Newest Plugins

Ubuntu 12.04 LTS / 14.04 / 15.04 : expat vulnerability (USN-2726-1)


Synopsis:

The remote Ubuntu host is missing one or more security-related patches.

Description:

It was discovered that Expat incorrectly handled malformed XML data.
If a user or application linked against Expat were tricked into
opening a crafted XML file, an attacker could cause a denial of
service, or possibly execute arbitrary code.

Solution :

Update the affected lib64expat1 and / or libexpat1 packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

SUSE SLES11 Security Update : php53 (SUSE-SU-2015:1466-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

PHP was updated to fix two security issues.

The following vulnerabilities were fixed :

- CVE-2015-5589: PHP could be crashed when processing an
invalid file with the 'phar' extension with a segfault
in Phar::convertToData, leading to Denial of Service
(DOS) (bsc#938721)

- CVE-2015-5590: PHP could be crashed or have unspecified
other impact due to a buffer overlow in
phar_fix_filepath (bsc#938719)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/938719
https://bugzilla.suse.com/938721
https://www.suse.com/security/cve/CVE-2015-5589.html
https://www.suse.com/security/cve/CVE-2015-5590.html
http://www.nessus.org/u?b22cd680

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 11-SP4 :

zypper in -t patch sdksp4-php53-12057=1

SUSE Linux Enterprise Software Development Kit 11-SP3 :

zypper in -t patch sdksp3-php53-12057=1

SUSE Linux Enterprise Server for VMWare 11-SP3 :

zypper in -t patch slessp3-php53-12057=1

SUSE Linux Enterprise Server 11-SP4 :

zypper in -t patch slessp4-php53-12057=1

SUSE Linux Enterprise Server 11-SP3 :

zypper in -t patch slessp3-php53-12057=1

SUSE Linux Enterprise Debuginfo 11-SP4 :

zypper in -t patch dbgsp4-php53-12057=1

SUSE Linux Enterprise Debuginfo 11-SP3 :

zypper in -t patch dbgsp3-php53-12057=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

SUSE SLED11 / SLES11 Security Update : kvm (SUSE-SU-2015:1455-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

kvm was updated to fix one security issue.

This security issue was fixed :

- CVE-2015-5154: Host code execution via IDE subsystem
CD-ROM (bsc#938344).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/938344
https://www.suse.com/security/cve/CVE-2015-5154.html
http://www.nessus.org/u?77d090c7

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 11-SP4 :

zypper in -t patch slessp4-kvm-12053=1

SUSE Linux Enterprise Desktop 11-SP4 :

zypper in -t patch sledsp4-kvm-12053=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.3
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2015:1449-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

Mozilla Firefox is being updated to the current Firefox 38ESR branch
(specifically the 38.2.0ESR release).

Security issues fixed :

- MFSA 2015-78 / CVE-2015-4495: Same origin violation and
local file stealing via PDF reader

- MFSA 2015-79 / CVE-2015-4473/CVE-2015-4474:
Miscellaneous memory safety hazards (rv:40.0 / rv:38.2)

- MFSA 2015-80 / CVE-2015-4475: Out-of-bounds read with
malformed MP3 file

- MFSA 2015-82 / CVE-2015-4478: Redefinition of
non-configurable JavaScript object properties

- MFSA 2015-83 / CVE-2015-4479: Overflow issues in
libstagefright

- MFSA 2015-87 / CVE-2015-4484: Crash when using shared
memory in JavaScript

- MFSA 2015-88 / CVE-2015-4491: Heap overflow in
gdk-pixbuf when scaling bitmap images

- MFSA 2015-89 / CVE-2015-4485/CVE-2015-4486: Buffer
overflows on Libvpx when decoding WebM video

- MFSA 2015-90 /
CVE-2015-4487/CVE-2015-4488/CVE-2015-4489:
Vulnerabilities found through code inspection

- MFSA 2015-92 / CVE-2015-4492: Use-after-free in
XMLHttpRequest with shared workers

The following vulnerabilities were fixed in ESR31 and are also
included here :

- CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous
memory safety hazards (bsc#935979).

- CVE-2015-2728: Type confusion in Indexed Database
Manager (bsc#935979).

- CVE-2015-2730: ECDSA signature validation fails to
handle some signatures correctly (bsc#935979).

- CVE-2015-2722/CVE-2015-2733: Use-after-free in workers
while using XMLHttpRequest (bsc#935979).
CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/
CVE-2015-2738/CVE-2 015-2739/CVE-2015-2740:
Vulnerabilities found through code inspection
(bsc#935979).

- CVE-2015-2743: Privilege escalation in PDF.js
(bsc#935979).

- CVE-2015-4000: NSS accepts export-length DHE keys with
regular DHE cipher suites (bsc#935033).

- CVE-2015-2721: NSS incorrectly permits skipping of
ServerKeyExchange (bsc#935979).

This update also contains a lot of feature improvements and bug fixes
from 31ESR to 38ESR.

Also the Mozilla NSS library switched its CKBI API from 1.98 to 2.4,
which is what Firefox 38ESR uses.

Mozilla Firefox and mozilla-nss were updated to fix 17 security
issues.

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/935033
https://bugzilla.suse.com/935979
https://bugzilla.suse.com/940806
https://bugzilla.suse.com/940918
https://www.suse.com/security/cve/CVE-2015-2721.html
https://www.suse.com/security/cve/CVE-2015-2722.html
https://www.suse.com/security/cve/CVE-2015-2724.html
https://www.suse.com/security/cve/CVE-2015-2725.html
https://www.suse.com/security/cve/CVE-2015-2726.html
https://www.suse.com/security/cve/CVE-2015-2728.html
https://www.suse.com/security/cve/CVE-2015-2730.html
https://www.suse.com/security/cve/CVE-2015-2733.html
https://www.suse.com/security/cve/CVE-2015-2734.html
https://www.suse.com/security/cve/CVE-2015-2735.html
https://www.suse.com/security/cve/CVE-2015-2736.html
https://www.suse.com/security/cve/CVE-2015-2737.html
https://www.suse.com/security/cve/CVE-2015-2738.html
https://www.suse.com/security/cve/CVE-2015-2739.html
https://www.suse.com/security/cve/CVE-2015-2740.html
https://www.suse.com/security/cve/CVE-2015-2743.html
https://www.suse.com/security/cve/CVE-2015-4000.html
https://www.suse.com/security/cve/CVE-2015-4473.html
https://www.suse.com/security/cve/CVE-2015-4474.html
https://www.suse.com/security/cve/CVE-2015-4475.html
https://www.suse.com/security/cve/CVE-2015-4478.html
https://www.suse.com/security/cve/CVE-2015-4479.html
https://www.suse.com/security/cve/CVE-2015-4484.html
https://www.suse.com/security/cve/CVE-2015-4485.html
https://www.suse.com/security/cve/CVE-2015-4486.html
https://www.suse.com/security/cve/CVE-2015-4487.html
https://www.suse.com/security/cve/CVE-2015-4488.html
https://www.suse.com/security/cve/CVE-2015-4489.html
https://www.suse.com/security/cve/CVE-2015-4491.html
https://www.suse.com/security/cve/CVE-2015-4492.html
https://www.suse.com/security/cve/CVE-2015-4495.html
http://www.nessus.org/u?7becea4c

