October 2016 - Arch-security - lists.archlinux.org

[arch-security] [ASA-201610-19] lib32-flashplugin: arbitrary code execution
by Remi Gacogne 26 Oct '16

26 Oct '16

Arch Linux Security Advisory ASA-201610-19 ========================================== Severity: Critical Date : 2016-10-26 CVE-ID : CVE-2016-7855 Package : lib32-flashplugin Type : arbitrary code execution Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package lib32-flashplugin before version 11.2.202.643-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 11.2.202.643-1. # pacman -Syu "lib32-flashplugin>=11.2.202.643-1" The problem has been fixed upstream in version 11.2.202.643. Workaround ========== None. Description =========== A use-after-free vulnerability leading to code execution has been found in Adobe Flash Player. Impact ====== A remote attacker can execute arbitrary code on the affected host. References ========== https://helpx.adobe.com/security/products/flash-player/apsb16-36.html https://access.redhat.com/security/cve/CVE-2016-7855

1 0

[arch-security] [ASA-201610-18] flashplugin: arbitrary code execution
by Remi Gacogne 26 Oct '16

26 Oct '16

Arch Linux Security Advisory ASA-201610-18 ========================================== Severity: Critical Date : 2016-10-26 CVE-ID : CVE-2016-7855 Package : flashplugin Type : arbitrary code execution Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package flashplugin before version 11.2.202.643-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 11.2.202.643-1. # pacman -Syu "flashplugin>=11.2.202.643-1" The problem has been fixed upstream in version 11.2.202.643. Workaround ========== None. Description =========== A use-after-free vulnerability leading to code execution has been found in Adobe Flash Player. Impact ====== A remote attacker can execute arbitrary code on the affected host. References ========== https://helpx.adobe.com/security/products/flash-player/apsb16-36.html https://access.redhat.com/security/cve/CVE-2016-7855

1 0

[arch-security] [ASA-201610-17] ocaml: information disclosure
by Christian Rebischke 24 Oct '16

24 Oct '16

Arch Linux Security Advisory ASA-201610-17 ========================================== Severity: Medium Date : 2016-10-24 CVE-ID : CVE-2015-8869 Package : ocaml Type : information disclosure Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package ocaml before version 4.03.0-1 is vulnerable to information disclosure. Resolution ========== Upgrade to 4.03.0-1. # pacman -Syu "ocaml>=4.03.0-1" The problem has been fixed upstream in version 4.03.0. Workaround ========== None. Description =========== OCaml versions 4.02.3 and earlier have a runtime bug that, on 64-bit platforms, causes sizes arguments to an internal memmove call to be sign-extended from 32 to 64-bits before being passed to the memmove function. This leads arguments between 2GiB and 4GiB to be interpreted as larger than they are (specifically, a bit below 2^64), causing a buffer overflow. Arguments between 4GiB and 6GiB are interpreted as 4GiB smaller than they should be, causing a possible information leak. Impact ====== A remote attacker is able to access sensitive information or crash the application. References ========== http://www.openwall.com/lists/oss-security/2016/04/29/6 https://access.redhat.com/security/cve/CVE-2015-8869

1 0

[arch-security] [ASA-201610-16] linux-grsec: privilege escalation
by Christian Rebischke 24 Oct '16

24 Oct '16

Arch Linux Security Advisory ASA-201610-16 ========================================== Severity: High Date : 2016-10-24 CVE-ID : CVE-2016-5195 Package : linux-grsec Type : privilege escalation Remote : No Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package linux-grsec before version 1:4.7.10.r201610222037-1 is vulnerable to privilege escalation. Resolution ========== Upgrade to 1:4.7.10.r201610222037-1. # pacman -Syu "linux-grsec>=1:4.7.10.r201610222037-1" The problem has been fixed upstream in version 4.7.10.r201610222037. Workaround ========== None. Description =========== A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. Impact ====== An unprivileged local attacker is able to elevate their privileges on the system and gain root access. References ========== https://bugzilla.redhat.com/show_bug.cgi?id=1384344 https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=… https://access.redhat.com/security/cve/CVE-2016-5195

1 0

[arch-security] [ASA-201610-15] chromium: multiple issues
by Remi Gacogne 23 Oct '16

