[ MDVSA-2013:274 ] libjpeg
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:274 http://www.mandriva.com/en/support/security/ ___ Package : libjpeg Date: November 21, 2013 Affected: Enterprise Server 5.0 ___ Problem Description: Updated libjpeg packages fix security vulnerabilities: A Heap-based buffer overflow was found in the way libjpeg-turbo decompressed certain corrupt JPEG images in which the component count was erroneously set to a large value. An attacker could create a specially-crafted JPEG image that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application (CVE-2012-2806). libjpeg 6b and libjpeg-turbo will use uninitialized memory when decoding images with missing SOS data for the luminance component (Y) in presence of valid chroma data (Cr, Cb) (CVE-2013-6629). libjpeg-turbo will use uninitialized memory when handling Huffman tables (CVE-2013-6630). ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2806 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6630 http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2013:044/ http://advisories.mageia.org/MGASA-2013-0333.html ___ Updated Packages: Mandriva Enterprise Server 5: 79d040dfdb170231f3c90e649c6726a8 mes5/i586/jpeg-progs-6b-43.1mdvmes5.2.i586.rpm 9fdefbd8518fecfd42c2a795abd7d5e4 mes5/i586/libjpeg62-6b-43.1mdvmes5.2.i586.rpm 9044749a76bc17e3a21d8bff786017a3 mes5/i586/libjpeg62-devel-6b-43.1mdvmes5.2.i586.rpm 35373c288fdc90904e610d723aef96a8 mes5/i586/libjpeg62-static-devel-6b-43.1mdvmes5.2.i586.rpm 0b9c6863a436a7dd8c162ea291ecfa79 mes5/SRPMS/libjpeg-6b-43.1mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 1503af16a0b1f50ada9c289480e6aba4 mes5/x86_64/jpeg-progs-6b-43.1mdvmes5.2.x86_64.rpm d7dc5dc5e2e7d5b451cbe752040e1043 mes5/x86_64/lib64jpeg62-6b-43.1mdvmes5.2.x86_64.rpm db64b158f6f1a46f019238995d4a27cb mes5/x86_64/lib64jpeg62-devel-6b-43.1mdvmes5.2.x86_64.rpm b70b2089d2b46ca51df1a17b1331083c mes5/x86_64/lib64jpeg62-static-devel-6b-43.1mdvmes5.2.x86_64.rpm 0b9c6863a436a7dd8c162ea291ecfa79 mes5/SRPMS/libjpeg-6b-43.1mdvmes5.2.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFSjc59mqjQ0CJFipgRAsb5AJ9jS+6jBX2jVP+yu7yB5WUrHMG6LwCg500u nXCFA6ay+oZjHVhnLR3GeUQ= =BGGO -END PGP SIGNATURE-
[ MDVSA-2013:275 ] krb5
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:275 http://www.mandriva.com/en/support/security/ ___ Package : krb5 Date: November 21, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 ___ Problem Description: Updated krb5 package fixes security vulnerabily: If a KDC serves multiple realms, certain requests can cause setup_server_realm() to dereference a null pointer, crashing the KDC. This can be triggered by an unauthenticated user (CVE-2013-1418). ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1418 http://advisories.mageia.org/MGASA-2013-0335.html ___ Updated Packages: Mandriva Enterprise Server 5: c6e2a12f9334c9b0861f738e309ef21c mes5/i586/krb5-1.8.1-0.12mdvmes5.2.i586.rpm 099870aeac2424420be5a47718443e88 mes5/i586/krb5-pkinit-openssl-1.8.1-0.12mdvmes5.2.i586.rpm f683b619aed5b347c7d6b92070a86b77 mes5/i586/krb5-server-1.8.1-0.12mdvmes5.2.i586.rpm 369a1ac36bd88019c207aa1982f50753 mes5/i586/krb5-server-ldap-1.8.1-0.12mdvmes5.2.i586.rpm b303c5a842bc235c64cf1521e905bf4e mes5/i586/krb5-workstation-1.8.1-0.12mdvmes5.2.i586.rpm 24b5128661cb61497a8965abfc1b0e43 mes5/i586/libkrb53-1.8.1-0.12mdvmes5.2.i586.rpm f5dba26c5fdf746de303591346b8de63 mes5/i586/libkrb53-devel-1.8.1-0.12mdvmes5.2.i586.rpm 56849bc96afd72468707d055d286ce0a mes5/SRPMS/krb5-1.8.1-0.12mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: aaf04d799c2bb6e9bac4dc9f0c24ba99 mes5/x86_64/krb5-1.8.1-0.12mdvmes5.2.x86_64.rpm 29b3214d94a789911404d03a1e176403 mes5/x86_64/krb5-pkinit-openssl-1.8.1-0.12mdvmes5.2.x86_64.rpm 46ffafde92974ccc43501486b53028db mes5/x86_64/krb5-server-1.8.1-0.12mdvmes5.2.x86_64.rpm 1ad22a59ef287c424f6eaae5cc891365 