If possible, it is recommended that a mksysb backup of
the system be created. Verify it is both bootable and readable
before proceeding.

To preview the fix installation :

installp -apYd . openssl

To install the fix package :

installp -aXYd . openssl

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

AIX OpenSSL Advisory : openssl_advisory2.asc


Synopsis:

The remote AIX host is running a vulnerable version of OpenSSL.

Description:

The version of OpenSSL running on the remote host is affected by the
following vulnerabilities :

- ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0
through 1.0.0c allows remote attackers to cause a denial
of service (crash), and possibly obtain sensitive
information in applications that use OpenSSL, via a
malformed ClientHello handshake message that triggers an
out-of-bounds memory access, aka 'OCSP stapling
vulnerability.' (CVE-2011-0014)

- Multiple race conditions in ssl/t1_lib.c in OpenSSL
0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-
threading and internal caching are enabled on a TLS
server, might allow remote attackers to execute
arbitrary code via client data that triggers a heap-
based buffer overflow, related to (1) the TLS server
name extension and (2) elliptic curve cryptography.
(CVE-2010-3864)

- OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does
not properly prevent modification of the ciphersuite in
the session cache, which allows remote attackers to
force the downgrade to an unintended cipher via vectors
involving sniffing network traffic to discover a session
identifier. (CVE-2010-4180)

See also :

http://aix.software.ibm.com/aix/efixes/security/openssl_advisory2.asc
https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp
http://www.openssl.org/news/secadv_20110208.txt
http://www.openssl.org/news/secadv_20101116.txt
http://www.openssl.org/news/secadv_20101116.txt

Solution :

A fix is available, and it can be downloaded from the AIX website.

To extract the fixes from the tar file :

zcat openssl.0.9.8.1302.tar.Z | tar xvf -
or
zcat openssl-fips.12.9.8.1302.tar.Z | tar xvf -
or
zcat openssl.0.9.8.808.tar.Z | tar xvf -

IMPORTANT : If possible, it is recommended that a mksysb backup of
the system be created. Verify it is both bootable and readable
before proceeding.

To preview the fix installation :

installp -apYd . openssl

To install the fix package :

installp -aXYd . openssl

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.6
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

AIX OpenSSL Advisory : openssl_advisory.asc


Synopsis:

The remote AIX host is running a vulnerable version of OpenSSL.

Description:

The version of OpenSSL running on the remote host is affected by the
following vulnerabilities :

- In TLS connections, certain incorrectly formatted
records can cause an OpenSSL client or server to crash
due to a read attempt at NULL. OpenSSL before 0.9.8m
does not check for a NULL return value from bn_wexpand
function calls in (1) crypto/bn/bn_div.c, (2)
crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4)
engines e_ubsec.c, which has an unspecified impact and
context-dependent attack vectors. (CVE-2009-3245)

- The kssl_keytab_is_available function in ssl/kssl.c in
OpenSSL before 0.9.8n, when Kerberos is enabled but
Kerberos configuration files cannot be opened, does not
check a certain return value, which allows remote
attackers to cause a denial of service (NULL pointer
dereference and daemon crash) via SSL cipher
negotiation, as demonstrated by a chroot installation of
Dovecot or stunnel without Kerberos configuration files
inside the chroot. (CVE-2010-0433)

- The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL
0.9.8f through 0.9.8m allows remote attackers to cause a
denial of service (crash) via a malformed record in a
TLS connection that triggers a NULL pointer dereference,
related to the minor version number. (CVE-2010-0740)

See also :

http://aix.software.ibm.com/aix/efixes/security/openssl_advisory.asc
https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp

Solution :

A fix is available, and it can be downloaded from the AIX website.

To extract the fixes from the tar file :

zcat openssl.0.9.8.1103.tar.Z | tar xvf -
or
zcat openssl-fips.12.9.8.1103.tar.Z | tar xvf -
or
zcat openssl.0.9.8.806.tar.Z | tar xvf -

IMPORTANT : If possible, it is recommended that a mksysb backup of
the system be created. Verify it is both bootable and readable
before proceeding.

