Linux Advisory Watch: September 25th, 2015

Security Report Summary

Security Report Summary

Security Report Summary

Security Report Summary

Security Report Summary

Security Report Summary

Security Report Summary

**WordPress 4.3.1 Security and Maintenance Release** [Upstreamannouncement](https://wordpress.org/news/2015/09/wordpress-4-3-1/): WordPress4.3.1 is now available. This is a security release for all previous versions andwe strongly encourage you to update your sites immediately. This releaseaddresses three issues, including two cross-site scripting vulnerabilities and apotential privilege escalation. * WordPress versions 4.3 and earlier arevulnerable to a cross-site scripting vulnerability when processing shortcodetags (CVE-2015-5714). Reported by Shahar Tal and Netanel Rubin of Check Point. *A separate cross-site scripting vulnerability was found in the user list table.Reported by Ben Bidner of the WordPress security team. * Finally, in certaincases, users without proper permissions could publish private posts and makethem sticky (CVE-2015-5715). Reported by Shahar Tal and Netanel Rubin of CheckPoint. WordPress 4.3.1 also fixes twenty-six bugs. For more information, seethe [release notes](https://wordpress.org/documentation/wordpress-version/version-4-3-1/) or consult the[list of changes](https://core.trac.wordpress.org/log/branches/4.3/?rev=34199&stop_rev=33647).

**Zend Framework 2.4.8** **Security Update** * **ZF2015-07**: The filesystemstorage adapter of Zend\Cache was creating directories with a liberal umask thatcould lead to local arbitrary code execution and/or local privilege escalation.This release contains a patch that ensures the directories are created usingpermissions of 0775 and files using 0664 (essentially umask 0002). **Bugfixed** from upstream [Changelog]( ) *validate against DateTimeImmutable instead of DateTimeInterface * treat 0.0 asnon-empty, restoring pre-2.4 behavior * deprecate "magic" logic for auto-attaching NonEmpty validators in favor of explicit attachment * ensure fallbackvalues work as per pre-2.4 behavior * update the InputFilterInterface::add()docblock to match implementations * Fix how missing optoinal fields arevalidated to match pre 2.4.0 behavior * deprecate AllowEmpty and ContinueIfEmptyannotations, per zend-inputfilter#26 * fix typos in aria attribute names ofAbstractHelper * fixes the ContentType header to properly handle encodedparameter values * fixes the Sender header to allow mailbox addresses withoutTLDs * fixes parsing of messages that contain an initial blank line beforeheaders * fixes the SetCookie header to allow multiline values (as they arealways encoded * fixes DefaultRenderingStrategy errors due to controllersreturning non-view model results

**Zend Framework 2.4.8** **Security Update** * **ZF2015-07**: The filesystemstorage adapter of Zend\Cache was creating directories with a liberal umask thatcould lead to local arbitrary code execution and/or local privilege escalation.This release contains a patch that ensures the directories are created usingpermissions of 0775 and files using 0664 (essentially umask 0002). **Bugfixed** from upstream [Changelog]( ) *validate against DateTimeImmutable instead of DateTimeInterface * treat 0.0 asnon-empty, restoring pre-2.4 behavior * deprecate "magic" logic for auto-attaching NonEmpty validators in favor of explicit attachment * ensure fallbackvalues work as per pre-2.4 behavior * update the InputFilterInterface::add()docblock to match implementations * Fix how missing optoinal fields arevalidated to match pre 2.4.0 behavior * deprecate AllowEmpty and ContinueIfEmptyannotations, per zend-inputfilter#26 * fix typos in aria attribute names ofAbstractHelper * fixes the ContentType header to properly handle encodedparameter values * fixes the Sender header to allow mailbox addresses withoutTLDs * fixes parsing of messages that contain an initial blank line beforeheaders * fixes the SetCookie header to allow multiline values (as they arealways encoded * fixes DefaultRenderingStrategy errors due to controllersreturning non-view model results

**WordPress 4.3.1 Security and Maintenance Release** [Upstreamannouncement](https://wordpress.org/news/2015/09/wordpress-4-3-1/): WordPress4.3.1 is now available. This is a security release for all previous versions andwe strongly encourage you to update your sites immediately. This releaseaddresses three issues, including two cross-site scripting vulnerabilities and apotential privilege escalation. * WordPress versions 4.3 and earlier arevulnerable to a cross-site scripting vulnerability when processing shortcodetags (CVE-2015-5714). Reported by Shahar Tal and Netanel Rubin of Check Point. *A separate cross-site scripting vulnerability was found in the user list table.Reported by Ben Bidner of the WordPress security team. * Finally, in certaincases, users without proper permissions could publish private posts and makethem sticky (CVE-2015-5715). Reported by Shahar Tal and Netanel Rubin of CheckPoint. WordPress 4.3.1 also fixes twenty-six bugs. For more information, seethe [release notes](https://wordpress.org/documentation/wordpress-version/version-4-3-1/) or consult the[list of changes](https://core.trac.wordpress.org/log/branches/4.3/?rev=34199&stop_rev=33647).

**WordPress 4.3.1 Security and Maintenance Release** [Upstreamannouncement](https://wordpress.org/news/2015/09/wordpress-4-3-1/): WordPress4.3.1 is now available. This is a security release for all previous versions andwe strongly encourage you to update your sites immediately. This releaseaddresses three issues, including two cross-site scripting vulnerabilities and apotential privilege escalation. * WordPress versions 4.3 and earlier arevulnerable to a cross-site scripting vulnerability when processing shortcodetags (CVE-2015-5714). Reported by Shahar Tal and Netanel Rubin of Check Point. *A separate cross-site scripting vulnerability was found in the user list table.Reported by Ben Bidner of the WordPress security team. * Finally, in certaincases, users without proper permissions could publish private posts and makethem sticky (CVE-2015-5715). Reported by Shahar Tal and Netanel Rubin of CheckPoint. WordPress 4.3.1 also fixes twenty-six bugs. For more information, seethe [release notes](https://wordpress.org/documentation/wordpress-version/version-4-3-1/) or consult the[list of changes](https://core.trac.wordpress.org/log/branches/4.3/?rev=34199&stop_rev=33647).

Add upstream patch to fix file execution vulnerability (bug #1264067) ----Add upstream patch to fix XSS vulnerability (bug #1259405)

**Zend Framework 2.4.8** **Security Update** * **ZF2015-07**: The filesystemstorage adapter of Zend\Cache was creating directories with a liberal umask thatcould lead to local arbitrary code execution and/or local privilege escalation.This release contains a patch that ensures the directories are created usingpermissions of 0775 and files using 0664 (essentially umask 0002). **Bugfixed** from upstream [Changelog]( ) *validate against DateTimeImmutable instead of DateTimeInterface * treat 0.0 asnon-empty, restoring pre-2.4 behavior * deprecate "magic" logic for auto-attaching NonEmpty validators in favor of explicit attachment * ensure fallbackvalues work as per pre-2.4 behavior * update the InputFilterInterface::add()docblock to match implementations * Fix how missing optoinal fields arevalidated to match pre 2.4.0 behavior * deprecate AllowEmpty and ContinueIfEmptyannotations, per zend-inputfilter#26 * fix typos in aria attribute names ofAbstractHelper * fixes the ContentType header to properly handle encodedparameter values * fixes the Sender header to allow mailbox addresses withoutTLDs * fixes parsing of messages that contain an initial blank line beforeheaders * fixes the SetCookie header to allow multiline values (as they arealways encoded * fixes DefaultRenderingStrategy errors due to controllersreturning non-view model results

Update to 1.1.1 Security fix for CVE-2015-5198, CVE-2015-5199, CVE-2015-5200

Fixed https://bugzilla.redhat.com/show_bug.cgi?id=1259563https://bugzilla.redhat.com/show_bug.cgi?id=1259691

libvpx-1.3.0-7.fc21 - set --size-limit=16384x16384 to fix CVE-2015-1258libvpx-1.3.0-7.fc22 - set --size-limit=16384x16384 to fix CVE-2015-1258libvpx-1.4.0-5.fc23 - set --size-limit=16384x16384 to avoid CVE-2015-1258

Fixes CVE-2015-3253

Update to 2.4.4, fixes CVE-2015-3253.

Security fix for CVE-2014-6585 CVE-2014-6591 CVE-2014-7923 CVE-2014-7926CVE-2014-9654

* CVE-2015-6815: net: e1000: infinite loop issue (bz #1260225) * CVE-2015-6855:ide: divide by zero issue (bz #1261793) * CVE-2015-5278: Infinite loop inne2000_receive() (bz #1263284) * CVE-2015-5279: Heap overflow vulnerability inne2000_receive() (bz #1263287) ---- Fix emulation of various instructions,required by libm in F22 ppc64 guests.

firefox-41.0-4.fc21 - New upstream 41.0 firefox-41.0-4.fc22 - New upstream41.0 firefox-41.0-4.fc23 - New upstream 41.0

The 4.2.1 stable update contains a number of bug fixes across the tree.kernel-4.2.1-300.fc23 - Linux v4.2.1

The 4.1.7 update contains a number of important updates across the tree.

unzip-6.0-22.fc21 - Fix heap overflow and infinite loop when invalid input isgiven (#1260947) unzip-6.0-22.fc22 - Fix heap overflow and infinite loop wheninvalid input is given (#1260947) unzip-6.0-23.fc23 - Fix heap overflow andinfinite loop when invalid input is given (#1260947)

update to security release of 1.6.1 https://mail.openjdk.org/pipermail/distro-pkg-dev/2015-September/033546.html

update to security release of 1.6.1 https://mail.openjdk.org/pipermail/distro-pkg-dev/2015-September/033546.html

libxl fails to honour readonly flag on disks with qemu-xen [XSA-142 (possiblefix)]

Security fix for use after free vulnerability

unzip-6.0-22.fc21 - Fix heap overflow and infinite loop when invalid input isgiven (#1260947) unzip-6.0-22.fc22 - Fix heap overflow and infinite loop wheninvalid input is given (#1260947) unzip-6.0-23.fc23 - Fix heap overflow andinfinite loop when invalid input is given (#1260947)

Security fix for CVE-2015-5146, CVE-2015-5194, CVE-2015-5219, CVE-2015-5195,CVE-2015-5196

libvpx-1.3.0-7.fc21 - set --size-limit=16384x16384 to fix CVE-2015-1258libvpx-1.3.0-7.fc22 - set --size-limit=16384x16384 to fix CVE-2015-1258libvpx-1.4.0-5.fc23 - set --size-limit=16384x16384 to avoid CVE-2015-1258

From changelog for **Version 1.12.5** * add OPSYS_Z_CPM missing constantBackported from **1.13.0** * Fixed bug #70350 (ZipArchive::extractTo allows fordirectory traversal when creating directories). (neal at fb dot com)

From changelog for **Version 1.12.5** * add OPSYS_Z_CPM missing constantBackported from **1.13.0** * Fixed bug #70350 (ZipArchive::extractTo allows fordirectory traversal when creating directories). (neal at fb dot com)

Upstream change, **Version 1.13** * update bundled libzip to 1.0.1 (Remi,Anatol) * new methods for ZipArchive: setCompressionName, setCompressionIndex(Cedric Delmas) * allow to build with PHP 7 * Fixed bug 70350(ZipArchive::extractTo allows for directory traversal when creatingdirectories). (neal at fb dot com) * Fixed bug 70322 (ZipArchive::close()doesn't indicate errors). (cmb)

pcs-0.9.137-5.fc21 - Fix for CVE-2015-5189 incorrect authorization - Fix forCVE-2015-5190 command injection

pcs-0.9.139-7.fc22 - Fix for CVE-2015-5189 incorrect authorization - Fix forCVE-2015-5190 command injection

Fix typo causing qemu-img to link against entire world (bz #1260996) ---- *CVE-2015-5225: heap memory corruption in vnc_refresh_server_surface (bz#1255899)

smuxi-1.0-2.fc23 - Added patch to not expose the user's realnameautomatically (bz#1257597)

Upstream release v0.7.1-1

moodle-2.9.1-1.fc23 - 2.9.1

03 Sep 2015, **PHP 5.6.13** **Core:** * Fixed bug #69900 (Too long timeout onpipes). (Anatol) * Fixed bug #69487 (SAPI may truncate POST data). (cmb) * Fixedbug #70198 (Checking liveness does not work as expected). (Shafreeck Sea, AnatolBelski) * Fixed bug #70172 (Use After Free Vulnerability in unserialize()).(Stas) * Fixed bug #70219 (Use after free vulnerability in sessiondeserializer). (taoguangchen at icloud dot com) **CLI server:** * Fixed bug#66606 (Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE). (wusuopu, cmb) * Fixed bug#70264 (CLI server directory traversal). (cmb) **Date:** * Fixed bug #70266(DateInterval::__construct.interval_spec is not supposed to be optional). (cmb)* Fixed bug #70277 (new DateTimeZone($foo) is ignoring text after null byte).(cmb) **EXIF:** * Fixed bug #70385 (Buffer over-read in exif_read_data withTIFF IFD tag byte value of 32 bytes). (Stas) **hash:** * Fixed bug #70312(HAVAL gives wrong hashes in specific cases). (letsgolee at naver dot com)**MCrypt:** * Fixed bug #69833 (mcrypt fd caching not working). (Anatol)**Opcache:** * Fixed bug #70237 (Empty while and do-while segmentation faultwith opcode on CLI enabled). (Dmitry, Laruence) **PCRE:** * Fixed bug #70232(Incorrect bump-along behavior with \K and empty string match). (cmb) * Fixedbug #70345 (Multiple vulnerabilities related to PCRE functions). (Anatol Belski)**SOAP:** * Fixed bug #70388 (SOAP serialize_function_call() type confusion /RCE). (Stas) **SPL:** * Fixed bug #70290 (Null pointer deref (segfault) inspl_autoload via ob_start). (hugh at allthethings dot co dot nz) * Fixed bug#70303 (Incorrect constructor reflection for ArrayObject). (cmb) * Fixed bug#70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage).(taoguangchen at icloud dot com) * Fixed bug #70366 (Use-after-freevulnerability in unserialize() with SplDoublyLinkedList). (taoguangchen aticloud dot com) **Standard:** * Fixed bug #70052 (getimagesize() fails forvery large and very small WBMP). (cmb) * Fixed bug #70157 (parse_ini_string()segmentation fault with INI_SCANNER_TYPED). (Tjerk) **XSLT:** * Fixed bug#69782 (NULL pointer dereference). (Stas)

CVE-2015-5723 https://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html

## 1.5.2 (2015-08-31) ### Security: * Fix Security MisconfigurationVulnerability, allowing potential local arbitrary code execution *CVE-2015-5723 * https://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html ## 1.5.1 (2015-08-12)### Bugfix: * Fixed the JS expanding all queries in the profiler in case ofmultiple connections * Fixed the retrieval of the namespace inDisconnectedMetadataFactory * Changed the composer constraint to allow Symfony3.0 for people wanting to do early testing

CVE-2015-5723 https://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html

phpMyAdmin 4.4.14.1 (2015-09-08) ================================ - [security]reCaptcha bypass

Use %configure macro as it deals with config.sub/guess and various flagsproperly ---- nrpe-2.15-6.el7 - Fix spec file for missing/usr/share/libtool/config/config.guess nrpe-2.15-6.el6 - Fix spec file formissing /usr/share/libtool/config/config.guess nrpe-2.15-6.fc23 - Fix specfile for missing /usr/share/libtool/config/config.guess nrpe-2.15-6.fc22 -Fix spec file for missing /usr/share/libtool/config/config.guessnrpe-2.15-6.fc21 - Fix spec file for missing/usr/share/libtool/config/config.guess

Add upstream patch to fix XSS vulnerability (bug #1259405)

Add upstream patch to fix XSS vulnerability (bug #1259405)

Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code.

An attacker could execute arbitrary commands via Git repositories in a case-insensitive or case-normalizing filesystem.

Improper handling of Router Advertisements in NetworkManager could cause a Denial of Service condition in IPv6 network stacks.

Multiple vulnerabilities have been found in libtasn1, the worst of which could lead to arbitrary code execution.

Multiple vulnerabilities have been found in Cacti, the worst of which could lead to arbitrary code execution.

Multiple vulnerabilities have been found in cURL, the worst of which can allow remote attackers to cause Denial of Service condition.

Multiple vulnerabilities have been found in NTP, the worst of which could lead to arbitrary code execution.

Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security [More...]

Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security [More...]

Updated firefox packages that fix three security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security [More...]

An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security [More...]

New mozilla-firefox packages are available for Slackware 14.1, and -current to fix security issues. [More Info...]

Applications using Simple Streams could be made to crash or runprograms if it received specially crafted network traffic.

Several security issues were fixed in QEMU.

This update provides compatible packages for Firefox 41

Apport could be made to crash or overwrite files as an administrator.

This update provides compatible packages for Firefox 41

Firefox could be made to crash or run programs as your login if itopened a malicious website.