Replacing /dev/urandom

Datetime:2016-08-22 21:46:55          Topic: OpenSSL           Share

By Jonathan Corbet

May 4, 2016

The kernel's random-number generator (RNG) has seen a great deal of attention

over the years; that is appropriate, given that its proper functioning is vital to the security of the system as a whole. During that time, it has acquitted itself well. That said, there are some concerns about the RNG going forward that have led to various patches aimed at improving both randomness and performance. Now there are two patch sets that significantly change the RNG's operation to consider.

The first of these comes from Stephan Müller, who has two independent sets of concerns that he is trying to address:

  • The randomness (entropy) in the RNG, in the end, comes from sources of physical entropy in the outside world. In practice, that means the timing of disk-drive operations, human-input events, and interrupts in general. But the solid-state drives deployed in current systems are far more predictable than rotating drives, many systems are deployed in settings where there are no human-input events at all, and, in any case, the entropy gained from those events duplicates the entropy from interrupts in general. The end result, Stephan fears, is that the current RNG is unable to pick up enough entropy to be truly random, especially early in the bootstrap process.
  • The RNG has shown some scalability problems on large NUMA systems, especially when faced with workloads that consume large amounts of random data from the kernel. There have beenvarious attempts to improve RNG scalability over the last year, but none have been merged to this point.

Stephan tries to address both problems by throwing out much of the current RNG and replacing it with "a new approach"; see this page for a highly detailed explanation of the goals and implementation of this patch set. It starts by trying to increase the amount of useful entropy that can be obtained from the environment, and from interrupt timing in particular. The current RNG assumes that the timing of a specific interrupt carries little entropy — less than one bit. Stephan's patch, instead, accounts a full bit of entropy from each interrupt. Thus, in a sense, this is an accounting change: there is no more entropy flowing into the system than before, but it is being recognized at a higher rate, allowing early-boot users of random data to proceed.

Other sources of entropy are used as well when they are available; these include a hardware RNG attached to the system or built into the CPU itself (though little entropy is credited for the latter source). Earlier versions of the patch used theCPU jitter RNG (also implemented by Stephan) as another source of entropy, but that was removed at therequest of RNG maintainer Ted Ts'o, who is not convinced that differences in execution time are a trustworthy source of entropy.

The hope is that interrupt timings, when added to whatever other sources of entropy are available, will be sufficient to quickly fill the entropy pool and allow the generation of truly random numbers. As with current systems, data read from /dev/random will remove entropy directly from that pool and will not complete until sufficient entropy accumulates there to satisfy the request. The actual random numbers are generated by running data from the entropy pool through the SP800-90A deterministic random bit generator (DRBG).

For /dev/urandom , another SP800-90A DRBG is fed from the primary DRBG described above and used to generate pseudo-random data. Every so often (ten minutes at the outset), this secondary generator is reseeded from the primary. On NUMA systems, there is one secondary generator for each node, keeping the random-data generation node-local and increasing scalability.

There has been a certain amount of discussion of Stephan's proposal, which is now in its third iteration, but Ted has said little beyond questioning the use of the CPU jitter technique. Or, at least, that was true until May 2, when he posteda new RNG of his own. Ted's work takes some clear inspiration from Stephan's patches (and from Andi Kleen's scalability work from last year) but it is, nonetheless, a different approach.

Ted's patch, too, gets rid of the separate entropy pool for /dev/urandom ; this time, though, it is replaced by the ChaCha20 stream cipher seeded from the random pool. ChaCha20 is deemed to be secure and, it is thought, will perform better than SP800-9A. There is one ChaCha20 instance for each NUMA node, again, hopefully, helping to improve the scalability of the RNG (though Tedmakes it clear that he sees this effort as being beyond the call of duty). There is no longer any attempt to track the amount of entropy stored in the (no-longer-existing) /dev/urandom pool, but each ChaCha20 instance is reseeded every five minutes.

When the system is booting, the new RNG will credit each interrupt's timing data with one bit of entropy, as does Stephan's RNG. Once the RNG is initialized with sufficient entropy, though, the RNG switches to the current system, which accounts far less entropy for each interrupt. This policy reflects Ted's unease with assuming that there is much entropy in interrupt timings; the timing of interrupts might be more predictable than one might think, especially on virtualized systems with no direct connection to real hardware.