23 Oct '16

Arch Linux Security Advisory ASA-201610-15 ========================================== Severity: Critical Date : 2016-10-23 CVE-ID : CVE-2016-5181 CVE-2016-5182 CVE-2016-5183 CVE-2016-5184 CVE-2016-5185 CVE-2016-5186 CVE-2016-5187 CVE-2016-5188 CVE-2016-5189 CVE-2016-5190 CVE-2016-5191 CVE-2016-5192 CVE-2016-5193 CVE-2016-5194 Package : chromium Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package chromium before version 54.0.2840.59-1 is vulnerable to multiple issues including arbitrary code execution, content spoofing, cross-site scripting, information disclosure, same-origin policy bypass and insufficient validation. Resolution ========== Upgrade to 54.0.2840.59-1. # pacman -Syu "chromium>=54.0.2840.59-1" The problems have been fixed upstream in version 54.0.2840.59. Workaround ========== None. Description =========== - CVE-2016-5181 (cross-site scripting) An universal XSS flaw was found in the Blink component of the Chromium browser. - CVE-2016-5182 (arbitrary code execution) A heap overflow flaw was found in the Blink component of the Chromium browser. - CVE-2016-5183 (arbitrary code execution) An use after free flaw was found in the PDFium component of the Chromium browser. - CVE-2016-5184 (arbitrary code execution) An use after free flaw was found in the PDFium component of the Chromium browser. - CVE-2016-5185 (arbitrary code execution) An use after free flaw was found in the Blink component of the Chromium browser. - CVE-2016-5186 (information disclosure) An out of bounds read flaw was found in the DevTools component of the Chromium browser. - CVE-2016-5187 (content spoofing) An URL spoofing flaw was found in the Chromium browser. - CVE-2016-5188 (content spoofing) An UI spoofing flaw was found in the Chromium browser. - CVE-2016-5189 (content spoofing) An URL spoofing flaw was found in the Chromium browser. - CVE-2016-5190 (arbitrary code execution) An use after free flaw was found in the Internals component of the Chromium browser. - CVE-2016-5191 (cross-site scripting) An universal XSS flaw was found in the Bookmarks component of the Chromium browser. - CVE-2016-5192 (same-origin policy bypass) A cross-origin bypass flaw was found in the Blink component of the Chromium browser. - CVE-2016-5193 (insufficient validation) A scheme bypass vulnerability has been discovered. - CVE-2016-5194 (arbitrary code execution) Various fixes from internal audits, fuzzing and other initiatives. Impact ====== A remote attacker can bypass security measures, access sensitive information or execute arbitrary code on the affected host. References ========== https://googlechromereleases.blogspot.fr/2016/10/stable-channel-update-for-… https://access.redhat.com/security/cve/CVE-2016-5181 https://access.redhat.com/security/cve/CVE-2016-5182 https://access.redhat.com/security/cve/CVE-2016-5183 https://access.redhat.com/security/cve/CVE-2016-5184 https://access.redhat.com/security/cve/CVE-2016-5185 https://access.redhat.com/security/cve/CVE-2016-5186 https://access.redhat.com/security/cve/CVE-2016-5187 https://access.redhat.com/security/cve/CVE-2016-5188 https://access.redhat.com/security/cve/CVE-2016-5189 https://access.redhat.com/security/cve/CVE-2016-5190 https://access.redhat.com/security/cve/CVE-2016-5191 https://access.redhat.com/security/cve/CVE-2016-5192 https://access.redhat.com/security/cve/CVE-2016-5193 https://access.redhat.com/security/cve/CVE-2016-5194

1 0

[arch-security] [ASA-201610-14] linux: privilege escalation
by Levente Polyak 22 Oct '16

22 Oct '16

Arch Linux Security Advisory ASA-201610-14 ========================================== Severity: High Date : 2016-10-22 CVE-ID : CVE-2016-5195 Package : linux Type : privilege escalation Remote : No Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package linux before version 4.8.3-1 is vulnerable to privilege escalation. Resolution ========== Upgrade to 4.8.3-1. # pacman -Syu "linux>=4.8.3-1" The problem has been fixed upstream in version 4.8.3. Workaround ========== None. Description =========== A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. Impact ====== An unprivileged local attacker is able to elevate their privileges on the system and gain root access. References ========== https://bugzilla.redhat.com/show_bug.cgi?id=1384344 https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=… https://access.redhat.com/security/cve/CVE-2016-5195

1 0

[arch-security] [ASA-201610-13] python-django: cross-site request forgery
by Levente Polyak 21 Oct '16

21 Oct '16

Arch Linux Security Advisory ASA-201610-13 ========================================== Severity: Medium Date : 2016-10-21 CVE-ID : CVE-2016-7401 Package : python-django Type : cross-site request forgery Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package python-django before version 1.10.1-1 is vulnerable to cross-site request forgery. Resolution ========== Upgrade to 1.10.1-1. # pacman -Syu "python-django>=1.10.1-1" The problem has been fixed upstream in version 1.10.1. Workaround ========== None. Description =========== Sergey Bobrov found a vulnerability where an interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection. Impact ====== A remote attacker is able to perform cross-site request forgery by bypassing the protection under certain circumstances. References ========== https://www.djangoproject.com/weblog/2016/sep/26/security-releases/ https://access.redhat.com/security/cve/CVE-2016-7401

1 0

[arch-security] [ASA-201610-12] python2-django: cross-site request forgery
by Levente Polyak 21 Oct '16

21 Oct '16

Arch Linux Security Advisory ASA-201610-12 ========================================== Severity: Medium Date : 2016-10-21 CVE-ID : CVE-2016-7401 Package : python2-django Type : cross-site request forgery Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package python2-django before version 1.10.1-1 is vulnerable to cross-site request forgery. Resolution ========== Upgrade to 1.10.1-1. # pacman -Syu "python2-django>=1.10.1-1" The problem has been fixed upstream in version 1.10.1. Workaround ========== None. Description =========== Sergey Bobrov found a vulnerability where an interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection. Impact ====== A remote attacker is able to perform cross-site request forgery by bypassing the protection under certain circumstances. References ========== https://www.djangoproject.com/weblog/2016/sep/26/security-releases/ https://access.redhat.com/security/cve/CVE-2016-7401

1 0

[arch-security] [ASA-201610-11] linux-lts: privilege escalation
by Levente Polyak 21 Oct '16

21 Oct '16

Arch Linux Security Advisory ASA-201610-11 ========================================== Severity: High Date : 2016-10-21 CVE-ID : CVE-2016-5195 Package : linux-lts Type : privilege escalation Remote : No Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package linux-lts before version 4.4.26-1 is vulnerable to privilege escalation. Resolution ========== Upgrade to 4.4.26-1. # pacman -Syu "linux-lts>=4.4.26-1" The problem has been fixed upstream in version 4.4.26. Workaround ========== None. Description =========== A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. Impact ====== An unprivileged local attacker is able to elevate their privileges on the system and gain root access. References ========== https://bugzilla.redhat.com/show_bug.cgi?id=1384344 https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=… https://access.redhat.com/security/cve/CVE-2016-5195

1 0

[arch-security] [ASA-201610-10] guile: multiple issues
by Jelle van der Waa 16 Oct '16

16 Oct '16

Arch Linux Security Advisory ASA-201610-10 ========================================== Severity: High Date : 2016-10-16 CVE-ID : CVE-2016-8605 CVE-2016-8606 Package : guile Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package guile before version 2.0.13-1 is vulnerable to multiple issues including arbitrary code execution and information disclosure. Resolution ========== Upgrade to 2.0.13-1. # pacman -Syu "guile>=2.0.13-1" The problems have been fixed upstream in version 2.0.13. Workaround ========== - CVE-2016-8606 (arbitrary code execution) Bind the REPL server to a Unix-domain socket. guile --listen=/tmp/guile-socket Description =========== - CVE-2016-8605 (information disclosure) The mkdir procedure of GNU Guile, an implementation of the Scheme programming language, temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. - CVE-2016-8606 (arbitrary code execution) It was reported that the REPL server is vulnerable to the HTTP inter- protocol attack. This constitutes a remote code execution vulnerability for developers running a REPL server that listens on a loopback device or private network. Applications that do not run a REPL server, as is usually the case, are unaffected. Impact ====== A remote attacker is able to execute arbitrary code via a HTTP inter-protocol attack if the REPL server is listening on a loopback device or private network. Running a multi-threaded guile application can cause directories or files to be created with world readable/writable/executable permissions during a small window which leads to information disclosure. References ========== http://www.openwall.com/lists/oss-security/2016/10/11/1 http://www.openwall.com/lists/oss-security/2016/10/12/2 https://access.redhat.com/security/cve/CVE-2016-8605 https://access.redhat.com/security/cve/CVE-2016-8606 https://lists.gnu.org/archive/html/info-gnu/2016-10/msg00009.html

1 0