[RHSA-2017:2456-01] Critical: firefox security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Critical: firefox security update Advisory ID: RHSA-2017:2456-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2456 Issue date:2017-08-10 CVE Names: CVE-2017-7753 CVE-2017-7779 CVE-2017-7784 CVE-2017-7785 CVE-2017-7786 CVE-2017-7787 CVE-2017-7791 CVE-2017-7792 CVE-2017-7798 CVE-2017-7800 CVE-2017-7801 CVE-2017-7802 CVE-2017-7803 CVE-2017-7807 CVE-2017-7809 = 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Mozilla Firefox is an open source web browser. This update upgrades Firefox to version 52.3.0 ESR. Security Fix(es): * Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-7779, CVE-2017-7798, CVE-2017-7800, CVE-2017-7801, CVE-2017-7753, CVE-2017-7784, CVE-2017-7785, CVE-2017-7786, CVE-2017-7787, CVE-2017-7792, CVE-2017-7802, CVE-2017-7807, CVE-2017-7809, CVE-2017-7791, CVE-2017-7803) Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Mozilla developers and community, Frederik Braun, Looben Yang, Nils, SkyLined, Oliver Wagner, Fraser Tweedale, Mathias Karlsson, Jose María Acuña, and Rhys Enniks as the original reporters. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1479188 - CVE-2017-7753 Mozilla: Out-of-bounds read with cached style data and pseudo-elements (MFSA 2017-19) 1479191 - CVE-2017-7779 Mozilla: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3 (MFSA 2017-19) 1479201 - CVE-2017-7784 Mozilla: Use-after-free with image observers (MFSA 2017-19) 1479203 - CVE-2017-7785 Mozilla: Buffer overflow manipulating ARIA elements in DOM (MFSA 2017-19) 1479205 - CVE-2017-7786 Mozilla: Buffer overflow while painting non-displayable SVG (MFSA 2017-19) 1479206 - CVE-2017-7787 Mozilla: Same-origin policy bypass with iframes through page reloads (MFSA 2017-19) 1479209 - CVE-2017-7791 Mozilla: Spoofing following page navigation with data: protocol and modal alerts (MFSA 2017-19) 1479210 - CVE-2017-7792 Mozilla: Buffer overflow viewing certificates with long OID (MFSA 2017-19) 1479213 - CVE-2017-7798 Mozilla: XUL injection in the style editor in devtools (MFSA 2017-19) 1479218 - CVE-2017-7800 Mozilla: Use-after-free in WebSockets during disconnection (MFSA 2017-19) 1479223 - CVE-2017-7801 Mozilla: Use-after-free with marquee during window resizing (MFSA 2017-19) 1479224 - CVE-2017-7802 Mozilla: Use-after-free resizing image elements (MFSA 2017-19) 1479225 - CVE-2017-7803 Mozilla: CSP directives improperly applied with sandbox flag in iframes (MFSA 2017-19) 1479227 - CVE-2017-7807 Mozilla: Domain hijacking through appcache fallback (MFSA 2017-19) 1479650 - CVE-2017-7809 Mozilla: Use-after-free while deleting attached editor DOM node (MFSA 2017-19) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: firefox-52.3.0-3.el6_9.src.rpm i386: firefox-52.3.0-3.el6_9.i686.rpm firefox-debuginfo-52.3.0-3.el6_9.i686.rpm x86_64: firefox-52.3.0-3.el6_9.x86_64.rpm firefox-debuginfo-52.3.0-3.el6_9.x86_64.rpm Red Hat Enterprise
[RHSA-2017:1832-01] Important: Red Hat JBoss Fuse/A-MQ 6.3 R4 security and bug fix update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Fuse/A-MQ 6.3 R4 security and bug fix update Advisory ID: RHSA-2017:1832-01 Product: Red Hat JBoss Fuse Advisory URL: https://access.redhat.com/errata/RHSA-2017:1832 Issue date:2017-08-10 CVE Names: CVE-2015-6644 CVE-2016-8749 CVE-2016-9879 CVE-2017-2589 CVE-2017-2594 CVE-2017-3156 CVE-2017-5643 CVE-2017-5653 CVE-2017-5656 CVE-2017-5929 CVE-2017-7957 = 1. Summary: An update is now available for Red Hat JBoss Fuse and Red Hat JBoss A-MQ. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. It includes bug fixes and enhancements, which are documented in the readme.txt file included with the patch files. Security Fix(es): * It was discovered that the hawtio servlet uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookies. (CVE-2017-2589) * It was found that an information disclosure flaw in Bouncy Castle could enable a local malicious application to gain access to user's private information. (CVE-2015-6644) * It was found that Apache Camel's camel-jackson and camel-jacksonxml components are vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws as demonstrated in various similar reports about Java de-serialization issues. (CVE-2016-8749) * It was found that Spring Security does not consider URL path parameters when processing security constraints. By adding a URL path parameter with an encoded / to a request an attacker may be able to bypass a security constraint. (CVE-2016-9879) * It was found that a path traversal vulnerability in hawtio leads to a NullPointerException with a full stacktrace. An attacker could use this flaw to gather undisclosed information from within hawtio's root. (CVE-2017-2594) * It was found that Apache CXF OAuth2 Hawk and JOSE MAC Validation code is not using a constant time MAC signature comparison algorithm which may be exploited by some sophisticated timing attacks. It may only affect OAuth2 Hawk, JWT access tokens, or JOSE JWS/JWE interceptors which depend on HMAC secret key algorithms. (CVE-2017-3156) * It was found that Apache Camel's validation component evaluates DTD headers of XML stream sources, although a validation against XML schemas (XSD) is executed. Remote attackers can use this feature to make Server-Side Request Forgery (SSRF) attacks by sending XML documents with remote DTDs URLs or XML External Entities (XXE). (CVE-2017-5643) * It was found that a flaw exists in JAX-RS clients using the streaming approach for XML signatures and encryption, where it does not enforce the message to be signed/encrypted. This could allow an attacker to subvert the integrity of the message. (CVE-2017-5653) * It was found that the token cacher in Apache cxf uses a flawed way of caching tokens that are associated with the delegation token received from Security Token Service (STS). This vulnerability could allow an attacker to craft a token which could return an identifier corresponding to a cached token for another user. (CVE-2017-5656) * It was found that logback is vulnerable to a deserialization issue. Logback can be configured to allow remote logging through SocketServer/ServerSocketReceiver interfaces that can accept untrusted serialized data. Authenticated attackers on the adjacent network can leverage this vulnerability to execute arbitrary code through deserialization of custom gadget chains. (CVE-2017-5929) * It was found that XStream contains a vulnerability that allows a maliciously crafted file to be parsed successfully which could cause an application crash. The crash occurs if the file that is being fed into XStream input stream contains an instances of the primitive type 'void'. An attacker could use this flaw to create a denial of service on the target system. (CVE-2017-7957) The CVE-2017-2589 issue was discovered by Adam Willard (Blue Canopy) and Dennis
[RHSA-2017:2459-01] Important: libsoup security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Important: libsoup security update Advisory ID: RHSA-2017:2459-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2459 Issue date:2017-08-10 CVE Names: CVE-2017-2885 = 1. Summary: An update for libsoup is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: The libsoup packages provide an HTTP client and server library for GNOME. Security Fix(es): * A stack-based buffer overflow flaw was discovered within the HTTP processing of libsoup. A remote attacker could exploit this flaw to cause a crash or, potentially, execute arbitrary code by sending a specially crafted HTTP request to a server using the libsoup HTTP server functionality or by tricking a user into connecting to a malicious HTTP server with an application using the libsoup HTTP client functionality. (CVE-2017-2885) Red Hat would like to thank Aleksandar Nikolic (Cisco Talos) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1479281 - CVE-2017-2885 libsoup: Stack based buffer overflow with HTTP Chunked Encoding 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libsoup-2.56.0-4.el7_4.src.rpm x86_64: libsoup-2.56.0-4.el7_4.i686.rpm libsoup-2.56.0-4.el7_4.x86_64.rpm libsoup-debuginfo-2.56.0-4.el7_4.i686.rpm libsoup-debuginfo-2.56.0-4.el7_4.