Stephan'sresponse to this posting has been gracious: " In general, I have no concerns with this approach either. And thank you that some of my concerns are addressed. " That, along with the fact that Ted is the ultimate decision-maker in this case, suggests that his patch set is the one that is more likely to make it into the mainline; it probably will not come down to flipping a coin. It would be most surprising to see that merging happen for 4.7 — something as sensitive as the RNG needs some review and testing time — but it could happen not too long thereafter.

Comments (14 posted)

Brief items

Security quotes of the week

How to panic a current @grsecurity kernel as any user: $ script /dev/null </dev/zero (seriously, WTF)

Hector Martin

shows how to get banned by grsecurity

Not all leaks are alike, nor are their makers. Gen. David Petraeus, for instance, provided his illicit lover and favorable biographer information so secret it defied classification, including the names of covert operatives and the president’s private thoughts on matters of strategic concern. Petraeus was not charged with a felony, as the Justice Department had initially recommended, but was instead permitted to plead guilty to a misdemeanor. Had an enlisted soldier of modest rank pulled out a stack of highly classified notebooks and handed them to his girlfriend to secure so much as a smile, he’d be looking at many decades in prison, not a pile of character references from a Who’s Who of the Deep State.

Edward Snowden

So, the guy in the US government is upset that the public is more safe, and the guy that people want to accuse of being a traitor is proud of helping Americans to better protect themselves. Maybe we ought to reverse their roles...

Mike Masnick on the NSA estimate

that the Snowden revelations sped up the adoption of encryption

Comments (6 posted)

Linux Kernel BPF JIT Spraying (grsecurity forums)

Over at the grsecurity forums, Brad Spengler writes about a recently released proof of concept attack on the kernel using JIT spraying . " What happened next was the hardening of the BPF interpreter in grsecurity to prevent such future abuse: the previously-abused arbitrary read/write from the interpreter was now restricted only to the interpreter buffer itself, and the previous warn on invalid BPF instructions was turned into a BUG() to terminate execution of the exploit. I also then developed GRKERNSEC_KSTACKOVERFLOW which killed off the stack overflow class of vulns on x64. A short time later, there was work being done upstream to extend the use of BPF in the kernel. This new version was called eBPF and it came with a vastly expanded JIT. I immediately saw problems with this new version and noticed that it would be much more difficult to protect -- verification was being done against a writable buffer and then translated into another writable buffer in the extended BPF language. This new language allowed not just arbitrary read and write, but arbitrary function calling. " The protections in the grsecurity kernel will thus prevent this attack. In addition, the newly released RAP feature for grsecurity, which targets the elimination of return-oriented programming

(ROP) vulnerabilities in the kernel, will also ensure that "

the fear of JIT spraying goes away completely

", he said.

Comments (28 posted)

May Android security bulletin

The Android security bulletin for May

is available. It lists 40 different CVE numbers addressed by the May over-the-air update; the bulk of those are at a severity level of "high" or above. "

Partners were notified about the issues described in the bulletin on April 04, 2016 or earlier. Source code patches for these issues will be released to the Android Open Source Project (AOSP) repository over the next 48 hours. We will revise this bulletin with the AOSP links when they are available. The most severe of these issues is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files.

"

Comments (63 posted)

New vulnerabilities

botan: side channel attack

Package(s) : botan1.10 CVE #(s) : CVE-2015-7827
Created : May 2, 2016 Updated : May 4, 2016
Description :

From the Debian advisory:

Use constant time PKCS #1 unpadding to avoid possible side channel attack against RSA decryption.

Alerts :
Debian DSA-3565-1 botan1.10 2016-05-02
Debian-LTS DLA-449-1 botan1.10 2016-04-30

Comments (none posted)

botan: insufficient randomness

Package(s) : botan1.10 CVE #(s) : CVE-2014-9742
Created : May 2, 2016 Updated : May 4, 2016
Description :

From the Debian LTS advisory:

A bug in Miller-Rabin primality testing was responsible for insufficient randomness.

Alerts :
Debian-LTS DLA-449-1 botan1.10 2016-04-30

Comments (none posted)

chromium-browser: multiple vulnerabilities

Package(s) : chromium-browser CVE #(s) : CVE-2016-1660 CVE-2016-1661 CVE-2016-1662 CVE-2016-1663 CVE-2016-1664 CVE-2016-1665 CVE-2016-1666
Created : May 2, 2016 Updated : May 4, 2016
Description :

From the Red Hat advisory:

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim.

Alerts :
Red Hat RHSA-2016:0707-01 chromium-browser 2016-05-02
Debian DSA-3564-1 chromium-browser 2016-05-02
Mageia MGASA-2016-0160 chromium-browser-stable 2016-04-29
openSUSE openSUSE-SU-2016:1207-1 Chromium 2016-05-04
openSUSE openSUSE-SU-2016:1208-1 Chromium 2016-05-04
openSUSE openSUSE-SU-2016:1209-1 Chromium 2016-05-04
Arch Linux ASA-201605-7 chromium 2016-05-06

Comments (none posted)

i7z: denial of service

Package(s) : i7z CVE #(s) :
Created : April 29, 2016 Updated : May 4, 2016
Description :

From the Fedora advisory:

i7z-gui: Print_Information_Processor(): i7z_GUI killed by SIGSEGV

Alerts :
Fedora FEDORA-2016-fcfe4c73b0 i7z 2016-04-28

Comments (none posted)

java: three vulnerabilities

Package(s) : java-1.6.0-ibm CVE #(s) : CVE-2016-0264 CVE-2016-0363 CVE-2016-0376
Created : May 2, 2016 Updated : May 4, 2016
Description :

From the Red Hat advisory:

CVE-2016-0264 IBM JDK: buffer overflow vulnerability in the IBM JVM

CVE-2016-0363 IBM JDK: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix

CVE-2016-0376 IBM JDK: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix

Alerts :
Red Hat RHSA-2016:0708-01 java-1.6.0-ibm 2016-05-02
Red Hat RHSA-2016:0702-01 java-1.7.0-ibm 2016-04-29
Red Hat RHSA-2016:0701-01 java-1.7.1-ibm 2016-04-29
Red Hat RHSA-2016:0716-01 java-1.8.0-ibm 2016-05-03
Red Hat RHSA-2016:1039-01 java-1.8.0-ibm 2016-05-11

Comments (none posted)

jq: two vulnerabilities

Package(s) : jq CVE #(s) : CVE-2015-8863 CVE-2016-4074
Created : May 4, 2016 Updated : May 4, 2016
Description : From the openSUSE bug report :

CVE-2015-8863: heap buffer overflow in tokenadd() function http://seclists.org/oss-sec/2016/q2/134

CVE-2016-4074: stack exhaustion using jv_dump_term() function http://seclists.org/oss-sec/2016/q2/140

Alerts :
openSUSE openSUSE-SU-2016:1214-1 jq 2016-05-04
openSUSE openSUSE-SU-2016:1212-1 jq 2016-05-04

Comments (none posted)

kernel: two vulnerabilities

Package(s) : kernel CVE #(s) : CVE-2016-3961 CVE-2016-3955
Created : April 28, 2016 Updated : May 4, 2016
Description : From the Xen advisory

:

CVE-2016-3961: Huge (2Mb) pages are generally unavailable to PV guests. Since x86 Linux pvops-based kernels are generally multi purpose, they would normally be built with hugetlbfs support enabled. Use of that functionality by an application in a PV guest would cause an infinite page fault loop, and an OOPS to occur upon an attempt to terminate the hung application.

Depending on the guest kernel configuration, the OOPS could result in a kernel crash (guest DoS).

From the Red Hat bugzilla entry :

CVE-2016-3955: Linux kernel built with the USB over IP(CONFIG_USBIP_*) support is vulnerable to a buffer overflow issue. It could occur while receiving USB/IP packets, when the size value in the packet is greater actual transfer buffer.

A user/process could use this flaw to crash the remote host via kernel memory corruption or potentially execute arbitrary code.

Alerts :
Fedora FEDORA-2016-8a1f49149e kernel 2016-04-27
SUSE SUSE-SU-2016:1203-1 kernel 2016-05-03
Fedora FEDORA-2016-373c063e79 kernel 2016-05-06
Ubuntu USN-2965-1 kernel 2016-05-06
Ubuntu USN-2965-2 linux-lts-xenial 2016-05-06
Ubuntu USN-2965-3 linux-raspi2 2016-05-06
Ubuntu USN-2965-4 linux-snapdragon 2016-05-06

Comments (none posted)

mercurial: code execution

Package(s) : mercurial CVE #(s) : CVE-2016-3105
Created : May 3, 2016 Updated : May 9, 2016
Description :

From the Slackware advisory:

This update fixes possible arbitrary code execution when converting Git repos. Mercurial prior to 3.8 allowed arbitrary code execution when using the convert extension on Git repos with hostile names. This could affect automated code conversion services that allow arbitrary repository names. This is a further side-effect of Git CVE-2015-7545. Reported and fixed by Blake Burkhart.

Alerts :
Slackware SSA:2016-123-01 mercurial 2016-05-02
Debian DSA-3570-1 mercurial 2016-05-05
Arch Linux ASA-201605-10 mercurial 2016-05-06
Debian-LTS DLA-459-1 mercurial 2016-05-06

Comments (none posted)

minissdpd: denial of service

Package(s) : minissdpd CVE #(s) : CVE-2016-3178 CVE-2016-3179
Created : May 4, 2016 Updated : May 4, 2016
Description :

From the Debian LTS advisory:

The minissdpd daemon contains a improper validation of array index vulnerability (CWE-129) when processing requests sent to the Unix socket at /var/run/minissdpd.sock the Unix socket can be accessed by an unprivileged user to send invalid request causes an out-of-bounds memory access that crashes the minissdpd daemon.

Alerts :
Debian-LTS DLA-454-1 minissdpd 2016-05-03

Comments (none posted)

ntp: multiple vulnerabilities

Package(s) : ntp CVE #(s) : CVE-2015-8139 CVE-2015-8140
Created : April 29, 2016 Updated : May 4, 2016
Description :

From the SUSE bug reports:

CVE-2015-8139 : To prevent off-path attackers from impersonating legitimate peers, clients require that the origin timestamp in a received response packet match the transmit timestamp from its last request to a given peer. Under assumption that only the recipient of the request packet will know the value of the transmit timestamp, this prevents an attacker from forging replies.

CVE-2015-8140 : The ntpq protocol is vulnerable to replay attacks. The sequence number being included under the signature fails to prevent replay attacks for two reasons. Commands that don't require authentication can be used to move the sequence number forward, and NTP doesn't actually care what sequence number is used so a packet can be replayed at any time. If, for example, an attacker can intercept authenticated reconfiguration commands that would. for example, tell ntpd to connect with a server that turns out to be malicious and a subsequent reconfiguration directive removed that malicious server, the attacker could replay the configuration command to re-establish an association to malicious server.

Alerts :
SUSE SUSE-SU-2016:1175-1 ntp 2016-04-28
SUSE SUSE-SU-2016:1177-1 ntp 2016-04-28
SUSE SUSE-SU-2016:1247-1 ntp 2016-05-06

Comments (none posted)

ntp: multiple vulnerabilities

Package(s) : ntp CVE #(s) : CVE-2016-1551 CVE-2016-1549 CVE-2016-2516 CVE-2016-2517 CVE-2016-2518 CVE-2016-2519 CVE-2016-1547 CVE-2016-1548 CVE-2016-1550
Created : May 2, 2016 Updated : May 11, 2016
Description :

From the Slackware advisory:

CVE-2016-1551: Refclock impersonation vulnerability, AKA: refclock-peering

CVE-2016-1549: Sybil vulnerability: ephemeral association attack, AKA: ntp-sybil - MITIGATION ONLY

CVE-2016-2516: Duplicate IPs on unconfig directives will cause an assertion botch

CVE-2016-2517: Remote configuration trustedkey/requestkey values are not properly validated

CVE-2016-2518: Crafted addpeer with hmode > 7 causes array wraparound with MATCH_ASSOC

CVE-2016-2519: ctl_getitem() return value not always checked

CVE-2016-1547: Validate crypto-NAKs, AKA: nak-dos

CVE-2016-1548: Interleave-pivot - MITIGATION ONLY

CVE-2016-1550: Improve NTP security against buffer comparison timing attacks, authdecrypt-timing, AKA: authdecrypt-timing

Alerts :
Slackware SSA:2016-120-01 ntp 2016-04-29
Fedora FEDORA-2016-5b2eb0bf9c ntp 2016-05-10

Comments (none posted)

openssl: multiple vulnerabilities

Package(s) : openssl CVE #(s) : CVE-2016-2108 CVE-2016-2107 CVE-2016-2105 CVE-2016-2106 CVE-2016-2109
Created : May 3, 2016 Updated : May 11, 2016
Description :

From the Ubuntu advisory:

Huzaifa Sidhpurwala, Hanno Böck, and David Benjamin discovered that OpenSSL incorrectly handled memory when decoding ASN.1 structures. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-2108)

Juraj Somorovsky discovered that OpenSSL incorrectly performed padding when the connection uses the AES CBC cipher and the server supports AES-NI. A remote attacker could possibly use this issue to perform a padding oracle attack and decrypt traffic. (CVE-2016-2107)

Guido Vranken discovered that OpenSSL incorrectly handled large amounts of input data to the EVP_EncodeUpdate() function. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-2105)

Guido Vranken discovered that OpenSSL incorrectly handled large amounts of input data to the EVP_EncryptUpdate() function. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2016-2106)

Brian Carpenter discovered that OpenSSL incorrectly handled memory when ASN.1 data is read from a BIO. A remote attacker could possibly use this issue to cause memory consumption, resulting in a denial of service. (CVE-2016-2109)

As a security improvement, this update also modifies OpenSSL behaviour to reject DH key sizes below 1024 bits, preventing a possible downgrade attack.

Alerts :
Ubuntu USN-2959-1 openssl 2016-05-03
Arch Linux ASA-201605-4 lib32-openssl 2016-05-04
Arch Linux ASA-201605-3 openssl 2016-05-04
Debian DSA-3566-1 openssl 2016-05-03
Debian-LTS DLA-456-1 openssl 2016-05-03
Slackware SSA:2016-124-01 openssl 2016-05-03
SUSE SUSE-SU-2016:1228-1 openssl 2016-05-04
SUSE SUSE-SU-2016:1206-1 openssl1 2016-05-03
Fedora FEDORA-2016-05c567df1a openssl 2016-05-04
openSUSE openSUSE-SU-2016:1241-1 libopenssl0_9_8 2016-05-05
openSUSE openSUSE-SU-2016:1239-1 libopenssl0_9_8 2016-05-05
openSUSE openSUSE-SU-2016:1240-1 openssl 2016-05-05
openSUSE openSUSE-SU-2016:1238-1 openssl 2016-05-05
openSUSE openSUSE-SU-2016:1237-1 openssl 2016-05-05
SUSE SUSE-SU-2016:1231-1 compat-openssl097g 2016-05-04
SUSE SUSE-SU-2016:1233-1 openssl 2016-05-04
openSUSE openSUSE-SU-2016:1242-1 libopenssl0_9_8 2016-05-05
openSUSE openSUSE-SU-2016:1243-1 openssl 2016-05-05
Red Hat RHSA-2016:0722-01 openssl 2016-05-09
CentOS CESA-2016:0722 openssl 2016-05-09
Mageia MGASA-2016-0169 openssl 2016-05-07
Oracle ELSA-2016-0722 openssl 2016-05-09
Scientific Linux SLSA-2016:0722-1 openssl 2016-05-09
SUSE SUSE-SU-2016:1267-1 compat-openssl098 2016-05-09
Red Hat RHSA-2016:0996-01 openssl 2016-05-10
Fedora FEDORA-2016-1e39d934ed openssl 2016-05-10
openSUSE openSUSE-SU-2016:1273-1 compat-openssl098 2016-05-11

Comments (none posted)

openssl: information leak

Package(s) : lib32-openssl openssl CVE #(s) : CVE-2016-2176
Created : May 4, 2016 Updated : May 12, 2016
Description :

From the Arch Linux advisory:

ASN1 Strings that are over 1024 bytes can cause an overread in applications using the X509_NAME_oneline() function on EBCDIC systems. This could result in arbitrary stack data being returned in the buffer.

Alerts :
Arch Linux ASA-201605-4 lib32-openssl 2016-05-04
Arch Linux ASA-201605-3 openssl 2016-05-04
Debian DSA-3566-1 openssl 2016-05-03
Debian-LTS DLA-456-1 openssl 2016-05-03
Slackware SSA:2016-124-01 openssl 2016-05-03

Comments (2 posted)

openvas: cross-site scripting

Package(s) : openvas CVE #(s) : CVE-2016-1926
Created : May 2, 2016 Updated : May 9, 2016
Description : From the Red Hat bugzilla

:

It was reported that openvas-gsa is vulnerable to cross-site scripting due to improper handling of parameters of get_aggregate command. If the attacker has access to a session token of the browser session, the cross site scripting can be executed. Affects versions >= 6.0.0 and < 6.0.8.

Alerts :
Fedora FEDORA-2016-afdedc8da9 openvas-cli 2016-05-01
Fedora FEDORA-2016-afdedc8da9 openvas-gsa 2016-05-01
Fedora FEDORA-2016-afdedc8da9 openvas-libraries 2016-05-01
Fedora FEDORA-2016-afdedc8da9 openvas-manager 2016-05-01
Fedora FEDORA-2016-afdedc8da9 openvas-scanner 2016-05-01
Fedora FEDORA-2016-9851b69dbb openvas-cli 2016-05-08
Fedora FEDORA-2016-9851b69dbb openvas-gsa 2016-05-08
Fedora FEDORA-2016-9851b69dbb openvas-libraries 2016-05-08
Fedora FEDORA-2016-9851b69dbb openvas-manager 2016-05-08
Fedora FEDORA-2016-9851b69dbb openvas-scanner 2016-05-08

Comments (none posted)

oxide-qt: code execution

Package(s) : oxide-qt CVE #(s) : CVE-2016-1578
Created : April 28, 2016 Updated : May 4, 2016
Description :

From the Ubuntu advisory:

A use-after-free was discovered when responding synchronously to permission requests. An attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. (CVE-2016-1578)

Alerts :
Ubuntu USN-2955-1 oxide-qt 2016-04-27

Comments (none posted)

php: multiple vulnerabilities

Package(s) : php CVE #(s) : CVE-2016-4537 CVE-2016-4538 CVE-2016-4539 CVE-2016-4540 CVE-2016-4541 CVE-2016-4542 CVE-2016-4543 CVE-2016-4544
Created : May 2, 2016 Updated : May 9, 2016
Description : The php package has been updated to version 5.6.21, which fixes several security issues and other bugs. See the upstream ChangeLog for more details.
Alerts :
Mageia MGASA-2016-0159 php 2016-04-29
Slackware SSA:2016-120-02 php 2016-04-29
Fedora FEDORA-2016-f1d98cf017 php 2016-05-02

Comments (none posted)

php-ZendFramework: multiple vulnerabilities

Package(s) : php-ZendFramework CVE #(s) :
Created : May 2, 2016 Updated : May 4, 2016
Description : From the Mageia advisory:

The php-ZendFramework package has been updated to version 1.12.18 to fix a potential information disclosure and insufficient entropy vulnerability in the word CAPTCHA ( ZF2015-09 ) and several other functions ( ZF2016-01 ).

Alerts :
Mageia MGASA-2016-0156 php-ZendFramework 2016-04-29

Comments (none posted)

roundcubemail: three vulnerabilities

Package(s) : roundcubemail CVE #(s) : CVE-2015-8864 CVE-2016-4068 CVE-2016-4069
Created : May 2, 2016 Updated : May 4, 2016
Description : From the Red Hat bugzilla

:

(CVE-2015-8864, CVE-2016-4068) Fix XSS issue in SVG images handling

(CVE-2016-4069) Protect download urls against CSRF using unique request tokens

Alerts :
Fedora FEDORA-2016-69eb7f9fb2 roundcubemail 2016-04-30
Fedora FEDORA-2016-a9c8f9dcff roundcubemail 2016-05-01
Mageia MGASA-2016-0155 roundcubemail 2016-04-29

Comments (none posted)

subversion: multiple vulnerabilities

Package(s) : subversion CVE #(s) : CVE-2016-2167 CVE-2016-2168
Created : April 29, 2016 Updated : May 9, 2016
Description :

From the Debian advisory:

CVE-2016-2167 - Daniel Shahaf and James McCoy discovered that an implementation error in the authentication against the Cyrus SASL library would permit a remote user to specify a realm string which is a prefix of the expected realm string and potentially allowing a user to authenticate using the wrong realm.

CVE-2016-2168 - Ivan Zhakov of VisualSVN discovered a remotely triggerable denial of service vulnerability in the mod_authz_svn module during COPY or MOVE authorization check. An authenticated remote attacker could take advantage of this flaw to cause a denial of service (Subversion server crash) via COPY or MOVE requests with specially crafted header.

Alerts :
Debian DSA-3561-1 subversion 2016-04-29
Debian-LTS DLA-448-1 subversion 2016-04-30
Slackware SSA:2016-121-01 subversion 2016-04-30
Mageia MGASA-2016-0161 subversion 2016-05-05
openSUSE openSUSE-SU-2016:1263-1 subversion 2016-05-07
openSUSE openSUSE-SU-2016:1264-1 subversion 2016-05-07

Comments (none posted)

tardiff: two vulnerabilities

Package(s) : tardiff CVE #(s) : CVE-2015-0857 CVE-2015-0858
Created : May 2, 2016 Updated : May 4, 2016
Description :

From the Debian advisory:

CVE-2015-0857: Rainer Mueller and Florian Weimer discovered that tardiff is prone to shell command injections via shell meta-characters in filenames in tar files or via shell meta-characters in the tar filename itself.

CVE-2015-0858: Florian Weimer discovered that tardiff uses predictable temporary directories for unpacking tarballs. A malicious user can use this flaw to overwrite files with permissions of the user running the tardiff command line tool.

Alerts :
Debian DSA-3562-1 tardiff 2016-05-01

Comments (none posted)

ubuntu-core-launcher: code execution

Package(s) : ubuntu-core-launcher CVE #(s) : CVE-2016-1580
Created : May 2, 2016 Updated : May 4, 2016
Description :

From the Ubuntu advisory:

Zygmunt Krynicki discovered that ubuntu-core-launcher did not properly sanitize its input and contained a logic error when determining the mountpoint of bind mounts when using snaps on Ubuntu classic systems (eg, traditional desktop and server). If a user were tricked into installing a malicious snap with a crafted snap name, an attacker could perform a delayed attack to steal data or execute code within the security context of another snap. This issue did not affect Ubuntu Core systems.

Alerts :
Ubuntu USN-2956-1 ubuntu-core-launcher 2016-04-29

Comments (none posted)

xen: three vulnerabilities

Package(s) : xen CVE #(s) : CVE-2016-4001 CVE-2016-4002 CVE-2016-4037
Created : May 2, 2016 Updated : May 4, 2016
Description :

From the Red Hat bugzilla:

CVE-2016-4001 : Qemu emulator built with the Luminary Micro Stellaris Ethernet Controller is vulnerable to a buffer overflow issue. It could occur while receiving network packets in stellaris_enet_receive(), if the guest NIC is configured to accept large(MTU) packets.

A remote user/process could use this flaw to crash the Qemu process on a host, resulting in DoS.

CVE-2016-4002 : Qemu emulator built with the MIPSnet controller emulator is vulnerable to a buffer overflow issue. It could occur while receiving network packets in mipsnet_receive(), if the guest NIC is configured to accept large(MTU) packets.

A remote user/process could use this flaw to crash Qemu resulting in DoS; OR potentially execute arbitrary code with privileges of the Qemu process on a host.

CVE-2016-4037 : Qemu emulator built with the USB EHCI emulation support is vulnerable to an infinite loop issue. It occurs during communication between host controller interface(EHCI) and a respective device driver. These two communicate via a split isochronous transfer descriptor list(siTD) and an infinite loop unfolds if there is a closed loop in this list.

A privileges used inside guest could use this flaw to consume excessive CPU cycles & resources on the host.

Alerts :
Fedora FEDORA-2016-35d7b09908 xen 2016-04-30
Fedora FEDORA-2016-75063477ca xen 2016-05-01

Comments (none posted)

xerces-j2: denial of service

Package(s) : xerces-j2 CVE #(s) :
Created : May 4, 2016 Updated : May 4, 2016
Description : From the openSUSE advisory:

bsc#814241 : Fixed possible DoS through very long attribute names

Alerts :
openSUSE openSUSE-SU-2016:1216-1 xerces-j2 2016-05-04

Comments (none posted)

Page editor : Jake Edge

Next page : Kernel development>>





About List