mes5/x86_64/krb5-server-ldap-1.8.1-0.12mdvmes5.2.x86_64.rpm 63aa45265bc290f807cf14d4aa43843f mes5/x86_64/krb5-workstation-1.8.1-0.12mdvmes5.2.x86_64.rpm c884dcc1f33f1f802c2d8cee153cea85 mes5/x86_64/lib64krb53-1.8.1-0.12mdvmes5.2.x86_64.rpm ff88b48603330887ddf7d7c732600a7e mes5/x86_64/lib64krb53-devel-1.8.1-0.12mdvmes5.2.x86_64.rpm 56849bc96afd72468707d055d286ce0a mes5/SRPMS/krb5-1.8.1-0.12mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: 76b585b948b99099d7f4176af973f0fd mbs1/x86_64/krb5-1.9.2-3.4.mbs1.x86_64.rpm 1081705b0e90cf301fe6a709d5f3661f mbs1/x86_64/krb5-pkinit-openssl-1.9.2-3.4.mbs1.x86_64.rpm dc28a054d134b3c74d5de881407e8391 mbs1/x86_64/krb5-server-1.9.2-3.4.mbs1.x86_64.rpm 006ede11ef91663f9f03a270110db97a mbs1/x86_64/krb5-server-ldap-1.9.2-3.4.mbs1.x86_64.rpm a86c414f752c1a663a304d8151116d02 mbs1/x86_64/krb5-workstation-1.9.2-3.4.mbs1.x86_64.rpm d1fac5ab68f0f8df723d9d83abcfef78 mbs1/x86_64/lib64krb53-1.9.2-3.4.mbs1.x86_64.rpm 1ec050aa3173941d0e4dbdb501085315 mbs1/x86_64/lib64krb53-devel-1.9.2-3.4.mbs1.x86_64.rpm fb6fa067fd8857905b0433d366470c15 mbs1/SRPMS/krb5-1.9.2-3.4.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFSjdSRmqjQ0CJFipgRAvYCAKDOR+UvyukA+sBAuu1ZOHax2R2hhwCfWZbu zrWz2FmnSu0pcKLe+wofc0s= =fank -END PGP SIGNATURE-
[ MDVSA-2013:273 ] libjpeg
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:273 http://www.mandriva.com/en/support/security/ ___ Package : libjpeg Date: November 21, 2013 Affected: Business Server 1.0 ___ Problem Description: Updated libjpeg packages fix security vulnerabilities: libjpeg 6b and libjpeg-turbo will use uninitialized memory when decoding images with missing SOS data for the luminance component (Y) in presence of valid chroma data (Cr, Cb) (CVE-2013-6629). libjpeg-turbo will use uninitialized memory when handling Huffman tables (CVE-2013-6630). ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6630 http://advisories.mageia.org/MGASA-2013-0333.html ___ Updated Packages: Mandriva Business Server 1/X86_64: 4b3246c5236cce36539c5a3f3383e141 mbs1/x86_64/jpeg-progs-1.2.0-5.2.mbs1.x86_64.rpm e903e2d84d5975c84feb30bf61e9fc27 mbs1/x86_64/lib64jpeg62-1.2.0-5.2.mbs1.x86_64.rpm ed2b02157825d772109fd321a4bd8da5 mbs1/x86_64/lib64jpeg8-1.2.0-5.2.mbs1.x86_64.rpm 6257733e093dc32b01a6e9fe695f75c5 mbs1/x86_64/lib64jpeg-devel-1.2.0-5.2.mbs1.x86_64.rpm f5880a061f6ffe706c92619516cdb483 mbs1/x86_64/lib64jpeg-static-devel-1.2.0-5.2.mbs1.x86_64.rpm e9d23e700d88863fa51623fa318e9203 mbs1/SRPMS/libjpeg-1.2.0-5.2.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFSjc42mqjQ0CJFipgRAjjdAKCyA6j70X2L2kyFbcb+Lf9DfvdGzQCgjN3I zZpqCNbcAEXpDneYn4hAA/o= =5rwB -END PGP SIGNATURE-
[ MDVSA-2013:277 ] lighttpd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:277 http://www.mandriva.com/en/support/security/ ___ Package : lighttpd Date: November 21, 2013 Affected: Business Server 1.0 ___ Problem Description: Updated lighttpd packages fix security vulnerabilities: lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network (CVE-2013-4508). In lighttpd before 1.4.34, if setuid() fails for any reason, for instance if an environment limits the number of processes a user can have and the target uid already is at the limit, lighttpd will run as root. A user who can run CGI scripts could clone() often; in this case a lighttpd restart would end up with lighttpd running as root, and the CGI scripts would run as root too (CVE-2013-4559). In lighttpd before 1.4.34, if fam is enabled and there are directories reachable from configured doc roots and aliases on which FAMMonitorDirectory fails, a remote client could trigger a DoS (CVE-2013-4560). ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4508 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4559 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4560 http://advisories.mageia.org/MGASA-2013-0334.html ___ Updated Packages: Mandriva Business Server 1/X86_64: a6eec76f20484109e1a026d28f5dfd7b mbs1/x86_64/lighttpd-1.4.30-6.2.mbs1.x86_64.rpm 42ed704d681c1b7ea18bd1479b02edc7 mbs1/x86_64/lighttpd-mod_auth-1.4.30-6.2.mbs1.x86_64.rpm e458f80fc0bc8865c130088f1699d411 mbs1/x86_64/lighttpd-mod_cml-1.4.30-6.2.mbs1.x86_64.rpm d0c268fe2f179d8f7f142bd144a667b3 mbs1/x86_64/lighttpd-mod_compress-1.4.30-6.2.mbs1.x86_64.rpm 8ac5333eb17158786c2f464359c69d99 mbs1/x86_64/lighttpd-mod_magnet-1.4.30-6.2.mbs1.x86_64.rpm 9f21ed1714c5591f7edbbb01c0a81d8c mbs1/x86_64/lighttpd-mod_mysql_vhost-1.4.30-6.2.mbs1.x86_64.rpm 439b814ef94a37be3c7abe70f784306f mbs1/x86_64/lighttpd-mod_trigger_b4_dl-1.4.30-6.2.mbs1.x86_64.rpm 86270bb497c3af7bd4e305d969f5e512 mbs1/x86_64/lighttpd-mod_webdav-1.4.30-6.2.mbs1.x86_64.rpm 8f25c07b15081e7ce136682b24fafcf7 mbs1/SRPMS/lighttpd-1.4.30-6.2.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFSjdwOmqjQ0CJFipgRAv2TAJ9lpugwUOKlVs6MAYIb0jfwj78JiACeKoYu SGFz2M/PjxseAG6IlD5DyvM= =8MQj -END PGP SIGNATURE-
[ MDVSA-2013:278 ] samba
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:278 http://www.mandriva.com/en/support/security/ ___ Package : samba Date: November 21, 2013 Affected: Business Server 1.0 ___ Problem Description: A vulnerability has been found and corrected in samba: Samba 3.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate data stream (ADS) (CVE-2013-4475). The updated packages has been upgraded to the 3.6.20 version which resolves various upstream bugs and is not vulnerable to this issue. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4475 http://www.samba.org/samba/history/samba-3.6.18.html http://www.samba.org/samba/history/samba-3.6.19.html http://www.samba.org/samba/history/samba-3.6.20.html https://bugzilla.samba.org/show_bug.cgi?id=10229 ___ Updated Packages: Mandriva Business Server 1/X86_64: 04c8afba21bc40f5c4274b8564ceb052 mbs1/x86_64/lib64netapi0-3.6.20-1.mbs1.x86_64.rpm fa226051332299ea4f96e10fc192d90a mbs1/x86_64/lib64netapi-devel-3.6.20-1.mbs1.x86_64.rpm 1c96ca21ca66d4cc6746f24f86508bdd mbs1/x86_64/lib64smbclient0-3.6.20-1.mbs1.x86_64.rpm c42e30eb3c685fe884e48d871251e861 mbs1/x86_64/lib64smbclient0-devel-3.6.20-1.mbs1.x86_64.rpm d93d57327a0fdf069dbb91af08aac095 mbs1/x86_64/lib64smbclient0-static-devel-3.6.20-1.mbs1.x86_64.rpm 588493eead94a13e966d6446c5ad9782 mbs1/x86_64/lib64smbsharemodes0-3.6.20-1.mbs1.x86_64.rpm 4388c20ac0aa8951d30a1b40afdfbae5 mbs1/x86_64/lib64smbsharemodes-devel-3.6.20-1.mbs1.x86_64.rpm e68f5e6ef90e75129a2d5f754250c112 mbs1/x86_64/lib64wbclient0-3.6.20-1.mbs1.x86_64.rpm a0b2e91e0e23dc3260be688a2f2f0d0c mbs1/x86_64/lib64wbclient-devel-3.6.20-1.mbs1.x86_64.rpm e1fd0b5506ece44211821b5b7c0a9684 mbs1/x86_64/nss_wins-3.6.20-1.mbs1.x86_64.rpm d1f21d436dc28ad40c7d030a943a0335 mbs1/x86_64/samba-client-3.6.20-1.mbs1.x86_64.rpm 781a99ccd0af331f59a2bc1844197e16 mbs1/x86_64/samba-common-3.6.20-1.mbs1.x86_64.rpm b915df8e7c163f04dd4095d2a6777e4a mbs1/x86_64/samba-doc-3.6.20-1.mbs1.noarch.rpm a9ec2136212d53cb6176f7a0624f1bd7 mbs1/x86_64/samba-domainjoin-gui-3.6.20-1.mbs1.x86_64.rpm 2d0851c6c50f15506c74be2c7de1f7f8 mbs1/x86_64/samba-server-3.6.20-1.mbs1.x86_64.rpm 73077f86655ac876f205d618c052e566 mbs1/x86_64/samba-swat-3.6.20-1.mbs1.x86_64.rpm 4181720a189af667d6d091af1c686478 mbs1/x86_64/samba-virusfilter-clamav-3.6.20-1.mbs1.x86_64.rpm 840ba7d913280b4008011b4a8327e4b9 mbs1/x86_64/samba-virusfilter-fsecure-3.6.20-1.mbs1.x86_64.rpm 5af75c2e296fa66b7a7a6d045d79e0b8 mbs1/x86_64/samba-virusfilter-sophos-3.6.20-1.mbs1.x86_64.rpm 4a99520dc13463fb5dfc15ab5fa2db48 mbs1/x86_64/samba-winbind-3.6.20-1.mbs1.x86_64.rpm df0711c1cbffdaa5652b4e87ba5037fd mbs1/SRPMS/samba-3.6.20-1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFSjfIXmqjQ0CJFipgRAndaAKCc0FjCYHUA9D8buriVfcOH3Yw9ZgCgp3J3 xqbdSclHLXSbqQNrFxXYPV8= =5u4O -END PGP SIGNATURE-
Facebook Vulnerability Discloses Friends Lists Defined as Private