To preview the fix installation :

installp -apYd . openssl

To install the fix package :

installp -aXYd . openssl

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

AIX OpenSSH Advisory : openssh_advisory2.asc


Synopsis:

The remote AIX host is running a vulnerable version of OpenSSH.

Description:

The version of OpenSSH running on the remote host is affected by a
denial of service vulnerability. The default configuration of OpenSSH
through 6.1 enforces a fixed time limit between establishing a TCP
connection and completing a login, which makes it easier for remote
attackers to cause a denial of service (connection-slot exhaustion)
by periodically making many new TCP connections.

See also :

http://aix.software.ibm.com/aix/efixes/security/openssh_advisory2.asc
https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=aixbp

Solution :

A fix is available, and it can be downloaded from the AIX website.

To extract the fixes from the tar file:
zcat OpenSSH_6.0.0.6102.tar.Z | tar xvf -

IMPORTANT: If possible, it is recommended that a mksysb backup of
the system be created. Verify it is both bootable and readable
before proceeding.

To preview the fix installation:
installp -apYd . OpenSSH_6.0.0.6102

To install the fix package:
installp -aXYd . OpenSSH_6.0.0.6102

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

AIX OpenSSH Advisory: openssh_advisory.asc


Synopsis:

The remote AIX host is running a vulnerable version of OpenSSH.

Description:

The version of OpenSSH running on the remote host is affected by the
following vulnerabilities :

- X11 man-in-the-middle attack:
When attempting to bind(2) to a port that has previously
been bound with SO_REUSEADDR set, most operating systems
check that either the effective user-id matches the
previous bind (common on BSD-derived systems) or that
the bind addresses do not overlap. When the
sshd_config(5) option X11UseLocalhost has been set to
'no' - an attacker may establish a more-specific bind,
which will be used in preference to sshd's wildcard
listener. (CVE-2008-3259)

- Plaintext Recovery Attack Against SSH:
If exploited, this attack can potentially allow an
attacker to recover up to 32 bits of plaintext from an
arbitrary block of ciphertext from a connection secured
using the SSH protocol in the standard configuration.
If OpenSSH is used in the standard configuration, then
the attacker's success probability for recovering 32
bits of plaintext is 2^{-18}. A variant of the attack
against OpenSSH in the standard configuration can
verifiably recover 14 bits of plaintext with probability
2^{-14}. The success probability of the attack for other
implementations of SSH is not known. (CVE-2008-5161)

See also :

http://aix.software.ibm.com/aix/efixes/security/openssh_advisory.asc
http://www.openssh.org/txt/cbc.adv
http://www.openssh.com/txt/release-5.1
http://downloads.sourceforge.net/openssh-aix/

Solution :

A fix is available for AIX versions 5.3 and 6.1, and it can be
downloaded from the OpenSSH sourceforge website for the AIX release.
There is no fix for AIX version 5.2.

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 2.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : python-imaging vulnerabilities (USN-2168-1)


Synopsis:

The remote Ubuntu host is missing a security-related patch.

Description:

Jakub Wilk discovered that the Python Imaging Library incorrectly
handled temporary files. A local attacker could possibly use this
issue to overwrite arbitrary files, or gain access to temporary file
contents. (CVE-2014-1932, CVE-2014-1933).

Solution :

Update the affected python-imaging package.

Risk factor :

Low / CVSS Base Score : 1.9
(CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 1.7
(CVSS2#E:ND/RL:OF/RC:ND)
Public Exploit Available : true

Ubuntu Security Notice (C) 2014 Canonical, Inc. / NASL script (C) 2014 Tenable Network Security, Inc.

SuSE 11.3 Security Update : strongswan (SAT Patch Number 9089)


Synopsis:

The remote SuSE 11 host is missing one or more security updates.

