Newest Plugins

MS KB3035034: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer


Synopsis:

The remote Windows host has a browser plugin that is affected by
multiple code execution vulnerabilities.

Description:

The remote host is missing KB3035034. It is, therefore, affected by
the following vulnerabilities :

- A use-after-free error exists that allows an attacker to
crash the application or execute arbitrary code.
(CVE-2015-0311)

- A double-free error exists that allows an attacker to
crash the application or execute arbitrary code.
(CVE-2015-0312)

See also :

https://technet.microsoft.com/library/security/2755801
https://support.microsoft.com/kb/3035034
http://helpx.adobe.com/security/products/flash-player/apsb15-03.html

Solution :

Install Microsoft KB3035034.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Ubuntu 14.04 / 14.10 : openjdk-7 vulnerabilities (USN-2487-1)


Synopsis:

The remote Ubuntu host is missing one or more security-related patches.

Description:

Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure, data integrity and availability. An attacker
could exploit these to cause a denial of service or expose sensitive
data over the network. (CVE-2014-3566, CVE-2014-6587, CVE-2014-6601,
CVE-2015-0395, CVE-2015-0408, CVE-2015-0412)

Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure. An attacker could exploit these to expose
sensitive data over the network. (CVE-2014-6585, CVE-2014-6591,
CVE-2015-0400, CVE-2015-0407)

A vulnerability was discovered in the OpenJDK JRE related to
information disclosure and integrity. An attacker could exploit this
to expose sensitive data over the network. (CVE-2014-6593)

A vulnerability was discovered in the OpenJDK JRE related to integrity
and availability. An attacker could exploit this to cause a denial of
service. (CVE-2015-0383)

A vulnerability was discovered in the OpenJDK JRE related to
availability. An attacker could this exploit to cause a denial of
service. (CVE-2015-0410)

A vulnerability was discovered in the OpenJDK JRE related to data
integrity. (CVE-2015-0413).

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Ubuntu Security Notice (C) 2015 Canonical, Inc. / NASL script (C) 2015 Tenable Network Security, Inc.

Oracle Linux 5 : glibc (ELSA-2015-0090)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

From Red Hat Security Advisory 2015:0090 :

Updated glibc packages that fix one security issue are now available
for Red Hat Enterprise Linux 5.

Red Hat Product Security has rated this update as having Critical
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The glibc packages provide the standard C libraries (libc), POSIX
thread libraries (libpthread), standard math libraries (libm), and the
Name Server Caching Daemon (nscd) used by multiple programs on the
system. Without these libraries, the Linux system cannot function
correctly.

A heap-based buffer overflow was found in glibc's
__nss_hostname_digits_dots() function, which is used by the
gethostbyname() and gethostbyname2() glibc function calls. A remote
attacker able to make an application call either of these functions
could use this flaw to execute arbitrary code with the permissions of
the user running the application. (CVE-2015-0235)

Red Hat would like to thank Qualys for reporting this issue.

All glibc users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue.

See also :

https://oss.oracle.com/pipermail/el-errata/2015-January/004811.html

Solution :

Update the affected glibc packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Ubuntu 10.04 LTS / 12.04 LTS : openjdk-6 vulnerabilities (USN-2486-1)


Synopsis:

The remote Ubuntu host is missing one or more security-related patches.

Description:

Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure, data integrity and availability. An attacker
could exploit these to cause a denial of service or expose sensitive
data over the network. (CVE-2014-3566, CVE-2014-6587, CVE-2014-6601,
CVE-2015-0395, CVE-2015-0408, CVE-2015-0412)

Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure. An attacker could exploit these to expose
sensitive data over the network. (CVE-2014-6585, CVE-2014-6591,
CVE-2015-0400, CVE-2015-0407)

A vulnerability was discovered in the OpenJDK JRE related to
information disclosure and integrity. An attacker could exploit this
to expose sensitive data over the network. (CVE-2014-6593)

A vulnerability was discovered in the OpenJDK JRE related to integrity
and availability. An attacker could exploit this to cause a denial of
service. (CVE-2015-0383)

A vulnerability was discovered in the OpenJDK JRE related to
availability. An attacker could this exploit to cause a denial of
service. (CVE-2015-0410).

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Ubuntu Security Notice (C) 2015 Canonical, Inc. / NASL script (C) 2015 Tenable Network Security, Inc.

Ubuntu 10.04 LTS / 12.04 LTS : eglibc vulnerability (USN-2485-1)


Synopsis:

The remote Ubuntu host is missing a security-related patch.

Description:

It was discovered that a buffer overflow existed in the gethostbyname
and gethostbyname2 functions in the GNU C Library. An attacker could
use this issue to execute arbitrary code or cause an application
crash, resulting in a denial of service.

Solution :

Update the affected libc6 package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Ubuntu Security Notice (C) 2015 Canonical, Inc. / NASL script (C) 2015 Tenable Network Security, Inc.

Ubuntu 12.04 LTS / 14.04 / 14.10 : firefox regression (USN-2458-3)


Synopsis:

The remote Ubuntu host is missing a security-related patch.

Description:

USN-2458-1 fixed vulnerabilities in Firefox. This update introduced a
regression which could make websites that use CSP fail to load under
some circumstances. This update fixes the problem.

We apologize for the inconvenience.

Christian Holler, Patrick McManus, Christoph Diehl, Gary Kwong, Jesse
Ruderman, Byron Campen, Terrence Cole, and Nils Ohlmeier discovered
multiple memory safety issues in Firefox. If a user were tricked in to
opening a specially crafted website, an attacker could potentially
exploit these to cause a denial of service via application crash, or
execute arbitrary code with the privileges of the user invoking
Firefox. (CVE-2014-8634, CVE-2014-8635)

Bobby Holley discovered that some DOM objects with certain
properties can bypass XrayWrappers in some circumstances. If
a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to
bypass security restrictions. (CVE-2014-8636)

Michal Zalewski discovered a use of uninitialized memory
when rendering malformed bitmap images on a canvas element.
If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to steal
confidential information. (CVE-2014-8637)

Muneaki Nishimura discovered that requests from
navigator.sendBeacon() lack an origin header. If a user were
tricked in to opening a specially crafted website, an
attacker could potentially exploit this to conduct
cross-site request forgery (XSRF) attacks. (CVE-2014-8638)

Xiaofeng Zheng discovered that a web proxy returning a 407
response could inject cookies in to the originally requested
domain. If a user connected to a malicious web proxy, an
attacker could potentially exploit this to conduct
session-fixation attacks. (CVE-2014-8639)

Holger Fuhrmannek discovered a crash in Web Audio while
manipulating timelines. If a user were tricked in to opening
a specially crafted website, an attacker could potentially
exploit this to cause a denial of service. (CVE-2014-8640)

Mitchell Harper discovered a use-after-free in WebRTC. If a
user were tricked in to opening a specially crafted website,
an attacker could potentially exploit this to cause a denial
of service via application crash, or execute arbitrary code
with the privileges of the user invoking Firefox.
(CVE-2014-8641)

Brian Smith discovered that OCSP responses would fail to
verify if signed by a delegated OCSP responder certificate
with the id-pkix-ocsp-nocheck extension, potentially
allowing a user to connect to a site with a revoked
certificate. (CVE-2014-8642).