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 11-SP2-LTSS :

zypper in -t patch slessp2-mozilla-201507-12049=1

SUSE Linux Enterprise Server 11-SP1-LTSS :

zypper in -t patch slessp1-mozilla-201507-12049=1

SUSE Linux Enterprise Debuginfo 11-SP2 :

zypper in -t patch dbgsp2-mozilla-201507-12049=1

SUSE Linux Enterprise Debuginfo 11-SP1 :

zypper in -t patch dbgsp1-mozilla-201507-12049=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

SUSE SLED12 / SLES12 Security Update : busybox (SUSE-SU-2015:1445-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

-The following issues are fixed by this update: CVE-2014-9645: do not
allow / in module names to avoid loading bad modules (bnc#914660)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/914660
https://www.suse.com/security/cve/CVE-2014-9645.html
http://www.nessus.org/u?1577786c

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 12 :

zypper in -t patch SUSE-SLE-SERVER-12-2015-448=1

SUSE Linux Enterprise Desktop 12 :

zypper in -t patch SUSE-SLE-DESKTOP-12-2015-448=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 1.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

SUSE SLED11 / SLES11 Security Update : mozilla-nspr (SUSE-SU-2015:1444-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

mozilla-nspr was update to version 4.10.8

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/935979
http://www.nessus.org/u?576c5cf2

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 11-SP4 :

zypper in -t patch sdksp4-mozilla-nspr-12048=1

SUSE Linux Enterprise Software Development Kit 11-SP3 :

zypper in -t patch sdksp3-mozilla-nspr-12048=1

SUSE Linux Enterprise Server for VMWare 11-SP3 :

zypper in -t patch slessp3-mozilla-nspr-12048=1

SUSE Linux Enterprise Server 11-SP4 :

zypper in -t patch slessp4-mozilla-nspr-12048=1

SUSE Linux Enterprise Server 11-SP3 :

zypper in -t patch slessp3-mozilla-nspr-12048=1

SUSE Linux Enterprise Server 11-SP2-LTSS :

zypper in -t patch slessp2-mozilla-nspr-12048=1

SUSE Linux Enterprise Server 11-SP1-LTSS :

zypper in -t patch slessp1-mozilla-nspr-12048=1

SUSE Linux Enterprise Desktop 11-SP4 :

zypper in -t patch sledsp4-mozilla-nspr-12048=1

SUSE Linux Enterprise Desktop 11-SP3 :

zypper in -t patch sledsp3-mozilla-nspr-12048=1

SUSE Linux Enterprise Debuginfo 11-SP4 :

zypper in -t patch dbgsp4-mozilla-nspr-12048=1

SUSE Linux Enterprise Debuginfo 11-SP3 :

zypper in -t patch dbgsp3-mozilla-nspr-12048=1

SUSE Linux Enterprise Debuginfo 11-SP2 :

zypper in -t patch dbgsp2-mozilla-nspr-12048=1

SUSE Linux Enterprise Debuginfo 11-SP1 :

zypper in -t patch dbgsp1-mozilla-nspr-12048=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

RHEL 6 / 7 : jakarta-taglibs-standard (RHSA-2015:1695)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated jakarta-taglibs-standard packages that fix one security issue
are now available for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Important
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

jakarta-taglibs-standard is the Java Standard Tag Library (JSTL). This
library is used in conjunction with Tomcat and Java Server Pages
(JSP).

It was found that the Java Standard Tag Library (JSTL) allowed the
processing of untrusted XML documents to utilize external entity
references, which could access resources on the host system and,
potentially, allowing arbitrary code execution. (CVE-2015-0254)

Note: jakarta-taglibs-standard users may need to take additional steps
after applying this update. Detailed instructions on the additional
steps can be found here :

https://access.redhat.com/solutions/1584363

All jakarta-taglibs-standard users are advised to upgrade to these
updated packages, which contain a backported patch to correct this
issue.

See also :

https://www.redhat.com/security/data/cve/CVE-2015-0254.html
https://access.redhat.com/solutions/1584363
http://rhn.redhat.com/errata/RHSA-2015-1695.html

Solution :

Update the affected jakarta-taglibs-standard and / or
jakarta-taglibs-standard-javadoc packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.5
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

RHEL 6 / 7 : gdk-pixbuf2 (RHSA-2015:1694)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated gdk-pixbuf2 packages that fix one security issue are now
available for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Moderate
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

gdk-pixbuf is an image loading library that can be extended by
loadable modules for new image formats. It is used by toolkits such as
GTK+ or clutter.

An integer overflow, leading to a heap-based buffer overflow, was
found in the way gdk-pixbuf, an image loading library for GNOME,
scaled certain bitmap format images. An attacker could use a specially
crafted BMP image file that, when processed by an application compiled
against the gdk-pixbuf library, would cause that application to crash
or execute arbitrary code with the permissions of the user running the
application. (CVE-2015-4491)

Red Hat would like to thank the Mozilla project for reporting this
issue. Upstream acknowledges Gustavo Grieco as the original reporter.

All gdk-pixbuf2 users are advised to upgrade to these updated
packages, which contain a backported patch to correct this issue.

See also :

https://www.redhat.com/security/data/cve/CVE-2015-4491.html
https://www.mozilla.org/security/announce/2015/mfsa2015-88.html
http://rhn.redhat.com/errata/RHSA-2015-1694.html

Solution :

Update the affected gdk-pixbuf2, gdk-pixbuf2-debuginfo and / or
gdk-pixbuf2-devel packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

RHEL 6 : Satellite Server (RHSA-2015:1592)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Red Hat Satellite 6.1 now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having an important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Red Hat Satellite is a system management solution that allows
organizations to configure and maintain their systems without the
necessity to provide public Internet access to their servers or other
client systems. It performs provisioning and configuration management
of predefined standard operating environments.

This update provides Satellite 6.1 packages for Red Hat Enterprise
Linux 6. For the full list of new features provided by Satellite 6.1
see the Release notes linked to in References section. (BZ#1201357)

It was discovered that, in Foreman, the edit_users permission (for
example, granted to the Manager role) allowed the user to edit admin
user passwords. An attacker with the edit_users permission could use
this flaw to access an admin user account, leading to an escalation of
privileges. (CVE-2015-3235)

It was found that Foreman did not set the HttpOnly flag on session
cookies. This could allow a malicious script to access the session
cookie. (CVE-2015-3155)

It was found that when making an SSL connection to an LDAP
authentication source in Foreman, the remote server certificate was
accepted without any verification against known certificate
authorities, potentially making TLS connections vulnerable to
man-in-the-middle attacks. (CVE-2015-1816)

A flaw was found in the way Foreman authorized user actions on
resources via the API when an organization was not explicitly set. A
remote attacker could use this flaw to obtain additional information
about resources they were not authorized to access. (CVE-2015-1844)

A cross-site scripting (XSS) flaw was found in Foreman's template
preview screen. A remote attacker could use this flaw to perform
cross-site scripting attacks by tricking a user into viewing a
malicious template. Note that templates are commonly shared among
users. (CVE-2014-3653)

It was found that python-oauth2 did not properly verify the nonce of a
signed URL. An attacker able to capture network traffic of a website
using OAuth2 authentication could use this flaw to conduct replay
attacks against that website. (CVE-2013-4346)

It was found that python-oauth2 did not properly generate random
values for use in nonces. An attacker able to capture network traffic
of a website using OAuth2 authentication could use this flaw to
conduct replay attacks against that website. (CVE-2013-4347)

Red Hat would like to thank Rufus Järnefelt of Coresec for reporting
the Foreman HttpOnly issue.