Description:

The following security issue is fixed by this update :

- strongswan has been updated to fix an authentication
problem where attackers could have bypassed the IKEv2
authentication. (CVE-2014-2338). (bnc#870572)

See also :

https://bugzilla.novell.com/show_bug.cgi?id=870572
http://support.novell.com/security/cve/CVE-2014-2338.html

Solution :

Apply SAT patch number 9089.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

SuSE 11.3 Security Update : Linux kernel (SAT Patch Number 9105)


Synopsis:

The remote SuSE 11 host is missing one or more security updates.

Description:

The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to
fix various bugs and security issues.

----------------------------------------------------------------------
- WARNING: If you are running KVM with PCI pass-through on a system
with one of the following Intel chipsets: 5500 (revision 0x13), 5520
(revision 0x13) or X58 (revisions 0x12, 0x13, 0x22), please make sure
to read the following support document before installing this update :

https://www.suse.com/support/kb/doc.php?id=7014344

You will have to update your KVM setup to no longer make use of PCI
pass-through before rebooting to the updated kernel.

----------------------------------------------------------------------
-

The following security bugs have been fixed :

- The Linux kernel before 3.12, when UDP Fragmentation
Offload (UFO) is enabled, does not properly initialize
certain data structures, which allows local users to
cause a denial of service (memory corruption and system
crash) or possibly gain privileges via a crafted
application that uses the UDP_CORK option in a
setsockopt system call and sends both short and long
packets, related to the ip_ufo_append_data function in
net/ipv4/ip_output.c and the ip6_ufo_append_data
function in net/ipv6/ip6_output.c. (bnc#847672).
(CVE-2013-4470)

- The microcode on AMD 16h 00h through 0Fh processors does
not properly handle the interaction between locked
instructions and write-combined memory types, which
allows local users to cause a denial of service (system
hang) via a crafted application, aka the errata 793
issue. (bnc#852967). (CVE-2013-6885)

- The Linux kernel before 3.12.4 updates certain length
values before ensuring that associated data structures
have been initialized, which allows local users to
obtain sensitive information from kernel stack memory
via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system
call, related to net/ipv4/ping.c, net/ipv4/raw.c,
net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c.
(bnc#857643). (CVE-2013-7263)

- The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in
the Linux kernel before 3.12.4 updates a certain length
value before ensuring that an associated data structure
has been initialized, which allows local users to obtain
sensitive information from kernel stack memory via a (1)
recvfrom, (2) recvmmsg, or (3) recvmsg system call.
(bnc#857643). (CVE-2013-7264)

- The pn_recvmsg function in net/phonet/datagram.c in the
Linux kernel before 3.12.4 updates a certain length
value before ensuring that an associated data structure
has been initialized, which allows local users to obtain
sensitive information from kernel stack memory via a (1)
recvfrom, (2) recvmmsg, or (3) recvmsg system call.
(bnc#857643). (CVE-2013-7265)

- The cifs_iovec_write function in fs/cifs/file.c in the
Linux kernel through 3.13.5 does not properly handle
uncached write operations that copy fewer than the
requested number of bytes, which allows local users to
obtain sensitive information from kernel memory, cause a
denial of service (memory corruption and system crash),
or possibly gain privileges via a writev system call
with a crafted pointer. (bnc#864025). (CVE-2014-0069)

Also the following non-security bugs have been fixed :

- kabi: protect symbols modified by bnc#864833 fix.
(bnc#864833)

- mm: mempolicy: fix mbind_range() &
&
vma_adjust()
interaction (VM Functionality (bnc#866428)).

- mm: merging memory blocks resets mempolicy (VM
Functionality (bnc#866428)).

- mm/page-writeback.c: do not count anon pages as
dirtyable memory (High memory utilisation performance
(bnc#859225)).

- mm: vmscan: Do not force reclaim file pages until it
exceeds anon (High memory utilisation performance
(bnc#859225)).