Solution :

Update the affected firefox package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Ubuntu Security Notice (C) 2015 Canonical, Inc. / NASL script (C) 2015 Tenable Network Security, Inc.

SuSE 11.3 Security Update : Ruby (SAT Patch Number 10126)


Synopsis:

The remote SuSE 11 host is missing one or more security updates.

Description:

The Ruby script interpreter has been updated to fix two denial of
service attacks when expanding XML. (CVE-2014-8080 / CVE-2014-8090)

See also :

https://bugzilla.novell.com/show_bug.cgi?id=902851
https://bugzilla.novell.com/show_bug.cgi?id=905326
http://support.novell.com/security/cve/CVE-2014-8080.html
http://support.novell.com/security/cve/CVE-2014-8090.html

Solution :

Apply SAT patch number 10126.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

SuSE 11.3 Security Update : glibc (SAT Patch Number 10206)


Synopsis:

The remote SuSE 11 host is missing one or more security updates.

Description:

This update for glibc fixes the following security issue :

- A vulnerability was found and fixed in the GNU C
Library, specifically in the function gethostbyname(),
that could lead to a local or remote buffer overflow.
(bsc#913646). (CVE-2015-0235)

See also :

https://bugzilla.novell.com/show_bug.cgi?id=913646
http://support.novell.com/security/cve/CVE-2015-0235.html

Solution :

Apply SAT patch number 10206.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Scientific Linux Security Update : glibc on SL6.x, SL7.x i386/x86_64


Synopsis:

The remote Scientific Linux host is missing one or more security
updates.

Description:

A heap-based buffer overflow was found in glibc's
__nss_hostname_digits_dots() function, which is used by the
gethostbyname() and gethostbyname2() glibc function calls. A remote
attacker able to make an application call either of these functions
could use this flaw to execute arbitrary code with the permissions of
the user running the application. (CVE-2015-0235)

See also :

http://www.nessus.org/u?1dd21fbe

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Scientific Linux Security Update : glibc on SL5.x i386/x86_64


Synopsis:

The remote Scientific Linux host is missing one or more security
updates.

Description:

A heap-based buffer overflow was found in glibc's
__nss_hostname_digits_dots() function, which is used by the
gethostbyname() and gethostbyname2() glibc function calls. A remote
attacker able to make an application call either of these functions
could use this flaw to execute arbitrary code with the permissions of
the user running the application. (CVE-2015-0235)

See also :

http://www.nessus.org/u?94c2264a

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

RHEL 5 / 6 : flash-plugin (RHSA-2015:0094)


Synopsis:

The remote Red Hat host is missing a security update.

Description:

An updated Adobe Flash Player package that fixes multiple security
issues is now available for Red Hat Enterprise Linux 5 and 6
Supplementary.

Red Hat Product Security has rated this update as having Critical
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The flash-plugin package contains a Mozilla Firefox compatible Adobe
Flash Player web browser plug-in.

This update fixes multiple vulnerabilities in Adobe Flash Player.
These vulnerabilities are detailed in the Adobe Security Bulletin
APSB15-02, and APSB15-03, listed in the References section.

Multiple flaws were found in the way flash-plugin displayed certain
SWF content. An attacker could use these flaws to create a specially
crafted SWF file that would cause flash-plugin to crash or,
potentially, execute arbitrary code when the victim loaded a page
containing the malicious SWF content. (CVE-2015-0310, CVE-2015-0311,
CVE-2015-0312)

All users of Adobe Flash Player should install this updated package,
which upgrades Flash Player to version 11.2.202.440.

See also :

https://www.redhat.com/security/data/cve/CVE-2015-0310.html
https://www.redhat.com/security/data/cve/CVE-2015-0311.html
https://www.redhat.com/security/data/cve/CVE-2015-0312.html
https://helpx.adobe.com/security/products/flash-player/apsb15-02.html
https://helpx.adobe.com/security/products/flash-player/apsb15-03.html
http://rhn.redhat.com/errata/RHSA-2015-0094.html

Solution :

Update the affected flash-plugin package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

RHEL 6 : chromium-browser (RHSA-2015:0093)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated chromium-browser packages that fix multiple security issues
are now available for Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Chromium is an open source web browser, powered by WebKit (Blink).

Several flaws were found in the processing of malformed web content. A
web page containing malicious content could cause Chromium to crash
or, potentially, execute arbitrary code with the privileges of the
user running Chromium. (CVE-2014-7923, CVE-2014-7924, CVE-2014-7925,
CVE-2014-7926, CVE-2014-7927, CVE-2014-7928, CVE-2014-7929,
CVE-2014-7930, CVE-2014-7931, CVE-2014-7932, CVE-2014-7933,
CVE-2014-7934, CVE-2014-7935, CVE-2014-7936, CVE-2014-7937,
CVE-2014-7938, CVE-2014-7939, CVE-2014-7940, CVE-2014-7941,
CVE-2014-7942, CVE-2014-7943, CVE-2014-7944, CVE-2014-7945,
CVE-2014-7946, CVE-2014-7947, CVE-2014-7948)