Facebook Vulnerability Discloses Friends Lists Defined as Private = Researchers from the Quotium Seeker Research Center identified a security flaw in Facebook privacy controls. The vulnerability allows attackers to see the friends list of any user on Facebook. This attack is carried out by abusing the 'People You May Know' mechanism on Facebook, which is the mechanism by which Facebook suggests new friends to users. With attacks being on the rise, Facebook is often targeted by hackers for the information it possesses. Users rely on Facebook to maintain their privacy to the best of Facebook's ability. Technical Details = To execute the attack, an attacker needs to create a new user on Facebook, and send a friend request to the victim. The victim declining the request is irrelevant. At this point Facebook begins to suggest to the attacker people he may know, with the option of clicking a 'see all' button for convenience. The people suggested at this point are the friends of the user to whom the attacker sent a friend request, even when the friends list of the victim is set to private, and the other suggested users also have their friends list private. For full technical information see www.quotium.com/research/advisories/Facebook_Vulnerability_Discloses_Private_Friends_list.php Vendor Response == FB responded that:If you don't have friends on Facebook and send a friend request to someone who's chosen to hide their complete friend list from their timeline, you may see some friend suggestions that are also friends of theirs. But you have no way of knowing if the suggestions you see represent someone's complete friend list. However, research of this issue has shown that most of the friends list, often hundreds of friends, is available to the attacker. In any case, even a partial friends list is a violation of user-chosen privacy controls. Since this vulnerability renders the privacy control to hide friends lists from other users irrelevant, we hope Facebook will change its mind and this flaw will be addressed. Credit = Irene Abezgauz, VP Product Management at Quotium and Seeker Research Center leader is credited with the discovery of this vulnerability.
[ MDVSA-2013:276 ] curl
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:276 http://www.mandriva.com/en/support/security/ ___ Package : curl Date: November 21, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 ___ Problem Description: Updated curl packages fix security vulnerability: Scott Cantor discovered that curl, a file retrieval tool, would disable the CURLOPT_SSLVERIFYHOST check when the CURLOPT_SSL_VERIFYPEER setting was disabled. This would also disable ssl certificate host name checks when it should have only disabled verification of the certificate trust chain (CVE-2013-4545). ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4545 http://advisories.mageia.org/MGASA-2013-0338.html ___ Updated Packages: Mandriva Enterprise Server 5: 8f84022018a0be9caba70cc8cf6b98d1 mes5/i586/curl-7.19.0-2.8mdvmes5.2.i586.rpm e86ae32c140ab086117a626b1dc4247c mes5/i586/curl-examples-7.19.0-2.8mdvmes5.2.i586.rpm af24903c9f5de553fb3608bd58218f24 mes5/i586/libcurl4-7.19.0-2.8mdvmes5.2.i586.rpm bf050fb57bfcdf91bb8b60f3b0c0e25f mes5/i586/libcurl-devel-7.19.0-2.8mdvmes5.2.i586.rpm dfb61d68c4c646ab7bd0a9d3a1c39469 mes5/SRPMS/curl-7.19.0-2.8mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 4ccbd52d83d96e492d15463f39e4592e mes5/x86_64/curl-7.19.0-2.8mdvmes5.2.x86_64.rpm 9c4dd21c21347ef24faa736eec23f8d1 mes5/x86_64/curl-examples-7.19.0-2.8mdvmes5.2.x86_64.rpm 1ec84b9e08af585ec52115c780f8f7ad mes5/x86_64/lib64curl4-7.19.0-2.8mdvmes5.2.x86_64.rpm d9ca888f8a41efdbed7413c08b0a3c6c mes5/x86_64/lib64curl-devel-7.19.0-2.8mdvmes5.2.x86_64.rpm dfb61d68c4c646ab7bd0a9d3a1c39469 mes5/SRPMS/curl-7.19.0-2.8mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: 1c6d38ad16cfbbd7c08ac4db92c3c322 mbs1/x86_64/curl-7.24.0-2.3.mbs1.x86_64.rpm 47944d2322c89eb7e167ff2cfaaa0c21 mbs1/x86_64/curl-examples-7.24.0-2.3.mbs1.x86_64.rpm 6b2c3b949347f726bb1a68700d3de178 mbs1/x86_64/lib64curl4-7.24.0-2.3.mbs1.x86_64.rpm 1b2449e78f76b8af262fa990317cc6f4 mbs1/x86_64/lib64curl-devel-7.24.0-2.3.mbs1.x86_64.rpm 5158e7b7a60bad696d90178ec462c6a0 mbs1/SRPMS/curl-7.24.0-2.3.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFSjdjzmqjQ0CJFipgRAixLAJ41ILVt778Lt5wIF9Jwom7KBcuW5gCffIDn M5ZuM4EwtuqxlZfXqbsmaJI= =iHkm -END PGP SIGNATURE-