- mm: vmscan: fix endless loop in kswapd balancing (High
memory utilisation performance (bnc#859225)).

- mm: vmscan: Update rotated and scanned when force
reclaimed (High memory utilisation performance
(bnc#859225)).

- mm: exclude memory less nodes from zone_reclaim.
(bnc#863526)

- mm: fix return type for functions nr_free_*_pages kabi
fixup. (bnc#864058)

- mm: fix return type for functions nr_free_*_pages.
(bnc#864058)

- mm: swap: Use swapfiles in priority order (Use swap
files in priority order (bnc#862957)).

- x86: Save cr2 in NMI in case NMIs take a page fault
(follow-up for
patches.fixes/x86-Add-workaround-to-NMI-iret-woes.patch)
.

- powerpc: Add VDSO version of getcpu (fate#316816,
bnc#854445).

- vmscan: change type of vm_total_pages to unsigned long.
(bnc#864058)

- audit: dynamically allocate audit_names when not enough
space is in the names array. (bnc#857358)

- audit: make filetype matching consistent with other
filters. (bnc#857358)

- arch/x86/mm/srat: Skip NUMA_NO_NODE while parsing SLIT.
(bnc#863178)

- hwmon: (coretemp) Fix truncated name of alarm
attributes.

- privcmd: allow preempting long running user-mode
originating hypercalls. (bnc#861093)

- nohz: Check for nohz active instead of nohz enabled.
(bnc#846790)

- nohz: Fix another inconsistency between CONFIG_NO_HZ=n
and nohz=off. (bnc#846790)

- iommu/vt-d: add quirk for broken interrupt remapping on
55XX chipsets. (bnc#844513)

- balloon: do not crash in HVM-with-PoD guests.

- crypto: s390 - fix des and des3_ede ctr concurrency
issue (bnc#862796, LTC#103744).

- crypto: s390 - fix des and des3_ede cbc concurrency
issue (bnc#862796, LTC#103743).

- kernel: oops due to linkage stack instructions
(bnc#862796, LTC#103860).

- crypto: s390 - fix concurrency issue in aes-ctr mode
(bnc#862796, LTC#103742).

- dump: Fix dump memory detection (bnc#862796,LTC#103575).

- net: change type of virtio_chan->p9_max_pages.
(bnc#864058)

- inet: handle rt{,6}_bind_peer() failure correctly.
(bnc#870801)

- inet: Avoid potential NULL peer dereference.
(bnc#864833)

- inet: Hide route peer accesses behind helpers.
(bnc#864833)

- inet: Pass inetpeer root into inet_getpeer*()
interfaces. (bnc#864833)

- tcp: syncookies: reduce cookie lifetime to 128 seconds.
(bnc#833968)

- tcp: syncookies: reduce mss table to four values.
(bnc#833968)

- ipv6 routing, NLM_F_* flag support: REPLACE and EXCL
flags support, warn about missing CREATE flag.
(bnc#865783)

- ipv6: send router reachability probe if route has an
unreachable gateway. (bnc#853162)

- sctp: Implement quick failover draft from tsvwg.
(bnc#827670)

- ipvs: fix AF assignment in ip_vs_conn_new().
(bnc#856848)

- NFSD/sunrpc: avoid deadlock on TCP connection due to
memory pressure. (bnc#853455)

- btrfs: bugfix collection

- fs/nfsd: change type of max_delegations,
nfsd_drc_max_mem and nfsd_drc_mem_used. (bnc#864058)

- fs/buffer.c: change type of max_buffer_heads to unsigned
long. (bnc#864058)

- ncpfs: fix rmdir returns Device or resource busy.
(bnc#864880)

- scsi_dh_alua: fixup RTPG retry delay miscalculation.
(bnc#854025)

- scsi_dh_alua: Simplify state machine. (bnc#854025)