All Chromium users should upgrade to these updated packages, which
contain Chromium version 40.0.2214.91, which corrects these issues.
After installing the update, Chromium must be restarted for the
changes to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-7923.html
https://www.redhat.com/security/data/cve/CVE-2014-7924.html
https://www.redhat.com/security/data/cve/CVE-2014-7925.html
https://www.redhat.com/security/data/cve/CVE-2014-7926.html
https://www.redhat.com/security/data/cve/CVE-2014-7927.html
https://www.redhat.com/security/data/cve/CVE-2014-7928.html
https://www.redhat.com/security/data/cve/CVE-2014-7929.html
https://www.redhat.com/security/data/cve/CVE-2014-7930.html
https://www.redhat.com/security/data/cve/CVE-2014-7931.html
https://www.redhat.com/security/data/cve/CVE-2014-7932.html
https://www.redhat.com/security/data/cve/CVE-2014-7933.html
https://www.redhat.com/security/data/cve/CVE-2014-7934.html
https://www.redhat.com/security/data/cve/CVE-2014-7935.html
https://www.redhat.com/security/data/cve/CVE-2014-7936.html
https://www.redhat.com/security/data/cve/CVE-2014-7937.html
https://www.redhat.com/security/data/cve/CVE-2014-7938.html
https://www.redhat.com/security/data/cve/CVE-2014-7939.html
https://www.redhat.com/security/data/cve/CVE-2014-7940.html
https://www.redhat.com/security/data/cve/CVE-2014-7941.html
https://www.redhat.com/security/data/cve/CVE-2014-7942.html
https://www.redhat.com/security/data/cve/CVE-2014-7943.html
https://www.redhat.com/security/data/cve/CVE-2014-7944.html
https://www.redhat.com/security/data/cve/CVE-2014-7945.html
https://www.redhat.com/security/data/cve/CVE-2014-7946.html
https://www.redhat.com/security/data/cve/CVE-2014-7947.html
https://www.redhat.com/security/data/cve/CVE-2014-7948.html
http://googlechromereleases.blogspot.com/2015/01/stable-update.html
http://rhn.redhat.com/errata/RHSA-2015-0093.html

Solution :

Update the affected chromium-browser and / or
chromium-browser-debuginfo packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

RHEL 6 / 7 : glibc (RHSA-2015:0092)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated glibc packages that fix one security issue are now available
for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Critical
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The glibc packages provide the standard C libraries (libc), POSIX
thread libraries (libpthread), standard math libraries (libm), and the
Name Server Caching Daemon (nscd) used by multiple programs on the
system. Without these libraries, the Linux system cannot function
correctly.

A heap-based buffer overflow was found in glibc's
__nss_hostname_digits_dots() function, which is used by the
gethostbyname() and gethostbyname2() glibc function calls. A remote
attacker able to make an application call either of these functions
could use this flaw to execute arbitrary code with the permissions of
the user running the application. (CVE-2015-0235)

Red Hat would like to thank Qualys for reporting this issue.

All glibc users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue.

See also :

https://www.redhat.com/security/data/cve/CVE-2015-0235.html
http://rhn.redhat.com/errata/RHSA-2015-0092.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

RHEL 5 : glibc (RHSA-2015:0090)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated glibc packages that fix one security issue are now available
for Red Hat Enterprise Linux 5.

Red Hat Product Security has rated this update as having Critical
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The glibc packages provide the standard C libraries (libc), POSIX
thread libraries (libpthread), standard math libraries (libm), and the
Name Server Caching Daemon (nscd) used by multiple programs on the
system. Without these libraries, the Linux system cannot function
correctly.

A heap-based buffer overflow was found in glibc's
__nss_hostname_digits_dots() function, which is used by the
gethostbyname() and gethostbyname2() glibc function calls. A remote
attacker able to make an application call either of these functions
could use this flaw to execute arbitrary code with the permissions of
the user running the application. (CVE-2015-0235)

Red Hat would like to thank Qualys for reporting this issue.

All glibc users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue.

See also :

https://www.redhat.com/security/data/cve/CVE-2015-0235.html
http://rhn.redhat.com/errata/RHSA-2015-0090.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

RHEL 6 : kernel (RHSA-2015:0087)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated kernel packages that fix two security issues and several bugs
are now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* A flaw was found in the way the Linux kernel's SCTP implementation
validated INIT chunks when performing Address Configuration Change
(ASCONF). A remote attacker could use this flaw to crash the system by
sending a specially crafted SCTP packet to trigger a NULL pointer
dereference on the system. (CVE-2014-7841, Important)

* An integer overflow flaw was found in the way the Linux kernel's
Advanced Linux Sound Architecture (ALSA) implementation handled user
controls. A local, privileged user could use this flaw to crash the
system. (CVE-2014-4656, Moderate)

The CVE-2014-7841 issue was discovered by Liu Wei of Red Hat.

This update also fixes several bugs. Documentation for these changes
will be available shortly from the Technical Notes document linked to
in the References section.

All kernel users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. The system
must be rebooted for this update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-4656.html
https://www.redhat.com/security/data/cve/CVE-2014-7841.html
http://www.nessus.org/u?cfcf474c
http://rhn.redhat.com/errata/RHSA-2015-0087.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Oracle Linux 6 / 7 : glibc (ELSA-2015-0092)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

From Red Hat Security Advisory 2015:0092 :

Updated glibc packages that fix one security issue are now available
for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Critical
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The glibc packages provide the standard C libraries (libc), POSIX
thread libraries (libpthread), standard math libraries (libm), and the
Name Server Caching Daemon (nscd) used by multiple programs on the
system. Without these libraries, the Linux system cannot function
correctly.

A heap-based buffer overflow was found in glibc's
__nss_hostname_digits_dots() function, which is used by the
gethostbyname() and gethostbyname2() glibc function calls. A remote
attacker able to make an application call either of these functions
could use this flaw to execute arbitrary code with the permissions of
the user running the application. (CVE-2015-0235)

Red Hat would like to thank Qualys for reporting this issue.

All glibc users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue.

See also :

https://oss.oracle.com/pipermail/el-errata/2015-January/004812.html
https://oss.oracle.com/pipermail/el-errata/2015-January/004810.html

Solution :

Update the affected glibc packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

openSUSE Security Update : flash-player (openSUSE-SU-2015:0150-1)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

Adobe Flash Player was updated to 11.2.202.440 (bsc#914463, APSA15-01,
CVE-2015-0311).

More information can be found on
https://helpx.adobe.com/security/products/flash-player/apsa15-01.html

An update of flashplayer (executable binary) for i386 is currently not
available. Disabled!

See also :

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-CVE-2015-0311
http://lists.opensuse.org/opensuse-updates/2015-01/msg00082.html
https://bugzilla.opensuse.org/show_bug.cgi?id=914463
https://helpx.adobe.com/security/products/flash-player/apsa15-01.html

Solution :

Update the affected flash-player packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Debian DSA-3142-1 : eglibc - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

Several vulnerabilities have been fixed in eglibc, Debian's version of
the GNU C library :

- CVE-2015-0235
Qualys discovered that the gethostbyname and
gethostbyname2 functions were subject to a buffer
overflow if provided with a crafted IP address argument.
This could be used by an attacker to execute arbitrary
code in processes which called the affected functions.

The original glibc bug was reported by Peter Klotz.

- CVE-2014-7817
Tim Waugh of Red Hat discovered that the WRDE_NOCMD
option of the wordexp function did not suppress command
execution in all cases. This allows a context-dependent
attacker to execute shell commands.

- CVE-2012-6656 CVE-2014-6040
The charset conversion code for certain IBM multi-byte
code pages could perform an out-of-bounds array access,
causing the process to crash. In some scenarios, this
allows a remote attacker to cause a persistent denial of
service.

