[RHSA-2017:2456-01] Critical: firefox security update

[Security announcements for all Red Hat products and services.]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

=
   Red Hat Security Advisory

Synopsis:  Critical: firefox security update
Advisory ID:   RHSA-2017:2456-01
Product:   Red Hat Enterprise Linux
Advisory URL:  https://access.redhat.com/errata/RHSA-2017:2456
Issue date:2017-08-10
CVE Names: CVE-2017-7753 CVE-2017-7779 CVE-2017-7784 
   CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 
   CVE-2017-7791 CVE-2017-7792 CVE-2017-7798 
   CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 
   CVE-2017-7803 CVE-2017-7807 CVE-2017-7809 
=

1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 6 and
Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

Mozilla Firefox is an open source web browser.

This update upgrades Firefox to version 52.3.0 ESR.

Security Fix(es):

* Multiple flaws were found in the processing of malformed web content. A
web page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2017-7779, CVE-2017-7798, CVE-2017-7800, CVE-2017-7801,
CVE-2017-7753, CVE-2017-7784, CVE-2017-7785, CVE-2017-7786, CVE-2017-7787,
CVE-2017-7792, CVE-2017-7802, CVE-2017-7807, CVE-2017-7809, CVE-2017-7791,
CVE-2017-7803)

Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Mozilla developers and community, Frederik Braun,
Looben Yang, Nils, SkyLined, Oliver Wagner, Fraser Tweedale, Mathias
Karlsson, Jose María Acuña, and Rhys Enniks as the original reporters.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1479188 - CVE-2017-7753 Mozilla: Out-of-bounds read with cached style data and 
pseudo-elements (MFSA 2017-19)
1479191 - CVE-2017-7779 Mozilla: Memory safety bugs fixed in Firefox 55 and 
Firefox ESR 52.3 (MFSA 2017-19)
1479201 - CVE-2017-7784 Mozilla: Use-after-free with image observers (MFSA 
2017-19)
1479203 - CVE-2017-7785 Mozilla: Buffer overflow manipulating ARIA elements in 
DOM (MFSA 2017-19)
1479205 - CVE-2017-7786 Mozilla: Buffer overflow while painting non-displayable 
SVG (MFSA 2017-19)
1479206 - CVE-2017-7787 Mozilla: Same-origin policy bypass with iframes through 
page reloads (MFSA 2017-19)
1479209 - CVE-2017-7791 Mozilla: Spoofing following page navigation with data: 
protocol and modal alerts (MFSA 2017-19)
1479210 - CVE-2017-7792 Mozilla: Buffer overflow viewing certificates with long 
OID (MFSA 2017-19)
1479213 - CVE-2017-7798 Mozilla: XUL injection in the style editor in devtools 
(MFSA 2017-19)
1479218 - CVE-2017-7800 Mozilla: Use-after-free in WebSockets during 
disconnection (MFSA 2017-19)
1479223 - CVE-2017-7801 Mozilla: Use-after-free with marquee during window 
resizing (MFSA 2017-19)
1479224 - CVE-2017-7802 Mozilla: Use-after-free resizing image elements (MFSA 
2017-19)
1479225 - CVE-2017-7803 Mozilla: CSP directives improperly applied with sandbox 
flag in iframes (MFSA 2017-19)
1479227 - CVE-2017-7807 Mozilla: Domain hijacking through appcache fallback 
(MFSA 2017-19)
1479650 - CVE-2017-7809 Mozilla: Use-after-free while deleting attached editor 
DOM node (MFSA 2017-19)

6. Package List:

Red Hat Enterprise Linux Desktop (v. 6):

Source:
firefox-52.3.0-3.el6_9.src.rpm

i386:
firefox-52.3.0-3.el6_9.i686.rpm
firefox-debuginfo-52.3.0-3.el6_9.i686.rpm

x86_64:
firefox-52.3.0-3.el6_9.x86_64.rpm
firefox-debuginfo-52.3.0-3.el6_9.x86_64.rpm