- xhci: Fix resume issues on Renesas chips in Samsung
laptops. (bnc#866253)

- bonding: disallow enslaving a bond to itself.
(bnc#599263)

- USB: hub: handle -ETIMEDOUT during enumeration.
(bnc#855825)

- dm-multipath: Do not stall on invalid ioctls.
(bnc#865342)

- scsi_dh_alua: endless STPG retries for a failed LUN.
(bnc#865342)

- net/mlx4_en: Fix pages never dma unmapped on rx.
(bnc#858604)

- dlm: remove get_comm. (bnc#827670)

- dlm: Avoid LVB truncation. (bnc#827670)

- dlm: disable nagle for SCTP. (bnc#827670)

- dlm: retry failed SCTP sends. (bnc#827670)

- dlm: try other IPs when sctp init assoc fails.
(bnc#827670)

- dlm: clear correct bit during sctp init failure
handling. (bnc#827670)

- dlm: set sctp assoc id during setup. (bnc#827670)

- dlm: clear correct init bit during sctp setup.
(bnc#827670)

- dlm: fix deadlock between dlm_send and dlm_controld.
(bnc#827670)

- dlm: Fix return value from lockspace_busy().
(bnc#827670)

- Avoid occasional hang with NFS. (bnc#852488)

- mpt2sas: Fix unsafe using smp_processor_id() in
preemptible. (bnc#853166)

- lockd: send correct lock when granting a delayed lock.
(bnc#859342)

See also :

https://bugzilla.novell.com/show_bug.cgi?id=599263
https://bugzilla.novell.com/show_bug.cgi?id=827670
https://bugzilla.novell.com/show_bug.cgi?id=833968
https://bugzilla.novell.com/show_bug.cgi?id=844513
https://bugzilla.novell.com/show_bug.cgi?id=846790
https://bugzilla.novell.com/show_bug.cgi?id=847672
https://bugzilla.novell.com/show_bug.cgi?id=852488
https://bugzilla.novell.com/show_bug.cgi?id=852967
https://bugzilla.novell.com/show_bug.cgi?id=853162
https://bugzilla.novell.com/show_bug.cgi?id=853166
https://bugzilla.novell.com/show_bug.cgi?id=853455
https://bugzilla.novell.com/show_bug.cgi?id=854025
https://bugzilla.novell.com/show_bug.cgi?id=854445
https://bugzilla.novell.com/show_bug.cgi?id=855825
https://bugzilla.novell.com/show_bug.cgi?id=856848
https://bugzilla.novell.com/show_bug.cgi?id=857358
https://bugzilla.novell.com/show_bug.cgi?id=857643
https://bugzilla.novell.com/show_bug.cgi?id=858604
https://bugzilla.novell.com/show_bug.cgi?id=859225
https://bugzilla.novell.com/show_bug.cgi?id=859342
https://bugzilla.novell.com/show_bug.cgi?id=861093
https://bugzilla.novell.com/show_bug.cgi?id=862796
https://bugzilla.novell.com/show_bug.cgi?id=862957
https://bugzilla.novell.com/show_bug.cgi?id=863178
https://bugzilla.novell.com/show_bug.cgi?id=863526
https://bugzilla.novell.com/show_bug.cgi?id=864025
https://bugzilla.novell.com/show_bug.cgi?id=864058
https://bugzilla.novell.com/show_bug.cgi?id=864833
https://bugzilla.novell.com/show_bug.cgi?id=864880
https://bugzilla.novell.com/show_bug.cgi?id=865342
https://bugzilla.novell.com/show_bug.cgi?id=865783
https://bugzilla.novell.com/show_bug.cgi?id=866253
https://bugzilla.novell.com/show_bug.cgi?id=866428
https://bugzilla.novell.com/show_bug.cgi?id=870801
http://support.novell.com/security/cve/CVE-2013-4470.html
http://support.novell.com/security/cve/CVE-2013-6885.html
http://support.novell.com/security/cve/CVE-2013-7263.html
http://support.novell.com/security/cve/CVE-2013-7264.html
http://support.novell.com/security/cve/CVE-2013-7265.html
http://support.novell.com/security/cve/CVE-2014-0069.html

Solution :

Apply SAT patch number 9105.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

FreeBSD : nas -- multiple vulnerabilities (bf7912f5-c1a8-11e3-a5ac-001b21614864)


Synopsis:

The remote FreeBSD host is missing one or more security-related
updates.