See also :

https://security-tracker.debian.org/tracker/CVE-2015-0235
https://security-tracker.debian.org/tracker/CVE-2014-7817
https://security-tracker.debian.org/tracker/CVE-2012-6656
https://security-tracker.debian.org/tracker/CVE-2014-6040
https://security-tracker.debian.org/tracker/CVE-2015-0235
http://www.debian.org/security/2015/dsa-3142

Solution :

Upgrade the eglibc packages.

For the stable distribution (wheezy), these problems have been fixed
in version 2.13-38+deb7u7.

For the upcoming stable distribution (jessie) and the unstable
distribution (sid), the CVE-2015-0235 issue has been fixed in version
2.18-1 of the glibc package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Debian DSA-3141-1 : wireshark - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

Multiple vulnerabilities were discovered in the dissectors/parsers for
SSL/TLS and DEC DNA, which could result in denial of service.

See also :

http://www.debian.org/security/2015/dsa-3141

Solution :

Upgrade the wireshark packages.

For the stable distribution (wheezy), these problems have been fixed
in version 1.8.2-5wheezy14.

For the upcoming stable distribution (jessie), these problems have
been fixed in version 1.12.1+g01b65bf-3.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Debian DSA-3140-1 : xen - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

Multiple security issues have been discovered in the Xen
virtualisation solution which may result in denial of service,
information disclosure or privilege escalation.

- CVE-2014-8594
Roger Pau Monne and Jan Beulich discovered that
incomplete restrictions on MMU update hypercalls may
result in privilege escalation.

- CVE-2014-8595
Jan Beulich discovered that missing privilege level
checks in the x86 emulation of far branches may result
in privilege escalation.

- CVE-2014-8866
Jan Beulich discovered that an error in compatibility
mode hypercall argument translation may result in denial
of service.

- CVE-2014-8867
Jan Beulich discovered that an insufficient restriction
in acceleration support for the 'REP MOVS' instruction
may result in denial of service.

- CVE-2014-9030
Andrew Cooper discovered a page reference leak in
MMU_MACHPHYS_UPDATE handling, resulting in denial of
service.

See also :

https://security-tracker.debian.org/tracker/CVE-2014-8594
https://security-tracker.debian.org/tracker/CVE-2014-8595
https://security-tracker.debian.org/tracker/CVE-2014-8866
https://security-tracker.debian.org/tracker/CVE-2014-8867
https://security-tracker.debian.org/tracker/CVE-2014-9030
http://www.debian.org/security/2015/dsa-3140

Solution :

Upgrade the xen packages.

For the stable distribution (wheezy), these problems have been fixed
in version 4.1.4-3+deb7u4.

For the upcoming stable distribution (jessie), these problems have
been fixed in version 4.4.1-4.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.2
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

CentOS 6 / 7 : glibc (CESA-2015:0092)


Synopsis:

The remote CentOS host is missing one or more security updates.

Description:

Updated glibc packages that fix one security issue are now available
for Red Hat Enterprise Linux 6 and 7.

Red Hat Product Security has rated this update as having Critical
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The glibc packages provide the standard C libraries (libc), POSIX
thread libraries (libpthread), standard math libraries (libm), and the
Name Server Caching Daemon (nscd) used by multiple programs on the
system. Without these libraries, the Linux system cannot function
correctly.

A heap-based buffer overflow was found in glibc's
__nss_hostname_digits_dots() function, which is used by the
gethostbyname() and gethostbyname2() glibc function calls. A remote
attacker able to make an application call either of these functions
could use this flaw to execute arbitrary code with the permissions of
the user running the application. (CVE-2015-0235)

Red Hat would like to thank Qualys for reporting this issue.

All glibc users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue.

See also :

http://www.nessus.org/u?a593f787
http://www.nessus.org/u?cf016576

Solution :

Update the affected glibc packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

CentOS 5 : glibc (CESA-2015:0090)


Synopsis:

The remote CentOS host is missing one or more security updates.

Description:

Updated glibc packages that fix one security issue are now available
for Red Hat Enterprise Linux 5.

Red Hat Product Security has rated this update as having Critical
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The glibc packages provide the standard C libraries (libc), POSIX
thread libraries (libpthread), standard math libraries (libm), and the
Name Server Caching Daemon (nscd) used by multiple programs on the
system. Without these libraries, the Linux system cannot function
correctly.

A heap-based buffer overflow was found in glibc's
__nss_hostname_digits_dots() function, which is used by the
gethostbyname() and gethostbyname2() glibc function calls. A remote
attacker able to make an application call either of these functions
could use this flaw to execute arbitrary code with the permissions of
the user running the application. (CVE-2015-0235)

Red Hat would like to thank Qualys for reporting this issue.

All glibc users are advised to upgrade to these updated packages,
which contain a backported patch to correct this issue.

See also :

http://www.nessus.org/u?76ebfbe9

Solution :

Update the affected glibc packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Amazon Linux AMI : glibc (ALAS-2015-473)


Synopsis:

The remote Amazon Linux AMI host is missing a security update.

Description:

A heap-based buffer overflow was found in glibc's
__nss_hostname_digits_dots() function, which is used by the
gethostbyname() and gethostbyname2() glibc function calls. A remote
attacker able to make an application call either of these functions
could use this flaw to execute arbitrary code with the permissions of
the user running the application.

See also :

https://aws.amazon.com/amazon-linux-ami/faqs/#auto_update
http://www.nessus.org/u?b89474d1

Solution :

Run 'yum update glibc' to update your system. Once this update has
been applied, 'reboot your instance to ensure that all processes and
daemons that link against glibc are using the updated version'. On new
instance launches, you should still reboot after cloud-init has
automatically applied this update. We will be issuing an updated
Amazon Linux AMI to provide customers with fresh AMIs that do not need
this update to be applied.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Oracle OpenSSO SAML Multiple Vulnerabilities (January 2015 CPU)


Synopsis:

The remote host is affected by multiple unspecified vulnerabilities.

Description:

The remote Oracle OpenSSO component in the Oracle Fusion Middleware
install is missing a vendor-supplied security update. It is,
therefore, affected by multiple unspecified vulnerabilities in the
SAML subcomponent.

Note that these vulnerabilities are unspecified by Oracle but appear
to be cross-site scripting vulnerabilities.

See also :

http://www.nessus.org/u?c02f1515

Solution :

Apply the appropriate patch according to the January 2015 Oracle
Critical Patch Update advisory.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

AIX NAS Advisory : nas_advisory2.asc


Synopsis:

The remote AIX host has a version of NAS installed that is affected by
an information disclosure vulnerability.