All users who require Satellite 6.1 are advised to install these new
packages.

See also :

http://rhn.redhat.com/errata/RHSA-2015-1592.html
https://www.redhat.com/security/data/cve/CVE-2013-4346.html
https://www.redhat.com/security/data/cve/CVE-2013-4347.html
https://www.redhat.com/security/data/cve/CVE-2014-3653.html
https://www.redhat.com/security/data/cve/CVE-2015-1816.html
https://www.redhat.com/security/data/cve/CVE-2015-1844.html
https://www.redhat.com/security/data/cve/CVE-2015-3155.html
https://www.redhat.com/security/data/cve/CVE-2015-3235.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.0
(CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 4.6
(CVSS2#E:U/RL:U/RC:UC)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

RHEL 7 : Satellite Server (RHSA-2015:1591)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Red Hat Satellite 6.1 now available for Red Hat Enterprise Linux 7.

Red Hat Satellite is a systems management tool for Linux-based
infrastructures. It allows for provisioning, remote management and
monitoring of multiple Linux deployments with a single, centralized
tool. It performs provisioning and configuration management of
predefined standard operating environments.

This update provides Satellite 6.1 packages for Red Hat Enterprise
Linux 7. For the full list of new features provided by Satellite 6.1
see the Release notes linked to in references section. (BZ#1201357)

It was discovered that in Foreman the edit_users permissions (for
example, granted to the Manager role) allowed the user to edit admin
user passwords. An attacker with the edit_users permissions could use
this flaw to access an admin user account, leading to an escalation of
privileges. (CVE-2015-3235)

It was found that Foreman did not set the HttpOnly flag on session
cookies. This could allow a malicious script to access the session
cookie. (CVE-2015-3155)

It was found that when making an SSL connection to an LDAP
authentication source in Foreman, the remote server certificate was
accepted without any verification against known certificate
authorities, potentially making TLS connections vulnerable to
man-in-the-middle attacks. (CVE-2015-1816)

A flaw was found in the way foreman authorized user actions on
resources via the API when an organization was not explicitly set. A
remote attacker could use this flaw to obtain additional information
about resources they were not authorized to access. (CVE-2015-1844)

A cross-site scripting (XSS) flaw was found in Foreman's template
preview screen. A remote attacker could use this flaw to perform
cross-site scripting attacks by tricking a user into viewing a
malicious template. Note that templates are commonly shared among
users. (CVE-2014-3653)

It was found that python-oauth2 did not properly verify the nonce of a
signed URL. An attacker able to capture network traffic of a website
using OAuth2 authentication could use this flaw to conduct replay
attacks against that website. (CVE-2013-4346)

It was found that python-oauth2 did not properly generate random
values for use in nonces. An attacker able to capture network traffic
of a website using OAuth2 authentication could use this flaw to
conduct replay attacks against that website. (CVE-2013-4347)

Red Hat would like to thank Rufus Järnefelt of Coresec for reporting
the foreman HttpOnly issue.

All users who require Satellite 6.1 are advised to install these new
packages.

See also :

http://rhn.redhat.com/errata/RHSA-2015-1591.html
https://www.redhat.com/security/data/cve/CVE-2013-4346.html
https://www.redhat.com/security/data/cve/CVE-2013-4347.html
https://www.redhat.com/security/data/cve/CVE-2014-3653.html
https://www.redhat.com/security/data/cve/CVE-2015-1816.html
https://www.redhat.com/security/data/cve/CVE-2015-1844.html
https://www.redhat.com/security/data/cve/CVE-2015-3155.html
https://www.redhat.com/security/data/cve/CVE-2015-3235.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.0
(CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 4.6
(CVSS2#E:U/RL:U/RC:UC)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

RHEL 7 : JBoss EAP (RHSA-2015:0218)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated packages that provide Red Hat JBoss Enterprise Application
Platform 6.3.3 and fix multiple security issues, several bugs, and add
various enhancements are now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Red Hat JBoss Enterprise Application Platform 6 is a platform for Java
applications based on JBoss Application Server 7.

It was found that the RESTEasy DocumentProvider did not set the
external-parameter-entities and external-general-entities features
appropriately, thus allowing external entity expansion. A remote
attacker able to send XML requests to a RESTEasy endpoint could use
this flaw to read files accessible to the user running the application
server, and potentially perform other more advanced XML eXternal
Entity (XXE) attacks. (CVE-2014-7839)

It was discovered that the Role Based Access Control (RBAC)
implementation did not sufficiently verify all authorization
conditions that are required by the Maintainer role to perform certain
administrative actions. An authenticated user with the Maintainer role
could use this flaw to add, modify, or undefine a limited set of
attributes and their values, which otherwise cannot be written to.
(CVE-2014-7849)

It was discovered that the JBoss Application Server (WildFly) JacORB
subsystem incorrectly assigned socket-binding-ref sensitivity
classification for the security-domain attribute. An authenticated
user with a role that has access to attributes with socket-binding-ref
and not security-domain-ref sensitivity classification could use this
flaw to access sensitive information present in the security-domain
attribute. (CVE-2014-7853)

It was found that when processing undefined security domains, the
org.jboss.security.plugins.mapping.JBossMappingManager implementation
would fall back to the default security domain if it was available. A
user with valid credentials in the defined default domain, with a role
that is valid in the expected application domain, could perform
actions that were otherwise not available to them. When using the
SAML2 STS Login Module, JBossMappingManager exposed this issue due to
the PicketLink Trust SecurityActions implementation using a hard-coded
default value when defining the context. (CVE-2014-7827)

It was discovered that under specific conditions the conversation
state information stored in a thread-local variable was not sanitized
correctly when the conversation ended. This could lead to a race
condition that could potentially expose sensitive information from a
previous conversation to the current conversation. (CVE-2014-8122)

Red Hat would like to thank Rune Steinseth of JProfessionals for
reporting the CVE-2014-8122 issue. The CVE-2014-7849 and CVE-2014-7853
issues were discovered by Darran Lofthouse of the Red Hat JBoss
Enterprise Application Platform Team, and the CVE-2014-7827 issue was
discovered by Ondra Lukas of the Red Hat Quality Engineering Team.

This release serves as a replacement for Red Hat JBoss Enterprise
Application Platform 6.3.2, and includes bug fixes and enhancements.
Documentation for these changes is available from the link in the
References section.