Description:

Hamid Zamani reports :

multiple security problems (buffer overflows, format string
vulnerabilities and missing input sanitising), which could lead to the
execution of arbitrary code.

See also :

http://radscan.com/pipermail/nas/2013-August/001270.html
http://www.nessus.org/u?e4ede7e0

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

FreeBSD : OpenLDAP -- incorrect handling of NULL in certificate Common Name (abad20bf-c1b4-11e3-a5ac-001b21614864)


Synopsis:

The remote FreeBSD host is missing one or more security-related
updates.

Description:

Jan Lieskovsky reports :

OpenLDAP does not properly handle a '\0' character in a domain name in
the subject's Common Name (CN) field of an X.509 certificate, which
allows man-in-the-middle attackers to spoof arbitrary SSL servers via
a crafted certificate issued by a legitimate Certification Authority

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3767
http://www.nessus.org/u?f9e60265

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

FreeBSD : cURL -- inappropriate GSSAPI delegation (9aecb94c-c1ad-11e3-a5ac-001b21614864)


Synopsis:

The remote FreeBSD host is missing one or more security-related
updates.

Description:

cURL reports :

When doing GSSAPI authentication, libcurl unconditionally performs
credential delegation. This hands the server a copy of the client's
security credentials, allowing the server to impersonate the client to
any other using the same GSSAPI mechanism.

See also :

http://curl.haxx.se/docs/adv_20110623.html
http://www.nessus.org/u?5d880224

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

FreeBSD : dbus-glib -- privledge escalation (77bb0541-c1aa-11e3-a5ac-001b21614864)


Synopsis:

The remote FreeBSD host is missing one or more security-related
updates.

Description:

Sebastian Krahmer reports :

A privilege escalation flaw was found in the way dbus-glib, the D-Bus
add-on library to integrate the standard D-Bus library with the GLib
thread abstraction and main loop, performed filtering of the message
sender (message source subject), when the NameOwnerChanged signal was
received. A local attacker could use this flaw to escalate their
privileges.

See also :

https://bugs.freedesktop.org/show_bug.cgi?id=60916
http://www.nessus.org/u?70501aed

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

FreeBSD : libaudiofile -- heap-based overflow in Microsoft ADPCM compression module (09f47c51-c1a6-11e3-a5ac-001b21614864)


Synopsis:

The remote FreeBSD host is missing one or more security-related
updates.

Description:

Debian reports :

Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile
0.2.6 allows context-dependent attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted
WAV file.

See also :

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510205
http://www.nessus.org/u?daf339c6

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : wordpress-3.8.2-1.fc20 (2014-5029)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Upstream announcement:
http://wordpress.org/news/2014/04/wordpress-3-8-2/

See also :

http://wordpress.org/news/2014/04/wordpress-3-8-2/
https://bugzilla.redhat.com/show_bug.cgi?id=1085858
https://bugzilla.redhat.com/show_bug.cgi?id=1085866
http://www.nessus.org/u?23affef5

Solution :

Update the affected wordpress package.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 19 : mingw-openssl-1.0.1e-6.fc19 (2014-4999)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Fixes CVE-2014-0160 (RHBZ #1085066)

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1085066
http://www.nessus.org/u?68a0bc69

Solution :

Update the affected mingw-openssl package.

Risk factor :

High / CVSS Base Score : 9.4
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N)
Public Exploit Available : true

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : ImageMagick-6.8.6.3-4.fc20 (2014-4969)


Synopsis:

The remote Fedora host is missing a security update.