Red Hat Enterprise 

[RHSA-2017:1832-01] Important: Red Hat JBoss Fuse/A-MQ 6.3 R4 security and bug fix update

[Security announcements for all Red Hat products and services.]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

=
   Red Hat Security Advisory

Synopsis:  Important: Red Hat JBoss Fuse/A-MQ 6.3 R4 security and bug 
fix update
Advisory ID:   RHSA-2017:1832-01
Product:   Red Hat JBoss Fuse
Advisory URL:  https://access.redhat.com/errata/RHSA-2017:1832
Issue date:2017-08-10
CVE Names: CVE-2015-6644 CVE-2016-8749 CVE-2016-9879 
   CVE-2017-2589 CVE-2017-2594 CVE-2017-3156 
   CVE-2017-5643 CVE-2017-5653 CVE-2017-5656 
   CVE-2017-5929 CVE-2017-7957 
=

1. Summary:

An update is now available for Red Hat JBoss Fuse and Red Hat JBoss A-MQ.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Description:

Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint,
flexible, open source enterprise service bus and integration platform. Red
Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant
messaging system that is tailored for use in mission critical applications.

This patch is an update to Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ
6.3. It includes bug fixes and enhancements, which are documented in the
readme.txt file included with the patch files.

Security Fix(es):

* It was discovered that the hawtio servlet uses a single HttpClient
instance to proxy requests with a persistent cookie store (cookies are
stored locally and are not passed between the client and the end URL) which
means all clients using that proxy are sharing the same cookies.
(CVE-2017-2589)

* It was found that an information disclosure flaw in Bouncy Castle could
enable a local malicious application to gain access to user's private
information. (CVE-2015-6644)

* It was found that Apache Camel's camel-jackson and camel-jacksonxml
components are vulnerable to Java object de-serialisation vulnerability.
De-serializing untrusted data can lead to security flaws as demonstrated in
various similar reports about Java de-serialization issues. (CVE-2016-8749)

* It was found that Spring Security does not consider URL path parameters
when processing security constraints. By adding a URL path parameter with
an encoded / to a request an attacker may be able to bypass a security
constraint. (CVE-2016-9879)

* It was found that a path traversal vulnerability in hawtio leads to a
NullPointerException with a full stacktrace. An attacker could use this
flaw to gather undisclosed information from within hawtio's root.
(CVE-2017-2594)

* It was found that Apache CXF OAuth2 Hawk and JOSE MAC Validation code is
not using a constant time MAC signature comparison algorithm which may be
exploited by some sophisticated timing attacks. It may only affect OAuth2
Hawk, JWT access tokens, or JOSE JWS/JWE interceptors which depend on HMAC
secret key algorithms. (CVE-2017-3156)

* It was found that Apache Camel's validation component evaluates DTD
headers of XML stream sources, although a validation against XML schemas
(XSD) is executed. Remote attackers can use this feature to make
Server-Side Request Forgery (SSRF) attacks by sending XML documents with
remote DTDs URLs or XML External Entities (XXE). (CVE-2017-5643)

* It was found that a flaw exists in JAX-RS clients using the streaming
approach for XML signatures and encryption, where it does not enforce the
message to be signed/encrypted. This could allow an attacker to subvert the
integrity of the message. (CVE-2017-5653)

* It was found that the token cacher in Apache cxf uses a flawed way of
caching tokens that are associated with the delegation token received from
Security Token Service (STS). This vulnerability could allow an attacker to
craft a token which could return an identifier corresponding to a cached
token for another user. (CVE-2017-5656)

* It was found that logback is vulnerable to a deserialization issue.
Logback can be configured to allow remote logging through
SocketServer/ServerSocketReceiver interfaces that can accept untrusted
serialized data. Authenticated attackers on the adjacent network can
leverage this vulnerability to execute arbitrary code through
deserialization of custom gadget chains. (CVE-2017-5929)