All users of Red Hat JBoss Enterprise Application Platform 6.3 on Red
Hat Enterprise Linux 6 are advised to upgrade to these updated
packages. The JBoss server process must be restarted for the update to
take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-7827.html
https://www.redhat.com/security/data/cve/CVE-2014-7839.html
https://www.redhat.com/security/data/cve/CVE-2014-7849.html
https://www.redhat.com/security/data/cve/CVE-2014-7853.html
https://www.redhat.com/security/data/cve/CVE-2014-8122.html
https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?
http://rhn.redhat.com/errata/RHSA-2015-0218.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P)
CVSS Temporal Score : 5.6
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

RHEL 6 : rhevm-spice-client (RHSA-2015:0197)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated rhevm-spice-client packages that fix two security issues and
several bugs are now available for Red Hat Enterprise Virtualization
Manager 3.

Red Hat Product Security has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Red Hat Enterprise Virtualization Manager provides access to virtual
machines using SPICE. These SPICE client packages provide the SPICE
client and usbclerk service for both Windows 32-bit operating systems
and Windows 64-bit operating systems.

A race condition was found in the way OpenSSL handled ServerHello
messages with an included Supported EC Point Format extension. A
malicious server could possibly use this flaw to cause a
multi-threaded TLS/SSL client using OpenSSL to write into freed
memory, causing the client to crash or execute arbitrary code.
(CVE-2014-3509)

A flaw was found in the way OpenSSL handled fragmented handshake
packets. A man-in-the-middle attacker could use this flaw to force a
TLS/SSL server using OpenSSL to use TLS 1.0, even if both the client
and the server supported newer protocol versions. (CVE-2014-3511)

This update also fixes the following bugs :

* Previously, various clipboard managers, operating on the client or
on the guest, would occasionally lose synchronization, which resulted
in clipboard data loss and the SPICE console freezing. Now, spice-gtk
have been patched, such that clipboard synchronization does not freeze
the SPICE console anymore. (BZ#1083489)

* Prior to this update, when a SPICE console was launched from the Red
Hat Enterprise Virtualization User Portal with the 'Native Client'
invocation method and 'Open in Full Screen' selected, the displays of
the guest virtual machine were not always configured to match the
client displays. After this update, the SPICE console will show a
full-screen guest display for each client monitor. (BZ#1076243)

* A difference in behavior between Linux and Windows clients caused an
extra nul character to be sent when pasting text in a guest machine
from a Windows client. This invisible character was visible in some
Java applications. With this update, the extra nul character is
removed from text strings and no more extraneous character would
appear. (BZ#1090122)

* Previously, If the clipboard is of type image/bmp, and the data is
of 0 size, GTK+ will crash. With this update, the data size is checked
first, and GTK+ no longer crashes when clipboard is of type image/bmp,
and the data is of 0 size. (BZ#1090433)

* Modifier-only key combinations cannot be registered by users as
hotkeys so if a user tries to set a modifier-only key sequence (for
example, 'ctrl+alt') as the hotkey for releasing the cursor, it will
fail, and the user will be able to release the cursor from the window.
With this update, when a modifier-only hotkey is attempted to be
registered, it will fall back to the default cursor-release sequence
(which happens to be 'ctrl+alt'). (BZ#985319)

* Display configuration sometimes used outdated information about the
position of the remote-viewer windows in order to align and configure
the guest displays. Occasionally, this caused the guest displays to
became unexpectedly swapped when a window is resized. With this
update, remote-viewer will always use the current window locations to
align displays, rather than using a possibly outdated cached location
information. (BZ#1018182)

All rhevm-spice-client users are advised to upgrade to these updated
packages, which contain backported patches to correct these issues.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-3509.html
https://www.redhat.com/security/data/cve/CVE-2014-3511.html
http://rhn.redhat.com/errata/RHSA-2015-0197.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

RHEL 6 : Virtualization Manager (RHSA-2015:0158)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Red Hat Enterprise Virtualization Manager 3.5.0 is now available.

Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Red Hat Enterprise Virtualization Manager is a visual tool for
centrally managing collections of virtual servers running Red Hat
Enterprise Linux and Microsoft Windows. This package also includes the
Red Hat Enterprise Virtualization Manager API, a set of scriptable
commands that give administrators the ability to perform queries and
operations on Red Hat Enterprise Virtualization Manager.

The Manager is a JBoss Application Server application that provides
several interfaces through which the virtual environment can be
accessed and interacted with, including an Administration Portal, a
User Portal, and a Representational State Transfer (REST) Application
Programming Interface (API).

It was discovered that the HttpClient incorrectly extracted the host
name from an X.509 certificate subject's Common Name (CN) field. A
man-in-the-middle attacker could use this flaw to spoof an SSL server
using a specially crafted X.509 certificate. (CVE-2012-6153,
CVE-2014-3577)

A Cross-Site Request Forgery (CSRF) flaw was found in the oVirt REST
API. A remote attacker could provide a specially crafted web page
that, when visited by a user with a valid REST API session, would
allow the attacker to trigger calls to the oVirt REST API.
(CVE-2014-0151)

It was found that the oVirt web admin interface did not include the
HttpOnly flag when setting session IDs with the Set-Cookie header.
This flaw could make it is easier for a remote attacker to hijack an
oVirt web admin session by leveraging a cross-site scripting (XSS)
vulnerability. (CVE-2014-0154)

The CVE-2012-6153 issue was discovered by Florian Weimer of Red Hat
Product Security.

These updated Red Hat Enterprise Virtualization Manager packages also
include numerous bug fixes and various enhancements. Space precludes
documenting all of these changes in this advisory. Users are directed
to the Red Hat Enterprise Virtualization 3.5 Manager Release Notes
document, linked to in the References, for information on the most
significant of these changes.

All Red Hat Enterprise Virtualization Manager users are advised to
upgrade to these updated packages, which resolve these issues and add
these enhancements.

See also :

https://www.redhat.com/security/data/cve/CVE-2012-6153.html
https://www.redhat.com/security/data/cve/CVE-2014-0151.html
https://www.redhat.com/security/data/cve/CVE-2014-0154.html
https://www.redhat.com/security/data/cve/CVE-2014-3577.html
http://www.nessus.org/u?568a49ce
http://rhn.redhat.com/errata/RHSA-2015-0158.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.6
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Oracle Linux 6 / 7 : jakarta-taglibs-standard (ELSA-2015-1695)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

Description of changes:

[0:1.1.2-14]
- Gracefully handle parsers without FSP support (e.g. Java 5 GCJ)
- Resolves: CVE-2015-0254

[0:1.1.2-13]
- Prevent XXE and RCE in JSTL XML tags
- Apply correction for previous CVE-2015-0254 patch (prevent XXE in
)
- Resolves: CVE-2015-0254

[0:1.1.2-12]
- Prevent XXE and RCE in JSTL XML tags
- Resolves: CVE-2015-0254

See also :

https://oss.oracle.com/pipermail/el-errata/2015-August/005375.html
https://oss.oracle.com/pipermail/el-errata/2015-August/005377.html

Solution :

Update the affected jakarta-taglibs-standard packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Oracle Linux 6 / 7 : gdk-pixbuf2 (ELSA-2015-1694)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

Description of changes:

[2.28.2-5]
- Fix CVE-2015-4491
- Resolves #1253213

See also :

https://oss.oracle.com/pipermail/el-errata/2015-August/005374.html
https://oss.oracle.com/pipermail/el-errata/2015-August/005376.html

Solution :

Update the affected gdk-pixbuf2 packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 23 : gnutls-3.4.4-1.fc23 (2015-13287)


Synopsis:

The remote Fedora host is missing a security update.