[ MDVSA-2013:272 ] poppler
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:272 http://www.mandriva.com/en/support/security/ ___ Package : poppler Date: November 21, 2013 Affected: Business Server 1.0 ___ Problem Description: Updated poppler packages fix security vulnerabilities: Poppler is found to be affected by a stack based buffer overflow vulnerability in the pdfseparate utility. Successfully exploiting this issue could allow remote attackers to execute arbitrary code in the context of the affected application. Failed exploits may result in denial-of-service conditions (CVE-2013-4473). Poppler was found to have a user controlled format string vulnerability because it fails to sanitize user-supplied input. An attacker may exploit this issue to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in a denial-of-service condition (CVE-2013-4474). ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4473 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4474 http://advisories.mageia.org/MGASA-2013-0332.html ___ Updated Packages: Mandriva Business Server 1/X86_64: d1a749ade26ec47b8bdd900cea7be361 mbs1/x86_64/lib64poppler19-0.18.4-3.2.mbs1.x86_64.rpm 53ee4f21bf01192e827c960a8deafcb0 mbs1/x86_64/lib64poppler-cpp0-0.18.4-3.2.mbs1.x86_64.rpm 661c1fcdc8c0f0cf1bfc3a43275a6895 mbs1/x86_64/lib64poppler-cpp-devel-0.18.4-3.2.mbs1.x86_64.rpm cfbda8f79820fada6274cd550049532a mbs1/x86_64/lib64poppler-devel-0.18.4-3.2.mbs1.x86_64.rpm 378519dd3dd92f45531a8ca536b8c92a mbs1/x86_64/lib64poppler-gir0.18-0.18.4-3.2.mbs1.x86_64.rpm d6e0aefe7506a27676a7c3dbfaeba7b9 mbs1/x86_64/lib64poppler-glib8-0.18.4-3.2.mbs1.x86_64.rpm ee9bbc3c5654a25031d323139498086f mbs1/x86_64/lib64poppler-glib-devel-0.18.4-3.2.mbs1.x86_64.rpm fe312c8cc70fd79b9af692406d14528e mbs1/x86_64/poppler-0.18.4-3.2.mbs1.x86_64.rpm c819c49c510eef5d0060a64fb0db40f1 mbs1/SRPMS/poppler-0.18.4-3.2.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFSjc3imqjQ0CJFipgRAnQIAJ9OUE4f+kvmXiyNKBhjDH0Gc68cZQCcCSfw 0ipIHElecaGgpo5tBZRtNi4= =tBlV -END PGP SIGNATURE-
Instagram Photo Upload and Flattr Money Redirection Vulnerability
Affected app: Instagram (Android/iOS)
Affected versions: 4.0.2, 4.1.2 and 4.2.7, probably also earlier versions
affected.
# Summary
Last year and earlier this year some vulnerabilities in Instagram (Android/iOS)
were discovered, which give an attacker the ability to like and delete photos
in the name of the hijacked account. Accounts can be hijacked based on plaintext
communication of the Instagram app, i.e. in unencrypted WiFi networks.
We discovered two new security flaws in Instagram.
With these vulnerabilities Mallory is able to upload photos into Alice's account
and, much more significant, steal money if Alice linked her Instagram account
to Flattr. Normally this
feature provides the ability for Alice to flattr the photos she likes. The
fact that Mallory can like photos in Alice's name gives her the ability
to flattr content in the name of Alice. Mallory can now create her own Instagram
account, link it with her Flattr, upload random photos and flattr these photos
with Alice's Instagram account to get money from her.
# Photo upload
The photo upload in Instagram happens in two steps. In the first step the photo
is sent
via **unencrypted** HTTP with a POST request to `/api/v1/media/upload/`, which
returns a media_id.