Description:

The version of the Network Authentication Service (NAS) installed on
the remote AIX host is affected by a vulnerability related to
Kerberos 5 which allows authenticated users to retrieve current keys,
which can be used to forge tickets.

See also :

http://aix.software.ibm.com/aix/efixes/security/nas_advisory2.asc
http://www.nessus.org/u?6b39d08f

Solution :

A fix is available and can be downloaded from the AIX website.

If the NAS fileset level is below 1.5.0.7, then install version
1.5.0.7.

If the NAS fileset level is at 1.6.0.0 through 1.6.0.1, then install
version 1.6.0.2. The 1.6.0.X branch is a separate release branch for
NAS SPNEGO feature.

To extract the fixes from the tar file, use the command :
zcat NAS_1.X.0.X_aix_image.tar.Z | tar xvf -

IMPORTANT : If possible, it is recommended that a mksysb backup of the
system be created. Verify that it is both bootable and readable before
proceeding.

To preview the fix installation, use the command :

installp -a - fix_name -p all

To install the fix package, use the command :

installp -a - fix_name -X all

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:N/AC:H/Au:S/C:P/I:N/A:N)
CVSS Temporal Score : 1.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Google Chrome < 40.0.2214.93 Flash Player Multiple Remote Code Execution (Mac OS X)


Synopsis:

The remote Mac OS X host contains a web browser that is affected by
multiple remote code execution vulnerabilities.

Description:

The version of Google Chrome installed on the remote Mac OS X host is
prior to 40.0.2214.93. It is, therefore, affected by the following
vulnerabilities :

- A use-after-free error exists that allows an attacker to
crash the application or execute arbitrary code.
(CVE-2015-0311)

- A double-free error exists that allows an attacker to
crash the application or possibly execute arbitrary
code. (CVE-2015-0312)

See also :

http://www.nessus.org/u?d2bec23e
http://helpx.adobe.com/security/products/flash-player/apsb15-03.html

Solution :

Upgrade to Google Chrome 40.0.2214.93 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Google Chrome < 40.0.2214.93 Flash Player Multiple Remote Code Execution


Synopsis:

The remote Windows host contains a web browser that is affected by
multiple remote code execution vulnerabilities.

Description:

The version of Google Chrome installed on the remote Windows host is
prior to 40.0.2214.93. It is, therefore, affected by the following
vulnerabilities :

- A use-after-free error exists that allows an attacker to
crash the application or execute arbitrary code.
(CVE-2015-0311)

- A double-free error exists that allows an attacker to
crash the application or possibly execute arbitrary
code. (CVE-2015-0312)

See also :

http://www.nessus.org/u?d2bec23e
http://helpx.adobe.com/security/products/flash-player/apsb15-03.html

Solution :

Upgrade to Google Chrome 40.0.2214.93 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Ubuntu 14.04 / 14.10 : unbound vulnerability (USN-2484-1)


Synopsis:

The remote Ubuntu host is missing one or more security-related patches.

Description:

Florian Maury discovered that Unbound incorrectly handled delegation.
A remote attacker could possibly use this issue to cause Unbound to
consume resources, resulting in a denial of service.

Solution :

Update the affected libunbound2 and / or unbound packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Ubuntu Security Notice (C) 2015 Canonical, Inc. / NASL script (C) 2015 Tenable Network Security, Inc.

Ubuntu 10.04 LTS : ghostscript vulnerabilities (USN-2483-2)


Synopsis:

The remote Ubuntu host is missing a security-related patch.

Description:

USN-2483-1 fixed vulnerabilities in JasPer. This update provides the
corresponding fix for the JasPer library embedded in the Ghostscript
package.

Jose Duart discovered that JasPer incorrectly handled ICC color
profiles in JPEG-2000 image files. If a user were tricked into opening
a specially crafted JPEG-2000 image file, a remote attacker could
cause JasPer to crash or possibly execute arbitrary code with user
privileges. (CVE-2014-8137)

Jose Duart discovered that JasPer incorrectly decoded
certain malformed JPEG-2000 image files. If a user were
tricked into opening a specially crafted JPEG-2000 image
file, a remote attacker could cause JasPer to crash or
possibly execute arbitrary code with user privileges.
(CVE-2014-8138)

It was discovered that JasPer incorrectly handled certain
malformed JPEG-2000 image files. If a user were tricked into
opening a specially crafted JPEG-2000 image file, a remote
attacker could cause JasPer to crash or possibly execute
arbitrary code with user privileges. (CVE-2014-8157)

It was discovered that JasPer incorrectly handled memory
when processing JPEG-2000 image files. If a user were
tricked into opening a specially crafted JPEG-2000 image
file, a remote attacker could cause JasPer to crash or
possibly execute arbitrary code with user privileges.
(CVE-2014-8158).

Solution :

Update the affected libgs8 package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Ubuntu Security Notice (C) 2015 Canonical, Inc. / NASL script (C) 2015 Tenable Network Security, Inc.

Ubuntu 12.04 LTS / 14.04 / 14.10 : jasper vulnerabilities (USN-2483-1)


Synopsis:

The remote Ubuntu host is missing a security-related patch.

Description:

Jose Duart discovered that JasPer incorrectly handled ICC color
profiles in JPEG-2000 image files. If a user were tricked into opening
a specially crafted JPEG-2000 image file, a remote attacker could
cause JasPer to crash or possibly execute arbitrary code with user
privileges. (CVE-2014-8137)

Jose Duart discovered that JasPer incorrectly decoded certain
malformed JPEG-2000 image files. If a user were tricked into opening a
specially crafted JPEG-2000 image file, a remote attacker could cause
JasPer to crash or possibly execute arbitrary code with user
privileges. (CVE-2014-8138)

It was discovered that JasPer incorrectly handled certain malformed
JPEG-2000 image files. If a user were tricked into opening a specially
crafted JPEG-2000 image file, a remote attacker could cause JasPer to
crash or possibly execute arbitrary code with user privileges.
(CVE-2014-8157)

It was discovered that JasPer incorrectly handled memory when
processing JPEG-2000 image files. If a user were tricked into opening
a specially crafted JPEG-2000 image file, a remote attacker could
cause JasPer to crash or possibly execute arbitrary code with user
privileges. (CVE-2014-8158).

Solution :

Update the affected libjasper1 package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Ubuntu Security Notice (C) 2015 Canonical, Inc. / NASL script (C) 2015 Tenable Network Security, Inc.

Ubuntu 14.04 / 14.10 : oxide-qt vulnerabilities (USN-2476-1)


Synopsis:

The remote Ubuntu host is missing one or more security-related patches.