Description:

new upstream release

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1251902
http://www.nessus.org/u?5b85f88c

Solution :

Update the affected gnutls package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

F5 Networks BIG-IP : Apache HTTP server vulnerability (SOL17201)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

Cross-site scripting (XSS) vulnerability in the mod_negotiation module
in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series,
2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the
1.3.x series allows remote authenticated users to inject arbitrary web
script or HTML by uploading a file with a name containing XSS
sequences and a file extension, which leads to injection within a (1)
'406 Not Acceptable' or (2) '300 Multiple Choices' HTTP response when
the extension is omitted in a request for the file.

See also :

http://www.nessus.org/u?acb82110

Solution :

Upgrade to one of the non-vulnerable versions listed in the F5
Solution SOL17201.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

IBM Storwize V7000 Unified ACL Security Bypass


Synopsis:

The remote host is affected by an ACL security bypass vulnerability.

Description:

The remote IBM Storwize device is affected by an ACL security bypass
vulnerability due to a race condition in the Active Cloud Engine (ACE)
component caused by an error in NFS packet retransmission in response
to noisy or slow responding networks. An authenticated, remote
attacker can exploit this to bypass intended ACL restrictions in
opportunistic circumstances by leveraging incorrect ACL
synchronization over an unreliable NFS connection that requires
retransmissions.

See also :

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004738

Solution :

Upgrade to IBM Storwize version 1.5.0.0 or later.

Risk factor :

Low / CVSS Base Score : 3.5
(CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N)
CVSS Temporal Score : 3.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64


Synopsis:

The remote Scientific Linux host is missing one or more security
updates.

Description:

A flaw was found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user
running Firefox. (CVE-2015-4497)

A flaw was found in the way Firefox handled installation of add-ons.
An attacker could use this flaw to bypass the add-on installation
prompt, and trick the user inso installing an add-on from a malicious
source. (CVE-2015-4498)

After installing the update, Firefox must be restarted for the changes
to take effect.

See also :

http://www.nessus.org/u?c35fe01f

Solution :

Update the affected firefox and / or firefox-debuginfo packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

RHEL 7 : kernel-rt (RHSA-2015:1565)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated kernel-rt packages that fix multiple security issues, several
bugs, and add various enhancements are now available for Red Hat
Enterprise Linux 7.

Red Hat Product Security has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

* An integer overflow flaw was found in the way the Linux kernel's
netfilter connection tracking implementation loaded extensions. An
attacker on a local network could potentially send a sequence of
specially crafted packets that would initiate the loading of a large
number of extensions, causing the targeted system in that network to
crash. (CVE-2014-9715, Moderate)

* A stack-based buffer overflow flaw was found in the Linux kernel's
early load microcode functionality. On a system with UEFI Secure Boot
enabled, a local, privileged user could use this flaw to increase
their privileges to the kernel (ring0) level, bypassing intended
restrictions in place. (CVE-2015-2666, Moderate)

* It was found that the Linux kernel's ping socket implementation did
not properly handle socket unhashing during spurious disconnects,
which could lead to a use-after-free flaw. On x86-64 architecture
systems, a local user able to create ping sockets could use this flaw
to crash the system. On non-x86-64 architecture systems, a local user
able to create ping sockets could use this flaw to escalate their
privileges on the system. (CVE-2015-3636, Moderate)

* It was found that the Linux kernel's TCP/IP protocol suite
implementation for IPv6 allowed the Hop Limit value to be set to a
smaller value than the default one. An attacker on a local network
could use this flaw to prevent systems on that network from sending or
receiving network packets. (CVE-2015-2922, Low)

Red Hat would like to thank Nathan Hoad for reporting the
CVE-2014-9715 issue.

The kernel-rt packages have been upgraded to version 3.10.0-229.11.1,
which provides a number of bug fixes and enhancements over the
previous version, including :

* drbg: Add stdrng alias and increase priority

* seqiv / eseqiv / chainiv: Move IV seeding into init function

* ipv4: kABI fix for 0bbf87d backport

* ipv4: Convert ipv4.ip_local_port_range to be per netns

* libceph: tcp_nodelay support

* ipr: Increase default adapter init stage change timeout

* fix use-after-free bug in usb_hcd_unlink_urb()

* libceph: fix double __remove_osd() problem

* ext4: fix data corruption caused by unwritten and delayed extents

* sunrpc: Add missing support for RPC_CLNT_CREATE_NO_RETRANS_TIMEOUT

* nfs: Fixing lease renewal (Benjamin Coddington)

* control hard lockup detection default

* Fix print-once on enable

* watchdog: update watchdog_thresh properly and watchdog attributes
atomically

* module: Call module notifier on failure after complete_formation()

(BZ#1234470)

This update also fixes the following bugs :

* The megasas driver used the smp_processor_id() function within a
preemptible context, which caused warning messages to be returned to
the console. The function has been changed to raw_smp_processor_id()
so that a lock is held while getting the processor ID. As a result,
correct operations are now allowed without any console warnings being
produced. (BZ#1235304)

* In the NFSv4 file system, non-standard usage of the
write_seqcount_{begin,end}() functions were used, which caused the
realtime code to try to sleep while locks were held. As a consequence,
the 'scheduling while atomic' error messages were returned. The
underlying source code has been modified to use the
__write_seqcount_{begin,end}() functions that do not hold any locks,
allowing correct execution of realtime. (BZ#1235301)

All kernel-rt users are advised to upgrade to these updated packages,
which correct these issues and add these enhancements. The system must
be rebooted for this update to take effect.

See also :

http://rhn.redhat.com/errata/RHSA-2015-1565.html
https://www.redhat.com/security/data/cve/CVE-2014-9715.html
https://www.redhat.com/security/data/cve/CVE-2015-2666.html
https://www.redhat.com/security/data/cve/CVE-2015-2922.html
https://www.redhat.com/security/data/cve/CVE-2015-3636.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.1
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

RHEL 7 : qpid-cpp (RHSA-2015:0660)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated qpid-cpp packages that fix multiple security issues and one
bug are now available for Red Hat Enterprise MRG Messaging 2.5 for Red
Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a
next-generation IT infrastructure for enterprise computing. MRG offers
increased performance, reliability, interoperability, and faster
computing for enterprise customers.

The Qpid packages provide a message broker daemon that receives,
stores and routes messages using the open AMQP messaging protocol
along with run-time libraries for AMQP client applications developed
using Qpid C++. Clients exchange messages with an AMQP message broker
using the AMQP protocol.

It was discovered that the Qpid daemon (qpidd) did not restrict access
to anonymous users when the ANONYMOUS mechanism was disallowed.
(CVE-2015-0223)

Multiple flaws were found in the way the Qpid daemon (qpidd) processed
certain protocol sequences. An unauthenticated attacker able to send a
specially crafted protocol sequence set could use these flaws to crash
qpidd. (CVE-2015-0203, CVE-2015-0224)

Red Hat would like to thank the Apache Software Foundation for
reporting the CVE-2015-0203 issue. Upstream acknowledges G. Geshev
from MWR Labs as the original reporter.