In the second step, an activation request is sent over HTTPS to
`/api/v1/media/configure`. We analyzed this request using a MitM attack. With a
custom SSL Root CA certificate installed on our Android and iOS devices, we
were able to redirect the SSL secured traffic to Instagram to obtain the plain
text of the requests:
POST /api/v1/media/configure/ HTTP/1.1
Host: instagram.com
[more headers stripped]
signed_body=eb8b5bdff7bf8ba402a50c69617a50a23e49367ff3d470dd447f658d64a95c25.{filter_type:28,media_id:593984755223468908_68...,device_timestamp:1384857213,caption:example,_uuid:C94EB9B6...,_uid:686...,_csrftoken:0df2b022...,geotag_enabled:false,usertags:{\in\:[]},source_type:1,faces_detected:0}
In the body of that request a JSON table is sent to the Instagram server to
activate the uploaded photo. The `signed_body` consists of the JSON string and a
signature, generated with a hard coded encryption key found in the Instgram app
binary.
Even though the app uses HTTPS, the same operation can be performed via
unencrypted HTTP.
While testing the MitM attack we determined that the Instagram app checks
for valid SSL certificates and doesn't send any encrypted requests. This check
is
sufficient in most cases, however we suggest to additionally perform certificate
pinning to further increase security of user data.
# Flattr connection
Flattr implemented the ability to link an Instagram account with a Flattr
account. If the accounts are linked, by default photos will be automatically
flattred whenever a photo is liked on Instagram.
Because we are able to like photos by hijacking accounts, we are able to flattr
photos in the name of the hijacked user. This requires that a user has
linked their Instagram and Flattr accounts.
The like request is sent over HTTP and looks as follows:
POST
/api/v1/media/57623845628346583457_8349573845/like/?d=0src=timelineig_sig_key_version=4
Host: instagram.com
[more headers stripped]
signed_body=975428627f0636623d48bc7e88573a8ce05398311738e19469c343cc60b0e78b.{_uid:83854...,_csrftoken:0df2b022...,media_id:57623845628346583457_8349573845}
Because we know the media ids of our own photos, we can like them with the
hijacked account and money starts rolling in.
# Mitigation
To prevent this attack happening to you, do not use the Instagram app in any
network you do not trust completely, i.e. free WiFi hotspots. Instead, only use
the app via VPN connections to a trusted site.
To prevent losing money when somebody hijacks your Instagram account, disable
the account link on Flattr, or at least disable automatic flattring of photos.
Hijacked flattrs can be seen on the users Flattr notifications dashboard.
# Timeline
* 2013-07-21 Signature faking vulnerability discovered.
* 2013-07-23 The vendor was contacted via e-mail, there was no reply yet.
* 2013-08-26 Publication of the signature faking vulnerability.
* 2013-10-14 Photo upload vulnerability discovered.
* 2013-11-18 Flattr money redirection vulnerability discovered.
* 2013-11-20 Publication of the photo upload and flattr vulnerabilities.
# Contact
Please contact Andreas Pfohl pf...@rt-solutions.de or Dr Georg Lukas
lu...@rt-solutions.de with any further questions regarding the vulnerability.
[0] PDF version of this document:
http://rt-solutions.de/images/PDFs/Veroeffentlichungen/instagram_photo_upload_and_flattr_money_redirection_vulnerability.pdf
[1] http://reventlov.com/advisories/instagram-plaintext-media-disclosure-issue
[2]
http://rt-solutions.de/images/PDFs/Veroeffentlichungen/Instagram%20App%20Security%20Vulnerability.pdf
[3] rt-solutions.de GmbH http://www.rt-solutions.de/
--
rt-solutions.de GmbH
Oberländer Ufer 190a
D-50968 Köln
Fax : (+49)221
[ MDVSA-2013:271 ] pmake
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2013:271 http://www.mandriva.com/en/support/security/ ___ Package : pmake Date: November 21, 2013 Affected: Business Server 1.0 ___ Problem Description: Updated pmake package fixes security vulnerability: The make include files in NetBSD before 1.6.2, as used in pmake 1.111 and earlier, allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_depend# temporary file, related to bsd.lib.mk and bsd.prog.mk (CVE-2011-1920). ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1920 http://advisories.mageia.org/MGASA-2013-0331.html ___ Updated Packages: Mandriva Business Server 1/X86_64: 6228c8f23e3b09509f9b34befe1d95a8 mbs1/x86_64/pmake-1.45-11.1.mbs1.x86_64.rpm 00690830d167141f6397255ed69fb610 mbs1/SRPMS/pmake-1.45-11.1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFSjc2qmqjQ0CJFipgRAgABAJwOgX5WV4V0poCq8ZPVTiKAwkaOhACgo0P0 dODM5QyguzaYLGCJj7VNWjU= =CSWH -END PGP SIGNATURE-
