Arch-security

Download

arch-security@lists.archlinux.org

August 2015

2 participants
12 discussions

[arch-security] [ASA-201508-2] wordpress: multiple issues
by Remi Gacogne 07 Aug '15

07 Aug '15

Arch Linux Security Advisory ASA-201508-2 ========================================= Severity: High Date : 2015-08-07 CVE-ID : CVE-2015-2213 CVE-2015-5730 CVE-2015-5731 CVE-2015-5732 CVE-2015-5733 CVE-2015-5734 Package : wordpress Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package wordpress before version 4.2.4-1 is vulnerable to multiple issues, including XSS and SQL injection. Resolution ========== Upgrade to 4.2.4-1>. # pacman -Syu "wordpress>=4.2.4-1" The problem has been fixed upstream in version 4.2.4. Workaround ========== None. Description =========== - CVE-2015-2213: SQL injection in comments ID. - CVE-2015-5730: Timing attack in widgets. - CVE-2015-5731: Denial of service by locking a post from being edited. - CVE-2015-5732, CVE-2015-5733 CVE-2015-5734: XSS. Impact ====== A remote attacker could lock a post from being edited, or compromise a site running wordpress. References ========== https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance… https://codex.wordpress.org/Version_4.2.4 https://access.redhat.com/security/cve/CVE-2015-2213 https://access.redhat.com/security/cve/CVE-2015-5730 https://access.redhat.com/security/cve/CVE-2015-5731 https://access.redhat.com/security/cve/CVE-2015-5732 https://access.redhat.com/security/cve/CVE-2015-5733 https://access.redhat.com/security/cve/CVE-2015-5734

1 0

[arch-security] [ASA-201508-1] firefox: local file stealing via PDF reader
by Remi Gacogne 07 Aug '15

07 Aug '15

Arch Linux Security Advisory ASA-201508-1 ========================================= Severity: Critical Date : 2015-08-07 CVE-ID : CVE-2015-4495 Package : firefox Type : information leakage Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package firefox before version 39.0.3-1 is vulnerable to local file stealing. Resolution ========== Upgrade to 39.0.3-1. # pacman -Syu "firefox>=39.0.3-1" The problem has been fixed upstream in version 39.0.3. Workaround ========== This issue can be mitigated by disabling the built-in PDF viewer, PDF.js. This can be done by typing about:config in the address bar, pressing Enter, looking for the pdfjs.disabled value and setting it to True by right-clicking on the line and left-clicking "Toggle". Note that accessing the about:config page might trigger a "This might void your warranty!" warning, easily dismissed by clicking on the "I'll be careful, I promise!" button. Description =========== Security researcher Cody Crews reported on a way to violate the same origin policy and inject script into a non-privileged part of the built-in PDF Viewer. This would allow an attacker to read and steal sensitive local files on the victim's computer. Mozilla has received reports that an exploit based on this vulnerability has been found in the wild. Impact ====== A remote attacker can craft a malicious web page stealing arbitrary files from the host running firefox. Mozilla reports that this flaw is already exploited in the wild. At least one exploit is targeting Linux and reads /etc/passwd, then in all the user directories it can access looks for .bash_history, .mysql_history, .pgsql_history, .ssh configuration files and keys, configuration files for remina, Filezilla, and Psi+, text files with “pass” and “access” in the names, and any shell scripts. References ========== https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-w… https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/ https://access.redhat.com/security/cve/CVE-2015-4495 https://access.redhat.com/articles/1563163

1 0