This update also fixes the following bug :

* Prior to this update, because message purging was performed on a
timer thread, large purge events could have caused all other timer
tasks to be delayed. Because heartbeats were also driven by a timer on
this thread, this could have resulted in clients timing out because
they were not receiving heartbeats. The fix moves expired message
purging from the timer thread to a worker thread, which allow
long-running expired message purges to not affect timer tasks such as
the heartbeat timer. (BZ#1142833)

All users of Red Hat Enterprise MRG Messaging 2.5 for Red Hat
Enterprise Linux 7 are advised to upgrade to these updated packages,
which correct these issues.

See also :

https://www.redhat.com/security/data/cve/CVE-2015-0203.html
https://www.redhat.com/security/data/cve/CVE-2015-0223.html
https://www.redhat.com/security/data/cve/CVE-2015-0224.html
http://rhn.redhat.com/errata/RHSA-2015-0660.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

openSUSE Security Update : MozillaThunderbird (openSUSE-2015-559)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This update to Thunderbird 38.2.0 fixes the following issues
(bnc#940806) :

- MFSA 2015-79/CVE-2015-4473 Miscellaneous memory safety
hazards

- MFSA 2015-80/CVE-2015-4475 (bmo#1175396) Out-of-bounds
read with malformed MP3 file

- MFSA 2015-82/CVE-2015-4478 (bmo#1105914) Redefinition of
non-configurable JavaScript object properties

- MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493
Overflow issues in libstagefright

- MFSA 2015-84/CVE-2015-4481 (bmo1171518) Arbitrary file
overwriting through Mozilla Maintenance Service with
hard links (only affected Windows)

- MFSA 2015-85/CVE-2015-4482 (bmo#1184500) Out-of-bounds
write with Updater and malicious MAR file (does not
affect openSUSE RPM packages which do not ship the
updater)

- MFSA 2015-87/CVE-2015-4484 (bmo#1171540) Crash when
using shared memory in JavaScript

- MFSA 2015-88/CVE-2015-4491 (bmo#1184009) Heap overflow
in gdk-pixbuf when scaling bitmap images

- MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948,
bmo#1178148) Buffer overflows on Libvpx when decoding
WebM video

- MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489
Vulnerabilities found through code inspection

- MFSA 2015-92/CVE-2015-4492 (bmo#1185820) Use-after-free
in XMLHttpRequest with shared workers

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=940806

Solution :

Update the affected MozillaThunderbird packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

openSUSE Security Update : MozillaThunderbird (openSUSE-2015-558)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This update to Thunderbird 38.2.0 fixes the following issues
(bnc#940806) :

- MFSA 2015-79/CVE-2015-4473 Miscellaneous memory safety
hazards

- MFSA 2015-80/CVE-2015-4475 (bmo#1175396) Out-of-bounds
read with malformed MP3 file

- MFSA 2015-82/CVE-2015-4478 (bmo#1105914) Redefinition of
non-configurable JavaScript object properties

- MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493
Overflow issues in libstagefright

- MFSA 2015-84/CVE-2015-4481 (bmo1171518) Arbitrary file
overwriting through Mozilla Maintenance Service with
hard links (only affected Windows)

- MFSA 2015-85/CVE-2015-4482 (bmo#1184500) Out-of-bounds
write with Updater and malicious MAR file (does not
affect openSUSE RPM packages which do not ship the
updater)

- MFSA 2015-87/CVE-2015-4484 (bmo#1171540) Crash when
using shared memory in JavaScript

- MFSA 2015-88/CVE-2015-4491 (bmo#1184009) Heap overflow
in gdk-pixbuf when scaling bitmap images

- MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948,
bmo#1178148) Buffer overflows on Libvpx when decoding
WebM video

- MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489
Vulnerabilities found through code inspection

- MFSA 2015-92/CVE-2015-4492 (bmo#1185820) Use-after-free
in XMLHttpRequest with shared workers

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=940806

Solution :

Update the affected MozillaThunderbird packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

openSUSE Security Update : ansible (openSUSE-2015-557)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

- Fix CVE-2015-3908 to remove tabs and use spaces instead.
This broke python parsing and in consequence Ansible.
(bnc #941863)

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=941863

Solution :

Update the affected ansible package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

FreeBSD : graphviz -- format string vulnerability (5300711b-4e61-11e5-9ad8-14dae9d210b8)


Synopsis:

The remote FreeBSD host is missing a security-related update.

Description:

Joshua Rogers reports :

A format string vulnerability has been found in `graphviz'.

See also :

http://seclists.org/oss-sec/2014/q4/784
http://www.nessus.org/u?75b3c8bc
http://www.nessus.org/u?5187ed90

Solution :

Update the affected package.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

FreeBSD : mozilla -- multiple vulnerabilities (237a201c-888b-487f-84d3-7d92266381d6)


Synopsis:

The remote FreeBSD host is missing one or more security-related
updates.

Description:

The Mozilla Project reports :

MFSA 2015-95 Add-on notification bypass through data URLs

MFSA 2015-94 Use-after-free when resizing canvas element during
restyling

See also :

https://www.mozilla.org/security/advisories/mfsa2015-94/
https://www.mozilla.org/security/advisories/mfsa2015-95/
http://www.nessus.org/u?fdd1e60a

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 23 : mediawiki-1.25.2-2.fc23 (2015-13920)


Synopsis:

The remote Fedora host is missing a security update.

Description:

- (T94116) SECURITY: Compare API watchlist token in
constant time * (T97391) SECURITY: Escape error message
strings in thumb.php * (T106893) SECURITY: Don't leak
autoblocked IP addresses on Special:DeletedContributions
* (T102562) Fix InstantCommons parameters to handle the
new HTTPS-only policy of Wikimedia Commons. * (T100767)
Setting a configuration setting for skin or extension to
false in LocalSettings.php was not working. * (T100635)
API action=opensearch json output no longer breaks when
$wgDebugToolbar is enabled. * (T102522) Using an
extension.json or skin.json file which has a
'manifest_version' property for 1.26 compatability will
no longer trigger warnings. * (T86156) Running
updateSearchIndex.php will not throw an error as
page_restrictions has been added to the locked table
list. * Special:Version would throw notices if using SVN
due to an incorrectly named variable. Add an additional
check that an index is defined.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1253280
http://www.nessus.org/u?405b8c5a

Solution :

Update the affected mediawiki package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

F5 Networks BIG-IP : Apache HTTP server vulnerability (SOL17189)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

CRLF injection vulnerability in the mod_negotiation module in the
Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and
earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x
series allows remote authenticated users to inject arbitrary HTTP
headers and conduct HTTP response splitting attacks by uploading a
file with a multi-line name containing HTTP header sequences and a
file extension, which leads to injection within a (1) '406 Not
Acceptable' or (2) '300 Multiple Choices' HTTP response when the
extension is omitted in a request for the file.

See also :

http://www.nessus.org/u?c9ced2e8

Solution :

Upgrade to one of the non-vulnerable versions listed in the F5
Solution SOL17189.