Description:

- Build 6.8.6-3 version because soname bump happened in
newer.

- Concretize soname versioning.

- Add Patch0: ImageMagick-6.8.7-psd-CVE.patch CVE bug
fix backporting:
http://www.imagemagick.org/discourse-server/viewtopic.
php?f=3&t=25128&sid=ff40ad66b1f845c767aa77c7e32f9f9c&p
=109901#p109901 for fix CVE-2014-1958 (bz#1067276,
bz#1067277, bz#1067278), CVE-2014-1947, CVE-2014-2030
(bz#1064098)

- Enable %check by Alexander Todorov suggestion -
bz#1076671.

- Add %{?_smp_mflags} into make install and check (not
main compilation).

- Porting some other non-destructive minor enhancements
from master branch: o Drop BR giflib-devel
(bz#1039378) o Use %__isa_bits instead of hardcoding
the list of 64-bit architectures.

See also :

http://www.nessus.org/u?54b11eaa
https://bugzilla.redhat.com/show_bug.cgi?id=1064098
https://bugzilla.redhat.com/show_bug.cgi?id=1067276
http://www.nessus.org/u?a099e222

Solution :

Update the affected ImageMagick package.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : jbigkit-2.0-10.fc20 (2014-4948)


Synopsis:

The remote Fedora host is missing a security update.

Description:

This update fixes a stack-based buffer overflow flaw.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1032273
http://www.nessus.org/u?c82d0ab9

Solution :

Update the affected jbigkit package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 19 : squid-3.3.12-1.fc19 (2014-4800)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Use the version from Fedora 20.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1074871
http://www.nessus.org/u?2156db84

Solution :

Update the affected squid package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : mingw-openjpeg-1.5.1-8.fc20 (2014-4782)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Fix CVE-2014-0158 (see rhbz#1082997)

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1082925
http://www.nessus.org/u?25ccadd7

Solution :

Update the affected mingw-openjpeg package.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : php-5.5.11-1.fc20 (2014-4767)


Synopsis:

The remote Fedora host is missing a security update.

Description:

03 Apr 2014, PHP 5.5.11

Core :

- Allow zero length comparison in substr_compare() (Tjerk)

- Fixed bug #60602 (proc_open() changes environment
array) (Tjerk)

SPL :

- Added feature #65545 (SplFileObject::fread()) (Tjerk)

cURL :

- Fixed bug #66109 (Can't reset CURLOPT_CUSTOMREQUEST to
default behaviour) (Tjerk)

- Fix compilation on libcurl versions between 7.10.5 and
7.12.2, inclusive. (Adam)

FPM :

- Added clear_env configuration directive to disable
clearenv() call. (Github PR# 598, Paul Annesley)

Fileinfo :

- Fixed bug #66946 (fileinfo: extensive backtracking in
awk rule regular expression). (CVE-2013-7345) (Remi)

GD :

- Fixed bug #66714 (imageconvolution breakage). (Brad
Daily)

- Fixed bug #66869 (Invalid 2nd argument crashes
imageaffinematrixget) (Pierre)

- Fixed bug #66887 (imagescale - poor quality of scaled
image). (Remi)

- Fixed bug #66890 (imagescale segfault). (Remi)

- Fixed bug #66893 (imagescale ignore method argument).
(Remi)

Hash :

- hash_pbkdf2() now works correctly if the $length
argument is not specified. (Nikita)

Intl :

- Fixed bug #66873 (A reproductible crash in UConverter
when given invalid encoding) (Stas)

Mail :

- Fixed bug #66535 (Don't add newline after
X-PHP-Originating-Script) (Tjerk)

MySQLi :

- Fixed bug #66762 (Segfault in mysqli_stmt::bind_result()
when link closed) (Remi)

OPCache :

- Added function opcache_is_script_cached(). (Danack)