Description:

Several memory corruption bugs were discovered in ICU. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via renderer
crash or execute arbitrary code with the privileges of the sandboxed
render process. (CVE-2014-7923, CVE-2014-7926)

A use-after-free was discovered in the IndexedDB implementation. If a
user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service
via application crash or execute arbitrary code with the privileges of
the user invoking the program. (CVE-2014-7924)

A use-after free was discovered in the WebAudio implementation in
Blink. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit this to cause a denial
of service via renderer crash or execute arbitrary code with the
privileges of the sandboxed render process. (CVE-2014-7925)

Several memory corruption bugs were discovered in V8. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service via renderer
crash or execute arbitrary code with the privileges of the sandboxed
render process. (CVE-2014-7927, CVE-2014-7928, CVE-2014-7931)

Several use-after free bugs were discovered in the DOM implementation
in Blink. If a user were tricked in to opening a specially crafted
website, an attacker could potentially exploit these to cause a denial
of service via renderer crash or execute arbitrary code with the
privileges of the sandboxed render process. (CVE-2014-7929,
CVE-2014-7930, CVE-2014-7932, CVE-2014-7934)

A use-after free was discovered in FFmpeg. If a user were tricked in
to opening a specially crafted website, an attacker could potentially
exploit this to cause a denial of service via renderer crash or
execute arbitrary code with the privileges of the sandboxed render
process. (CVE-2014-7933)

Multiple off-by-one errors were discovered in FFmpeg. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via renderer
crash or execute arbitrary code with the privileges of the sandboxed
render process. (CVE-2014-7937)

A memory corruption bug was discovered in the fonts implementation. If
a user were tricked in to opening a specially crafted website, an
attacker could potentially exploit this to cause a denial of service
via renderer crash or execute arbitrary code with the privileges of
the sandboxed render process. (CVE-2014-7938)

It was discovered that ICU did not initialize memory for a data
structure correctly. If a user were tricked in to opening a specially
crafted website, an attacker could potentially exploit this to cause a
denial of service via renderer crash or execute arbitrary code with
the privileges of the sandboxed render process. (CVE-2014-7940)

It was discovered that the fonts implementation did not initialize
memory for a data structure correctly. If a user were tricked in to
opening a specially crafted website, an attacker could potentially
exploit this to cause a denial of service via renderer crash or
execute arbitrary code with the privileges of the sandboxed render
process. (CVE-2014-7942)

An out-of-bounds read was discovered in Skia. If a user were tricked
in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via renderer
crash. (CVE-2014-7943)

An out-of-bounds read was discovered in Blink. If a user were tricked
in to opening a specially crafted website, an attacker could
potentially exploit this to cause a denial of service via renderer
crash. (CVE-2014-7946)

It was discovered that the AppCache proceeded with caching for SSL
sessions even if there is a certificate error. A remote attacker could
potentially exploit this by conducting a MITM attack to modify HTML
application content. (CVE-2014-7948)

Multiple security issues were discovered in Chromium. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to read uninitialized memory, cause a denial
of service via application crash or execute arbitrary code with the
privileges of the user invoking the program. (CVE-2015-1205)

Multiple security issues were discovered in V8. If a user were tricked
in to opening a specially crafted website, an attacker could
potentially exploit these to read uninitialized memory, cause a denial
of service via renderer crash or execute arbitrary code with the
privileges of the sandboxed render process. (CVE-2015-1346).

Solution :

Update the affected liboxideqtcore0, oxideqt-codecs and / or
oxideqt-codecs-extra packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Ubuntu Security Notice (C) 2015 Canonical, Inc. / NASL script (C) 2015 Tenable Network Security, Inc.

Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x, SL7.x i386/x86_64


Synopsis:

The remote Scientific Linux host is missing one or more security
updates.

Description:

A flaw was found in the way the Hotspot component in OpenJDK verified
bytecode from the class files. An untrusted Java application or applet
could possibly use this flaw to bypass Java sandbox restrictions.
(CVE-2014-6601)

Multiple improper permission check issues were discovered in the
JAX-WS, and RMI components in OpenJDK. An untrusted Java application
or applet could use these flaws to bypass Java sandbox restrictions.
(CVE-2015-0412, CVE-2015-0408)

A flaw was found in the way the Hotspot garbage collector handled
phantom references. An untrusted Java application or applet could use
this flaw to corrupt the Java Virtual Machine memory and, possibly,
execute arbitrary code, bypassing Java sandbox restrictions.
(CVE-2015-0395)

A flaw was found in the way the DER (Distinguished Encoding Rules)
decoder in the Security component in OpenJDK handled negative length
values. A specially crafted, DER-encoded input could cause a Java
application to enter an infinite loop when decoded. (CVE-2015-0410)

A flaw was found in the way the SSL 3.0 protocol handled padding bytes
when decrypting messages that were encrypted using block ciphers in
cipher block chaining (CBC) mode. This flaw could possibly allow a
man-in-the- middle (MITM) attacker to decrypt portions of the cipher
text using a padding oracle attack. (CVE-2014-3566)

It was discovered that the SSL/TLS implementation in the JSSE
component in OpenJDK failed to properly check whether the
ChangeCipherSpec was received during the SSL/TLS connection handshake.
An MITM attacker could possibly use this flaw to force a connection to
be established without encryption being enabled. (CVE-2014-6593)

An information leak flaw was found in the Swing component in OpenJDK.
An untrusted Java application or applet could use this flaw to bypass
certain Java sandbox restrictions. (CVE-2015-0407)

A NULL pointer dereference flaw was found in the MulticastSocket
implementation in the Libraries component of OpenJDK. An untrusted
Java application or applet could possibly use this flaw to bypass
certain Java sandbox restrictions. (CVE-2014-6587)

Multiple boundary check flaws were found in the font parsing code in
the 2D component in OpenJDK. A specially crafted font file could allow
an untrusted Java application or applet to disclose portions of the
Java Virtual Machine memory. (CVE-2014-6585, CVE-2014-6591)

Multiple insecure temporary file use issues were found in the way the
Hotspot component in OpenJDK created performance statistics and error
log files. A local attacker could possibly make a victim using OpenJDK
overwrite arbitrary files using a symlink attack. (CVE-2015-0383)

All running instances of OpenJDK Java must be restarted for the update
to take effect.

See also :

http://www.nessus.org/u?432d09d7

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

RHEL 5 / 6 / 7 : java-1.6.0-sun (RHSA-2015:0086)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated java-1.6.0-sun packages that fix several security issues are
now available for Oracle Java for Red Hat Enterprise Linux 5, 6, and
7.

Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

Oracle Java SE version 6 includes the Oracle Java Runtime Environment
and the Oracle Java Software Development Kit.