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 2.6
(CVSS2#E:ND/RL:ND/RC:ND)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Debian DSA-3345-1 : iceweasel - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

Multiple security issues have been found in Iceweasel, Debian's
version of the Mozilla Firefox web browser. The Common Vulnerabilities
and Exposures project identifies the following problems :

- CVE-2015-4497
Jean-Max Reymond and Ucha Gobejishvili discovered a
use-after-free vulnerability which occurs when resizing
of a canvas element is triggered in concert with style
changes. A web page containing malicious content can
cause Iceweasel to crash, or potentially, execute
arbitrary code with the privileges of the user running
Iceweasel.

- CVE-2015-4498
Bas Venis reported a flaw in the handling of add-ons
installation. A remote attacker can take advantage of
this flaw to bypass the add-on installation prompt and
trick a user into installing an add-on from a malicious
source.

See also :

https://security-tracker.debian.org/tracker/CVE-2015-4497
https://security-tracker.debian.org/tracker/CVE-2015-4498
https://packages.debian.org/source/wheezy/iceweasel
https://packages.debian.org/source/jessie/iceweasel
http://www.debian.org/security/2015/dsa-3345

Solution :

Upgrade the iceweasel packages.

For the oldstable distribution (wheezy), these problems have been
fixed in version 38.2.1esr-1~deb7u1.

For the stable distribution (jessie), these problems have been fixed
in version 38.2.1esr-1~deb8u1.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Debian DLA-303-1 : openjdk-6 security update


Synopsis:

The remote Debian host is missing a security update.

Description:

Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in the execution
of arbitrary code, breakouts of the Java sandbox, information
disclosure, denial of service or insecure cryptography.

For Debian 6 'Squeeze', these issues have been fixed in openjdk-6
version 6b36-1.13.8-1~deb6u1.

We recommend that you upgrade your openjdk-6 packages.

Learn more about the Debian Long Term Support (LTS) Project and how to
apply these updates at: https://wiki.debian.org/LTS/

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues.

See also :

https://lists.debian.org/debian-lts-announce/2015/08/msg00018.html
https://packages.debian.org/source/squeeze-lts/openjdk-6
https://wiki.debian.org/LTS/

Solution :

Upgrade the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Slackware 14.1 / current : mozilla-firefox (SSA:2015-241-01)


Synopsis:

The remote Slackware host is missing a security update.

Description:

New mozilla-firefox packages are available for Slackware 14.1 and
-current to fix security issues.

See also :

http://www.nessus.org/u?f785ed5b

Solution :

Update the affected mozilla-firefox package.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

F5 Networks BIG-IQ REST API Authentication Bypass (SOL16861)


Synopsis:

The remote host is affected by an authentication bypass vulnerability.

Description:

According to its version number, the remote F5 Networks BIG-IQ device
is affected by an authentication bypass vulnerability due to a flaw in
the REST API. An unauthenticated, remote attacker can exploit this to
obtain an authentication token for arbitrary LDAP user accounts when
the device is configured to use LDAP remote authentication and the
LDAP server allows anonymous BIND operations.

See also :

http://www.nessus.org/u?e7aa2ed3

Solution :

Upgrade to F5 Networks BIG-IQ version 4.4.0 HF2 / 4.5.0 HF2.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.2
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Advantech WebAccess < 7.0-2011.12.20 Multiple Vulnerabilities


Synopsis:

The remote host is affected by multiple vulnerabilities.

Description:

The version of Advantech WebAccess running on the remote host is prior
to version 7.0-2011.12.20. It is, therefore, affected multiple
vulnerabilities :

- A cross-site scripting vulnerability exist due to
improper validation of unspecified input. A remote
attacker, using a specially crafted request, can exploit
this to execute arbitrary script code in the browser
in the context of the user's session. (OSVDB 124949)

- A SQL injection vulnerability exists due to unspecified
input not being properly sanitized before processing SQL
queries. A remote attacker can exploit this to inject
SQL queries against the database, resulting in the
disclosure or manipulation of arbitrary data.
(OSVDB 124950)

See also :

http://www.nessus.org/u?32c8d148

Solution :

Upgrade to Advantech WebAccess version 7.0-2011.12.20 or higher.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Advantech WebAccess < 7.0-2009.06.29 Multiple Vulnerabilities


Synopsis:

The remote host is affected by multiple vulnerabilities.

Description:

The version of Advantech WebAccess running on the remote host is prior
to version 7.0-2009.06.29. It is, therefore, affected by multiple
vulnerabilities :

- SQL injection vulnerabilities exist due to unspecified
input not being properly sanitized before processing SQL
queries. An unauthenticated, remote attacker can exploit
these to inject SQL queries against the database,
resulting in the disclosure or manipulation of arbitrary
data. (CVE-2011-4521, CVE-2012-0234, CVE-2012-0244)

- Unspecified cross-site scripting vulnerabilities exist
due to improper validation of input data submitted to
scripts bwerrdn.asp and bwview.asp. A remote attacker,
using a specially crafted URL, can exploit these to
execute arbitrary script code in the browser in the
context of the user's session. (CVE-2011-4522,
CVE-2011-4523)

- A buffer overflow condition exists due to a failure to
properly sanitize user-supplied input. A remote,
unauthenticated attacker, by using a very long string
passed to unspecified parameters, can exploit this to
execute arbitrary code. (CVE-2011-4524)

- A flaw exists that allows extracting arbitrary web page
content into a batch file, which can then be executed.
An unauthenticated, remote attacker can exploit this
to write files to the server, allowing the execution
of arbitrary code. (CVE-2011-4525)

- A buffer overflow condition exists due to a failure to
properly sanitize user-supplied input to unspecified
ActiveX parameters. An unauthenticated, remote attacker
can exploit this, using a crafted long string, to
execute arbitrary code. (CVE-2011-4526)

- A cross-site scripting vulnerability exists due to
improper validation of unspecified input before
returning it to the user. A remote attacker, using a
specially crafted URL, can exploit this to execute
arbitrary script code in the browser in the context of
the user's session. (CVE-2012-0233)

- An unspecified cross-site request forgery (XSRF)
vulnerability exists due to WebAccess not requiring
explicit confirmation from the user for sensitive
transactions. An attacker, by using a specially crafted
GET request embedded in an 'img' tag, can exploit this
vulnerability to execute commands in the context of the
session between an authenticated user and the
application. (CVE-2012-0235)

- An unspecified information disclosure vulnerability
exists that allows an unauthenticated, remote attacker
to obtain sensitive information by using a direct
request to a URL. (CVE-2012-0236)

- An flaw exists that allows an unauthenticated, remote
attacker to enable or disable the date and time syncing
operations by using a crafted URL. (CVE-2012-0237)

- A stack-based buffer overflow condition exists in
opcImg.asp due to a failure to properly sanitize
user-supplied input. An unauthenticated, remote attacker
can exploit this to execute arbitrary code.
(CVE-2012-0238)

- A flaw exits in the uaddUpAdmin.asp script due to an
authentication failure, which allows a remote attacker
to modify an administrative password using a change
password request. (CVE-2012-0239)

- A flaw exists in the authentication function in the
GbScriptAddUp.asp script, which allows a remote attacker
to execute arbitrary code. (CVE-2012-0240)