- Added information about interned strings usage.
(Terry, Julien, Dmitry)

Openssl :

- Fixed bug #66833 (Default disgest algo is still MD5,
switch to SHA1). (Remi)

GMP :

- Fixed bug #66872 (invalid argument crashes gmp_testbit)
(Pierre)

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1079846
http://www.nessus.org/u?aad326be

Solution :

Update the affected php package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 19 : mingw-openjpeg-1.5.1-8.fc19 (2014-4749)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Fix CVE-2014-0158 (see rhbz#1082997)

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1082925
http://www.nessus.org/u?ad6a1039

Solution :

Update the affected mingw-openjpeg package.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 19 : php-5.5.11-1.fc19 (2014-4735)


Synopsis:

The remote Fedora host is missing a security update.

Description:

03 Apr 2014, PHP 5.5.11

Core :

- Allow zero length comparison in substr_compare() (Tjerk)

- Fixed bug #60602 (proc_open() changes environment
array) (Tjerk)

SPL :

- Added feature #65545 (SplFileObject::fread()) (Tjerk)

cURL :

- Fixed bug #66109 (Can't reset CURLOPT_CUSTOMREQUEST to
default behaviour) (Tjerk)

- Fix compilation on libcurl versions between 7.10.5 and
7.12.2, inclusive. (Adam)

FPM :

- Added clear_env configuration directive to disable
clearenv() call. (Github PR# 598, Paul Annesley)

Fileinfo :

- Fixed bug #66946 (fileinfo: extensive backtracking in
awk rule regular expression). (CVE-2013-7345) (Remi)

GD :

- Fixed bug #66714 (imageconvolution breakage). (Brad
Daily)

- Fixed bug #66869 (Invalid 2nd argument crashes
imageaffinematrixget) (Pierre)

- Fixed bug #66887 (imagescale - poor quality of scaled
image). (Remi)

- Fixed bug #66890 (imagescale segfault). (Remi)

- Fixed bug #66893 (imagescale ignore method argument).
(Remi)

Hash :

- hash_pbkdf2() now works correctly if the $length
argument is not specified. (Nikita)

Intl :

- Fixed bug #66873 (A reproductible crash in UConverter
when given invalid encoding) (Stas)

Mail :

- Fixed bug #66535 (Don't add newline after
X-PHP-Originating-Script) (Tjerk)

MySQLi :

- Fixed bug #66762 (Segfault in mysqli_stmt::bind_result()
when link closed) (Remi)

OPCache :

- Added function opcache_is_script_cached(). (Danack)

- Added information about interned strings usage.
(Terry, Julien, Dmitry)

Openssl :

- Fixed bug #66833 (Default disgest algo is still MD5,
switch to SHA1). (Remi)

GMP :

- Fixed bug #66872 (invalid argument crashes gmp_testbit)
(Pierre)

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1079846
http://www.nessus.org/u?893cfbe4

Solution :

Update the affected php package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : cups-filters-1.0.41-6.fc20 (2014-4708)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Update fixes remote command injection vulnerability in cups-browsed.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1083326
http://www.nessus.org/u?f9581abb

Solution :

Update the affected cups-filters package.

Risk factor :

High

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Fedora 20 : v8-3.14.5.10-7.fc20 (2014-4625)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Common Vulnerabilities and Exposures assigned an identifier
CVE-2014-1704 to the following vulnerability :

URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1704

Multiple unspecified vulnerabilities in Google V8 before 3.23.17.18,
as used in Google Chrome before 33.0.1750.149, allow attackers to
cause a denial of service or possibly have other impact via unknown
vectors.

Only one vulnerability in this CVE affects v8-3.14.5.10 in Fedora.
This update fixes the vulnerability involving unsigned integer
arithmetic.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1077136
http://www.nessus.org/u?ca3e1b48

Solution :

Update the affected v8 package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2014 Tenable Network Security, Inc.