* It was found that XStream contains a vulnerability that allows a
maliciously crafted file to be parsed successfully which could cause an
application crash. The crash occurs if the file that is being fed into
XStream input stream contains an instances of the primitive type 'void'. An
attacker could use this flaw to create a denial of service on the target
system. (CVE-2017-7957)

The CVE-2017-2589 issue was discovered by Adam Willard (Blue Canopy) and
Dennis 

[RHSA-2017:2459-01] Important: libsoup security update

[Security announcements for all Red Hat products and services.]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

=
   Red Hat Security Advisory

Synopsis:  Important: libsoup security update
Advisory ID:   RHSA-2017:2459-01
Product:   Red Hat Enterprise Linux
Advisory URL:  https://access.redhat.com/errata/RHSA-2017:2459
Issue date:2017-08-10
CVE Names: CVE-2017-2885 
=

1. Summary:

An update for libsoup is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64

3. Description:

The libsoup packages provide an HTTP client and server library for GNOME.

Security Fix(es):

* A stack-based buffer overflow flaw was discovered within the HTTP
processing of libsoup. A remote attacker could exploit this flaw to cause a
crash or, potentially, execute arbitrary code by sending a specially
crafted HTTP request to a server using the libsoup HTTP server
functionality or by tricking a user into connecting to a malicious HTTP
server with an application using the libsoup HTTP client functionality.
(CVE-2017-2885)

Red Hat would like to thank Aleksandar Nikolic (Cisco Talos) for reporting
this issue.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1479281 - CVE-2017-2885 libsoup: Stack based buffer overflow with HTTP Chunked 
Encoding

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
libsoup-2.56.0-4.el7_4.src.rpm

x86_64:
libsoup-2.56.0-4.el7_4.i686.rpm
libsoup-2.56.0-4.el7_4.x86_64.rpm
libsoup-debuginfo-2.56.0-4.el7_4.i686.rpm
libsoup-debuginfo-2.56.0-4.el7_4.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
libsoup-debuginfo-2.56.0-4.el7_4.i686.rpm
libsoup-debuginfo-2.56.0-4.el7_4.x86_64.rpm
libsoup-devel-2.56.0-4.el7_4.i686.rpm
libsoup-devel-2.56.0-4.el7_4.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
libsoup-2.56.0-4.el7_4.src.rpm

x86_64:
libsoup-2.56.0-4.el7_4.i686.rpm
libsoup-2.56.0-4.el7_4.x86_64.rpm
libsoup-debuginfo-2.56.0-4.el7_4.i686.rpm
libsoup-debuginfo-2.56.0-4.el7_4.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:
libsoup-debuginfo-2.56.0-4.el7_4.i686.rpm
libsoup-debuginfo-2.56.0-4.el7_4.x86_64.rpm
libsoup-devel-2.56.0-4.el7_4.i686.rpm
libsoup-devel-2.56.0-4.el7_4.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
libsoup-2.56.0-4.el7_4.src.rpm

aarch64:
libsoup-2.56.0-4.el7_4.aarch64.rpm
libsoup-debuginfo-2.56.0-4.el7_4.aarch64.rpm
libsoup-devel-2.56.0-4.el7_4.aarch64.rpm

ppc64:
libsoup-2.56.0-4.el7_4.ppc.rpm
libsoup-2.56.0-4.el7_4.ppc64.rpm
libsoup-debuginfo-2.56.0-4.el7_4.ppc.rpm
libsoup-debuginfo-2.56.0-4.el7_4.ppc64.rpm
libsoup-devel-2.56.0-4.el7_4.ppc.rpm
libsoup-devel-2.56.0-4.el7_4.ppc64.rpm

ppc64le:
libsoup-2.56.0-4.el7_4.ppc64le.rpm
libsoup-debuginfo-2.56.0-4.el7_4.ppc64le.rpm
libsoup-devel-2.56.0-4.el7_4.ppc64le.rpm