This update fixes several vulnerabilities in the Oracle Java Runtime
Environment and the Oracle Java Software Development Kit. Further
information about these flaws can be found on the Oracle Java SE
Critical Patch Update Advisory page, listed in the References section.
(CVE-2014-3566, CVE-2014-6585, CVE-2014-6587, CVE-2014-6591,
CVE-2014-6593, CVE-2014-6601, CVE-2015-0383, CVE-2015-0395,
CVE-2015-0403, CVE-2015-0406, CVE-2015-0407, CVE-2015-0408,
CVE-2015-0410, CVE-2015-0412)

The CVE-2015-0383 issue was discovered by Red Hat.

Note: With this update, the Oracle Java SE now disables the SSL 3.0
protocol to address the CVE-2014-3566 issue (also known as POODLE).
Refer to the Red Hat Bugzilla bug linked to in the References section
for instructions on how to re-enable SSL 3.0 support if needed.

All users of java-1.6.0-sun are advised to upgrade to these updated
packages, which provide Oracle Java 6 Update 91 and resolve these
issues. All running instances of Oracle Java must be restarted for the
update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-3566.html
https://www.redhat.com/security/data/cve/CVE-2014-6585.html
https://www.redhat.com/security/data/cve/CVE-2014-6587.html
https://www.redhat.com/security/data/cve/CVE-2014-6591.html
https://www.redhat.com/security/data/cve/CVE-2014-6593.html
https://www.redhat.com/security/data/cve/CVE-2014-6601.html
https://www.redhat.com/security/data/cve/CVE-2015-0383.html
https://www.redhat.com/security/data/cve/CVE-2015-0395.html
https://www.redhat.com/security/data/cve/CVE-2015-0403.html
https://www.redhat.com/security/data/cve/CVE-2015-0406.html
https://www.redhat.com/security/data/cve/CVE-2015-0407.html
https://www.redhat.com/security/data/cve/CVE-2015-0408.html
https://www.redhat.com/security/data/cve/CVE-2015-0410.html
https://www.redhat.com/security/data/cve/CVE-2015-0412.html
http://www.nessus.org/u?df55894d
https://bugzilla.redhat.com/show_bug.cgi?id=1152789#c82
http://rhn.redhat.com/errata/RHSA-2015-0086.html

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

RHEL 5 / 6 / 7 : java-1.6.0-openjdk (RHSA-2015:0085)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

Updated java-1.6.0-openjdk packages that fix multiple security issues
are now available for Red Hat Enterprise Linux 5, 6, and 7.

Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime
Environment and the OpenJDK 6 Java Software Development Kit.

A flaw was found in the way the Hotspot component in OpenJDK verified
bytecode from the class files. An untrusted Java application or applet
could possibly use this flaw to bypass Java sandbox restrictions.
(CVE-2014-6601)

Multiple improper permission check issues were discovered in the
JAX-WS, and RMI components in OpenJDK. An untrusted Java application
or applet could use these flaws to bypass Java sandbox restrictions.
(CVE-2015-0412, CVE-2015-0408)

A flaw was found in the way the Hotspot garbage collector handled
phantom references. An untrusted Java application or applet could use
this flaw to corrupt the Java Virtual Machine memory and, possibly,
execute arbitrary code, bypassing Java sandbox restrictions.
(CVE-2015-0395)

A flaw was found in the way the DER (Distinguished Encoding Rules)
decoder in the Security component in OpenJDK handled negative length
values. A specially crafted, DER-encoded input could cause a Java
application to enter an infinite loop when decoded. (CVE-2015-0410)

A flaw was found in the way the SSL 3.0 protocol handled padding bytes
when decrypting messages that were encrypted using block ciphers in
cipher block chaining (CBC) mode. This flaw could possibly allow a
man-in-the-middle (MITM) attacker to decrypt portions of the cipher
text using a padding oracle attack. (CVE-2014-3566)

Note: This update disables SSL 3.0 by default to address this issue.
The jdk.tls.disabledAlgorithms security property can be used to
re-enable SSL 3.0 support if needed. For additional information, refer
to the Red Hat Bugzilla bug linked to in the References section.

It was discovered that the SSL/TLS implementation in the JSSE
component in OpenJDK failed to properly check whether the
ChangeCipherSpec was received during the SSL/TLS connection handshake.
An MITM attacker could possibly use this flaw to force a connection to
be established without encryption being enabled. (CVE-2014-6593)

An information leak flaw was found in the Swing component in OpenJDK.
An untrusted Java application or applet could use this flaw to bypass
certain Java sandbox restrictions. (CVE-2015-0407)

A NULL pointer dereference flaw was found in the MulticastSocket
implementation in the Libraries component of OpenJDK. An untrusted
Java application or applet could possibly use this flaw to bypass
certain Java sandbox restrictions. (CVE-2014-6587)

Multiple boundary check flaws were found in the font parsing code in
the 2D component in OpenJDK. A specially crafted font file could allow
an untrusted Java application or applet to disclose portions of the
Java Virtual Machine memory. (CVE-2014-6585, CVE-2014-6591)

Multiple insecure temporary file use issues were found in the way the
Hotspot component in OpenJDK created performance statistics and error
log files. A local attacker could possibly make a victim using OpenJDK
overwrite arbitrary files using a symlink attack. (CVE-2015-0383)

The CVE-2015-0383 issue was discovered by Red Hat.

All users of java-1.6.0-openjdk are advised to upgrade to these
updated packages, which resolve these issues. All running instances of
OpenJDK Java must be restarted for the update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-3566.html
https://www.redhat.com/security/data/cve/CVE-2014-6585.html
https://www.redhat.com/security/data/cve/CVE-2014-6587.html
https://www.redhat.com/security/data/cve/CVE-2014-6591.html
https://www.redhat.com/security/data/cve/CVE-2014-6593.html
https://www.redhat.com/security/data/cve/CVE-2014-6601.html
https://www.redhat.com/security/data/cve/CVE-2015-0383.html
https://www.redhat.com/security/data/cve/CVE-2015-0395.html
https://www.redhat.com/security/data/cve/CVE-2015-0407.html
https://www.redhat.com/security/data/cve/CVE-2015-0408.html
https://www.redhat.com/security/data/cve/CVE-2015-0410.html
https://www.redhat.com/security/data/cve/CVE-2015-0412.html
https://bugzilla.redhat.com/show_bug.cgi?id=1152789#c82
http://rhn.redhat.com/errata/RHSA-2015-0085.html

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

OracleVM 3.3 : jasper (OVMSA-2015-0006)


Synopsis:

The remote OracleVM host is missing a security update.