[SECURITY] [DSA 2801-1] libhttp-body-perl security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2801-1 secur...@debian.org http://www.debian.org/security/ Salvatore Bonaccorso November 21, 2013 http://www.debian.org/security/faq - - Package: libhttp-body-perl Vulnerability : design error Problem type : local (remote) Debian-specific: no CVE ID : CVE-2013-4407 Debian Bug : 721634 Jonathan Dolle reported a design error in HTTP::Body, a Perl module for processing data from HTTP POST requests. The HTTP body multipart parser creates temporary files which preserve the suffix of the uploaded file. An attacker able to upload files to a service that uses HTTP::Body::Multipart could potentially execute commands on the server if these temporary filenames are used in subsequent commands without further checks. This update restricts the possible suffixes used for the created temporary files. The oldstable distribution (squeeze) is not affected by this problem. For the stable distribution (wheezy), this problem has been fixed in version 1.11-1+deb7u1. For the testing distribution (jessie), this problem has been fixed in version 1.17-2. For the unstable distribution (sid), this problem has been fixed in version 1.17-2. We recommend that you upgrade your libhttp-body-perl packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAEBCgAGBQJSjmzVAAoJEAVMuPMTQ89EohYP/3SXgsSktgNceshKqtTAJYNY 7d9hWD846df/VAYHxc60YYQeMBo9wMvUpT6azjvSrD0pePg/Ddq+41tuyUQoo3kF kWAJ7JUikXxOHmRLAyh4n+1HyaKLFCCWzZ8OJAwHYKivSxp8ajnvhcy9xMkwNxcK p3b3ne4ETCN3SyuAbYxtz5NlrsEPcTOtr3HXQyoKw6oWGWid+NI/QdoXmmUkfPwc eK6OkzOmSHot/pQJob5S9QqzvxYJ4MQy2QmxJNXC6HBelFRWkpSrbiPvBCo0ZmL+ LInSH6lwllICFoQ7uaUZZujLX4DHICRqs5ArAjtem/3QcAzpXdd4QajTcdUjkqWh fqYdULjmC22uZFI3zJszqX+4PjcFGw76lDl/1/db5QRW7G44W1KvP7nkswn0xNyT mWw4hHp66O6O4FYsWxPG4mct+DbrZ7YAgeVf+hi5kdD4gSz++UOkkKsnFQg+V1et yAvgas8RcEvqvgAZfdkOKAVhBEIKJ6YVbgTMcX+APtSOT0Fyn46vLfi9KNcU8t53 P0jZSAMJ3aSQajNGFnaQykzyny+OErR/Nqyk+4P7Ej0cd2v5VH2ZRCQaFpRBPLgz XhqHnXMMK6Uy4pOV5xj8eEzwi4ANc4uFffbCpdoMS66Is+tQhK8RVZSVTollBi+u pCJcZivWPDoBmLgd5ZGJ =bWvp -END PGP SIGNATURE-
DC4420 (DefCon London) meeting next Tuesday, 26th November 2013
As usual we will be in the downstairs bar at The Phoenix, Cavendish Square, W1G 0PP The venue is ours from 17:30 until 23:00, talks start 19:30. The programme format this month is tweaked a little, the second half, after the main talk break, will be short talks - we have 2 scheduled and maybe 1 or 2 more can be accommodated on the night. +++ 1st Speaker: Wendy Goucher Title: Optical Hacking Synopsis: Shoulder surfing is a good source of anecdotes. It seems everyone has seen some data they shouldn’t have at some point. These stories are entertaining but essentially harmless. This talk will use information gathered in the course of my PhD investigating the subject to reveal how shoulder surfing has, through the power of smartphone technology, evolved into a real threat to business. A casual observation in the executive airport lounge could be a social media enabled pile of embarrassment even before the unwary executive has stepped on their plane. All the elements to a storm of information leakage are there. Before you or your organisation are the victim of Optical Hacking discover the risk and start thinking about mitigation. +++ break +++ 2nd Speaker: Skyper Title: IETF 88 update Synopsis: November's IETF88 results on pervasive Internet surveillance, current and future trends on SSL/TLS, HTTPS, DNSSEC and opportunistic encryption and the need for hackers to attend the IETF meetings. +++ 3rd Speaker: Krunch Title: Don't mind the airgap Synopsis: On the feasibility of ultrasonic communication with commodity hardware in non-lab environment. Including obligatory demo. +++ Info about DC4420 (Defcon London) - http://www.dc4420.org/ Info about the venue - http://www.phoenixcavendishsquare.co.uk/
ESA-2013-077: RSA Data Protection Manager Appliance Multiple Vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ESA-2013-077: RSA Data Protection Manager Appliance Multiple Vulnerabilities EMC Identifier: ESA-2013-077 CVE Identifier: CVE-2013-3288, CVE-2009-3555 Severity Rating: See below for individual scores and refer to vendor advisories for component issues Affected Products: RSA Data Protection Manager Appliance versions 3.2.x and 3.5 (Hardware and Virtual) Unaffected Products: RSA Data Protection Manager Server all versions Summary: RSA Data Protection Manager Appliance is susceptible to vulnerabilities that could potentially be exploited by malicious users to compromise affected systems. Details: The vulnerabilities are: 1. DOM-based