- A memory corruption issue exists in the WriteTextData()
and CloseFile() functions due to a failure to properly
sanitize user-supplied input. A remote attacker, by
using a crafted value in the 'fpt' parameter, can
exploit this to cause a denial of service or execute
arbitrary code. (CVE-2012-0241)

- A flaw in the bwocxrun.ocx ActiveX control exists due to
a failure by the OcxSpool() method to properly sanitize
user-supplied string format specifiers. A remote,
unauthenticated attacker, by using crafted specifiers,
can exploit this to execute arbitrary code.
(CVE-2012-0242)

- A buffer overflow condition exists in the bwocxrun.ocx
ActiveX control due to a failure to properly sanitize
user-supplied input. A remote attacker can exploit this
to write arbitrary files to any pathname, allowing the
execution of arbitrary code. (CVE-2012-0243)

- An unspecified SQL injection vulnerability exists due to
input not being properly sanitized before processing SQL
queries, which resulted from an incomplete fix for issue
CVE-2012-0234. An unauthenticated, remote attacker can
exploit this vulnerability to inject SQL queries against
the database, resulting in the disclosure or
manipulation of arbitrary data. (CVE-2012-1234)

See also :

http://www.nessus.org/u?07dd82c7
https://ics-cert.us-cert.gov/advisories/ICSA-12-047-01A

Solution :

Upgrade to Advantech WebAccess version 7.0-2009.06.29 or higher.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

OpenSSH < 7.1 PermitRootLogin Security Bypass


Synopsis:

The SSH server running on the remote host is affected by a security
bypass vulnerability.

Description:

According to its banner, the version of OpenSSH running on the remote
host is prior to 7.1. It is, therefore, affected by a security bypass
vulnerability due to a logic error that is triggered under certain
compile-time configurations when PermitRootLogin is set to
'prohibit-password' or 'without-password'. An unauthenticated, remote
attacker can exploit this to permit password authentication to root
while preventing other forms of authentication.

See also :

http://www.openssh.com/txt/release-7.1

Solution :

Upgrade to OpenSSH 7.1 or later.

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 1.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Firefox < 40.0.3 Multiple Vulnerabilities


Synopsis:

The remote Windows host contains a web browser that is affected by
multiple vulnerabilities.

Description:

The version of Mozilla Firefox installed on the remote Windows host is
prior to 40.0.3. It is, therefore, affected by the following
vulnerabilities :

- A use-after-free error exists when handling restyling
operations during the resizing of canvas elements due to
the canvas references being recreated, thus destroying
the original references. A remote, unauthenticated
attacker can exploit this to deference already freed
memory, resulting in a denial of service condition or
the execution of arbitrary code. (CVE-2015-4497)

- A security feature bypass vulnerability exists due to a
flaw that allows the manipulation of the 'data:' URL on
a loaded web page without install permission prompts
being displayed to the user. A remote, unauthenticated
attacker can exploit this to install add-ons from a
malicious source. (CVE-2015-4498)

See also :

https://www.mozilla.org/en-US/security/advisories/mfsa2015-94/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-95/

Solution :

Upgrade to Firefox 40.0.3 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Firefox ESR < 38.2.1 Multiple Vulnerabilities


Synopsis:

The remote Windows host contains a web browser that is affected by
multiple vulnerabilities.

Description:

The version of Mozilla Firefox ESR installed on the remote Windows
host is prior to 38.2.1. It is, therefore, affected by the following
vulnerabilities :

- A use-after-free error exists when handling restyling
operations during the resizing of canvas elements due to
the canvas references being recreated, thus destroying
the original references. A remote, unauthenticated
attacker can exploit this to deference already freed
memory, resulting in a denial of service condition or
the execution of arbitrary code. (CVE-2015-4497)

- A security feature bypass vulnerability exists due to a
flaw that allows the manipulation of the 'data:' URL on
a loaded web page without install permission prompts
being displayed to the user. A remote, unauthenticated
attacker can exploit this to install add-ons from a
malicious source. (CVE-2015-4498)

See also :

https://www.mozilla.org/en-US/security/advisories/mfsa2015-94/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-95/

Solution :

Upgrade to Firefox ESR 38.2.1 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Firefox < 40.0.3 Multiple Vulnerabilities (Mac OS X)


Synopsis:

The remote Mac OS X host contains a web browser that is affected by
multiple vulnerabilities.

Description:

The version of Mozilla Firefox installed on the remote Mac OS X host
is prior to 40.0.3. It is, therefore, affected by the following
vulnerabilities :

- A use-after-free error exists when handling restyling
operations during the resizing of canvas elements due to
the canvas references being recreated, thus destroying
the original references. A remote, unauthenticated
attacker can exploit this to deference already freed
memory, resulting in a denial of service condition or
the execution of arbitrary code. (CVE-2015-4497)

- A security feature bypass vulnerability exists due to a
flaw that allows the manipulation of the 'data:' URL on
a loaded web page without install permission prompts
being displayed to the user. A remote, unauthenticated
attacker can exploit this to install add-ons from a
malicious source. (CVE-2015-4498)

See also :

https://www.mozilla.org/en-US/security/advisories/mfsa2015-94/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-95/

Solution :

Upgrade to Firefox 40.0.3 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Firefox ESR < 38.2.1 Multiple Vulnerabilities (Mac OS X)


Synopsis:

The remote Mac OS X host contains a web browser that is affected by
multiple vulnerabilities.

Description:

The version of Mozilla Firefox ESR installed on the remote Mac OS X
host is prior to 38.2.1. It is, therefore, affected by the following
vulnerabilities :

- A use-after-free error exists when handling restyling
operations during the resizing of canvas elements due to
the canvas references being recreated, thus destroying
the original references. A remote, unauthenticated
attacker can exploit this to deference already freed
memory, resulting in a denial of service condition or
the execution of arbitrary code. (CVE-2015-4497)

- A security feature bypass vulnerability exists due to a
flaw that allows the manipulation of the 'data:' URL on
a loaded web page without install permission prompts
being displayed to the user. A remote, unauthenticated
attacker can exploit this to install add-ons from a
malicious source. (CVE-2015-4498)

See also :

https://www.mozilla.org/en-US/security/advisories/mfsa2015-94/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-95/

Solution :

Upgrade to Firefox ESR 38.2.1 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Cisco Virtual Security Gateway OpenSSL Alternative Certificate Validation Bypass (cisco-sa-20150710-openssl)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

The remote Cisco Virtual Security Gateway device is affected by a
certificate validation bypass vulnerability in the bundled OpenSSL
library due to a flaw in the X509_verify_cert() function in x509_vfy.c
that is triggered when locating alternate certificate chains in cases
where the first attempt to build such a chain fails. A remote attacker
can exploit this, by using a valid leaf certificate as a certificate
authority (CA), to issue invalid certificates that will bypass
authentication.

See also :

http://www.nessus.org/u?91e2a837
https://tools.cisco.com/bugsearch/bug/CSCuv26137
http://openssl.org/news/secadv_20150709.txt

Solution :

Upgrade to the relevant fixed version referenced in Cisco bug ID
CSCuv26137.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 5.3
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.