Description:

The remote OracleVM system is missing necessary patches to address
critical security updates :

- CVE-2014-8157 - dec->numtiles off-by-one check in
jpc_dec_process_sot (#1183671)

- CVE-2014-8158 - unrestricted stack memory use in
jpc_qmfb.c (#1183679)

- CVE-2014-8137 - double-free in in jas_iccattrval_destroy
(#1173566)

- CVE-2014-8138 - heap overflow in jp2_decode (#1173566)

- CVE-2014-9029 - incorrect component number check in COC,
RGN and QCC marker segment decoders (#1171208)

See also :

http://www.nessus.org/u?29ad807c

Solution :

Update the affected jasper-libs package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Oracle Linux 5 / 6 / 7 : java-1.6.0-openjdk (ELSA-2015-0085)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

From Red Hat Security Advisory 2015:0085 :

Updated java-1.6.0-openjdk packages that fix multiple security issues
are now available for Red Hat Enterprise Linux 5, 6, and 7.

Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime
Environment and the OpenJDK 6 Java Software Development Kit.

A flaw was found in the way the Hotspot component in OpenJDK verified
bytecode from the class files. An untrusted Java application or applet
could possibly use this flaw to bypass Java sandbox restrictions.
(CVE-2014-6601)

Multiple improper permission check issues were discovered in the
JAX-WS, and RMI components in OpenJDK. An untrusted Java application
or applet could use these flaws to bypass Java sandbox restrictions.
(CVE-2015-0412, CVE-2015-0408)

A flaw was found in the way the Hotspot garbage collector handled
phantom references. An untrusted Java application or applet could use
this flaw to corrupt the Java Virtual Machine memory and, possibly,
execute arbitrary code, bypassing Java sandbox restrictions.
(CVE-2015-0395)

A flaw was found in the way the DER (Distinguished Encoding Rules)
decoder in the Security component in OpenJDK handled negative length
values. A specially crafted, DER-encoded input could cause a Java
application to enter an infinite loop when decoded. (CVE-2015-0410)

A flaw was found in the way the SSL 3.0 protocol handled padding bytes
when decrypting messages that were encrypted using block ciphers in
cipher block chaining (CBC) mode. This flaw could possibly allow a
man-in-the-middle (MITM) attacker to decrypt portions of the cipher
text using a padding oracle attack. (CVE-2014-3566)

Note: This update disables SSL 3.0 by default to address this issue.
The jdk.tls.disabledAlgorithms security property can be used to
re-enable SSL 3.0 support if needed. For additional information, refer
to the Red Hat Bugzilla bug linked to in the References section.

It was discovered that the SSL/TLS implementation in the JSSE
component in OpenJDK failed to properly check whether the
ChangeCipherSpec was received during the SSL/TLS connection handshake.
An MITM attacker could possibly use this flaw to force a connection to
be established without encryption being enabled. (CVE-2014-6593)

An information leak flaw was found in the Swing component in OpenJDK.
An untrusted Java application or applet could use this flaw to bypass
certain Java sandbox restrictions. (CVE-2015-0407)

A NULL pointer dereference flaw was found in the MulticastSocket
implementation in the Libraries component of OpenJDK. An untrusted
Java application or applet could possibly use this flaw to bypass
certain Java sandbox restrictions. (CVE-2014-6587)

Multiple boundary check flaws were found in the font parsing code in
the 2D component in OpenJDK. A specially crafted font file could allow
an untrusted Java application or applet to disclose portions of the
Java Virtual Machine memory. (CVE-2014-6585, CVE-2014-6591)

Multiple insecure temporary file use issues were found in the way the
Hotspot component in OpenJDK created performance statistics and error
log files. A local attacker could possibly make a victim using OpenJDK
overwrite arbitrary files using a symlink attack. (CVE-2015-0383)

The CVE-2015-0383 issue was discovered by Red Hat.

All users of java-1.6.0-openjdk are advised to upgrade to these
updated packages, which resolve these issues. All running instances of
OpenJDK Java must be restarted for the update to take effect.

See also :

https://oss.oracle.com/pipermail/el-errata/2015-January/004805.html
https://oss.oracle.com/pipermail/el-errata/2015-January/004808.html
https://oss.oracle.com/pipermail/el-errata/2015-January/004809.html

Solution :

Update the affected java-1.6.0-openjdk packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2015 Tenable Network Security, Inc.

FreeBSD : Bugzilla multiple security issues (dc2d76df-a595-11e4-9363-20cf30e32f6d)


Synopsis:

The remote FreeBSD host is missing a security-related update.

Description:

Bugzilla Security Advisory Command Injection Some code in Bugzilla
does not properly utilize 3 arguments form for open() and it is
possible for an account with editcomponents permissions to inject
commands into product names and other attributes. Information Leak
Using the WebServices API, a user can possibly execute imported
functions from other non-WebService modules. A whitelist has now been
added that lists explicit methods that can be executed via the API.

See also :

https://bugzilla.mozilla.org/show_bug.cgi?id=1079065
https://bugzilla.mozilla.org/show_bug.cgi?id=1090275
http://www.nessus.org/u?612a0a95

Solution :

Update the affected package.

Risk factor :

High

This script is Copyright (C) 2015 Tenable Network Security, Inc.

FreeBSD : Adobe Flash Player -- critical vulnerability (37a87ade-a59f-11e4-958e-0011d823eebd)


Synopsis:

The remote FreeBSD host is missing one or more security-related
updates.

Description:

Adobe reports :

Successful exploitation could cause a crash and potentially allow an
attacker to take control of the affected system. We are aware of
reports that this vulnerability is being actively exploited in the
wild via drive-by-download attacks against systems running Internet
Explorer and Firefox on Windows 8.1 and below.

See also :

https://helpx.adobe.com/security/products/flash-player/apsa15-01.html
http://www.nessus.org/u?3ea4ca8e

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 20 : python-django14-1.4.18-1.fc20 (2015-0804)


Synopsis:

The remote Fedora host is missing a security update.

Description:

update to 1.4.18 fixing multiple CVEs

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1179672
https://bugzilla.redhat.com/show_bug.cgi?id=1179675
https://bugzilla.redhat.com/show_bug.cgi?id=1179679
https://bugzilla.redhat.com/show_bug.cgi?id=1179685
http://www.nessus.org/u?1965509b

Solution :

Update the affected python-django14 package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Fedora 20 : python-django-1.6.10-1.fc20 (2015-0790)


Synopsis:

The remote Fedora host is missing a security update.

Description:

fix CVE-2015-0219 (rhbz#1181939)

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=1179672
https://bugzilla.redhat.com/show_bug.cgi?id=1179679
https://bugzilla.redhat.com/show_bug.cgi?id=1179685
http://www.nessus.org/u?ddd4e38f

Solution :

Update the affected python-django package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2015 Tenable Network Security, Inc.