Cross Site Scripting Vulnerability (CVE-2013-3288) CVSS v2 Base Score: 5.8 (AV:A/AC:L/Au:N/C:P/I:P/A:P) A cross-site scripting vulnerability could be potentially exploited for conducting malicious scripting attacks in RSA Data Protection Manager Appliance. The vulnerability could be exploited by malicious attacker by getting an authenticated user to click on specially-crafted links embedded within an email, web page or other source. This may lead to execution of malicious html requests or scripts in the context of the authenticated user. 2. TLS Session Renegotiation Vulnerability (CVE-2009-3555) CVSS v2 Base Score: 5.8 (AV:N/AC:M/Au:N/C:N/I:P/A:P) A vulnerability exists in SSL and TLS protocols that may allow attackers to execute an arbitrary HTTP transaction in RSA Data Protection Manager Appliance. See http://www.kb.cert.org/vuls/id/120541 for more details. Recommendation: The following versions contain resolution to these issues: RSA DPM Appliance versions 3.2.4.2, 3.5.1 RSA strongly recommends all customers to upgrade to unaffected versions at the earliest opportunity. Obtaining Documentation: To obtain RSA documentation, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com and click Products in the top navigation menu. Select the specific product whose documentation you want to obtain. Scroll to the section for the product version that you want and click the set link. Severity Rating: For an explanation of Severity Ratings, refer to the Knowledge Base Article, Security Advisories Severity Rating at https://knowledge.rsasecurity.com/scolcms/knowledge.aspx?solution=a46604. RSA recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. Obtaining More Information: For more information about RSA products, visit the RSA web site at http://www.rsa.com. Getting Support and Service: For customers with current maintenance contracts, contact your local RSA Customer Support center with any additional questions regarding this RSA SecurCare Note. For contact telephone numbers or e-mail addresses, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com, click Help Contact, and then click the Contact Us - Phone tab or the Contact Us - Email tab. General Customer Support Information: http://www.rsa.com/node.aspx?id=1264 RSA SecurCare Online: https://knowledge.rsasecurity.com EOPS Policy: RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the link below for additional details. http://www.rsa.com/node.aspx?id=2575 SecurCare Online Security Advisories RSA, The Security Division of EMC, distributes SCOL Security Advisories in order to bring to the attention of users of the affected RSA products important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided as is without warranty of any kind. RSA disclaim all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall RSA or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. About RSA SecurCare Notes Security Advisories Subscription RSA SecurCare Notes Security Advisories are targeted e-mail messages that RSA sends you based on the RSA product family you currently use. If youd like to stop receiving RSA SecurCare Notes Security Advisories, or if youd like to change which RSA product family Notes Security Advisories you currently receive, log on to RSA SecurCare Online at https://knowledge.rsasecurity.com/scolcms/help.aspx?_v=view3.
[SECURITY] [DSA 2802-1] nginx security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2802-1 secur...@debian.org http://www.debian.org/security/ Thijs Kinkhorst November 21, 2013 http://www.debian.org/security/faq - - Package: nginx Vulnerability : restriction bypass Problem type : remote Debian-specific: no CVE ID : CVE-2013-4547 Debian Bug : 730012 Ivan Fratric of the Google Security Team discovered a bug in nginx, a web server, which might allow an attacker to bypass security restrictions by using a specially crafted request. The oldstable distribution (squeeze) is not affected by this problem. For the stable distribution (wheezy), this problem has been fixed in version 1.2.1-2.2+wheezy2. For the unstable distribution (sid), this problem has been fixed in version 1.4.4-1. We recommend that you upgrade your nginx packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQEbBAEBAgAGBQJSjnxtAAoJEFb2GnlAHawEXtUH+MMowTZGj8ex7rSstq2uOHST q9C2JZhiAVpYdXBGOR3JHdtJcClkIVvl1cTrp1yhNImvvPWSvJHDIXDbPI7V/0jO 3h6YTZTSGUdhu8UsYGOd1GRon1lNj1Jyhch3HoIA9AAdzGY6FroZGQomsk9tC1K6 Ddh8D/4fbfAKm4RVPXV2Zd7HyDJMqFUlnUXoWuyuAQ8HAxbSrYetO3Bx24Mmt1z6 OHYKAhJYvixLYUt4BCQ3sOfN7AyRwppunjGmSH/up+uGwrgvQO2JgAt3pweYR3/f vAiAWPp5ZVDSMzEa85ZZ+XvjseNAYQBxhiMBr8urf/MmTJWxC63shRV5cBvFXw== =ttYS -END PGP SIGNATURE-