s390x:
libsoup-2.56.0-4.el7_4.s390.rpm
libsoup-2.56.0-4.el7_4.s390x.rpm
libsoup-debuginfo-2.56.0-4.el7_4.s390.rpm
libsoup-debuginfo-2.56.0-4.el7_4.s390x.rpm
libsoup-devel-2.56.0-4.el7_4.s390.rpm
libsoup-devel-2.56.0-4.el7_4.s390x.rpm

x86_64:
libsoup-2.56.0-4.el7_4.i686.rpm
libsoup-2.56.0-4.el7_4.x86_64.rpm
libsoup-debuginfo-2.56.0-4.el7_4.i686.rpm
libsoup-debuginfo-2.56.0-4.el7_4.x86_64.rpm
libsoup-devel-2.56.0-4.el7_4.i686.rpm
libsoup-devel-2.56.0-4.el7_4.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
libsoup-2.56.0-4.el7_4.src.rpm

x86_64:
libsoup-2.56.0-4.el7_4.i686.rpm
libsoup-2.56.0-4.el7_4.x86_64.rpm
libsoup-debuginfo-2.56.0-4.el7_4.i686.rpm
libsoup-debuginfo-2.56.0-4.el7_4.x86_64.rpm
libsoup-devel-2.56.0-4.el7_4.i686.rpm
libsoup-devel-2.56.0-4.el7_4.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-2885
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.

[RHSA-2017:2457-01] Critical: flash-plugin security update

[Security announcements for all Red Hat products and services.]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

=
   Red Hat Security Advisory

Synopsis:  Critical: flash-plugin security update
Advisory ID:   RHSA-2017:2457-01
Product:   Red Hat Enterprise Linux Supplementary
Advisory URL:  https://access.redhat.com/errata/RHSA-2017:2457
Issue date:2017-08-10
CVE Names: CVE-2017-3085 CVE-2017-3106 
=

1. Summary:

An update for flash-plugin is now available for Red Hat Enterprise Linux 6
Supplementary.

Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

3. Description:

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.

This update upgrades Flash Player to version 26.0.0.151.

Security Fix(es):

* This update fixes multiple vulnerabilities in Adobe Flash Player. These
vulnerabilities, detailed in the Adobe Security Bulletin listed in the
References section, could allow an attacker to create a specially crafted
SWF file that would cause flash-plugin to crash, execute arbitrary code, or
disclose sensitive information when the victim loaded a page containing the
malicious SWF content. (CVE-2017-3085, CVE-2017-3106)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1479887 - CVE-2017-3106 flash-plugin: Remote Code Execution due to Type 
Confusion issue fixed in APSB17-23
1479888 - CVE-2017-3085 flash-plugin: Information Disclosure via Security 
Bypass issue fixed in APSB17-23

6. Package List:

Red Hat Enterprise Linux Desktop Supplementary (v. 6):

i386:
flash-plugin-26.0.0.151-1.el6_9.i686.rpm

x86_64:
flash-plugin-26.0.0.151-1.el6_9.i686.rpm

Red Hat Enterprise Linux Server Supplementary (v. 6):

i386:
flash-plugin-26.0.0.151-1.el6_9.i686.rpm

x86_64:
flash-plugin-26.0.0.151-1.el6_9.i686.rpm

Red Hat Enterprise Linux Workstation Supplementary (v. 6):

i386:
flash-plugin-26.0.0.151-1.el6_9.i686.rpm

x86_64:
flash-plugin-26.0.0.151-1.el6_9.i686.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-3085
https://access.redhat.com/security/cve/CVE-2017-3106
https://access.redhat.com/security/updates/classification/#critical
https://helpx.adobe.com/security/products/flash-player/apsb17-23.html

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iD8DBQFZjDiCXlSAg2UNWIIRAgqtAJ9iIVnUE5HymMdzqU0AJCTWi3YL6QCeNxqL
LLLRvoXgWUk7rcTd0FGc2XM=
=jLEB
-END PGP SIGNATURE-

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce