New CISCO Security Bulletin

CISCO Security Bulletin 20170216-1215

CISCO Security Bulletin

cisco-sa-20170215-pcp1

    CVE-2017-3843(CSCvc99446): Cisco Prime Collaboration Assurance Arbitrary File Download Vulnerability
    • A vulnerability in the file download functions for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to download system files that should be restricted.

      The vulnerability is due to lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted application. An exploit could allow the attacker to download system files that should be restricted.

    • CSCvc99446

cisco-sa-20170215-ucm

    CVE-2017-3833(CSCvb95951): Cisco Unified Communications Manager Web Interface Cross-Site Scripting Vulnerability
    • A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software.

      The vulnerability is due to insufficient input validation of user-supplied parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script in the context of the affected web interface.

    • CSCvb95951

cisco-sa-20170215-pcp2

    CVE-2017-3844(CSCvc86238): Cisco Prime Collaboration Assurance Directory Listing Unauthorized Access Vulnerability
    • A vulnerability in exporting functions of the user interface for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to view file directory listings and download files.

      The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability sending a crafted HTTP request to the targeted application. An exploit could allow the attacker to view and download system files that should be restricted.

    • CSCvc86238

cisco-sa-20170215-fpmc

    CVE-2017-3847(CSCvc72741): Cisco Firepower Management Center Web Framework Cross-Site Scripting Vulnerability
    • A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface.

      The vulnerability occurs because the affected software fails to perform sufficient validation and sanitization of user-supplied input when processing crafted URLs. An authenticated, remote attacker could exploit the vulnerability by convincing a user to follow a malicious link. Successful exploitation could allow the attacker to execute arbitrary script code in the context of the affected site and allow the attacker to access sensitive browser-based information.

    • CSCvc72741

cisco-sa-20170215-acs

    CVE-2017-3838(CSCvc04838): Cisco Secure Access Control System Cross-Site Scripting Vulnerability
    • A vulnerability in Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to conduct a DOM-based cross-site scripting (XSS) attack against the user of the web interface of the affected system.

      The vulnerability is due to insufficient input validation of a user-supplied value. An attacker may be able to exploit this vulnerability by intercepting the user packets and injecting malicious code.

    • CSCvc04838

cisco-sa-20170215-acs2

    CVE-2017-3840(CSCvc04849): Cisco Secure Access Control System Open Redirect Vulnerability
    • The vulnerability is due to improper input validation of the parameters in the HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that could cause the web application to redirect the request to a specific malicious URL. This vulnerability is known as an open redirect attack and is used in phishing attacks to get users to visit malicious sites without their knowledge.

    • CSCvc04849

cisco-sa-20170215-cms

    CVE-2017-3830(CSCvc89678): Cisco Meeting Server API Denial of Service Vulnerability
    • A vulnerability in an internal API of the Cisco Meeting Server (CMS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected appliance.

      The vulnerability is due to invalid data being received on a specific port. An attacker could exploit this vulnerability by sending crafted packets to a specific port on the device. Successful exploitation could cause the CMS to crash.

    • CSCvc89678

cisco-sa-20170215-ise

    CVE-2017-3835(CSCvb15627): Cisco Identity Services Engine SQL Injection Vulnerability
    • A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access notices owned by other users.

      The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by using SQL injection techniques in crafted HTTP POST requests to an affected system. A successful exploit could allow the attacker to view or delete notices owned by other users of the system. The notices may contain guest credentials in clear text.

    • CSCvb15627

cisco-sa-20170215-pcp3

    CVE-2017-3845(CSCvc77783): Cisco Prime Collaboration Assurance Cross-Site Scripting Vulnerability
    • http://www.cisco.com/en/US/products/cmb/cisco-amb-20060922-understanding-xss.html[“https://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20060922-understanding-xss”]

      https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)[“https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)”]

    • CSCvc77783

cisco-sa-20170215-cms1

    CVE-2017-3837(CSCvc89551): Cisco Meeting Server HTTP Packet Processing Vulnerability
    • A vulnerability in the Web Bridge interface of the Cisco Meeting Server (CMS), formerly Acano Conferencing Server, could allow an authenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. In addition, the attacker could potentially cause the application to crash unexpectedly, resulting in a denial of service (DoS) condition. The attacker would need to be authenticated and have a valid session with the Web Bridge.

      The vulnerability is due to insufficient input validation of an HTTP request. An attacker could exploit this vulnerability by sending a crafted HTTP packet to a targeted application. A successful exploit could allow the attacker to retrieve memory contents, which could lead to the disclosure of confidential information or cause a DoS condition.

    • CSCvc89551

cisco-sa-20170215-cucm3

    CVE-2017-3836(CSCvb61689): Cisco Unified Communications Manager Information Disclosure Vulnerability
    • A vulnerability in the web framework Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to view sensitive data.

      The vulnerability is due to insufficient protection of sensitive files. An attacker could exploit this vulnerability by browsing to a specific URL. An exploit could allow the attacker to view configuration information.

    • CSCvb61689

cisco-sa-20170215-acs1

    CVE-2017-3839(CSCvc04845): Cisco Secure Acess Control System XML External Entitiy Vulnerability
    • A vulnerability in the web-based user interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to have read access to part of the information stored in the affected system.

      The vulnerability is due to improper handling of the XML External Entity (XXE) when parsing an XML file. An attacker could exploit this vulnerability by submitting a crafted XML header to the affected device web framework.

    • CSCvc04845

cisco-sa-20170215-acs3

    CVE-2017-3841(CSCvc04854): Cisco Secure Access Control System Information Disclosure Vulnerability
    • A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to disclose sensitive information.

      The vulnerability is due to the inclusion of sensitive information in a server response when certain pages of the web interface are accessed. An unauthenticated attacker with the ability to view configuration parameters could disclose passwords and other sensitive information about the affected system.

    • CSCvc04854

cisco-sa-20170215-asyncos

    CVE-2017-3827(CSCvb91473): Cisco AsyncOS Software for Cisco ESA and Cisco WSA Filtering Bypass Vulnerability
    • A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device.

      The vulnerability is due to improper error handling of a malformed MIME header in an email attachment. An attacker could exploit this vulnerability by sending an email with a crafted MIME attachment. For example, a successful exploit could allow the attacker to bypass user filters configured to prevent executable files from being opened. The malformed MIME headers may not be RFC compliant but some mail clients could still allow users to access the attachment, which may not have been properly filtered by the device.

    • CSCvb91473,CSCvc76500

cisco-sa-20170215-cucm1

    CVE-2017-3828(CSCvb98777): Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
    • https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)[“https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)”]

    • CSCvb98777

cisco-sa-20170215-idm

    CVE-2017-3842(CSCuh91455): Cisco Intrusion Prevention System Device Manager Information Disclosure Vulnerability
    • The vulnerability is due to improper masking of sensitive data in certain HTML comments. An attacker could exploit this vulnerability by navigating to certain configuration screens. An exploit could allow the attacker to discover sensitive data that should be restricted and could be used to conduct further attacks.

    • CSCuh91455

cisco-sa-20170215-ucs

    CVE-2017-3801(CSCvb64765): Cisco UCS Director Privilege Escalation Vulnerability
    • A vulnerability in the web-based GUI of Cisco UCS Director could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile.

      The vulnerability is due to improper role-based access control (RBAC) after the Developer Menu is enabled in Cisco UCS Director. An attacker could exploit this vulnerability by enabling Developer Mode for his/her user profile with an end-user profile and then adding new catalogs with arbitrary workflow items to his/her profile. An exploit could allow an attacker to perform any actions defined by these workflow items, including actions affecting other tenants.

    • CSCvb64765

cisco-sa-20170215-cucm

    CVE-2017-3821(CSCvc49348): Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
    • A vulnerability in the serviceability page of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks.

      The vulnerability is due to improper sanitization or encoding of user-supplied data by the serviceability page of an affected version of Cisco Unified Communications Manager. An attacker could exploit this vulnerability by persuading a targeted user to follow a malicious link. An exploit could allow the attacker to conduct a reflected XSS attack.

    • CSCvc49348

cisco-sa-20170215-cucm2

    CVE-2017-3829(CSCvc30999): Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
    • https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)[“https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)”]

    • CSCvc30999

New RED HAT Security Bulletin

RED HAT Security Bulletin 20170216-1215

RED HAT Security Bulletin

RHSA-2017:0062

    CVE-2016-9131
    • A denial of service flaw was found in the way BIND processed a response to an ANY query. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.
    CVE-2016-9147
    • A denial of service flaw was found in the way BIND handled a query response containing inconsistent DNSSEC information. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.
    CVE-2016-9444
    • A denial of service flaw was found in the way BIND handled an unusually-formed DS record response. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.

RHSA-2017:0064

    CVE-2016-9147
    • A denial of service flaw was found in the way BIND handled a query response containing inconsistent DNSSEC information. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.

RHSA-2017:0063

    CVE-2016-9147
    • A denial of service flaw was found in the way BIND handled a query response containing inconsistent DNSSEC information. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.

RHSA-2017:0272

    CVE-2016-2175
    • It was found that the parsing of XMP and other XML formats in PDF by Apache PDFBox would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.
    CVE-2016-4434
    • It was found that the parsing of OOXML, XMP in PDF, and some other file formats by Apache Tika would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.
    CVE-2016-6814
    • It was found that a flaw in apache groovy library allows remote code execution wherever deserialization occurs in the application. It is possible for an attacker to craft a special serialized object that will execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects are subject to this vulnerability.

RHSA-2017:0282

    CVE-2015-5162
    • A resource vulnerability in the OpenStack Compute (nova), Block Storage (cinder), and Image (glance) services was found in their use of qemu-img. An unprivileged user could consume as much as 4 GB of RAM on the compute host by uploading a malicious image. This flaw could lead possibly to host out-of-memory errors and negatively affect other running tenant instances. oslo.concurrency has been updated to support process limits (‘prlimit’), which is needed to fix this flaw.
      Qemu-img calls were unrestricted by ulimit. oslo.concurrency has been updated to add support for process limits (‘prlimit’), which is needed to fix the CVE-2015-5162 security vulnerability. (BZ#1383415)

RHSA-2017:0276

    CVE-2017-3135
    • A denial of service flaw was found in the way BIND handled query responses when both DNS64 and RPZ were used. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure or a null pointer dereference via a specially crafted DNS response.

RHSA-2017:0275

    CVE-2017-2982
    • This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
    CVE-2017-2984
    • This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
    CVE-2017-2985
    • This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
    CVE-2017-2986
    • This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
    CVE-2017-2987
    • This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
    CVE-2017-2988
    • This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
    CVE-2017-2990
    • This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
    CVE-2017-2991
    • This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
    CVE-2017-2992
    • This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
    CVE-2017-2993
    • This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
    CVE-2017-2994
    • This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
    CVE-2017-2995
    • This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
    CVE-2017-2996
    • This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.

RHSA-2017:0260

    CVE-2016-9587
    • An input validation vulnerability was found in Ansible’s handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible-server privileges.

RHSA-2017:0259

    CVE-2016-9565
    • It was found that an attacker who could control the content of an RSS feed could execute code remotely using the Nagios web interface. This flaw could be used to gain access to the remote system and in some scenarios control over the system.
    CVE-2016-9566
    • A privilege escalation flaw was found in the way Nagios handled log files. An attacker able to control the Nagios logging configuration (the ‘nagios’ user/group) could use this flaw to elevate their privileges to root.

RHSA-2017:0258

    CVE-2016-9565
    • It was found that an attacker who could control the content of an RSS feed could execute code remotely using the Nagios web interface. This flaw could be used to gain access to the remote system and in some scenarios control over the system.
    CVE-2016-9566
    • A privilege escalation flaw was found in the way Nagios handled log files. An attacker able to control the Nagios logging configuration (the ‘nagios’ user/group) could use this flaw to elevate their privileges to root.

RHSA-2017:0269

    CVE-2016-5546
    • It was discovered that the Libraries component of OpenJDK accepted ECSDA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools.
    CVE-2016-5547
    • It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume an excessive amount of memory.
    CVE-2016-5548
    • A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel.
    CVE-2016-5552
    • It was discovered that the Networking component of OpenJDK failed to properly parse user info from the URL. A remote attacker could cause a Java application to incorrectly parse an attacker supplied URL and interpret it differently from other applications processing the same URL.
    CVE-2017-3231
    • Multiple flaws were found in the Networking components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions.
    CVE-2017-3241
    • It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application.
    CVE-2017-3252
    • It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN.
    CVE-2017-3253
    • It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory.
    CVE-2017-3261
    • Multiple flaws were found in the Networking components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions.
    CVE-2017-3272
    • Multiple flaws were discovered in the Libraries and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions.
    CVE-2017-3289
    • Multiple flaws were discovered in the Libraries and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions.

RHSA-2017:0270

    CVE-2016-7117
    • A use-after-free vulnerability was found in the kernel’s socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function.

New RED HAT Security Bulletin

RED HAT Security Bulletin 20170214-0908

RED HAT Security Bulletin

RHSA-2017:0257

    CVE-2017-2614
    • When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools fail to correctly check for the current password if it is expired. This would allow access to an attacker with access to change the password on accounts with expired passwords, gaining access to those accounts.

RHSA-2017:0254

    CVE-2016-9577
    • A vulnerability was discovered in spice in the server’s protocol handling. An authenticated attacker could send crafted messages to the spice server causing a heap overflow leading to a crash or possible code execution.
    CVE-2016-9578
    • A vulnerability was discovered in spice in the server’s protocol handling. An attacker able to connect to the spice server could send crafted messages which would cause the process to crash.

RHSA-2017:0253

    CVE-2016-9577
    • A vulnerability was discovered in spice in the server’s protocol handling. An authenticated attacker could send crafted messages to the spice server causing a heap overflow leading to a crash or possible code execution.
    CVE-2016-9578
    • A vulnerability was discovered in spice in the server’s protocol handling. An attacker able to connect to the spice server could send crafted messages which would cause the process to crash.

RHSA-2017:0256

    CVE-2016-7060
    • It was found that several password fields in QCI failed to properly mask the password while it was being entered. An attacker with physical access or the ability to view the screen would be able to see the passwords as they are being entered, allowing them to later access accounts and services protected by those passwords.

RHSA-2017:0252

    CVE-2016-7426
    • It was found that when ntp is configured with rate limiting for all associations the limits are also applied to responses received from its configured sources. A remote attacker who knows the sources can cause a denial of service by preventing ntpd from accepting valid responses from its sources.
    CVE-2016-7429
    • A flaw was found in the way ntpd running on a host with multiple network interfaces handled certain server responses. A remote attacker could use this flaw which would cause ntpd to not synchronize with the source.
    CVE-2016-7433
    • A flaw was found in the way ntpd calculated the root delay. A remote attacker could send a specially-crafted spoofed packet to cause denial of service or in some special cases even crash.
    CVE-2016-9310
    • A flaw was found in the control mode functionality of ntpd. A remote attacker could send a crafted control mode packet which could lead to information disclosure or result in DDoS amplification attacks.
    CVE-2016-9311
    • A flaw was found in the way ntpd implemented the trap service. A remote attacker could send a specially crafted packet to cause a null pointer dereference that will crash ntpd, resulting in a denial of service.

RHSA-2017:0269

    CVE-2016-5546
    • It was discovered that the Libraries component of OpenJDK accepted ECSDA signatures using non-canonical DER encoding. This could cause a Java application to accept signature in an incorrect format not accepted by other cryptographic tools.
    CVE-2016-5547
    • It was discovered that the Libraries component of OpenJDK did not validate the length of the object identifier read from the DER input before allocating memory to store the OID. An attacker able to make a Java application decode a specially crafted DER input could cause the application to consume an excessive amount of memory.
    CVE-2016-5548
    • A covert timing channel flaw was found in the DSA implementation in the Libraries component of OpenJDK. A remote attacker could possibly use this flaw to extract certain information about the used key via a timing side channel.
    CVE-2016-5552
    • It was discovered that the Networking component of OpenJDK failed to properly parse user info from the URL. A remote attacker could cause a Java application to incorrectly parse an attacker supplied URL and interpret it differently from other applications processing the same URL.
    CVE-2017-3231
    • Multiple flaws were found in the Networking components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions.
    CVE-2017-3241
    • It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application.
    CVE-2017-3252
    • It was discovered that the JAAS component of OpenJDK did not use the correct way to extract user DN from the result of the user search LDAP query. A specially crafted user LDAP entry could cause the application to use an incorrect DN.
    CVE-2017-3253
    • It was discovered that the 2D component of OpenJDK performed parsing of iTXt and zTXt PNG image chunks even when configured to ignore metadata. An attacker able to make a Java application parse a specially crafted PNG image could cause the application to consume an excessive amount of memory.
    CVE-2017-3261
    • Multiple flaws were found in the Networking components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions.
    CVE-2017-3272
    • Multiple flaws were discovered in the Libraries and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions.
    CVE-2017-3289
    • Multiple flaws were discovered in the Libraries and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions.

New CISCO Security Bulletin

CISCO Security Bulletin 20170214-0908

CISCO Security Bulletin

cisco-sa-20160218-glibc

    CVE-2015-7547: Glibc libresolv Library Stack-Based Buffer Overflow Vulnerability
    • A vulnerability in the libresolv library in GNC glibc could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition.

      The vulnerability is due to insufficient validation of user-supplied input by the affected software when the getaddrinfo function is used while performing dual A/AAAA DNS queries. An attacker could exploit this vulnerability by sending a crafted DNS response to a targeted system. An exploit could trigger a stack-based buffer overflow condition that the attacker could leverage to execute arbitrary code or cause a DoS condition.

cisco-sa-20130801-lsaospf

    CVE-2013-0149(CSCug34485): OSPF LSA Manipulation Vulnerability in Multiple Cisco Products
    • To exploit this vulnerability, an attacker must accurately determine certain parameters within the LSA database on the target router. This vulnerability can only be triggered by sending crafted unicast or multicast LSA type 1 packets. No other LSA type packets can trigger this vulnerability.

      OSPFv3 is not affected by this vulnerability. Fabric Shortest Path First (FSPF) protocol is not affected by this vulnerability.

    • CSCug34485,CSCug63304,CSCug34469,CSCug39762,CSCug39795

New RED HAT Security Bulletin

RED HAT Security Bulletin 20170213-0804

RED HAT Security Bulletin

RHSA-2017:0061

    CVE-2016-5542
    • It was discovered that the Libraries component of OpenJDK did not restrict the set of algorithms used for Jar integrity verification. This flaw could allow an attacker to modify content of the Jar file that used weak signing key or hash algorithm.
    CVE-2016-5554
    • A flaw was found in the way the JMX component of OpenJDK handled classloaders. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions.
    CVE-2016-5573
    • It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol (JDWP) packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim’s browser send HTTP requests to the JDWP port of the debugged application.
    CVE-2016-5582
    • It was discovered that the Hotspot component of OpenJDK did not properly check arguments of the System.arraycopy() function in certain cases. An untrusted Java application or applet could use this flaw to corrupt virtual machine’s memory and completely bypass Java sandbox restrictions.
    CVE-2016-5597
    • A flaw was found in the way the Networking component of OpenJDK handled HTTP proxy authentication. A Java application could possibly expose HTTPS server authentication credentials via a plain text network connection to an HTTP proxy if proxy asked for authentication.

RHSA-2017:0263

    CVE-2016-5546
    • This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section.
    CVE-2016-5547
    • This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section.
    CVE-2016-5548
    • This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section.
    CVE-2016-5549
    • This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section.
    CVE-2016-5552
    • This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section.
    CVE-2017-3231
    • This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section.
    CVE-2017-3241
    • This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section.
    CVE-2017-3252
    • This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section.
    CVE-2017-3253
    • This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section.
    CVE-2017-3259
    • This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section.
    CVE-2017-3261
    • This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section.
    CVE-2017-3272
    • This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section.
    CVE-2017-3289
    • This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section.

RHSA-2017:0057

    CVE-2017-2925
    • This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
    CVE-2017-2926
    • This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
    CVE-2017-2927
    • This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
    CVE-2017-2928
    • This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
    CVE-2017-2930
    • This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
    CVE-2017-2931
    • This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
    CVE-2017-2932
    • This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
    CVE-2017-2933
    • This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
    CVE-2017-2934
    • This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
    CVE-2017-2935
    • This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
    CVE-2017-2936
    • This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
    CVE-2017-2937
    • This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
    CVE-2017-2938
    • This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.

RHSA-2017:0059

    CVE-2016-8704
    • An integer overflow flaw, leading to a heap-based buffer overflow, was found in the memcached binary protocol. An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code.
    CVE-2016-8705
    • An integer overflow flaw, leading to a heap-based buffer overflow, was found in the memcached binary protocol. An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code.

New RED HAT Security Bulletin

RED HAT Security Bulletin 20170210-0825

RED HAT Security Bulletin

RHSA-2017:0250

    CVE-2016-6816
    • It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.
    CVE-2016-7061
    • It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information.
    CVE-2016-8627
    • An EAP feature to download server log files allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user’s browser to request the log files consuming enough resources that normal server functioning could be impaired.
      The CVE-2016-8627 issue was discovered by Darran Lofthouse and Brian Stansberry (Red Hat).
    CVE-2016-8656
    • It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation.

RHSA-2017:0248

    CVE-2016-2175
    • It was found that the parsing of XMP and other XML formats in PDF by Apache PDFBox would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.
    CVE-2016-4434
    • It was found that the parsing of OOXML, XMP in PDF, and some other file formats by Apache Tika would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.
    CVE-2016-6344
    • It was discovered that JBoss BRMS 6 and BPM Suite 6 are not setting HttpOnly flags on sensitive cookies. Remote attackers can access these cookies by using client-side scripts, usually through XSS. Please note that on IBM WebSphere the HttpOnly flag cannot be set by deployed applications, it needs to be configured directly on WAS console.
      The CVE-2016-6344 issue was discovered by Jeremy Choi (Red Hat Product Security Team).

RHSA-2017:0247

    CVE-2016-6816
    • It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.
    CVE-2016-7061
    • It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information.
    CVE-2016-8627
    • An EAP feature to download server log files allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user’s browser to request the log files consuming enough resources that normal server functioning could be impaired.
      The CVE-2016-8627 issue was discovered by Darran Lofthouse and Brian Stansberry (Red Hat).
    CVE-2016-8656
    • It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation.

RHSA-2017:0245

    CVE-2016-6816
    • It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.
    CVE-2016-7061
    • It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information.
    CVE-2016-8627
    • An EAP feature to download server log files allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user’s browser to request the log files consuming enough resources that normal server functioning could be impaired.
      The CVE-2016-8627 issue was discovered by Darran Lofthouse (Red Hat) and Brian Stansberry (Red Hat).
    CVE-2016-8656
    • It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation.

RHSA-2017:0031

    CVE-2016-7117
    • A use-after-free vulnerability was found in the kernels socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function.

RHSA-2017:0246

    CVE-2016-6816
    • It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.
    CVE-2016-7061
    • It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information.
    CVE-2016-8627
    • An EAP feature to download server log files allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user’s browser to request the log files consuming enough resources that normal server functioning could be impaired.
      The CVE-2016-8627 issue was discovered by Darran Lofthouse and Brian Stansberry (Red Hat).
    CVE-2016-8656
    • It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation.

RHSA-2017:0238

    CVE-2017-5373
    • Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
    CVE-2017-5375
    • Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
    CVE-2017-5376
    • Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
    CVE-2017-5378
    • Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
    CVE-2017-5380
    • Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
    CVE-2017-5383
    • Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
    CVE-2017-5390
    • Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
    CVE-2017-5396
    • Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.

RHSA-2017:0244

    CVE-2016-6816
    • It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.
    CVE-2016-7061
    • It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information.
    CVE-2016-8627
    • An EAP feature to download server log files allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user’s browser to request the log files consuming enough resources that normal server functioning could be impaired.
      The CVE-2016-8627 issue was discovered by Darran Lofthouse and Brian Stansberry (Red Hat).
    CVE-2016-8656
    • It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation.

RHSA-2017:0249

    CVE-2016-2175
    • It was found that the parsing of XMP and other XML formats in PDF by Apache PDFBox would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.
    CVE-2016-4434
    • It was found that the parsing of OOXML, XMP in PDF, and some other file formats by Apache Tika would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.
    CVE-2016-6344
    • It was discovered that JBoss BRMS 6 and BPM Suite 6 are not setting HttpOnly flags on sensitive cookies. Remote attackers can access these cookies by using client-side scripts, usually through XSS. Please note that on IBM WebSphere the HttpOnly flag cannot be set by deployed applications, it needs to be configured directly on WAS console.
      The CVE-2016-6344 and CVE-2016-7033 issues were discovered by Jeremy Choi (Red Hat Product Security Team).
    CVE-2016-7033
    • JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via dashbuilder. Remote, authenticated attackers that have privileges to access dashbuilder (usually admins) can store scripts in several editable fields, which are not properly sanitized before showing to other users, including other admins.
      The CVE-2016-6344 and CVE-2016-7033 issues were discovered by Jeremy Choi (Red Hat Product Security Team).

RHSA-2017:0036

    CVE-2016-4998
    • An out-of-bounds heap memory access leading to a Denial of Service, heap disclosure, or further impact was found in setsockopt(). The function call is normally restricted to root, however some processes with cap_sys_admin may also be able to trigger this flaw in privileged container environments.
    CVE-2016-6828
    • A use-after-free vulnerability was found in tcp_xmit_retransmit_queue and other tcp_* functions. This condition could allow an attacker to send an incorrect selective acknowledgment to existing connections, possibly resetting a connection.
    CVE-2016-7117
    • A use-after-free vulnerability was found in the kernels socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function.

RHSA-2017:0263

    CVE-2016-5546
    • This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section.
    CVE-2016-5547
    • This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section.
    CVE-2016-5548
    • This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section.
    CVE-2016-5549
    • This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section.
    CVE-2016-5552
    • This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section.
    CVE-2017-3231
    • This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section.
    CVE-2017-3241
    • This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section.
    CVE-2017-3252
    • This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section.
    CVE-2017-3253
    • This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section.
    CVE-2017-3259
    • This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section.
    CVE-2017-3261
    • This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section.
    CVE-2017-3272
    • This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section.
    CVE-2017-3289
    • This update fixes multiple vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit. Further information about these flaws can be found on the IBM Java Security alerts page, listed in the References section.

RHSA-2017:0226

    CVE-2015-8786
    • A resource-consumption flaw was found in RabbitMQ Server, where the lengths_age or lengths_incr parameters were not validated in the management plugin. Remote, authenticated users with certain privileges could exploit this flaw to cause a denial of service by passing values which were too large.

RHSA-2017:0260

    CVE-2016-9587
    • An input validation vulnerability was found in Ansible’s handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible-server privileges.

RHSA-2017:0225

    CVE-2015-8870
    • Multiple flaws have been discovered in various libtiff tools (tiff2pdf, tiffcrop, tiffcp, bmp2tiff). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool.
    CVE-2016-5652
    • Multiple flaws have been discovered in various libtiff tools (tiff2pdf, tiffcrop, tiffcp, bmp2tiff). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool.
    CVE-2016-9533
    • Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files.
    CVE-2016-9534
    • Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files.
    CVE-2016-9535
    • Multiple flaws have been discovered in libtiff. A remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code by tricking an application linked against libtiff into processing specially crafted files.
    CVE-2016-9536
    • Multiple flaws have been discovered in various libtiff tools (tiff2pdf, tiffcrop, tiffcp, bmp2tiff). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool.
    CVE-2016-9537
    • Multiple flaws have been discovered in various libtiff tools (tiff2pdf, tiffcrop, tiffcp, bmp2tiff). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool.
    CVE-2016-9540
    • Multiple flaws have been discovered in various libtiff tools (tiff2pdf, tiffcrop, tiffcp, bmp2tiff). By tricking a user into processing a specially crafted file, a remote attacker could exploit these flaws to cause a crash or memory corruption and, possibly, execute arbitrary code with the privileges of the user running the libtiff tool.

RHSA-2017:0259

    CVE-2016-9565
    • It was found that an attacker who could control the content of an RSS feed could execute code remotely using the Nagios web interface. This flaw could be used to gain access to the remote system and in some scenarios control over the system.
    CVE-2016-9566
    • A privilege escalation flaw was found in the way Nagios handled log files. An attacker able to control the Nagios logging configuration (the ‘nagios’ user/group) could use this flaw to elevate their privileges to root.

RHSA-2017:0258

    CVE-2016-9565
    • It was found that an attacker who could control the content of an RSS feed could execute code remotely using the Nagios web interface. This flaw could be used to gain access to the remote system and in some scenarios control over the system.
    CVE-2016-9566
    • A privilege escalation flaw was found in the way Nagios handled log files. An attacker able to control the Nagios logging configuration (the ‘nagios’ user/group) could use this flaw to elevate their privileges to root.

New CISCO Security Bulletin

CISCO Security Bulletin 20170210-0825

CISCO Security Bulletin

cisco-sa-20170208-asa

    CVE-2017-3807(CSCvc23838): Cisco ASA Clientless SSL VPN CIFS Heap Overflow Vulnerability
    • affected system or potentially execute code.
    • CSCvc23838

cisco-sa-20170208-anyconnect

    CVE-2017-3813(CSCvc43976): Cisco Anyconnect Mobile Client for Windows SBL Privilege Escalation Vulneribility
    • CSCvc43976

White space regex in Java

Today I discovered a pretty nasty thing about Java: RegEx are not properly working with its native character set.

So, when I tried to do something like this:

String phrase = tech.getName();
String[] p = phrase.split("[\\s]");

It just ignored the RegEx.

Fiddling around I found a nice StackOverflow answer that explains it quite well:

You will have to create your own set of regular expressions to match all kinds of white spaces.

You can use something like this:
String whitespace_chars = "" /* dummy empty string for homogeneity */
+ "\\u0009" // CHARACTER TABULATION
+ "\\u000A" // LINE FEED (LF)
+ "\\u000B" // LINE TABULATION
+ "\\u000C" // FORM FEED (FF)
+ "\\u000D" // CARRIAGE RETURN (CR)
+ "\\u0020" // SPACE
+ "\\u0085" // NEXT LINE (NEL)
+ "\\u00A0" // NO-BREAK SPACE
+ "\\u1680" // OGHAM SPACE MARK
+ "\\u180E" // MONGOLIAN VOWEL SEPARATOR
+ "\\u2000" // EN QUAD
+ "\\u2001" // EM QUAD
+ "\\u2002" // EN SPACE
+ "\\u2003" // EM SPACE
+ "\\u2004" // THREE-PER-EM SPACE
+ "\\u2005" // FOUR-PER-EM SPACE
+ "\\u2006" // SIX-PER-EM SPACE
+ "\\u2007" // FIGURE SPACE
+ "\\u2008" // PUNCTUATION SPACE
+ "\\u2009" // THIN SPACE
+ "\\u200A" // HAIR SPACE
+ "\\u2028" // LINE SEPARATOR
+ "\\u2029" // PARAGRAPH SEPARATOR
+ "\\u202F" // NARROW NO-BREAK SPACE
+ "\\u205F" // MEDIUM MATHEMATICAL SPACE
+ "\\u3000" // IDEOGRAPHIC SPACE
;

And use it as your RegEx:


String[] p = phrase.split("["+whitespace_chars+"]+");

Deleting files with large routes in Windows 7

Recently I had to clean up the computer I use for work and faced a problem that seemed a bit stupid to me: Windows would not let me delete node_modules folders in some of my JS projects.

Every attempt to operate with those files would throw the following eror:

The source file name(s) are larger than is supported by the file system. Try moving to a location which has a shorter path name, or try renaming to shorter name(s) before attempting this operation

After giving it a little thought I came up with a couple ideas that did not really work as expected:

  • Deleting the files in the deepest folders one by one: Same error.
  • Renaming the folders to something shorter like “a/b/c…”: Could not rename them due to the same error.

Then I resorted to Google and, as usual, it really helped. I found a couple of good solutions that worked like a charm:

Not so obvious solution (recommended)

A simple CLI command:
robocopy /MIR /s c:\Emptyfolder c:\FolderToDelete
That will work flawlessly to empty the folder on the second URI parameter as long as you have an empty folder as the first parameter. Then you just need to delete both folders.

This command just replicates (synchronizes) the contents in the first folder into the second one, meaning that any file that is not present in the first will be deleted in the second.

Note that you may need to run this command several times until the folder is completely empty.

The really obvious one

It seems that Winrar has no problems with long file names so you can just compress the whole folder into a winrar file checking the option to delete files after archiving. Then delete the .rar file.

You may find some problems with permissions with this solution.

Thanks to the guys at StackOverflow, I leave a link to the source here:
http://stackoverflow.com/questions/28175200/unable-to-delete-node-modules-folder