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libsoup-debuginfo-2.56.0-4.el7_4.i686.rpm libsoup-debuginfo-2.56.0-4.el7_4.x86_64.rpm libsoup-devel-2.56.0-4.el7_4.i686.rpm libsoup-devel-2.56.0-4.el7_4.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: libsoup-2.56.0-4.el7_4.src.rpm x86_64: libsoup-2.56.0-4.el7_4.i686.rpm libsoup-2.56.0-4.el7_4.x86_64.rpm libsoup-debuginfo-2.56.0-4.el7_4.i686.rpm libsoup-debuginfo-2.56.0-4.el7_4.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: libsoup-debuginfo-2.56.0-4.el7_4.i686.rpm libsoup-debuginfo-2.56.0-4.el7_4.x86_64.rpm libsoup-devel-2.56.0-4.el7_4.i686.rpm libsoup-devel-2.56.0-4.el7_4.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libsoup-2.56.0-4.el7_4.src.rpm aarch64: libsoup-2.56.0-4.el7_4.aarch64.rpm libsoup-debuginfo-2.56.0-4.el7_4.aarch64.rpm libsoup-devel-2.56.0-4.el7_4.aarch64.rpm ppc64: libsoup-2.56.0-4.el7_4.ppc.rpm libsoup-2.56.0-4.el7_4.ppc64.rpm libsoup-debuginfo-2.56.0-4.el7_4.ppc.rpm libsoup-debuginfo-2.56.0-4.el7_4.ppc64.rpm libsoup-devel-2.56.0-4.el7_4.ppc.rpm libsoup-devel-2.56.0-4.el7_4.ppc64.rpm ppc64le: libsoup-2.56.0-4.el7_4.ppc64le.rpm libsoup-debuginfo-2.56.0-4.el7_4.ppc64le.rpm libsoup-devel-2.56.0-4.el7_4.ppc64le.rpm s390x: libsoup-2.56.0-4.el7_4.s390.rpm libsoup-2.56.0-4.el7_4.s390x.rpm libsoup-debuginfo-2.56.0-4.el7_4.s390.rpm libsoup-debuginfo-2.56.0-4.el7_4.s390x.rpm libsoup-devel-2.56.0-4.el7_4.s390.rpm libsoup-devel-2.56.0-4.el7_4.s390x.rpm x86_64: libsoup-2.56.0-4.el7_4.i686.rpm libsoup-2.56.0-4.el7_4.x86_64.rpm libsoup-debuginfo-2.56.0-4.el7_4.i686.rpm libsoup-debuginfo-2.56.0-4.el7_4.x86_64.rpm libsoup-devel-2.56.0-4.el7_4.i686.rpm libsoup-devel-2.56.0-4.el7_4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libsoup-2.56.0-4.el7_4.src.rpm x86_64: libsoup-2.56.0-4.el7_4.i686.rpm libsoup-2.56.0-4.el7_4.x86_64.rpm libsoup-debuginfo-2.56.0-4.el7_4.i686.rpm libsoup-debuginfo-2.56.0-4.el7_4.x86_64.rpm libsoup-devel-2.56.0-4.el7_4.i686.rpm libsoup-devel-2.56.0-4.el7_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-2885 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc.
[RHSA-2017:2457-01] Critical: flash-plugin security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 = Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2017:2457-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://access.redhat.com/errata/RHSA-2017:2457 Issue date:2017-08-10 CVE Names: CVE-2017-3085 CVE-2017-3106 = 1. Summary: An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 26.0.0.151. Security Fix(es): * This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2017-3085, CVE-2017-3106) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1479887 - CVE-2017-3106 flash-plugin: Remote Code Execution due to Type Confusion issue fixed in APSB17-23 1479888 - CVE-2017-3085 flash-plugin: Information Disclosure via Security Bypass issue fixed in APSB17-23 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-26.0.0.151-1.el6_9.i686.rpm x86_64: flash-plugin-26.0.0.151-1.el6_9.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-26.0.0.151-1.el6_9.i686.rpm x86_64: flash-plugin-26.0.0.151-1.el6_9.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-26.0.0.151-1.el6_9.i686.rpm x86_64: flash-plugin-26.0.0.151-1.el6_9.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-3085 https://access.redhat.com/security/cve/CVE-2017-3106 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb17-23.html 8. Contact: The Red Hat security contact is. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iD8DBQFZjDiCXlSAg2UNWIIRAgqtAJ9iIVnUE5HymMdzqU0AJCTWi3YL6QCeNxqL LLLRvoXgWUk7rcTd0FGc2XM= =jLEB -END PGP SIGNATURE- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce