mirror/freebsd-ports
1
0
Fork 0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-14 03:10:47 +00:00
Code Issues Releases Activity
46741adf8e
freebsd-ports/security/vuxml/vuln-2014.xml
Baptiste Daroussin e14ed8232d Rework vuxml a bit to make them validable again 
modify tidy.xsl to make it generates manually the xml declaration
xsl is not able to generate a list of entity otherwise.

Remove copyright form included files, they are redudundant anyway and
in the end only the vuln.xml file is distribued with entities expanded

Rework a bit the entity declaration in order for the document to look
great after expansion (as it did before we introduced the expansion
mechanism)

All validation are now processed direcly on the flattened file.

This is based on a patch from mfechner here

Submitted by:		mfechner
Differential Revision:	https://reviews.freebsd.org/D28299
2021-01-25 17:16:21 +00:00

6709 lines
237 KiB
XML
Raw Blame History

<vuln vid="c3d43001-8064-11e4-801f-0022156e8794">
<topic>mutt -- denial of service via crafted mail message</topic>
<affects>
<package>
<name>mutt</name>
<range><ge>1.5.22</ge><lt>1.5.23_7</lt></range>
</package>
<package>
<name>ja-mutt</name>
<range><ge>1.5.22</ge><lt>1.5.23_7</lt></range>
</package>
<package>
<name>zh-mutt</name>
<range><ge>1.5.22</ge><lt>1.5.23_7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>NVD reports:</p>
<blockquote cite="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9116">
<p>The write_one_header function in mutt 1.5.23 does not
properly handle newline characters at the beginning of a
header, which allows remote attackers to cause a denial of
service (crash) via a header with an empty body, which
triggers a heap-based buffer overflow in the mutt_substrdup
function.</p>
</blockquote>
</body>
</description>
<references>
<bid>71334</bid>
<cvename>CVE-2014-9116</cvename>
<url>https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771125</url>
<url>http://dev.mutt.org/trac/ticket/3716</url>
</references>
<dates>
<discovery>2014-11-26</discovery>
<entry>2014-12-23</entry>
</dates>
</vuln>
<vuln vid="4033d826-87dd-11e4-9079-3c970e169bc2">
<topic>ntp -- multiple vulnerabilities</topic>
<affects>
<package>
<name>ntp</name>
<name>ntp-devel</name>
<range><lt>4.2.8</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>CERT reports:</p>
<blockquote cite="http://www.kb.cert.org/vuls/id/852879">
<p>The Network Time Protocol (NTP) provides networked
systems with a way to synchronize time for various
services and applications. ntpd version 4.2.7 and
previous versions allow attackers to overflow several
buffers in a way that may allow malicious code to
be executed. ntp-keygen prior to version 4.2.7p230
also uses a non-cryptographic random number generator
when generating symmetric keys.</p>
<p>The buffer overflow vulnerabilities in ntpd may
allow a remote unauthenticated attacker to execute
arbitrary malicious code with the privilege level
of the ntpd process. The weak default key and
non-cryptographic random number generator in
ntp-keygen may allow an attacker to gain
information regarding the integrity checking
and authentication encryption schemes.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-9293</cvename>
<cvename>CVE-2014-9294</cvename>
<cvename>CVE-2014-9295</cvename>
<cvename>CVE-2014-9296</cvename>
<url>http://www.kb.cert.org/vuls/id/852879</url>
</references>
<dates>
<discovery>2014-12-19</discovery>
<entry>2014-12-20</entry>
</dates>
</vuln>
<vuln vid="1d567278-87a5-11e4-879c-000c292ee6b8">
<topic>git -- Arbitrary command execution on case-insensitive filesystems</topic>
<affects>
<package>
<name>git</name>
<range><lt>2.2.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Git Project reports:</p>
<blockquote cite="http://article.gmane.org/gmane.linux.kernel/1853266">
<p>When using a case-insensitive filesystem an attacker can
craft a malicious Git tree that will cause Git to overwrite
its own .git/config file when cloning or checking out a
repository, leading to arbitrary command execution in the
client machine. If you are a hosting service whose users
may fetch from your service to Windows or Mac OS X machines,
you are strongly encouraged to update to protect such users
who use existing versions of Git.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-9390</cvename>
<url>https://github.com/blog/1938-git-client-vulnerability-announced</url>
<url>http://article.gmane.org/gmane.linux.kernel/1853266</url>
</references>
<dates>
<discovery>2014-12-19</discovery>
<entry>2014-12-19</entry>
</dates>
</vuln>
<vuln vid="0c5cf7c4-856e-11e4-a089-60a44c524f57">
<topic>otrs -- Incomplete Access Control</topic>
<affects>
<package>
<name>otrs</name>
<range><gt>3.2.*</gt><lt>3.2.17</lt></range>
<range><gt>3.3.*</gt><lt>3.3.11</lt></range>
<range><gt>4.0.*</gt><lt>4.0.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The OTRS project reports:</p>
<blockquote cite="http://www.otrs.com/security-advisory-2014-06-incomplete-access-control/">
<p>An attacker with valid OTRS credentials could access and manipulate ticket data
of other users via the GenericInterface, if a ticket webservice is configured
and not additionally secured.</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.otrs.com/security-advisory-2014-06-incomplete-access-control/</url>
<cvename>CVE-2014-9324</cvename>
</references>
<dates>
<discovery>2014-12-16</discovery>
<entry>2014-12-16</entry>
</dates>
</vuln>
<vuln vid="f5561ade-846c-11e4-b7a7-20cf30e32f6d">
<topic>subversion -- DoS vulnerabilities</topic>
<affects>
<package>
<name>mod_dav_svn</name>
<range><ge>1.8.0</ge><lt>1.8.11</lt></range>
</package>
<package>
<name>subversion16</name>
<range><ge>1.0.0</ge><lt>1.7.19</lt></range>
</package>
<package>
<name>subversion17</name>
<range><ge>1.0.0</ge><lt>1.7.19</lt></range>
</package>
<package>
<name>subversion</name>
<range><ge>1.0.0</ge><lt>1.7.19</lt></range>
<range><ge>1.8.0</ge><lt>1.8.11</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Subversion Project reports:</p>
<blockquote cite="http://subversion.apache.org/security/">
<p>Subversion's mod_dav_svn Apache HTTPD server module will crash when it
receives a REPORT request for some invalid formatted special URIs.</p>
<p>Subversion's mod_dav_svn Apache HTTPD server module will crash when it
receives a request for some invalid formatted special URIs.</p>
<p>We consider this to be a medium risk vulnerability. Repositories which
allow for anonymous reads will be vulnerable without authentication.
Unfortunately, no special configuration is required and all mod_dav_svn
servers are vulnerable.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-3580</cvename>
<cvename>CVE-2014-8108</cvename>
<url>http://subversion.apache.org/security/CVE-2014-3580-advisory.txt</url>
<url>http://subversion.apache.org/security/CVE-2014-8108-advisory.txt</url>
</references>
<dates>
<discovery>2014-12-13</discovery>
<entry>2014-12-15</entry>
</dates>
</vuln>
<vuln vid="fdf72a0e-8371-11e4-bc20-001636d274f3">
<topic>NVIDIA UNIX driver -- remote denial of service or arbitrary code execution</topic>
<affects>
<package>
<name>nvidia-driver</name>
<range><lt>340.65</lt></range>
</package>
<package>
<name>nvidia-driver-304</name>
<range><lt>304.125</lt></range>
</package>
<package>
<name>nvidia-driver-173</name>
<range><le>173.14.35_3</le></range>
</package>
<package>
<name>nvidia-driver-96</name>
<range><le>96.43.23_2</le></range>
</package>
<package>
<name>nvidia-driver-71</name>
<range><le>71.86.15_4</le></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>NVIDIA Unix security team reports:</p>
<blockquote cite="http://nvidia.custhelp.com/app/answers/detail/a_id/3610">
<p>The GLX indirect rendering support supplied on NVIDIA products
is subject to the recently disclosed X.Org vulnerabilities
(CVE-2014-8093, CVE-2014-8098) as well as internally identified
vulnerabilities (CVE-2014-8298).</p>
<p>Depending on how it is configured, the X server typically runs
with raised privileges, and listens for GLX indirect rendering
protocol requests from a local socket and potentially a TCP/IP
port. The vulnerabilities could be exploited in a way that
causes the X server to access uninitialized memory or overwrite
arbitrary memory in the X server process. This can cause a
denial of service (e.g., an X server segmentation fault), or
could be exploited to achieve arbitrary code execution.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-8298</cvename>
<cvename>CVE-2014-8093</cvename>
<cvename>CVE-2014-8098</cvename>
</references>
<dates>
<discovery>2014-12-03</discovery>
<entry>2014-12-14</entry>
</dates>
</vuln>
<vuln vid="ab3e98d9-8175-11e4-907d-d050992ecde8">
<topic>bind -- denial of service vulnerability</topic>
<affects>
<package>
<name>bind99</name>
<name>bind99-base</name>
<range><lt>9.9.6</lt></range>
</package>
<package>
<name>bind98</name>
<name>bind98-base</name>
<name>bind96</name>
<name>bind96-base</name>
<range><gt>0</gt></range>
</package>
<package>
<name>FreeBSD</name>
<range><ge>9.3</ge><lt>9.3_6</lt></range>
<range><ge>9.2</ge><lt>9.2_16</lt></range>
<range><ge>9.1</ge><lt>9.1_23</lt></range>
<range><ge>8.4</ge><lt>8.4_20</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>ISC reports:</p>
<blockquote cite="https://www.isc.org/blogs/important-security-advisory-posted/">
<p>We have today posted updated versions of 9.9.6 and 9.10.1
to address a significant security vulnerability in DNS
resolution. The flaw was discovered by Florian Maury of
ANSSI, and applies to any recursive resolver that does not
support a limit on the number of recursions. [<a href="http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html">CERTFR-2014-AVI-512</a>],
[USCERT <a href="www.kb.cert.org/vuls/id/264212">VU#264212</a>]</p>
<p>A flaw in delegation handling could be exploited to put named
into an infinite loop, in which each lookup of a name server
triggered additional lookups of more name servers. This has
been addressed by placing limits on the number of levels of
recursion named will allow (default 7), and on the number of
queries that it will send before terminating a recursive query
(default 50). The recursion depth limit is configured via the
max-recursion-depth option, and the query limit via the
max-recursion-queries option. For more information, see the
security advisory at <a href="https://kb.isc.org/article/AA-01216/">https://kb.isc.org/article/AA-01216/</a>.
<a href="https://kb.isc.org/article/AA-01216/">[CVE-2014-8500]</a>
[RT #37580]</p>
<p>In addition, we have also corrected a potential security
vulnerability in the GeoIP feature in the 9.10.1 release only.
For more information on this issue, see the security advisory
at <a href="https://kb.isc.org/article/AA-01217">https://kb.isc.org/article/AA-01217</a>.
<a href="https://kb.isc.org/article/AA-01217">[CVE-2014-8680]</a></p>
</blockquote>
</body>
</description>
<references>
<freebsdsa>SA-14:29.bind</freebsdsa>
<cvename>CVE-2014-8500</cvename>
<cvename>CVE-2014-8680</cvename>
<url>https://www.isc.org/blogs/important-security-advisory-posted/</url>
</references>
<dates>
<discovery>2014-12-08</discovery>
<entry>2014-12-11</entry>
<modified>2016-08-09</modified>
</dates>
</vuln>
<vuln vid="94268da0-8118-11e4-a180-001999f8d30b">
<topic>asterisk -- Remote Crash Vulnerability in WebSocket Server</topic>
<affects>
<package>
<name>asterisk11</name>
<range><lt>11.14.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Asterisk project reports:</p>
<blockquote cite="http://www.asterisk.org/downloads/security-advisories">
<p>When handling a WebSocket frame the res_http_websocket
module dynamically changes the size of the memory used
to allow the provided payload to fit. If a payload length
of zero was received the code would incorrectly attempt
to resize to zero. This operation would succeed and end
up freeing the memory but be treated as a failure. When
the session was subsequently torn down this memory would
get freed yet again causing a crash.</p>
<p>Users of the WebSocket functionality also did not take
into account that provided text frames are not guaranteed
to be NULL terminated. This has been fixed in chan_sip
and chan_pjsip in the applicable versions.</p>
</blockquote>
</body>
</description>
<references>
<url>http://downloads.asterisk.org/pub/security/AST-2014-019.html</url>
<cvename>CVE-2014-9374</cvename>
</references>
<dates>
<discovery>2014-10-30</discovery>
<entry>2014-12-11</entry>
<modified>2015-01-29</modified>
</dates>
</vuln>
<vuln vid="27b9b2f0-8081-11e4-b4ca-bcaec565249c">
<topic>xserver -- multiple issue with X client request handling</topic>
<affects>
<package>
<name>xorg-server</name>
<range><lt>1.12.4_10,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Alan Coopersmith reports:</p>
<blockquote cite="http://lists.x.org/archives/xorg-announce/2014-December/002500.html">
<p>Ilja van Sprundel, a security researcher with IOActive, has
discovered a large number of issues in the way the X server
code base handles requests from X clients, and has worked
with X.Org's security team to analyze, confirm, and fix
these issues.</p>
<p>The vulnerabilities could be exploited to cause the X server
to access uninitialized memory or overwrite arbitrary memory
in the X server process. This can cause a denial of service
(e.g., an X server segmentation fault), or could be exploited
to achieve arbitrary code execution.</p>
<p>The GLX extension to the X Window System allows an X client
to send X protocol to the X server, to request that the X
server perform OpenGL rendering on behalf of the X client.
This is known as "GLX indirect rendering", as opposed to
"GLX direct rendering" where the X client submits OpenGL
rendering commands directly to the GPU, bypassing the X
server and avoiding the X server code for GLX protocol
handling.</p>
<p>Most GLX indirect rendering implementations share some
common ancestry, dating back to "Sample Implementation"
code from Silicon Graphics, Inc (SGI), which SGI
originally commercially licensed to other Unix workstation
and graphics vendors, and later released as open source, so
those vulnerabilities may affect other licensees of SGI's
code base beyond those running code from the X.Org Foundation
or the XFree86 Project.</p>
</blockquote>
</body>
</description>
<references>
<url>http://lists.x.org/archives/xorg-announce/2014-December/002500.html</url>
<cvename>CVE-2014-8091</cvename>
<cvename>CVE-2014-8092</cvename>
<cvename>CVE-2014-8093</cvename>
<cvename>CVE-2014-8094</cvename>
<cvename>CVE-2014-8095</cvename>
<cvename>CVE-2014-8096</cvename>
<cvename>CVE-2014-8097</cvename>
<cvename>CVE-2014-8098</cvename>
<cvename>CVE-2014-8099</cvename>
<cvename>CVE-2014-8100</cvename>
<cvename>CVE-2014-8101</cvename>
<cvename>CVE-2014-8102</cvename>
</references>
<dates>
<discovery>2014-12-09</discovery>
<entry>2014-12-10</entry>
</dates>
</vuln>
<vuln vid="10d73529-7f4b-11e4-af66-00215af774f0">
<topic>unbound -- can be tricked into following an endless series of delegations, this consumes a lot of resources</topic>
<affects>
<package>
<name>unbound</name>
<range><lt>1.5.1</lt></range>
</package>
<package>
<name>FreeBSD</name>
<range><ge>10.0</ge><lt>10.0_14</lt></range>
<range><ge>10.1</ge><lt>10.1_2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Unbound developer reports:</p>
<blockquote cite="http://unbound.net/downloads/CVE-2014-8602.txt">
<p>The resolver can be tricked into following an endless series of
delegations, this consumes a lot of resources.</p>
</blockquote>
</body>
</description>
<references>
<url>http://unbound.net/downloads/CVE-2014-8602.txt</url>
<freebsdsa>SA-14:30.unbound</freebsdsa>
<cvename>CVE-2014-8602</cvename>
</references>
<dates>
<discovery>2014-12-08</discovery>
<entry>2014-12-09</entry>
<modified>2016-08-09</modified>
</dates>
</vuln>
<vuln vid="567beb1e-7e0a-11e4-b9cc-bcaec565249c">
<topic>freetype -- Out of bounds stack-based read/write</topic>
<affects>
<package>
<name>freetype2</name>
<range><lt>2.5.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Werner LEMBERG reports:</p>
<blockquote cite="http://lists.nongnu.org/archive/html/freetype-announce/2014-12/msg00000.html">
<p>The fix for CVE-2014-2240 was not 100% complete to fix the issue
from the CVE completly.</p>
</blockquote>
</body>
</description>
<references>
<url>http://lists.nongnu.org/archive/html/freetype-announce/2014-12/msg00000.html</url>
<cvename>CVE-2014-2240</cvename>
</references>
<dates>
<discovery>2014-12-07</discovery>
<entry>2014-12-07</entry>
</dates>
</vuln>
<vuln vid="c9c46fbf-7b83-11e4-a96e-6805ca0b3d42">
<topic>phpMyAdmin -- XSS and DoS vulnerabilities</topic>
<affects>
<package>
<name>phpMyAdmin</name>
<range><ge>4.2.0</ge><lt>4.2.13.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The phpMyAdmin development team reports:</p>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php">
<p>DoS vulnerability with long passwords.</p>
<p>With very long passwords it was possible to initiate a
denial of service attack on phpMyAdmin.</p>
<p>We consider this vulnerability to be serious.</p>
<p>This vulnerability can be mitigated by configuring
throttling in the webserver.</p>
</blockquote>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php">
<p>XSS vulnerability in redirection mechanism.</p>
<p>With a crafted URL it was possible to trigger an XSS in
the redirection mechanism in phpMyAdmin.</p>
<p>We consider this vulnerability to be non critical.</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php</url>
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php</url>
<cvename>CVE-2014-9218</cvename>
<cvename>CVE-2014-9219</cvename>
</references>
<dates>
<discovery>2014-12-03</discovery>
<entry>2014-12-04</entry>
</dates>
</vuln>
<vuln vid="7ae61870-9dd2-4884-a2f2-f19bb5784d09">
<topic>mozilla -- multiple vulnerabilities</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>34.0,1</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>31.3.0,1</lt></range>
</package>
<package>
<name>linux-firefox</name>
<range><lt>34.0,1</lt></range>
</package>
<package>
<name>linux-seamonkey</name>
<range><lt>2.31</lt></range>
</package>
<package>
<name>linux-thunderbird</name>
<range><lt>31.3.0</lt></range>
</package>
<package>
<name>seamonkey</name>
<range><lt>2.31</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>31.3.0</lt></range>
</package>
<package>
<name>libxul</name>
<range><lt>31.3.0</lt></range>
</package>
<package>
<name>nss</name>
<range><lt>3.17.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Mozilla Project reports:</p>
<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
<p>ASN.1 DER decoding of lengths is too permissive, allowing
undetected smuggling of arbitrary data</p>
<p>MFSA-2014-90 Apple CoreGraphics framework on OS X 10.10
logging input data to /tmp directory</p>
<p>MFSA-2014-89 Bad casting from the BasicThebesLayer to
BasicContainerLayer</p>
<p>MFSA-2014-88 Buffer overflow while parsing media content</p>
<p>MFSA-2014-87 Use-after-free during HTML5 parsing</p>
<p>MFSA-2014-86 CSP leaks redirect data via violation reports</p>
<p>MFSA-2014-85 XMLHttpRequest crashes with some input streams</p>
<p>MFSA-2014-84 XBL bindings accessible via improper CSS
declarations</p>
<p>MFSA-2014-83 Miscellaneous memory safety hazards (rv:34.0
/ rv:31.3)</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-1587</cvename>
<cvename>CVE-2014-1588</cvename>
<cvename>CVE-2014-1589</cvename>
<cvename>CVE-2014-1590</cvename>
<cvename>CVE-2014-1591</cvename>
<cvename>CVE-2014-1592</cvename>
<cvename>CVE-2014-1593</cvename>
<cvename>CVE-2014-1594</cvename>
<cvename>CVE-2014-1595</cvename>
<cvename>CVE-2014-1569</cvename>
<url>https://www.mozilla.org/security/advisories/mfsa2014-83</url>
<url>https://www.mozilla.org/security/advisories/mfsa2014-84</url>
<url>https://www.mozilla.org/security/advisories/mfsa2014-85</url>
<url>https://www.mozilla.org/security/advisories/mfsa2014-86</url>
<url>https://www.mozilla.org/security/advisories/mfsa2014-87</url>
<url>https://www.mozilla.org/security/advisories/mfsa2014-88</url>
<url>https://www.mozilla.org/security/advisories/mfsa2014-89</url>
<url>https://www.mozilla.org/security/advisories/mfsa2014-90</url>
<url>https://www.mozilla.org/security/advisories/</url>
</references>
<dates>
<discovery>2014-12-01</discovery>
<entry>2014-12-02</entry>
</dates>
</vuln>
<vuln vid="23ab5c3e-79c3-11e4-8b1e-d050992ecde8">
<topic>OpenVPN -- denial of service security vulnerability</topic>
<affects>
<package>
<name>openvpn</name>
<range><lt>2.0.11</lt></range>
<range><ge>2.1.0</ge><lt>2.2.3</lt></range>
<range><ge>2.3.0</ge><lt>2.3.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The OpenVPN project reports:</p>
<blockquote cite="https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b">
<p>In late November 2014 Dragana Damjanovic notified OpenVPN
developers of a critical denial of service security vulnerability
(CVE-2014-8104). The vulnerability allows an tls-authenticated
client to crash the server by sending a too-short control channel
packet to the server. In other words this vulnerability is denial
of service only.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-8104</cvename>
<url>https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b</url>
</references>
<dates>
<discovery>2014-12-01</discovery>
<entry>2014-12-02</entry>
</dates>
</vuln>
<vuln vid="a33addf6-74e6-11e4-a615-f8b156b6dcc8">
<topic>flac -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>flac</name>
<range><lt>1.3.0_3</lt></range>
</package>
<package>
<name>linux-c6-flac</name>
<range><lt>1.2.1_3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Erik de Castro Lopo reports:</p>
<blockquote cite="http://lists.xiph.org/pipermail/flac-dev/2014-November/005226.html">
<p>Google Security Team member, Michele Spagnuolo, recently
found two potential problems in the FLAC code base. They are:</p>
<ul>
<li>CVE-2014-9028: Heap buffer write overflow.</li>
<li>CVE-2014-8962: Heap buffer read overflow.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<url>https://git.xiph.org/?p=flac.git;a=commit;h=5b3033a2b355068c11fe637e14ac742d273f076e</url>
<cvename>CVE-2014-8962</cvename>
<url>https://git.xiph.org/?p=flac.git;a=commit;h=fcf0ba06ae12ccd7c67cee3c8d948df15f946b85</url>
<cvename>CVE-2014-9028</cvename>
</references>
<dates>
<discovery>2014-11-25</discovery>
<entry>2014-11-25</entry>
<modified>2015-07-15</modified>
</dates>
</vuln>
<vuln vid="7bfd797c-716d-11e4-b008-001999f8d30b">
<topic>asterisk -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>asterisk11</name>
<range><lt>11.14.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Asterisk project reports:</p>
<blockquote cite="http://www.asterisk.org/downloads/security-advisories">
<p>AST-2014-014 - High call load may result in hung
channels in ConfBridge.</p>
<p>AST-2014-017 - Permission escalation through ConfBridge
actions/dialplan functions.</p>
</blockquote>
</body>
</description>
<references>
<url>http://downloads.asterisk.org/pub/security/AST-2014-014.html</url>
<cvename>CVE-2014-8414</cvename>
<url>http://downloads.asterisk.org/pub/security/AST-2014-017.html</url>
<cvename>CVE-2014-8417</cvename>
</references>
<dates>
<discovery>2014-11-21</discovery>
<entry>2014-11-21</entry>
</dates>
</vuln>
<vuln vid="a92ed304-716c-11e4-b008-001999f8d30b">
<topic>asterisk -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>asterisk</name>
<range><lt>1.8.32.1</lt></range>
</package>
<package>
<name>asterisk11</name>
<range><lt>11.14.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Asterisk project reports:</p>
<blockquote cite="https://www.asterisk.org/security">
<p>AST-2014-012 - Mixed IP address families in access
control lists may permit unwanted traffic.</p>
<p>AST-2014-018 - AMI permission escalation through DB
dialplan function.</p>
</blockquote>
</body>
</description>
<references>
<url>http://downloads.asterisk.org/pub/security/AST-2014-012.html</url>
<cvename>CVE-2014-8412</cvename>
<url>http://downloads.asterisk.org/pub/security/AST-2014-018.html</url>
<cvename>CVE-2014-8418</cvename>
</references>
<dates>
<discovery>2014-11-21</discovery>
<entry>2014-11-21</entry>
</dates>
</vuln>
<vuln vid="a5d4a82a-7153-11e4-88c7-6805ca0b3d42">
<topic>phpMyAdmin -- XSS and information disclosure vulnerabilities</topic>
<affects>
<package>
<name>phpMyAdmin</name>
<range><ge>4.2.0</ge><lt>4.2.12</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The phpMyAdmin development team reports:</p>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-13.php">
<ul>
<li>With a crafted database, table or column name it is
possible to trigger an XSS attack in the table browse
page.</li>
<li>With a crafted ENUM value it is possible to trigger
XSS attacks in the table print view and zoom search
pages.</li>
<li>With a crafted value for font size it is possible to
trigger an XSS attack in the home page.</li>
</ul>
<p>These vulnerabilities can be triggered only by someone
who is logged in to phpMyAdmin, as the usual token
protection prevents non-logged-in users from accessing the
required pages. Moreover, exploitation of the XSS
vulnerability related to the font size requires forgery of
the pma_fontsize cookie.</p>
</blockquote>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-14.php">
<p> In the GIS editor feature, a parameter specifying the
geometry type was not correcly validated, opening the door
to a local file inclusion attack.</p>
<p>This vulnerability can be triggered only by someone who
is logged in to phpMyAdmin, as the usual token protection
prevents non-logged-in users from accessing the required
page.</p>
</blockquote>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php">
<p>With a crafted file name it is possible to trigger an
XSS in the error reporting page.</p>
<p>This vulnerability can be triggered only by someone who
is logged in to phpMyAdmin, as the usual token protection
prevents non-logged-in users from accessing the required
page.</p>
</blockquote>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php">
<p>In the error reporting feature, a parameter specifying
the file was not correctly validated, allowing the
attacker to derive the line count of an arbitrary file</p>
<p>This vulnerability can be triggered only by someone who
is logged in to phpMyAdmin, as the usual token protection
prevents non-logged-in users from accessing the required
page.</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-13.php</url>
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-14.php</url>
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php</url>
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php</url>
<cvename>CVE-2014-8958</cvename>
<cvename>CVE-2014-8959</cvename>
<cvename>CVE-2014-8960</cvename>
<cvename>CVE-2014-8961</cvename>
</references>
<dates>
<discovery>2014-11-20</discovery>
<entry>2014-11-21</entry>
</dates>
</vuln>
<vuln vid="890b6b22-70fa-11e4-91ae-5453ed2e2b49">
<topic>kwebkitpart, kde-runtime -- insufficient input validation</topic>
<affects>
<package>
<name>kde-runtime</name>
<range><lt>4.14.2_2</lt></range>
</package>
<package>
<name>kwebkitpart</name>
<range><lt>1.3.2_4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Albert Aastals Cid reports:</p>
<blockquote cite="https://www.kde.org/info/security/advisory-20141113-1.txt">
<p>kwebkitpart and the bookmarks:// io slave were not sanitizing
input correctly allowing to some javascript being executed on the
context of the referenced hostname.</p>
<p>Whilst in most cases, the JavaScript will be executed in an
untrusted context, with the bookmarks IO slave, it will be executed
in the context of the referenced hostname. It should however be
noted that KDE mitigates this risk by attempting to ensure that
such URLs cannot be embedded directly into Internet hosted
content.</p>
</blockquote>
</body>
</description>
<references>
<url>https://www.kde.org/info/security/advisory-20141113-1.txt</url>
<cvename>CVE-2014-8600</cvename>
</references>
<dates>
<discovery>2014-11-13</discovery>
<entry>2014-11-20</entry>
</dates>
</vuln>
<vuln vid="5a35bc56-7027-11e4-a4a3-001999f8d30b">
<topic>yii -- Remote arbitrary PHP code execution</topic>
<affects>
<package>
<name>yii</name>
<range><lt>1.1.15</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Yii PHP Framework developers report:</p>
<blockquote cite="http://www.yiiframework.com/news/78/yii-1-1-15-is-released-security-fix/">
<p>We are releasing Yii 1.1.15 to fix a security issue
found in 1.1.14. We urge all 1.1.14 users to upgrade their
Yii to this latest release. Note that the issue only
affects 1.1.14. All previous releases are not affected.
Upgrading to this release from 1.1.14 is very safe and
will not break your existing code.</p>
<p>The vulnerability is in the CDetailView widget. When
a Yii application uses this widget and configures the
"value" property of a CDetailView attribute using end
user inputs, it may allow attackers to potentially execute
arbitrary PHP scripts on the server. We are not showing
how to exploit it here to allow users to upgrade before
details about the exploit become publicly known. To our
knowledge the details of this issue are only known to
core team members.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-4672</cvename>
<url>http://www.yiiframework.com/news/78/yii-1-1-15-is-released-security-fix</url>
</references>
<dates>
<discovery>2014-07-03</discovery>
<entry>2014-11-19</entry>
</dates>
</vuln>
<vuln vid="d395e44f-6f4f-11e4-a444-00262d5ed8ee">
<topic>chromium -- multiple vulnerabilities</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>39.0.2171.65</lt></range>
</package>
<package>
<name>chromium-pulse</name>
<range><lt>39.0.2171.65</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Google Chrome Releases reports:</p>
<blockquote cite="http://googlechromereleases.blogspot.nl/2014/11/stable-channel-update_18.html">
<p>42 security fixes in this release, including:</p>
<ul>
<li>[389734] High CVE-2014-7899: Address bar spoofing. Credit to
Eli Grey.</li>
<li>[406868] High CVE-2014-7900: Use-after-free in pdfium. Credit
to Atte Kettunen from OUSPG.</li>
<li>[413375] High CVE-2014-7901: Integer overflow in pdfium. Credit
to cloudfuzzer.</li>
<li>[414504] High CVE-2014-7902: Use-after-free in pdfium. Credit
to cloudfuzzer.</li>
<li>[414525] High CVE-2014-7903: Buffer overflow in pdfium. Credit
to cloudfuzzer.</li>
<li>[418161] High CVE-2014-7904: Buffer overflow in Skia. Credit to
Atte Kettunen from OUSPG.</li>
<li>[421817] High CVE-2014-7905: Flaw allowing navigation to
intents that do not have the BROWSABLE category. Credit to
WangTao(neobyte) of Baidu X-Team.</li>
<li>[423030] High CVE-2014-7906: Use-after-free in pepper plugins.
Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team.</li>
<li>[423703] High CVE-2014-0574: Double-free in Flash. Credit to
biloulehibou.</li>
<li>[424453] High CVE-2014-7907: Use-after-free in blink. Credit to
Chen Zhang (demi6od) of the NSFOCUS Security Team.</li>
<li>[425980] High CVE-2014-7908: Integer overflow in media. Credit
to Christoph Diehl.</li>
<li>[391001] Medium CVE-2014-7909: Uninitialized memory read in
Skia. Credit to miaubiz.</li>
<li>CVE-2014-7910: Various fixes from internal audits, fuzzing and
other initiatives.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-0574</cvename>
<cvename>CVE-2014-7899</cvename>
<cvename>CVE-2014-7900</cvename>
<cvename>CVE-2014-7901</cvename>
<cvename>CVE-2014-7902</cvename>
<cvename>CVE-2014-7903</cvename>
<cvename>CVE-2014-7904</cvename>
<cvename>CVE-2014-7905</cvename>
<cvename>CVE-2014-7906</cvename>
<cvename>CVE-2014-7907</cvename>
<cvename>CVE-2014-7908</cvename>
<cvename>CVE-2014-7909</cvename>
<cvename>CVE-2014-7910</cvename>
<url>http://googlechromereleases.blogspot.nl/2014/11/stable-channel-update_18.html</url>
</references>
<dates>
<discovery>2014-11-18</discovery>
<entry>2014-11-18</entry>
</dates>
</vuln>
<vuln vid="dafa13a8-6e9b-11e4-8ef7-5453ed2e2b49">
<topic>kde-workspace -- privilege escalation</topic>
<affects>
<package>
<name>kde-workspace</name>
<range><lt>4.11.13_1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>David Edmundson reports:</p>
<blockquote cite="https://www.kde.org/info/security/advisory-20141106-1.txt">
<p>KDE workspace configuration module for setting the date and time
has a helper program which runs as root for performing actions.
This is secured with polkit.</p>
<p>This helper takes the name of the ntp utility to run as an
argument. This allows a hacker to run any arbitrary command as root
under the guise of updating the time.</p>
<p>An application can gain root priveledges from an admin user with
either misleading information or no interaction.</p>
<p>On some systems the user will be shown a prompt to change the
time. However, if the system has policykit-desktop-privileges
installed, the datetime helper will be invoked by an admin user
without any prompts.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-8651</cvename>
<mlist>http://seclists.org/oss-sec/2014/q4/520</mlist>
</references>
<dates>
<discovery>2014-11-06</discovery>
<entry>2014-11-17</entry>
</dates>
</vuln>
<vuln vid="c1930f45-6982-11e4-80e1-bcaec565249c">
<topic>dbus -- incomplete fix for CVE-2014-3636 part A</topic>
<affects>
<package>
<name>dbus</name>
<range><lt>1.8.10</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Simon McVittie reports:</p>
<blockquote cite="http://lists.freedesktop.org/archives/dbus/2014-November/016395.html">
<p>The patch issued by the D-Bus maintainers for CVE-2014-3636
was based on incorrect reasoning, and does not fully prevent
the attack described as "CVE-2014-3636 part A", which is
repeated below. Preventing that attack requires raising the
system dbus-daemon's RLIMIT_NOFILE (ulimit -n) to a higher
value. CVE-2014-7824 has been allocated for this
vulnerability.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-7824</cvename>
<url>http://lists.freedesktop.org/archives/dbus/2014-November/016395.html</url>
</references>
<dates>
<discovery>2014-11-10</discovery>
<entry>2014-11-11</entry>
</dates>
</vuln>
<vuln vid="ee7b4f9d-66c8-11e4-9ae1-e8e0b722a85e">
<topic>wget -- path traversal vulnerability in recursive FTP mode</topic>
<affects>
<package>
<name>wget</name>
<range><lt>1.16</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>MITRE reports:</p>
<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4877">
<p>Absolute path traversal vulnerability in GNU Wget before
1.16, when recursion is enabled, allows remote FTP servers
to write to arbitrary files, and consequently execute
arbitrary code, via a LIST response that references the same
filename within two entries, one of which indicates that the
filename is for a symlink. </p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-4877</cvename>
<certvu>685996</certvu>
</references>
<dates>
<discovery>2014-10-27</discovery>
<entry>2014-11-08</entry>
</dates>
</vuln>
<vuln vid="0167f5ad-64ea-11e4-98c1-00269ee29e57">
<topic>Konversation -- out-of-bounds read on a heap-allocated array</topic>
<affects>
<package>
<name>konversation</name>
<range><lt>1.5.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Konversation developers report:</p>
<blockquote cite="https://www.kde.org/info/security/advisory-20141104-1.txt">
<p>Konversation's Blowfish ECB encryption support assumes incoming blocks
to be the expected 12 bytes. The lack of a sanity-check for the actual
size can cause a denial of service and an information leak to the local
user.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-8483</cvename>
<url>https://www.kde.org/info/security/advisory-20141104-1.txt</url>
</references>
<dates>
<discovery>2014-11-04</discovery>
<entry>2014-11-05</entry>
</dates>
</vuln>
<vuln vid="21ce1840-6107-11e4-9e84-0022156e8794">
<topic>twiki -- remote Perl code execution</topic>
<affects>
<package>
<name>twiki</name>
<range><lt>5.1.4_1,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>TWiki developers report:</p>
<blockquote cite="http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7236">
<p>The debugenableplugins request parameter allows arbitrary
Perl code execution.</p>
<p>Using an HTTP GET request towards a TWiki server,
add a specially crafted debugenableplugins request parameter
to TWiki's view script (typically port 80/TCP).
Prior authentication may or may not be necessary.</p>
<p>A remote attacker can execute arbitrary Perl code
to view and modify any file the webserver user has access to.</p>
<p>Example: http://www.example.com/do/view/Main/WebHome?debugenableplugins=BackupRestorePlugin%3bprint("Content-Type:text/html\r\n\r\nVulnerable!")%3bexit</p>
<p>The TWiki site is vulnerable if you see a page with text
"Vulnerable!".</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-7236</cvename>
<url>http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7236</url>
</references>
<dates>
<discovery>2014-10-09</discovery>
<entry>2014-10-31</entry>
</dates>
</vuln>
<vuln vid="0dad9114-60cc-11e4-9e84-0022156e8794">
<topic>jenkins -- slave-originated arbitrary code execution on master servers</topic>
<affects>
<package>
<name>jenkins</name>
<range><lt>1.587</lt></range>
</package>
<package>
<name>jenkins-lts</name>
<range><lt>1.580.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Kohsuke Kawaguchi from Jenkins team reports:</p>
<blockquote cite="https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-30">
<p>Historically, Jenkins master and slaves behaved as if
they altogether form a single distributed process. This
means a slave can ask a master to do just about anything
within the confinement of the operating system, such as
accessing files on the master or trigger other jobs on
Jenkins.</p>
<p>This has increasingly become problematic, as larger
enterprise deployments have developed more sophisticated
trust separation model, where the administators of a master
might take slaves owned by other teams. In such an
environment, slaves are less trusted than the master.
Yet the "single distributed process" assumption was not
communicated well to the users, resulting in vulnerabilities
in some deployments.</p>
<p>SECURITY-144 (CVE-2014-3665) introduces a new subsystem
to address this problem. This feature is off by default for
compatibility reasons. See Wiki for more details, who should
turn this on, and implications.</p>
<p>CVE-2014-3566 is rated high. It only affects
installations that accept slaves from less trusted
computers, but this will allow an owner of of such slave to
mount a remote code execution attack on Jenkins.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-3665</cvename>
<url>https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-30</url>
<url>https://wiki.jenkins-ci.org/display/JENKINS/Slave+To+Master+Access+Control</url>
<url>http://www.cloudbees.com/jenkins-security-advisory-2014-10-30</url>
</references>
<dates>
<discovery>2014-10-30</discovery>
<entry>2014-10-31</entry>
</dates>
</vuln>
<vuln vid="f8c88d50-5fb3-11e4-81bd-5453ed2e2b49">
<topic>libssh -- PRNG state reuse on forking servers</topic>
<affects>
<package>
<name>libssh</name>
<range><lt>0.6.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Aris Adamantiadis reports:</p>
<blockquote cite="http://www.openwall.com/lists/oss-security/2014/03/05/1">
<p>When accepting a new connection, the server forks and the
child process handles the request. The RAND_bytes() function
of openssl doesn't reset its state after the fork, but
simply adds the current process id (getpid) to the PRNG
state, which is not guaranteed to be unique.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-0017</cvename>
<mlist>http://www.openwall.com/lists/oss-security/2014/03/05/1</mlist>
<url>http://secunia.com/advisories/57407</url>
</references>
<dates>
<discovery>2014-03-05</discovery>
<entry>2014-10-29</entry>
</dates>
</vuln>
<vuln vid="d057c5e6-5b20-11e4-bebd-000c2980a9f3">
<topic>libpurple/pidgin -- multiple vulnerabilities</topic>
<affects>
<package>
<name>libpurple</name>
<range><lt>2.10.10</lt></range>
</package>
<package>
<name>pidgin</name>
<range><lt>2.10.10</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The pidgin development team reports:</p>
<blockquote cite="https://developer.pidgin.im/wiki/ChangeLog">
<p>.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-3694</cvename>
<cvename>CVE-2014-3697</cvename>
<cvename>CVE-2014-3696</cvename>
<cvename>CVE-2014-3695</cvename>
<cvename>CVE-2014-3698</cvename>
<url>https://developer.pidgin.im/wiki/ChangeLog</url>
</references>
<dates>
<discovery>2014-10-22</discovery>
<entry>2014-10-24</entry>
</dates>
</vuln>
<vuln vid="25b78f04-59c8-11e4-b711-6805ca0b3d42">
<topic>phpMyAdmin -- XSS vulnerabilities in SQL debug output and server monitor page.</topic>
<affects>
<package>
<name>phpMyAdmin</name>
<range><ge>4.2.0</ge><lt>4.2.10.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The phpMyAdmin development team reports:</p>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-12.php">
<p>With a crafted database or table name it is possible to
trigger an XSS in SQL debug output when enabled and in
server monitor page when viewing and analysing executed
queries.</p>
<p>This vulnerability can be triggered only by someone who
is logged in to phpMyAdmin, as the usual token protection
prevents non-logged-in users from accessing the required
pages. Moreover, debugging SQL is a developer option which
is disabled by default and expected to be disabled in
production environments.</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-12.php</url>
<cvename>CVE-2014-8326</cvename>
</references>
<dates>
<discovery>2014-10-21</discovery>
<entry>2014-10-22</entry>
</dates>
</vuln>
<vuln vid="76c7a0f5-5928-11e4-adc7-001999f8d30b">
<topic>asterisk -- Asterisk Susceptibility to POODLE Vulnerability</topic>
<affects>
<package>
<name>asterisk</name>
<range><lt>1.8.31.1</lt></range>
</package>
<package>
<name>asterisk11</name>
<range><lt>11.13.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Asterisk project reports:</p>
<blockquote cite="http://www.asterisk.org/downloads/security-advisories">
<p>The POODLE vulnerability is described under CVE-2014-3566.
This advisory describes the Asterisk's project susceptibility
to this vulnerability.</p>
</blockquote>
</body>
</description>
<references>
<url>http://downloads.asterisk.org/pub/security/AST-2014-011.html</url>
<cvename>CVE-2014-3566</cvename>
</references>
<dates>
<discovery>2014-10-20</discovery>
<entry>2014-10-21</entry>
</dates>
</vuln>
<vuln vid="0642b064-56c4-11e4-8b87-bcaec565249c">
<topic>libxml2 -- Denial of service</topic>
<affects>
<package>
<name>libxml2</name>
<range><lt>2.9.2</lt></range>
</package>
<package>
<name>linux-c6-libxml2</name>
<range><lt>2.7.6_2</lt></range>
</package>
<package>
<name>linux-f10-libxml2</name>
<range><ge>*</ge></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>RedHat reports:</p>
<blockquote cite="https://rhn.redhat.com/errata/RHSA-2014-1655.html">
<p>A denial of service flaw was found in libxml2, a library
providing support to read, modify and write XML and HTML
files. A remote attacker could provide a specially crafted
XML file that, when processed by an application using
libxml2, would lead to excessive CPU consumption (denial of
service) based on excessive entity substitutions, even if
entity substitution was disabled, which is the parser default
behavior.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-3660</cvename>
<url>https://rhn.redhat.com/errata/RHSA-2014-1655.html</url>
</references>
<dates>
<discovery>2014-10-16</discovery>
<entry>2014-10-18</entry>
<modified>2015-07-15</modified>
</dates>
</vuln>
<vuln vid="6f825fa4-5560-11e4-a4c3-00a0986f28c4">
<topic>drupal7 -- SQL injection</topic>
<affects>
<package>
<name>drupal7</name>
<range><lt>7.32</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Drupal Security Team reports:</p>
<blockquote cite="https://drupal.org/SA-CORE-2013-003">
<p>Drupal 7 includes a database abstraction API to ensure that
queries executed against the database are sanitized to prevent
SQL injection attacks.
A vulnerability in this API allows an attacker to send
specially crafted requests resulting in arbitrary SQL execution.
Depending on the content of the requests this can lead to
privilege escalation, arbitrary PHP execution, or other attacks.
This vulnerability can be exploited by anonymous users.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-3704</cvename>
<url>https://www.drupal.org/SA-CORE-2014-005</url>
<url>https://www.sektioneins.de/en/blog/14-10-15-drupal-sql-injection-vulnerability.html</url>
</references>
<dates>
<discovery>2014-10-15</discovery>
<entry>2014-10-16</entry>
</dates>
</vuln>
<vuln vid="03175e62-5494-11e4-9cc1-bc5ff4fb5e7b">
<topic>OpenSSL -- multiple vulnerabilities</topic>
<affects>
<package>
<name>openssl</name>
<range><ge>1.0.1</ge><lt>1.0.1_16</lt></range>
</package>
<package>
<name>mingw32-openssl</name>
<range><ge>1.0.1</ge><lt>1.0.1j</lt></range>
</package>
<package>
<name>linux-c6-openssl</name>
<range><lt>1.0.1e_1</lt></range>
</package>
<package>
<name>FreeBSD</name>
<range><ge>8.4</ge><lt>8.4_17</lt></range>
<range><ge>9.1</ge><lt>9.1_20</lt></range>
<range><ge>9.2</ge><lt>9.2_13</lt></range>
<range><ge>9.3</ge><lt>9.3_3</lt></range>
<range><ge>10.0</ge><lt>10.0_10</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The OpenSSL Project reports:</p>
<blockquote cite="https://www.openssl.org/news/secadv_20141015.txt">
<p>A flaw in the DTLS SRTP extension parsing code allows an
attacker, who sends a carefully crafted handshake message,
to cause OpenSSL to fail to free up to 64k of memory causing
a memory leak. This could be exploited in a Denial Of Service
attack. This issue affects OpenSSL 1.0.1 server implementations
for both SSL/TLS and DTLS regardless of whether SRTP is used
or configured. Implementations of OpenSSL that have been
compiled with OPENSSL_NO_SRTP defined are not affected.
[CVE-2014-3513].</p>
<p>When an OpenSSL SSL/TLS/DTLS server receives a session
ticket the integrity of that ticket is first verified.
In the event of a session ticket integrity check failing,
OpenSSL will fail to free memory causing a memory leak.
By sending a large number of invalid session tickets an
attacker could exploit this issue in a Denial Of Service
attack. [CVE-2014-3567].</p>
<p>OpenSSL has added support for TLS_FALLBACK_SCSV to allow
applications to block the ability for a MITM attacker to
force a protocol downgrade.</p>
<p>Some client applications (such as browsers) will reconnect
using a downgraded protocol to work around interoperability
bugs in older servers. This could be exploited by an active
man-in-the-middle to downgrade connections to SSL 3.0 even
if both sides of the connection support higher protocols.
SSL 3.0 contains a number of weaknesses including POODLE
[CVE-2014-3566].</p>
<p>When OpenSSL is configured with "no-ssl3" as a build option,
servers could accept and complete a SSL 3.0 handshake, and
clients could be configured to send them. [CVE-2014-3568].</p>
</blockquote>
</body>
</description>
<references>
<freebsdsa>SA-14:23.openssl</freebsdsa>
<cvename>CVE-2014-3513</cvename>
<cvename>CVE-2014-3566</cvename>
<cvename>CVE-2014-3567</cvename>
<cvename>CVE-2014-3568</cvename>
<url>https://www.openssl.org/news/secadv_20141015.txt</url>
</references>
<dates>
<discovery>2014-10-15</discovery>
<entry>2014-10-15</entry>
<modified>2016-08-09</modified>
</dates>
</vuln>
<vuln vid="9c1495ac-8d8c-4789-a0f3-8ca6b476619c">
<topic>mozilla -- multiple vulnerabilities</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>33.0,1</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>31.2.0,1</lt></range>
</package>
<package>
<name>linux-firefox</name>
<range><lt>33.0,1</lt></range>
</package>
<package>
<name>linux-seamonkey</name>
<range><lt>2.30</lt></range>
</package>
<package>
<name>linux-thunderbird</name>
<range><lt>31.2.0</lt></range>
</package>
<package>
<name>seamonkey</name>
<range><lt>2.30</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>31.2.0</lt></range>
</package>
<package>
<name>libxul</name>
<range><lt>31.2.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Mozilla Project reports:</p>
<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
<p>MFSA 2014-74 Miscellaneous memory safety hazards
(rv:33.0 / rv:31.2)</p>
<p>MFSA 2014-75 Buffer overflow during CSS manipulation</p>
<p>MFSA 2014-76 Web Audio memory corruption issues with
custom waveforms</p>
<p>MFSA 2014-78 Further uninitialized memory use during GIF</p>
<p>MFSA 2014-79 Use-after-free interacting with text
directionality</p>
<p>MFSA 2014-80 Key pinning bypasses</p>
<p>MFSA 2014-81 Inconsistent video sharing within iframe</p>
<p>MFSA 2014-82 Accessing cross-origin objects via the
Alarms API</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-1574</cvename>
<cvename>CVE-2014-1575</cvename>
<cvename>CVE-2014-1576</cvename>
<cvename>CVE-2014-1577</cvename>
<cvename>CVE-2014-1580</cvename>
<cvename>CVE-2014-1581</cvename>
<cvename>CVE-2014-1582</cvename>
<cvename>CVE-2014-1583</cvename>
<cvename>CVE-2014-1584</cvename>
<cvename>CVE-2014-1585</cvename>
<cvename>CVE-2014-1586</cvename>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-74.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-75.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-76.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-78.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-79.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-80.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-81.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-82.html</url>
<url>https://www.mozilla.org/security/announce/</url>
</references>
<dates>
<discovery>2014-10-14</discovery>
<entry>2014-10-14</entry>
<modified>2015-08-12</modified>
</dates>
</vuln>
<vuln vid="c30c3a2e-4fb1-11e4-b275-14dae9d210b8">
<topic>foreman-proxy SSL verification issue</topic>
<affects>
<package>
<name>foreman-proxy</name>
<range><lt>1.6.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Foreman Security reports:</p>
<blockquote cite="http://projects.theforeman.org/issues/7822">
<p>The smart proxy when running in an SSL-secured mode permits incoming
API calls to any endpoint without requiring, or performing any
verification of an SSL client certificate. This permits any client
with access to the API to make requests and perform actions
permitting control of Puppet CA, DHCP, DNS etc.)</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-3691</cvename>
<url>https://groups.google.com/forum/#!topic/foreman-announce/LcjZx25Bl7U</url>
</references>
<dates>
<discovery>2014-05-09</discovery>
<entry>2014-10-09</entry>
</dates>
</vuln>
<vuln vid="b6587341-4d88-11e4-aef9-20cf30e32f6d">
<topic>Bugzilla multiple security issues</topic>
<affects>
<package>
<name>bugzilla44</name>
<range><lt>4.4.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Bugzilla Security Advisory</p>
<blockquote cite="http://www.bugzilla.org/security/4.0.14/">
<h5>Unauthorized Account Creation</h5>
<p>An attacker creating a new Bugzilla account can override certain
parameters when finalizing the account creation that can lead to the
user being created with a different email address than originally
requested. The overridden login name could be automatically added
to groups based on the group's regular expression setting.</p>
<h5>Cross-Site Scripting</h5>
<p>During an audit of the Bugzilla code base, several places
were found where cross-site scripting exploits could occur which
could allow an attacker to access sensitive information.</p>
<h5>Information Leak</h5>
<p>If a new comment was marked private to the insider group, and a flag
was set in the same transaction, the comment would be visible to
flag recipients even if they were not in the insider group.</p>
<h5>Social Engineering</h5>
<p>Search results can be exported as a CSV file which can then be
imported into external spreadsheet programs. Specially formatted
field values can be interpreted as formulas which can be executed
and used to attack a user's computer.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-1572</cvename>
<cvename>CVE-2014-1573</cvename>
<cvename>CVE-2014-1571</cvename>
<url>https://bugzilla.mozilla.org/show_bug.cgi?id=1074812</url>
<url>https://bugzilla.mozilla.org/show_bug.cgi?id=1075578</url>
<url>https://bugzilla.mozilla.org/show_bug.cgi?id=1064140</url>
<url>https://bugzilla.mozilla.org/show_bug.cgi?id=1054702</url>
</references>
<dates>
<discovery>2014-10-06</discovery>
<entry>2014-10-06</entry>
</dates>
</vuln>
<vuln vid="81e2b308-4a6c-11e4-b711-6805ca0b3d42">
<topic>rt42 -- vulnerabilities related to shellshock</topic>
<affects>
<package>
<name>rt42</name>
<range><ge>4.2.0</ge><lt>4.2.8</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Best Practical reports:</p>
<blockquote cite="http://blog.bestpractical.com/2014/10/security-vulnerability-in-rt-42x-cve-2014-7227.html">
<p>RT 4.2.0 and above may be vulnerable to arbitrary
execution of code by way of CVE-2014-7169, CVE-2014-7186,
CVE-2014-7187, CVE-2014-6277, or CVE-2014-6271 --
collectively known as "Shellshock." This vulnerability
requires a privileged user with access to an RT instance
running with SMIME integration enabled; it applies to both
mod_perl and fastcgi deployments. If you have already
taken upgrades to bash to resolve "Shellshock," you are
protected from this vulnerability in RT, and there is no
need to apply this patch. This vulnerability has been
assigned CVE-2014-7227.</p>
</blockquote>
</body>
</description>
<references>
<url>http://blog.bestpractical.com/2014/10/security-vulnerability-in-rt-42x-cve-2014-7227.html</url>
<cvename>CVE-2014-7227</cvename>
</references>
<dates>
<discovery>2014-10-02</discovery>
<entry>2014-10-02</entry>
</dates>
</vuln>
<vuln vid="549a2771-49cc-11e4-ae2c-c80aa9043978">
<topic>jenkins -- remote execution, privilege escalation, XSS, password exposure, ACL hole, DoS</topic>
<affects>
<package>
<name>jenkins</name>
<range><lt>1.583</lt></range>
</package>
<package>
<name>jenkins-lts</name>
<range><lt>1.565.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Jenkins Security Advisory:</p>
<blockquote cite="https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01">
<p>Please reference CVE/URL list for details</p>
</blockquote>
</body>
</description>
<references>
<url>https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01</url>
<cvename>CVE-2014-3661</cvename>
<cvename>CVE-2014-3662</cvename>
<cvename>CVE-2014-3663</cvename>
<cvename>CVE-2014-3664</cvename>
<cvename>CVE-2014-3680</cvename>
<cvename>CVE-2014-3681</cvename>
<cvename>CVE-2014-3666</cvename>
<cvename>CVE-2014-3667</cvename>
<cvename>CVE-2013-2186</cvename>
<cvename>CVE-2014-1869</cvename>
<cvename>CVE-2014-3678</cvename>
<cvename>CVE-2014-3679</cvename>
</references>
<dates>
<discovery>2014-10-01</discovery>
<entry>2014-10-01</entry>
</dates>
</vuln>
<vuln vid="512d1301-49b9-11e4-ae2c-c80aa9043978">
<topic>bash -- remote code execution</topic>
<affects>
<package>
<name>bash</name>
<name>bash-static</name>
<range><lt>4.3.25_2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Note that this is different than the public "Shellshock"
issue.</p>
<p>Specially crafted environment variables could lead to remote
arbitrary code execution. This was fixed in bash 4.3.27, however
the port was patched with a mitigation in 4.3.25_2.</p>
</body>
</description>
<references>
<url>http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html</url>
<cvename>CVE-2014-6277</cvename>
<cvename>CVE-2014-6278</cvename>
</references>
<dates>
<discovery>2014-09-27</discovery>
<entry>2014-10-01</entry>
</dates>
</vuln>
<vuln vid="3e8b7f8a-49b0-11e4-b711-6805ca0b3d42">
<topic>phpMyAdmin -- XSS vulnerabilities</topic>
<affects>
<package>
<name>phpMyAdmin</name>
<range><ge>4.2.0</ge><lt>4.2.9.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The phpMyAdmin development team reports:</p>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-11.php">
<p>With a crafted ENUM value it is possible to trigger an
XSS in table search and table structure pages. This
vulnerability can be triggered only by someone who is
logged in to phpMyAdmin, as the usual token protection
prevents non-logged-in users from accessing the required
pages.</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-11.php</url>
<cvename>CVE-2014-7217</cvename>
</references>
<dates>
<discovery>2014-10-01</discovery>
<entry>2014-10-01</entry>
</dates>
</vuln>
<vuln vid="4a4e9f88-491c-11e4-ae2c-c80aa9043978">
<topic>bash -- out-of-bounds memory access in parser</topic>
<affects>
<package>
<name>bash</name>
<name>bash-static</name>
<range><lt>4.3.27_1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>RedHat security team reports:</p>
<blockquote cite="https://access.redhat.com/security/cve/CVE-2014-7186">
<p>It was discovered that the fixed-sized redir_stack could be forced
to overflow in the Bash parser, resulting in memory corruption, and
possibly leading to arbitrary code execution when evaluating
untrusted input that would not otherwise be run as code.</p>
</blockquote>
<blockquote cite="https://access.redhat.com/security/cve/CVE-2014-7187">
<p>An off-by-one error was discovered in the way Bash was handling
deeply nested flow control constructs. Depending on the layout of
the .bss segment, this could allow arbitrary execution of code that
would not otherwise be executed by Bash.</p>
</blockquote>
</body>
</description>
<references>
<url>https://access.redhat.com/security/cve/CVE-2014-7186</url>
<cvename>CVE-2014-7186</cvename>
<cvename>CVE-2014-7187</cvename>
</references>
<dates>
<discovery>2014-09-25</discovery>
<entry>2014-10-01</entry>
</dates>
</vuln>
<vuln vid="8e0e86ff-48b5-11e4-ab80-000c29f6ae42">
<topic>rsyslog -- remote syslog PRI vulnerability</topic>
<affects>
<package>
<name>rsyslog</name>
<range><lt>7.6.7</lt></range>
</package>
<package>
<name>rsyslog8</name>
<range><lt>8.4.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The rsyslog project reports:</p>
<blockquote cite="http://www.rsyslog.com/remote-syslog-pri-vulnerability/">
<p>potential abort when a message with PRI &gt; 191 was processed
if the "pri-text" property was used in active templates,
this could be abused to a remote denial of service from
permitted senders</p>
<p>The original fix for CVE-2014-3634 was not adequate.</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.rsyslog.com/remote-syslog-pri-vulnerability/</url>
<cvename>CVE-2014-3634</cvename>
</references>
<dates>
<discovery>2014-09-30</discovery>
<entry>2014-09-30</entry>
<modified>2014-10-02</modified>
</dates>
</vuln>
<vuln vid="6c083cf8-4830-11e4-ae2c-c80aa9043978">
<topic>fish -- local privilege escalation and remote code execution</topic>
<affects>
<package>
<name>fish</name>
<range><ge>1.6.0</ge><lt>2.1.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Fish developer David Adam reports:</p>
<blockquote cite="http://www.openwall.com/lists/oss-security/2014/09/28/8">
<p>This release fixes a number of local privilege escalation
vulnerability and one remote code execution vulnerability.</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.openwall.com/lists/oss-security/2014/09/28/8</url>
<cvename>CVE-2014-2905</cvename>
<url>https://github.com/fish-shell/fish-shell/issues/1436</url>
<cvename>CVE-2014-2906</cvename>
<cvename>CVE-2014-3856</cvename>
<url>https://github.com/fish-shell/fish-shell/issues/1437</url>
<cvename>CVE-2014-2914</cvename>
<url>https://github.com/fish-shell/fish-shell/issues/1438</url>
<cvename>CVE-2014-3219</cvename>
<url>https://github.com/fish-shell/fish-shell/issues/1440</url>
</references>
<dates>
<discovery>2014-09-28</discovery>
<entry>2014-09-29</entry>
</dates>
</vuln>
<vuln vid="ca44b64c-4453-11e4-9ea1-c485083ca99c">
<topic>Flash player -- Multiple security vulnerabilities in www/linux-*-flashplugin11</topic>
<affects>
<package>
<name>linux-f10-flashplugin</name>
<range><lt>11.2r202.400</lt></range>
</package>
<package>
<name>linux-c6-flashplugin</name>
<range><lt>11.2r202.400</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Adobe reports:</p>
<blockquote cite="https://helpx.adobe.com/security/products/flash-player/apsb14-21.html">
<p>These updates address vulnerabilities that could cause a crash
and potentially allow an attacker to take control of the affected system.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-0547</cvename>
<cvename>CVE-2014-0548</cvename>
<cvename>CVE-2014-0549</cvename>
<cvename>CVE-2014-0550</cvename>
<cvename>CVE-2014-0551</cvename>
<cvename>CVE-2014-0552</cvename>
<cvename>CVE-2014-0553</cvename>
<cvename>CVE-2014-0554</cvename>
<cvename>CVE-2014-0555</cvename>
<cvename>CVE-2014-0556</cvename>
<cvename>CVE-2014-0557</cvename>
<cvename>CVE-2014-0559</cvename>
<url>http://helpx.adobe.com/security/products/flash-player/apsb14-21.html</url>
</references>
<dates>
<discovery>2014-09-09</discovery>
<entry>2014-09-25</entry>
</dates>
</vuln>
<vuln vid="48108fb0-751c-4cbb-8f33-09239ead4b55">
<topic>NSS -- RSA Signature Forgery</topic>
<affects>
<package>
<name>linux-firefox</name>
<range><lt>32.0.3,1</lt></range>
</package>
<package>
<name>linux-thunderbird</name>
<range><lt>31.1.2</lt></range>
</package>
<package>
<name>linux-seamonkey</name>
<range><lt>2.29.1</lt></range>
</package>
<package>
<name>nss</name>
<range><lt>3.17.1</lt></range>
</package>
<package>
<name>linux-c6-nss</name>
<range><lt>3.16.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Mozilla Project reports:</p>
<blockquote cite="https://www.mozilla.org/security/announce/2014/mfsa2014-73.html">
<p>Antoine Delignat-Lavaud discovered that NSS is vulnerable
to a variant of a signature forgery attack previously
published by Daniel Bleichenbacher. This is due to lenient
parsing of ASN.1 values involved in a signature and could
lead to the forging of RSA certificates.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-1568</cvename>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-73.html</url>
</references>
<dates>
<discovery>2014-09-23</discovery>
<entry>2014-09-25</entry>
</dates>
</vuln>
<vuln vid="fb25333d-442f-11e4-98f3-5453ed2e2b49">
<topic>krfb -- Multiple security issues in bundled libvncserver</topic>
<affects>
<package>
<name>krfb</name>
<range><lt>4.12.5_4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Martin Sandsmark reports:</p>
<blockquote cite="http://lists.kde.org/?l=kde-announce&amp;m=141153917319769&amp;w=2">
<p>krfb 4.14 [and earlier] embeds libvncserver which has had
several security issues.</p>
<p>Several remotely exploitable security issues have been
uncovered in libvncserver, some of which might allow a
remote authenticated user code execution or application
crashes.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-6055</cvename>
<mlist>http://lists.kde.org/?l=kde-announce&amp;m=141153917319769&amp;w=2</mlist>
</references>
<dates>
<discovery>2014-09-23</discovery>
<entry>2014-09-25</entry>
</dates>
</vuln>
<vuln vid="71ad81da-4414-11e4-a33e-3c970e169bc2">
<topic>bash -- remote code execution vulnerability</topic>
<affects>
<package>
<name>bash</name>
<name>bash-static</name>
<range><gt>3.0</gt><le>3.0.17</le></range>
<range><gt>3.1</gt><le>3.1.18</le></range>
<range><gt>3.2</gt><le>3.2.52</le></range>
<range><gt>4.0</gt><le>4.0.39</le></range>
<range><gt>4.1</gt><le>4.1.12</le></range>
<range><gt>4.2</gt><le>4.2.48</le></range>
<range><gt>4.3</gt><lt>4.3.25_1</lt></range>
</package>
<package>
<name>linux_base-c6</name>
<range><lt>6.5_1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chet Ramey reports:</p>
<blockquote cite="https://lists.gnu.org/archive/html/bug-bash/2014-09/msg00081.html">
<p>Under certain circumstances, bash will execute user code
while processing the environment for exported function
definitions.</p>
</blockquote>
<p>The original fix released for CVE-2014-6271 was not adequate. A
similar vulnerability was discovered and tagged as CVE-2014-7169.</p>
</body>
</description>
<references>
<cvename>CVE-2014-6271</cvename>
<cvename>CVE-2014-7169</cvename>
<url>https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/</url>
<url>https://lists.gnu.org/archive/html/bug-bash/2014-09/msg00081.html</url>
<url>http://seclists.org/oss-sec/2014/q3/690</url>
</references>
<dates>
<discovery>2014-09-24</discovery>
<entry>2014-09-24</entry>
<modified>2014-09-25</modified>
</dates>
</vuln>
<vuln vid="e60d9e65-3f6b-11e4-ad16-001999f8d30b">
<topic>asterisk -- Remotely triggered crash</topic>
<affects>
<package>
<name>asterisk11</name>
<range><lt>11.12.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Asterisk project reports:</p>
<blockquote cite="https://www.asterisk.org/security">
<p>When an out of call message - delivered by either the
SIP or PJSIP channel driver or the XMPP stack - is handled
in Asterisk, a crash can occur if the channel servicing
the message is sent into the ReceiveFax dialplan application
while using the res_fax_spandsp module.</p>
<p>Note that this crash does not occur when using the
res_fax_digium module. While this crash technically
occurs due to a configuration issue, as attempting to
receive a fax from a channel driver that only contains
textual information will never succeed, the likelihood
of having it occur is sufficiently high as to warrant
this advisory.</p>
</blockquote>
</body>
</description>
<references>
<url>http://downloads.asterisk.org/pub/security/AST-2014-010.pdf</url>
<url>https://issues.asterisk.org/jira/browse/ASTERISK-24301</url>
<url>https://www.asterisk.org/security</url>
</references>
<dates>
<discovery>2014-09-05</discovery>
<entry>2014-09-18</entry>
</dates>
</vuln>
<vuln vid="d3324c55-3f11-11e4-ad16-001999f8d30b">
<topic>squid -- Buffer overflow in SNMP processing</topic>
<affects>
<package>
<name>squid</name>
<range><lt>3.4.8</lt></range>
</package>
<package>
<name>squid32</name>
<range><gt>0</gt></range>
</package>
<package>
<name>squid33</name>
<range><lt>3.3.13_2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The squid-cache project reports:</p>
<blockquote cite="http://www.squid-cache.org/Advisories/SQUID-2014_3.txt">
<p>Due to incorrect buffer management Squid can be caused
by an attacker to write outside its allocated SNMP buffer.</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.squid-cache.org/Advisories/SQUID-2014_3.txt</url>
<cvename>CVE-2014-6270</cvename>
</references>
<dates>
<discovery>2014-09-15</discovery>
<entry>2014-09-18</entry>
</dates>
</vuln>
<vuln vid="38242d51-3e58-11e4-ac2f-bcaec565249c">
<topic>dbus -- multiple vulnerabilities</topic>
<affects>
<package>
<name>dbus</name>
<range><lt>1.8.8</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Simon McVittie reports:</p>
<blockquote cite="http://lists.freedesktop.org/archives/dbus/2014-September/016343.html">
<p>Do not accept an extra fd in the padding of a cmsg message,
which could lead to a 4-byte heap buffer overrun
(CVE-2014-3635).</p>
<p>Reduce default for maximum Unix file descriptors passed per
message from 1024 to 16, preventing a uid with the default
maximum number of connections from exhausting the system
bus' file descriptors under Linux's default rlimit
(CVE-2014-3636).</p>
<p>Disconnect connections that still have a fd pending
unmarshalling after a new configurable limit,
pending_fd_timeout (defaulting to 150 seconds), removing
the possibility of creating an abusive connection that
cannot be disconnected by setting up a circular reference
to a connection's file descriptor (CVE-2014-3637).</p>
<p>Reduce default for maximum pending replies per connection
from 8192 to 128, mitigating an algorithmic complexity
denial-of-service attack (CVE-2014-3638).</p>
<p>Reduce default for authentication timeout on the system
bus from 30 seconds to 5 seconds, avoiding denial of service
by using up all unauthenticated connection slots; and when
all unauthenticated connection slots are used up, make new
connection attempts block instead of disconnecting them
(CVE-2014-3639).</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-3635</cvename>
<cvename>CVE-2014-3636</cvename>
<cvename>CVE-2014-3637</cvename>
<cvename>CVE-2014-3638</cvename>
<cvename>CVE-2014-3639</cvename>
<url>http://lists.freedesktop.org/archives/dbus/2014-September/016343.html</url>
</references>
<dates>
<discovery>2014-09-16</discovery>
<entry>2014-09-17</entry>
</dates>
</vuln>
<vuln vid="77b784bb-3dc6-11e4-b191-f0def16c5c1b">
<topic>nginx -- inject commands into SSL session vulnerability</topic>
<affects>
<package>
<name>nginx</name>
<range><ge>0.6.0</ge><lt>1.6.2,2</lt></range>
</package>
<package>
<name>nginx-devel</name>
<range><ge>0.5.6</ge><lt>1.7.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The nginx project reports:</p>
<blockquote cite="http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html">
<p>Security: it was possible to reuse SSL sessions in unrelated contexts
if a shared SSL session cache or the same TLS session ticket key was
used for multiple "server" blocks (CVE-2014-3616).</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-3616</cvename>
<url>http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html</url>
</references>
<dates>
<discovery>2014-09-16</discovery>
<entry>2014-09-16</entry>
</dates>
</vuln>
<vuln vid="cc627e6c-3b89-11e4-b629-6805ca0b3d42">
<topic>phpMyAdmin -- XSRF/CSRF due to DOM based XSS in the micro history feature</topic>
<affects>
<package>
<name>phpMyAdmin</name>
<range><ge>4.2.0</ge><lt>4.2.8.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The phpMyAdmin development team reports:</p>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php">
<p>XSRF/CSRF due to DOM based XSS in the micro history feature.</p>
<p>By deceiving a logged-in user to click on a crafted URL,
it is possible to perform remote code execution and in some
cases, create a root account due to a DOM based XSS
vulnerability in the micro history feature.</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php</url>
<cvename>CVE-2014-6300</cvename>
</references>
<dates>
<discovery>2014-09-13</discovery>
<entry>2014-09-13</entry>
</dates>
</vuln>
<vuln vid="36858e78-3963-11e4-ad84-000c29f6ae42">
<topic>security/ossec-hids-* -- root escalation via temp files</topic>
<affects>
<package>
<name>ossec-hids-server</name>
<name>ossec-hids-client</name>
<name>ossec-hids-local</name>
<range><lt>2.8.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>OSSEC reports:</p>
<blockquote cite="http://www.ossec.net/?p=1135">
<p>This correction will create the temp file for the hosts deny file
in /var/ossec and will use mktemp where available to create
NON-predictable temp file name. In cases where mktemp is not
available we have written a BAD version of mktemp, but should be a
little better then just process id.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-5284</cvename>
<url>http://www.ossec.net/?p=1135</url>
</references>
<dates>
<discovery>2014-09-09</discovery>
<entry>2014-09-11</entry>
</dates>
</vuln>
<vuln vid="6318b303-3507-11e4-b76c-0011d823eebd">
<topic>trafficserver -- unspecified vulnerability</topic>
<affects>
<package>
<name>trafficserver</name>
<range><lt>5.0.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Bryan Call reports:</p>
<blockquote cite="http://mail-archives.apache.org/mod_mbox/trafficserver-users/201407.mbox/%3CBFCEC9C8-1BE9-4DCA-AF9C-B8FE798EEC07@yahoo-inc.com%3E">
<p>Below is our announcement for the security issue reported to us
from Yahoo! Japan. All versions of Apache Traffic Server are
vulnerable. We urge users to upgrade to either 4.2.1.1 or 5.0.1
immediately.</p>
<p>This fixes CVE-2014-3525 and limits access to how the health
checks are performed.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-3525</cvename>
<url>http://mail-archives.apache.org/mod_mbox/trafficserver-users/201407.mbox/%3CBFCEC9C8-1BE9-4DCA-AF9C-B8FE798EEC07@yahoo-inc.com%3E</url>
</references>
<dates>
<discovery>2014-07-23</discovery>
<entry>2014-09-05</entry>
</dates>
</vuln>
<vuln vid="84203724-296b-11e4-bebd-000c2980a9f3">
<topic>file -- buffer overruns and missing buffer size tests</topic>
<affects>
<package>
<name>file</name>
<range><lt>5.19</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Christos Zoulas reports:</p>
<blockquote cite="http://mx.gw.com/pipermail/file/2014/001553.html">
<p>A specially crafted file can cause a segmentation fault.</p>
</blockquote>
</body>
</description>
<references>
<url>http://mx.gw.com/pipermail/file/2014/001553.html</url>
</references>
<dates>
<discovery>2014-06-09</discovery>
<entry>2014-08-21</entry>
</dates>
</vuln>
<vuln vid="3c5579f7-294a-11e4-99f6-00e0814cab4e">
<topic>django -- multiple vulnerabilities</topic>
<affects>
<package>
<name>py27-django</name>
<range><ge>1.6</ge><lt>1.6.6</lt></range>
</package>
<package>
<name>py27-django15</name>
<range><ge>1.5</ge><lt>1.5.9</lt></range>
</package>
<package>
<name>py27-django14</name>
<range><ge>1.4</ge><lt>1.4.14</lt></range>
</package>
<package>
<name>py32-django</name>
<range><ge>1.6</ge><lt>1.6.6</lt></range>
</package>
<package>
<name>py32-django15</name>
<range><ge>1.5</ge><lt>1.5.9</lt></range>
</package>
<package>
<name>py33-django</name>
<range><ge>1.6</ge><lt>1.6.6</lt></range>
</package>
<package>
<name>py33-django15</name>
<range><ge>1.5</ge><lt>1.5.9</lt></range>
</package>
<package>
<name>py34-django</name>
<range><ge>1.6</ge><lt>1.6.6</lt></range>
</package>
<package>
<name>py34-django15</name>
<range><ge>1.5</ge><lt>1.5.9</lt></range>
</package>
<package>
<name>py27-django-devel</name>
<range><lt>20140821,1</lt></range>
</package>
<package>
<name>py32-django-devel</name>
<range><lt>20140821,1</lt></range>
</package>
<package>
<name>py33-django-devel</name>
<range><lt>20140821,1</lt></range>
</package>
<package>
<name>py34-django-devel</name>
<range><lt>20140821,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Django project reports:</p>
<blockquote cite="https://www.djangoproject.com/weblog/2014/aug/20/security/">
<p>These releases address an issue with reverse() generating external
URLs; a denial of service involving file uploads; a potential
session hijacking issue in the remote-user middleware; and a data
leak in the administrative interface. We encourage all users of
Django to upgrade as soon as possible.</p>
</blockquote>
</body>
</description>
<references>
<url>https://www.djangoproject.com/weblog/2014/aug/20/security/</url>
<cvename>CVE-2014-0480</cvename>
<cvename>CVE-2014-0481</cvename>
<cvename>CVE-2014-0482</cvename>
<cvename>CVE-2014-0483</cvename>
</references>
<dates>
<discovery>2014-08-20</discovery>
<entry>2014-08-21</entry>
</dates>
</vuln>
<vuln vid="d2a892b9-2605-11e4-9da0-00a0986f28c4">
<topic>PHP multiple vulnerabilities</topic>
<affects>
<package>
<name>php53</name>
<range><lt>5.3.29</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The PHP Team reports:</p>
<blockquote cite="http://php.net/ChangeLog-5.php#5.3.29">
<p>insecure temporary file use in the configure script</p>
<p>unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion
</p>
<p>Heap buffer over-read in DateInterval</p>
<p>fileinfo: cdf_read_short_sector insufficient boundary check</p>
<p>fileinfo: CDF infinite loop in nelements DoS</p>
<p>fileinfo: fileinfo: numerous file_printf calls resulting in
performance degradation)</p>
<p>Fix potential segfault in dns_check_record()</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2013-6712</cvename>
<cvename>CVE-2014-0207</cvename>
<cvename>CVE-2014-0237</cvename>
<cvename>CVE-2014-0238</cvename>
<cvename>CVE-2014-3515</cvename>
<cvename>CVE-2014-3981</cvename>
<cvename>CVE-2014-4049</cvename>
<url>http://php.net/ChangeLog-5.php#5.3.29</url>
<url>https://www.sektioneins.de/en/blog/14-07-04-phpinfo-infoleak.html</url>
</references>
<dates>
<discovery>2014-08-14</discovery>
<entry>2014-08-18</entry>
</dates>
</vuln>
<vuln vid="fbb01289-2645-11e4-bc44-6805ca0b3d42">
<topic>phpMyAdmin -- XSS vulnerabilities</topic>
<affects>
<package>
<name>phpMyAdmin</name>
<range><ge>4.2.0</ge><lt>4.2.7.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The phpMyAdmin development team reports:</p>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-8.php">
<p>Multiple XSS vulnerabilities in browse table, ENUM
editor, monitor, query charts and table relations pages.</p>
<p> With a crafted database, table or a primary/unique key
column name it is possible to trigger an XSS when dropping
a row from the table. With a crafted column name it is
possible to trigger an XSS in the ENUM editor dialog. With
a crafted variable name or a crafted value for unit field
it is possible to trigger a self-XSS when adding a new
chart in the monitor page. With a crafted value for x-axis
label it is possible to trigger a self-XSS in the query
chart page. With a crafted relation name it is possible to
trigger an XSS in table relations page.</p>
</blockquote>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-9.php">
<p>XSS in view operations page.</p>
<p>With a crafted view name it is possible to trigger an
XSS when dropping the view in view operation page.</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-8.php</url>
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-9.php</url>
<cvename>CVE-2014-5273</cvename>
<cvename>CVE-2014-5274</cvename>
</references>
<dates>
<discovery>2014-08-17</discovery>
<entry>2014-08-17</entry>
</dates>
</vuln>
<vuln vid="69048656-2187-11e4-802c-20cf30e32f6d">
<topic>serf -- SSL Certificate Null Byte Poisoning</topic>
<affects>
<package>
<name>serf</name>
<range><lt>1.3.7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>serf Development list reports:</p>
<blockquote cite="https://groups.google.com/forum/#!topic/serf-dev/NvgPoK6sFsc">
<p>Serf provides APIs to retrieve information about a certificate. These
APIs return the information as NUL terminated strings (commonly called C
strings). X.509 uses counted length strings which may include a NUL byte.
This means that a library user will interpret any information as ending
upon seeing this NUL byte and will only see a partial value for that field.
</p>
<p>Attackers could exploit this vulnerability to create a certificate that a
client will accept for a different hostname than the full certificate is
actually for by embedding a NUL byte in the certificate.</p>
<p>This can lead to a man-in-the-middle attack. There are no known instances
of this problem being exploited in the wild and in practice it should be
difficult to actually exploit this vulnerability.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-3504</cvename>
</references>
<dates>
<discovery>2014-08-06</discovery>
<entry>2014-08-11</entry>
</dates>
</vuln>
<vuln vid="83a418cc-2182-11e4-802c-20cf30e32f6d">
<topic>subversion -- several vulnerabilities</topic>
<affects>
<package>
<name>subversion16</name>
<range><ge>1.0.0</ge><lt>1.7.18</lt></range>
</package>
<package>
<name>subversion17</name>
<range><ge>1.0.0</ge><lt>1.7.18</lt></range>
</package>
<package>
<name>subversion</name>
<range><ge>1.0.0</ge><lt>1.7.18</lt></range>
<range><ge>1.8.0</ge><lt>1.8.10</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Subversion Project reports:</p>
<blockquote cite="http://subversion.apache.org/security/CVE-2014-3522-advisory.txt">
<p>Using the Serf RA layer of Subversion for HTTPS uses the apr_fnmatch API
to handle matching wildcards in certificate Common Names and Subject
Alternate Names. However, apr_fnmatch is not designed for this purpose.
Instead it is designed to behave like common shell globbing. In particular
this means that '*' is not limited to a single label within a hostname
(i.e. it will match '.'). But even further apr_fnmatch supports '?' and
character classes (neither of which are part of the RFCs defining how
certificate validation works).</p>
<p>Subversion stores cached credentials by an MD5 hash based on the URL and
the authentication realm of the server the credentials are cached for.
MD5 has been shown to be subject to chosen plaintext hash collisions.
This means it may be possible to generate an authentication realm which
results in the same MD5 hash for a different URL.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-3522</cvename>
<cvename>CVE-2014-3528</cvename>
<url>http://subversion.apache.org/security/CVE-2014-3522-advisory.txt</url>
<url>http://subversion.apache.org/security/CVE-2014-3528-advisory.txt</url>
</references>
<dates>
<discovery>2014-08-06</discovery>
<entry>2014-08-11</entry>
</dates>
</vuln>
<vuln vid="ad747a01-1fee-11e4-8ff1-f0def16c5c1b">
<topic>nginx -- inject commands into SSL session vulnerability</topic>
<affects>
<package>
<name>nginx</name>
<range><ge>1.6.0,2</ge><lt>1.6.1,2</lt></range>
</package>
<package>
<name>nginx-devel</name>
<range><ge>1.5.6</ge><lt>1.7.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The nginx project reports:</p>
<blockquote cite="http://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html">
<p>Security: pipelined commands were not discarded after STARTTLS
command in SMTP proxy (CVE-2014-3556); the bug had appeared in 1.5.6.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-3556</cvename>
<url>http://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html</url>
</references>
<dates>
<discovery>2014-08-05</discovery>
<entry>2014-08-09</entry>
</dates>
</vuln>
<vuln vid="8aff07eb-1dbd-11e4-b6ba-3c970e169bc2">
<topic>OpenSSL -- multiple vulnerabilities</topic>
<affects>
<package>
<name>openssl</name>
<range><ge>1.0.1</ge><lt>1.0.1_14</lt></range>
</package>
<package>
<name>mingw32-openssl</name>
<range><ge>1.0.1</ge><lt>1.0.1i</lt></range>
</package>
<package>
<name>FreeBSD</name>
<range><ge>8.4</ge><lt>8.4_15</lt></range>
<range><ge>9.1</ge><lt>9.1_18</lt></range>
<range><ge>9.2</ge><lt>9.2_11</lt></range>
<range><ge>9.3</ge><lt>9.3_1</lt></range>
<range><ge>10.0</ge><lt>10.0_8</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The OpenSSL Project reports:</p>
<blockquote cite="https://www.openssl.org/news/secadv_20140806.txt">
<p>A flaw in OBJ_obj2txt may cause pretty printing functions
such as X509_name_oneline, X509_name_print_ex et al. to leak
some information from the stack. [CVE-2014-3508]</p>
<p>The issue affects OpenSSL clients and allows a malicious
server to crash the client with a null pointer dereference
(read) by specifying an SRP ciphersuite even though it was
not properly negotiated with the client. [CVE-2014-5139]</p>
<p>If a multithreaded client connects to a malicious server
using a resumed session and the server sends an ec point
format extension it could write up to 255 bytes to freed
memory. [CVE-2014-3509]</p>
<p>An attacker can force an error condition which causes
openssl to crash whilst processing DTLS packets due to
memory being freed twice. This can be exploited through
a Denial of Service attack. [CVE-2014-3505]</p>
<p>An attacker can force openssl to consume large amounts
of memory whilst processing DTLS handshake messages.
This can be exploited through a Denial of Service
attack. [CVE-2014-3506]</p>
<p>By sending carefully crafted DTLS packets an attacker
could cause openssl to leak memory. This can be exploited
through a Denial of Service attack. [CVE-2014-3507]</p>
<p>OpenSSL DTLS clients enabling anonymous (EC)DH
ciphersuites are subject to a denial of service attack.
A malicious server can crash the client with a null pointer
dereference (read) by specifying an anonymous (EC)DH
ciphersuite and sending carefully crafted handshake
messages. [CVE-2014-3510]</p>
<p>A flaw in the OpenSSL SSL/TLS server code causes the
server to negotiate TLS 1.0 instead of higher protocol
versions when the ClientHello message is badly
fragmented. This allows a man-in-the-middle attacker
to force a downgrade to TLS 1.0 even if both the server
and the client support a higher protocol version, by
modifying the client's TLS records. [CVE-2014-3511]</p>
<p>A malicious client or server can send invalid SRP
parameters and overrun an internal buffer. Only
applications which are explicitly set up for SRP
use are affected. [CVE-2014-3512]</p>
</blockquote>
</body>
</description>
<references>
<url>https://www.openssl.org/news/secadv_20140806.txt</url>
<freebsdsa>SA-14:18.openssl</freebsdsa>
<cvename>CVE-2014-3505</cvename>
<cvename>CVE-2014-3506</cvename>
<cvename>CVE-2014-3507</cvename>
<cvename>CVE-2014-3508</cvename>
<cvename>CVE-2014-3509</cvename>
<cvename>CVE-2014-3510</cvename>
<cvename>CVE-2014-3511</cvename>
<cvename>CVE-2014-3512</cvename>
<cvename>CVE-2014-5139</cvename>
</references>
<dates>
<discovery>2014-08-06</discovery>
<entry>2014-08-06</entry>
<modified>2016-08-09</modified>
</dates>
</vuln>
<vuln vid="be5421ab-1b56-11e4-a767-5453ed2e2b49">
<topic>krfb -- Possible Denial of Service or code execution via integer overflow</topic>
<affects>
<package>
<name>krfb</name>
<range><lt>4.12.5_1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Albert Aastals Cid reports:</p>
<blockquote cite="http://lists.kde.org/?l=kde-announce&amp;m=140709940701878&amp;w=2">
<p>krfb embeds libvncserver which embeds liblzo2, it contains various
flaws that result in integer overflow problems.</p>
<p>This potentially allows a malicious application to create a
possible denial of service or code execution. Due to the need to
exploit precise details of the target architecture and threading it
is unlikely that remote code execution can be achieved in
practice.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-4607</cvename>
<mlist>http://lists.kde.org/?l=kde-announce&amp;m=140709940701878&amp;w=2</mlist>
</references>
<dates>
<discovery>2014-08-03</discovery>
<entry>2014-08-03</entry>
</dates>
</vuln>
<vuln vid="89ff45e3-1a57-11e4-bebd-000c2980a9f3">
<topic>samba -- remote code execution</topic>
<affects>
<package>
<name>samba4</name>
<range><ge>4.0.0</ge><lt>4.0.21</lt></range>
</package>
<package>
<name>samba41</name>
<range><ge>4.1.0</ge><lt>4.1.11</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Samba developers report:</p>
<blockquote cite="http://www.samba.org/samba/security/CVE-2014-3560">
<p>A malicious browser can send packets that may overwrite the heap of
the target nmbd NetBIOS name services daemon. It may be possible to
use this to generate a remote code execution vulnerability as the
superuser (root).</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-3560</cvename>
<url>http://www.samba.org/samba/security/CVE-2014-3560</url>
</references>
<dates>
<discovery>2014-07-31</discovery>
<entry>2014-08-02</entry>
</dates>
</vuln>
<vuln vid="90ca3ba5-19e6-11e4-8616-001b3856973b">
<topic>gpgme -- heap-based buffer overflow in gpgsm status handler</topic>
<affects>
<package>
<name>gpgme</name>
<range><lt>1.5.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Tomas Trnka reports:</p>
<blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=1113267">
<p>Gpgme contains a buffer overflow in the gpgsm status handler
that could possibly be exploited using a specially crafted certificate.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-3564</cvename>
<url>https://bugzilla.redhat.com/show_bug.cgi?id=1113267</url>
</references>
<dates>
<discovery>2014-06-25</discovery>
<entry>2014-08-02</entry>
</dates>
</vuln>
<vuln vid="2f90556f-18c6-11e4-9cc4-5453ed2e2b49">
<topic>kdelibs -- KAuth PID Reuse Flaw</topic>
<affects>
<package>
<name>kdelibs</name>
<range><lt>4.12.5_3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Martin Sandsmark reports:</p>
<blockquote cite="http://lists.kde.org/?l=kde-announce&amp;m=140674898412923&amp;w=2">
<p>The KAuth framework uses polkit-1 API which tries to authenticate
using the requestors PID. This is prone to PID reuse race
conditions.</p>
<p>This potentially allows a malicious application to pose as another
for authentication purposes when executing privileged actions.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-5033</cvename>
<mlist>http://lists.kde.org/?l=kde-announce&amp;m=140674898412923&amp;w=2</mlist>
</references>
<dates>
<discovery>2014-07-30</discovery>
<entry>2014-07-31</entry>
</dates>
</vuln>
<vuln vid="31c09848-1829-11e4-bf04-60a44c524f57">
<topic>tor -- traffic confirmation attack</topic>
<affects>
<package>
<name>tor</name>
<range><lt>0.2.4.23</lt></range>
</package>
<package>
<name>tor-devel</name>
<range><lt>0.2.5.6.a</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Tor Project reports:</p>
<blockquote cite="https://lists.torproject.org/pipermail/tor-announce/2014-July/000094.html">
<p>Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a
circuit after an inbound RELAY_EARLY cell is received by a client,
which makes it easier for remote attackers to conduct
traffic-confirmation attacks by using the pattern of RELAY and
RELAY_EARLY cells as a means of communicating information about
hidden service names.</p>
</blockquote>
</body>
</description>
<references>
<url>https://lists.torproject.org/pipermail/tor-announce/2014-July/000094.html</url>
<url>https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack</url>
<cvename>CVE-2014-5117</cvename>
</references>
<dates>
<discovery>2014-07-30</discovery>
<entry>2014-07-30</entry>
</dates>
</vuln>
<vuln vid="13419364-1685-11e4-bf04-60a44c524f57">
<topic>i2p -- Multiple Vulnerabilities</topic>
<affects>
<package>
<name>i2p</name>
<range><lt>0.9.14</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The i2p project reports:</p>
<blockquote cite="http://geti2p.net/en/blog/post/2014/07/26/0.9.14-Release">
<p>XSS and remote execution vulnerabilities reported by Exodus Intelligence.</p>
</blockquote>
<p>Exodus Intelligence reports:</p>
<blockquote cite="http://blog.exodusintel.com/2014/07/23/silverbullets_and_fairytails/">
<p>The vulnerability we have found is able to perform remote code
execution with a specially crafted payload. This payload can be
customized to unmask a user and show the public IP address in
which the user connected from within 'a couple of seconds.'</p>
</blockquote>
</body>
</description>
<references>
<url>http://blog.exodusintel.com/2014/07/23/silverbullets_and_fairytails/</url>
<url>http://geti2p.net/en/blog/post/2014/07/26/0.9.14-Release</url>
</references>
<dates>
<discovery>2014-07-24</discovery>
<entry>2014-07-28</entry>
</dates>
</vuln>
<vuln vid="9defb2d6-1404-11e4-8cae-20cf30e32f6d">
<topic>bugzilla -- Cross Site Request Forgery</topic>
<affects>
<package>
<name>bugzilla44</name>
<range><lt>4.4.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>A Bugzilla Security Advisory reports:</h1>
<blockquote cite="http://www.bugzilla.org/security/4.0.13/">
<p>Adobe does not properly restrict the SWF file format,
which allows remote attackers to conduct cross-site
request forgery (CSRF) attacks against Bugzilla's JSONP
endpoint, possibly obtaining sensitive bug information,
via a crafted OBJECT element with SWF content satisfying
the character-set requirements of a callback API.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-1546</cvename>
</references>
<dates>
<discovery>2014-07-24</discovery>
<entry>2014-07-25</entry>
</dates>
</vuln>
<vuln vid="f927e06c-1109-11e4-b090-20cf30e32f6d">
<topic>apache22 -- several vulnerabilities</topic>
<affects>
<package>
<name>apache22</name>
<range><gt>2.2.0</gt><lt>2.2.29</lt></range>
</package>
<package>
<name>apache22-event-mpm</name>
<range><gt>2.2.0</gt><lt>2.2.29</lt></range>
</package>
<package>
<name>apache22-itk-mpm</name>
<range><gt>2.2.0</gt><lt>2.2.29</lt></range>
</package>
<package>
<name>apache22-peruser-mpm</name>
<range><gt>2.2.0</gt><lt>2.2.29</lt></range>
</package>
<package>
<name>apache22-worker-mpm</name>
<range><gt>2.2.0</gt><lt>2.2.29</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Apache HTTP SERVER PROJECT reports:</p>
<blockquote cite="http://www.apache.org/dist/httpd/CHANGES_2.2.29">
<p> mod_deflate: The DEFLATE input filter (inflates request bodies) now
limits the length and compression ratio of inflated request bodies to
avoid denial of service via highly compressed bodies. See directives
DeflateInflateLimitRequestBody, DeflateInflateRatioLimit, and
DeflateInflateRatioBurst.</p>
<p>mod_cgid: Fix a denial of service against CGI scripts that do not consume
stdin that could lead to lingering HTTPD child processes filling up the
scoreboard and eventually hanging the server. By default, the client I/O
timeout (Timeout directive) now applies to communication with scripts. The
CGIDScriptTimeout directive can be used to set a different timeout for
communication with scripts.</p>
<p>Fix a race condition in scoreboard handling, which could lead to a heap
buffer overflow.</p>
<p>core: HTTP trailers could be used to replace HTTP headers late during
request processing, potentially undoing or otherwise confusing modules
that examined or modified request headers earlier. Adds "MergeTrailers"
directive to restore legacy behavior.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-0118</cvename>
<cvename>CVE-2014-0231</cvename>
<cvename>CVE-2014-0226</cvename>
<cvename>CVE-2013-5704</cvename>
</references>
<dates>
<discovery>2014-07-19</discovery>
<entry>2014-07-24</entry>
<modified>2014-09-03</modified>
</dates>
</vuln>
<vuln vid="81fc1076-1286-11e4-bebd-000c2980a9f3">
<topic>tomcat -- multiple vulnerabilities</topic>
<affects>
<package>
<name>tomcat</name>
<range><lt>6.0.40</lt></range>
</package>
<package>
<name>tomcat7</name>
<range><lt>7.0.53</lt></range>
</package>
<package>
<name>tomcat8</name>
<range><lt>8.0.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Tomcat Security Team reports:</p>
<blockquote cite="https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.54">
<p>Tomcat does not properly restrict XSLT stylesheets, which allows
remote attackers to bypass security-manager restrictions and read
arbitrary files via a crafted web application that provides an XML
external entity declaration in conjunction with an entity
reference, related to an XML External Entity (XXE) issue.</p>
<p>An integer overflow, when operated behind a reverse proxy, allows
remote attackers to conduct HTTP request smuggling attacks via a
crafted Content-Length HTTP header.</p>
<p>An integer overflow in parseChunkHeader allows remote attackers
to cause a denial of service (resource consumption) via a malformed
chunk size in chunked transfer coding of a request during the
streaming of data.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-0096</cvename>
<cvename>CVE-2014-0099</cvename>
<cvename>CVE-2014-0075</cvename>
<url>https://tomcat.apache.org/security-6.html</url>
<url>https://tomcat.apache.org/security-7.html</url>
<url>https://tomcat.apache.org/security-8.html</url>
</references>
<dates>
<discovery>2014-05-23</discovery>
<entry>2014-07-23</entry>
<modified>2017-03-18</modified>
</dates>
</vuln>
<vuln vid="978b0f76-122d-11e4-afe3-bc5ff4fb5e7b">
<topic>mozilla -- multiple vulnerabilities</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>31.0,1</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>24.7.0,1</lt></range>
</package>
<package>
<name>linux-firefox</name>
<range><lt>31.0,1</lt></range>
</package>
<package>
<name>linux-thunderbird</name>
<range><lt>24.7.0</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>24.7.0</lt></range>
</package>
<package>
<name>nss</name>
<range><lt>3.16.1_2</lt></range>
<!-- CVE-2014-1544/Bug 963150 -->
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Mozilla Project reports:</p>
<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
<p>MFSA 2014-66 IFRAME sandbox same-origin access through
redirect</p>
<p>MFSA 2014-65 Certificate parsing broken by non-standard
character encoding</p>
<p>MFSA 2014-64 Crash in Skia library when scaling high
quality images</p>
<p>MFSA 2014-63 Use-after-free while when manipulating
certificates in the trusted cache</p>
<p>MFSA 2014-62 Exploitable WebGL crash with Cesium
JavaScript library</p>
<p>MFSA 2014-61 Use-after-free with FireOnStateChange
event</p>
<p>MFSA 2014-60 Toolbar dialog customization event
spoofing</p>
<p>MFSA 2014-59 Use-after-free in DirectWrite font
handling</p>
<p>MFSA 2014-58 Use-after-free in Web Audio due to
incorrect control message ordering</p>
<p>MFSA 2014-57 Buffer overflow during Web Audio
buffering for playback</p>
<p>MFSA 2014-56 Miscellaneous memory safety hazards
(rv:31.0 / rv:24.7)</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-1544</cvename>
<cvename>CVE-2014-1547</cvename>
<cvename>CVE-2014-1548</cvename>
<cvename>CVE-2014-1549</cvename>
<cvename>CVE-2014-1550</cvename>
<cvename>CVE-2014-1551</cvename>
<cvename>CVE-2014-1552</cvename>
<cvename>CVE-2014-1555</cvename>
<cvename>CVE-2014-1556</cvename>
<cvename>CVE-2014-1557</cvename>
<cvename>CVE-2014-1558</cvename>
<cvename>CVE-2014-1559</cvename>
<cvename>CVE-2014-1560</cvename>
<cvename>CVE-2014-1561</cvename>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-56.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-57.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-58.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-59.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-60.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-61.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-62.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-63.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-64.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-65.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-66.html</url>
<url>https://www.mozilla.org/security/announce/</url>
</references>
<dates>
<discovery>2014-07-22</discovery>
<entry>2014-07-23</entry>
</dates>
</vuln>
<vuln vid="ecea9e92-0be5-4931-88da-8772d044972a">
<topic>mcollective -- cert valication issue</topic>
<affects>
<package>
<name>mcollective</name>
<range><lt>2.5.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Melissa Stone reports:</p>
<blockquote cite="https://groups.google.com/forum/#!topic/puppet-announce/cPykqUXMmK4">
<p>The MCollective aes_security public key plugin does not correctly
validate certs against the CA. By exploiting this vulnerability
within a race/initialization window, an attacker with local access
could initiate an unauthorized MCollective client connection with a
server, and thus control the mcollective plugins running on that
server. This vulnerability requires a collective be configured to
use the aes_security plugin. Puppet Enterprise and open source
MCollective are not configured to use the plugin and are not
vulnerable by default.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-3251</cvename>
<url>https://groups.google.com/forum/#!topic/puppet-announce/cPykqUXMmK4</url>
</references>
<dates>
<discovery>2014-07-09</discovery>
<entry>2014-07-21</entry>
</dates>
</vuln>
<vuln vid="904d78b8-0f7e-11e4-8b71-5453ed2e2b49">
<topic>qt4-imageformats, qt5-gui -- DoS vulnerability in the GIF image handler</topic>
<affects>
<package>
<name>qt4-imageformats</name>
<range><lt>4.8.6_1</lt></range>
</package>
<package>
<name>qt5-gui</name>
<range><lt>5.2.1_4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Richard J. Moore reports:</p>
<blockquote cite="http://lists.qt-project.org/pipermail/announce/2014-April/000045.html">
<p>The builtin GIF decoder in QtGui prior to Qt 5.3 contained a bug
that would lead to a null pointer dereference when loading certain
hand crafted corrupt GIF files. This in turn would cause the
application loading these hand crafted GIFs to crash.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-0190</cvename>
<bid>67087</bid>
<mlist>http://lists.qt-project.org/pipermail/announce/2014-April/000045.html</mlist>
</references>
<dates>
<discovery>2014-04-24</discovery>
<entry>2014-07-19</entry>
<modified>2014-07-21</modified>
</dates>
</vuln>
<vuln vid="4364e1f1-0f44-11e4-b090-20cf30e32f6d">
<topic>apache24 -- several vulnerabilities</topic>
<affects>
<package>
<name>apache24</name>
<range><lt>2.4.10</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Apache HTTP SERVER PROJECT reports:</h1>
<blockquote cite="http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?view=markup&amp;pathrev=1610737">
<p>mod_proxy: Fix crash in Connection header handling which allowed a
denial of service attack against a reverse proxy with a threaded MPM.</p>
<p>Fix a race condition in scoreboard handling, which could lead to a
heap buffer overflow.</p>
<p>mod_deflate: The DEFLATE input filter (inflates request bodies) now
limits the length and compression ratio of inflated request bodies to avoid
denial of sevice via highly compressed bodies. See directives
DeflateInflateLimitRequestBody, DeflateInflateRatioLimit,
and DeflateInflateRatioBurst.</p>
<p>mod_cgid: Fix a denial of service against CGI scripts that do
not consume stdin that could lead to lingering HTTPD child processes
filling up the scoreboard and eventually hanging the server. By
default, the client I/O timeout (Timeout directive) now applies to
communication with scripts. The CGIDScriptTimeout directive can be
used to set a different timeout for communication with scripts.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-0117</cvename>
<cvename>CVE-2014-3523</cvename>
<cvename>CVE-2014-0226</cvename>
<cvename>CVE-2014-0118</cvename>
<cvename>CVE-2014-0231</cvename>
</references>
<dates>
<discovery>2014-07-15</discovery>
<entry>2014-07-19</entry>
</dates>
</vuln>
<vuln vid="3f09ca29-0e48-11e4-b17a-6805ca0b3d42">
<topic>phpMyAdmin -- multiple XSS vulnerabilities, missing validation</topic>
<affects>
<package>
<name>phpMyAdmin</name>
<range><ge>4.2.0</ge><lt>4.2.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The phpMyAdmin development team reports:</p>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-4.php">
<p>Self-XSS due to unescaped HTML output in database
structure page.</p>
<p>With a crafted table comment, it is possible to trigger
an XSS in database structure page.</p>
</blockquote>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-5.php">
<p>Self-XSS due to unescaped HTML output in database
triggers page.</p>
<p>When navigating into the database triggers page, it is
possible to trigger an XSS with a crafted trigger
name.</p>
</blockquote>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-6.php">
<p>Multiple XSS in AJAX confirmation messages.</p>
<p>With a crafted column name it is possible to trigger an
XSS when dropping the column in table structure page. With
a crafted table name it is possible to trigger an XSS when
dropping or truncating the table in table operations
page.</p>
</blockquote>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php">
<p>Access for an unprivileged user to MySQL user list.</p>
<p>An unpriviledged user could view the MySQL user list and
manipulate the tabs displayed in phpMyAdmin for them.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-4954</cvename>
<cvename>CVE-2014-4955</cvename>
<cvename>CVE-2014-4986</cvename>
<cvename>CVE-2014-4987</cvename>
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-4.php</url>
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-5.php</url>
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-6.php</url>
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php</url>
</references>
<dates>
<discovery>2014-07-18</discovery>
<entry>2014-07-18</entry>
<modified>2014-07-20</modified>
</dates>
</vuln>
<vuln vid="4a114331-0d24-11e4-8dd2-5453ed2e2b49">
<topic>kdelibs4 -- KMail/KIO POP3 SSL Man-in-the-middle Flaw</topic>
<affects>
<package>
<name>kdelibs</name>
<range><ge>4.10.95</ge><lt>4.12.5_2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Richard J. Moore reports:</p>
<blockquote cite="http://www.kde.org/info/security/advisory-20140618-1.txt">
<p>The POP3 kioslave used by KMail will accept invalid
certificates without presenting a dialog to the user due a
bug that leads to an inability to display the dialog
combined with an error in the way the result is checked.</p>
<p>This flaw allows an active attacker to perform MITM
attacks against the ioslave which could result in the leakage of
sensitive data such as the authentication details and the contents of
emails.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-3494</cvename>
<bid>68113</bid>
<mlist>http://lists.kde.org/?l=kde-announce&amp;m=140312275318160&amp;w=2</mlist>
</references>
<dates>
<discovery>2014-06-17</discovery>
<entry>2014-07-16</entry>
</dates>
</vuln>
<vuln vid="ff98087f-0a8f-11e4-b00b-5453ed2e2b49">
<topic>postfixadmin -- SQL injection vulnerability</topic>
<affects>
<package>
<name>postfixadmin</name>
<range><lt>2.3.7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Thijs Kinkhorst reports:</p>
<blockquote cite="http://www.openwall.com/lists/oss-security/2014/03/26/6">
<p>Postfixadmin has an SQL injection vulnerability. This
vulnerability is only exploitable by authenticated users able to
create new aliases.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-2655</cvename>
<bid>66455</bid>
<freebsdpr>ports/189248</freebsdpr>
<mlist>http://www.openwall.com/lists/oss-security/2014/03/26/6</mlist>
<url>https://www.debian.org/security/2014/dsa-2889</url>
</references>
<dates>
<discovery>2014-03-28</discovery>
<entry>2014-07-13</entry>
<modified>2015-09-28</modified>
</dates>
</vuln>
<vuln vid="e6a7636a-02d0-11e4-88b6-080027671656">
<topic>dbus -- multiple vulnerabilities</topic>
<affects>
<package>
<name>dbus</name>
<range><lt>1.8.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Simon McVittie reports:</p>
<blockquote cite="http://lists.freedesktop.org/archives/dbus/2014-July/016235.html">
<p>Alban Crequy at Collabora Ltd. discovered a bug in dbus-daemon's
support for file descriptor passing. A malicious process could
force system services or user applications to be disconnected
from the D-Bus system bus by sending them a message containing
a file descriptor, then causing that file descriptor to exceed
the kernel's maximum recursion depth (itself introduced to fix
a DoS) before dbus-daemon forwards the message to the victim
process. Most services and applications exit when disconnected
from the system bus, leading to a denial of service.</p>
<p>Additionally, Alban discovered that bug fd.o#79694, a bug
previously reported by Alejandro Martínez Suárez which was n
believed to be security flaw, could be used for a similar denial
of service, by causing dbus-daemon to attempt to forward invalid
file descriptors to a victim process when file descriptors become
associated with the wrong message.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-3532</cvename>
<cvename>CVE-2014-3533</cvename>
<url>http://lists.freedesktop.org/archives/dbus/2014-July/016235.html</url>
</references>
<dates>
<discovery>2014-07-02</discovery>
<entry>2014-07-03</entry>
</dates>
</vuln>
<vuln vid="17dfd984-feba-11e3-b938-5404a68ad561">
<topic>mencoder -- potential buffer overrun when processing malicious lzo compressed input</topic>
<affects>
<package>
<name>mencoder</name>
<range><lt>1.1.r20140418_1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Michael Niedermayer and Luca Barbato report in upstream ffmpeg:</p>
<blockquote>
<p>avutil/lzo: Fix integer overflow</p>
</blockquote>
</body>
</description>
<references>
<url>http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ccda51b14c0fcae2fad73a24872dce75a7964996</url>
<url>http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6af26c55c1ea30f85a7d9edbc373f53be1743ee</url>
<cvename>CVE-2014-4610</cvename>
</references>
<dates>
<discovery>2014-06-24</discovery>
<entry>2014-06-28</entry>
</dates>
</vuln>
<vuln vid="9ab3a22c-feb8-11e3-b938-5404a68ad561">
<topic>mplayer -- potential buffer overrun when processing malicious lzo compressed input</topic>
<affects>
<package>
<name>mplayer</name>
<range><lt>1.1.r20140418_3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Michael Niedermayer and Luca Barbato report in upstream ffmpeg:</p>
<blockquote>
<p>avutil/lzo: Fix integer overflow</p>
</blockquote>
</body>
</description>
<references>
<url>http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ccda51b14c0fcae2fad73a24872dce75a7964996</url>
<url>http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6af26c55c1ea30f85a7d9edbc373f53be1743ee</url>
<cvename>CVE-2014-4610</cvename>
</references>
<dates>
<discovery>2014-06-24</discovery>
<entry>2014-06-28</entry>
</dates>
</vuln>
<vuln vid="d1f5e12a-fd5a-11e3-a108-080027ef73ec">
<topic>LZO -- potential buffer overrun when processing malicious input data</topic>
<affects>
<package>
<name>lzo2</name>
<range><lt>2.07</lt></range>
</package>
<package>
<name>busybox</name>
<range><lt>1.22.1_2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Markus Franz Xaver Johannes Oberhumer reports, in the package's NEWS file:</p>
<blockquote>
<p>Fixed a potential integer overflow condition in the "safe"
decompressor variants which could result in a possible buffer
overrun when processing maliciously crafted compressed input
data.</p>
<p>As this issue only affects 32-bit systems and also can only happen
if you use uncommonly huge buffer sizes where you have to decompress
more than 16 MiB (2^24 bytes) compressed bytes within a single
function call, the practical implications are limited.</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.oberhumer.com/opensource/lzo/download/lzo-2.07.tar.gz</url>
<cvename>CVE-2014-4608</cvename>
</references>
<dates>
<discovery>2014-06-25</discovery>
<entry>2014-06-26</entry>
<modified>2015-01-06</modified>
</dates>
</vuln>
<vuln vid="1c840eb9-fb32-11e3-866e-b499baab0cbe">
<topic>gnupg -- possible DoS using garbled compressed data packets</topic>
<affects>
<package>
<name>gnupg1</name>
<range><lt>1.4.17</lt></range>
</package>
<package>
<name>gnupg</name>
<range><lt>2.0.24</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Werner Koch reports:</p>
<blockquote cite="http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html">
<p>This release includes a *security fix* to stop
a possible DoS using garbled compressed data packets which can be used
to put gpg into an infinite loop.</p>
</blockquote>
</body>
</description>
<references>
<url>http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html</url>
<url>http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html</url>
</references>
<dates>
<discovery>2014-06-23</discovery>
<entry>2014-06-23</entry>
</dates>
</vuln>
<vuln vid="6ad309d9-fb03-11e3-bebd-000c2980a9f3">
<topic>samba -- multiple vulnerabilities</topic>
<affects>
<package>
<name>samba36</name>
<range><lt>3.6.24</lt></range>
</package>
<package>
<name>samba4</name>
<range><lt>4.0.19</lt></range>
</package>
<package>
<name>samba41</name>
<range><lt>4.1.9</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The samba project reports:</p>
<blockquote cite="https://www.samba.org/samba/history/">
<p>A malformed packet can cause the nmbd server to loop the CPU and
prevent any further NetBIOS name service.</p>
<p>Valid unicode path names stored on disk can cause smbd to
crash if an authenticated client attempts to read them
using a non-unicode request.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-0244</cvename>
<cvename>CVE-2014-3493</cvename>
<url>https://www.samba.org/samba/security/CVE-2014-0244</url>
<url>https://www.samba.org/samba/security/CVE-2014-3493</url>
</references>
<dates>
<discovery>2014-06-23</discovery>
<entry>2014-06-23</entry>
</dates>
</vuln>
<vuln vid="c4892644-f8c6-11e3-9f45-6805ca0b3d42">
<topic>phpMyAdmin -- two XSS vulnerabilities due to unescaped db/table names</topic>
<affects>
<package>
<name>phpMyAdmin</name>
<range><ge>4.1.0</ge><lt>4.2.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The phpMyAdmin development team reports:</p>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-2.php">
<p>Self-XSS due to unescaped HTML output in recent/favorite
tables navigation.</p>
<p>When marking a crafted database or table name as
favorite or having it in recent tables, it is possible to
trigger an XSS.</p>
<p>This vulnerability can be triggered only by someone who
logged in to phpMyAdmin, as the usual token protection
prevents non-logged-in users from accessing the required
form.</p>
</blockquote>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-3.php">
<p>Self-XSS due to unescaped HTML output in navigation items
hiding feature.</p>
<p>When hiding or unhiding a crafted table name in the
navigation, it is possible to trigger an XSS.</p>
<p>This vulnerability can be triggered only by someone who
logged in to phpMyAdmin, as the usual token protection
prevents non-logged-in users from accessing the required
form.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-4348</cvename>
<cvename>CVE-2014-4349</cvename>
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-2.php</url>
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-3.php</url>
</references>
<dates>
<discovery>2014-06-20</discovery>
<entry>2014-06-20</entry>
<modified>2014-06-24</modified>
</dates>
</vuln>
<vuln vid="0981958a-f733-11e3-8276-071f1604ef8a">
<topic>iodined -- authentication bypass</topic>
<affects>
<package>
<name>iodine</name>
<range><lt>0.7.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Erik Ekman of the iodine project reports:</p>
<blockquote cite="https://github.com/yarrick/iodine/commit/b715be5cf3978fbe589b03b09c9398d0d791f850">
<p>The client could bypass the password check by continuing after
getting error from the server and guessing the network parameters.
The server would still accept the rest of the setup and also network
traffic.</p>
</blockquote>
</body>
</description>
<references>
<url>https://github.com/yarrick/iodine/commit/b715be5cf3978fbe589b03b09c9398d0d791f850</url>
</references>
<dates>
<discovery>2014-06-16</discovery>
<entry>2014-06-18</entry>
</dates>
</vuln>
<vuln vid="f109b02f-f5a4-11e3-82e9-00a098b18457">
<topic>asterisk -- multiple vulnerabilities</topic>
<affects>
<package>
<name>asterisk11</name>
<range><lt>11.10.1</lt></range>
</package>
<package>
<name>asterisk18</name>
<range><lt>1.8.28.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Asterisk project reports:</p>
<blockquote cite="https://www.asterisk.org/security">
<p>Asterisk Manager User Unauthorized Shell Access. Manager users can
execute arbitrary shell commands with the MixMonitor manager action.
Asterisk does not require system class authorization for a manager
user to use the MixMonitor action, so any manager user who is
permitted to use manager commands can potentially execute shell
commands as the user executing the Asterisk process.</p>
<p>Exhaustion of Allowed Concurrent HTTP Connections. Establishing a
TCP or TLS connection to the configured HTTP or HTTPS port
respectively in http.conf and then not sending or completing a HTTP
request will tie up a HTTP session. By doing this repeatedly until the
maximum number of open HTTP sessions is reached, legitimate requests
are blocked.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-4046</cvename>
<cvename>CVE-2014-4047</cvename>
<url>http://downloads.asterisk.org/pub/security/AST-2014-006.pdf</url>
<url>http://downloads.asterisk.org/pub/security/AST-2014-007.pdf</url>
<url>https://www.asterisk.org/security</url>
</references>
<dates>
<discovery>2014-06-12</discovery>
<entry>2014-06-17</entry>
</dates>
</vuln>
<vuln vid="52bbc7e8-f13c-11e3-bc09-bcaec565249c">
<topic>dbus -- local DoS</topic>
<affects>
<package>
<name>dbus</name>
<range><ge>1.8.0</ge><lt>1.8.4</lt></range>
<range><lt>1.6.20</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Simon MvVittie reports:</p>
<blockquote cite="http://lists.freedesktop.org/archives/dbus/2014-June/016220.html">
<p>Alban Crequy at Collabora Ltd. discovered and fixed a
denial-of-service flaw in dbus-daemon, part of the reference
implementation of D-Bus. Additionally, in highly unusual
environments the same flaw could lead to a side channel between
processes that should not be able to communicate.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-3477</cvename>
<url>http://lists.freedesktop.org/archives/dbus/2014-June/016220.html</url>
</references>
<dates>
<discovery>2014-06-10</discovery>
<entry>2014-06-14</entry>
</dates>
</vuln>
<vuln vid="888a0262-f0d9-11e3-ba0c-b4b52fce4ce8">
<topic>mozilla -- multiple vulnerabilities</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>30.0,1</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>24.6.0,1</lt></range>
</package>
<package>
<name>seamonkey</name>
<range><lt>2.26.1</lt></range>
</package>
<package>
<name>linux-firefox</name>
<range><lt>30.0,1</lt></range>
</package>
<package>
<name>linux-seamonkey</name>
<range><lt>2.26.1</lt></range>
</package>
<package>
<name>linux-thunderbird</name>
<range><lt>24.6.0</lt></range>
</package>
<package>
<name>nspr</name>
<range><lt>4.10.6</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>24.6.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Mozilla Project reports:</p>
<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
<p>MFSA 2014-48 Miscellaneous memory safety hazards
(rv:30.0 / rv:24.6)</p>
<p>MFSA 2014-49 Use-after-free and out of bounds
issues found using Address Sanitizer</p>
<p>MFSA 2014-51 Use-after-free in Event Listener
Manager</p>
<p>MFSA 2014-52 Use-after-free with SMIL Animation
Controller</p>
<p>MFSA 2014-53 Buffer overflow in Web Audio Speex
resampler</p>
<p>MFSA 2014-54 Buffer overflow in Gamepad API</p>
<p>MFSA 2014-55 Out of bounds write in NSPR</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-1533</cvename>
<cvename>CVE-2014-1534</cvename>
<cvename>CVE-2014-1536</cvename>
<cvename>CVE-2014-1537</cvename>
<cvename>CVE-2014-1540</cvename>
<cvename>CVE-2014-1541</cvename>
<cvename>CVE-2014-1542</cvename>
<cvename>CVE-2014-1543</cvename>
<cvename>CVE-2014-1545</cvename>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-48.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-49.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-51.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-52.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-53.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-54.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-55.html</url>
</references>
<dates>
<discovery>2014-06-10</discovery>
<entry>2014-06-10</entry>
</dates>
</vuln>
<vuln vid="5ac53801-ec2e-11e3-9cf3-3c970e169bc2">
<topic>OpenSSL -- multiple vulnerabilities</topic>
<affects>
<package>
<name>openssl</name>
<range><ge>1.0.1</ge><lt>1.0.1_13</lt></range>
</package>
<package>
<name>mingw32-openssl</name>
<range><ge>1.0.1</ge><lt>1.0.1h</lt></range>
</package>
<package>
<name>FreeBSD</name>
<range><ge>8.0</ge><lt>8.4_12</lt></range>
<range><ge>9.1</ge><lt>9.1_15</lt></range>
<range><ge>9.2</ge><lt>9.2_8</lt></range>
<range><ge>10.0</ge><lt>10.0_5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The OpenSSL Project reports:</p>
<blockquote cite="http://www.openssl.org/news/secadv_20140605.txt">
<p>An attacker using a carefully crafted handshake can force
the use of weak keying material in OpenSSL SSL/TLS clients
and servers. This can be exploited by a Man-in-the-middle
(MITM) attack where the attacker can decrypt and modify
traffic from the attacked client and server. [CVE-2014-0224]</p>
<p>By sending an invalid DTLS handshake to an OpenSSL DTLS
client the code can be made to recurse eventually crashing
in a DoS attack. [CVE-2014-0221]</p>
<p>A buffer overrun attack can be triggered by sending invalid
DTLS fragments to an OpenSSL DTLS client or server. This is
potentially exploitable to run arbitrary code on a vulnerable
client or server. [CVE-2014-0195]</p>
<p>OpenSSL TLS clients enabling anonymous ECDH ciphersuites are
subject to a denial of service attack. [CVE-2014-3470]</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-0195</cvename>
<cvename>CVE-2014-0221</cvename>
<cvename>CVE-2014-0224</cvename>
<cvename>CVE-2014-3470</cvename>
<freebsdsa>SA-14:14.openssl</freebsdsa>
<url>http://www.openssl.org/news/secadv_20140605.txt</url>
</references>
<dates>
<discovery>2014-06-05</discovery>
<entry>2014-06-05</entry>
</dates>
</vuln>
<vuln vid="9733c480-ebff-11e3-970b-206a8a720317">
<topic>gnutls -- client-side memory corruption</topic>
<affects>
<package>
<name>gnutls</name>
<range><lt>2.12.23_6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>GnuTLS project reports:</p>
<blockquote cite="www.gnutls.org/security.html#GNUTLS-SA-2014-3">
<p>This vulnerability affects the client side of the gnutls library.
A server that sends a specially crafted ServerHello could corrupt
the memory of a requesting client.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-3466</cvename>
<url>http://www.gnutls.org/security.html#GNUTLS-SA-2014-3</url>
</references>
<dates>
<discovery>2014-05-14</discovery>
<entry>2014-06-04</entry>
</dates>
</vuln>
<vuln vid="027af74d-eb56-11e3-9032-000c2980a9f3">
<topic>gnutls -- client-side memory corruption</topic>
<affects>
<package>
<name>gnutls3</name>
<range><ge>3.1</ge><lt>3.1.25</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>GnuTLS project reports:</p>
<blockquote cite="www.gnutls.org/security.html#GNUTLS-SA-2014-3">
<p>This vulnerability affects the client side of the gnutls library.
A server that sends a specially crafted ServerHello could corrupt
the memory of a requesting client.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-3466</cvename>
<url>http://www.gnutls.org/security.html#GNUTLS-SA-2014-3</url>
</references>
<dates>
<discovery>2014-05-14</discovery>
<entry>2014-06-03</entry>
</dates>
</vuln>
<vuln vid="77e2e631-e742-11e3-9a25-5404a6a6412c">
<topic>mumble -- multiple vulnerabilities</topic>
<affects>
<package>
<name>mumble</name>
<range><ge>1.2.0</ge><lt>1.2.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Mumble reports:</p>
<blockquote cite="http://blog.mumble.info/mumble-1-2-6/">
<p>SVG images with local file references could trigger client DoS</p>
<p>The Mumble client did not properly HTML-escape some external strings
before using them in a rich-text (HTML) context.</p>
</blockquote>
</body>
</description>
<references>
<url>http://mumble.info/security/Mumble-SA-2014-005.txt</url>
<url>http://mumble.info/security/Mumble-SA-2014-006.txt</url>
</references>
<dates>
<discovery>2014-04-16</discovery>
<entry>2014-05-29</entry>
</dates>
</vuln>
<vuln vid="c2c8c84b-e734-11e3-9a25-5404a6a6412c">
<topic>mumble -- NULL pointer dereference and heap-based buffer overflow</topic>
<affects>
<package>
<name>mumble</name>
<range><ge>1.2.4</ge><le>1.2.4_6</le></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Mumble reports:</p>
<blockquote cite="http://blog.mumble.info/mumble-1-2-5/">
<p>A malformed Opus voice packet sent to a Mumble client could trigger
a NULL pointer dereference or an out-of-bounds array access.</p>
<p>A malformed Opus voice packet sent to a Mumble client could trigger a
heap-based buffer overflow.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-0044</cvename>
<cvename>CVE-2014-0045</cvename>
<url>http://mumble.info/security/Mumble-SA-2014-001.txt</url>
<url>http://mumble.info/security/Mumble-SA-2014-002.txt</url>
</references>
<dates>
<discovery>2014-01-25</discovery>
<entry>2014-05-29</entry>
</dates>
</vuln>
<vuln vid="f99a4686-e694-11e3-9032-000c2980a9f3">
<cancelled/>
</vuln>
<vuln vid="688e73a2-e514-11e3-a52a-98fc11cdc4f5">
<topic>linux-flashplugin -- multiple vulnerabilities</topic>
<affects>
<package>
<name>linux-f10-flashplugin</name>
<range><lt>11.2r202.359</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Adobe reports:</p>
<blockquote cite="https://helpx.adobe.com/security/products/flash-player/apsb14-14.html">
<p>These updates address vulnerabilities that could cause a crash
and potentially allow an attacker to take control of the affected system.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-0510</cvename>
<cvename>CVE-2014-0516</cvename>
<cvename>CVE-2014-0517</cvename>
<cvename>CVE-2014-0518</cvename>
<cvename>CVE-2014-0519</cvename>
<cvename>CVE-2014-0520</cvename>
<url>https://helpx.adobe.com/security/products/flash-player/apsb14-14.html</url>
</references>
<dates>
<discovery>2014-03-13</discovery>
<entry>2014-05-26</entry>
</dates>
</vuln>
<vuln vid="02db20d7-e34a-11e3-bd92-bcaec565249c">
<topic>openjpeg -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>openjpeg</name>
<range><lt>1.5.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Openjpeg release notes report:</p>
<blockquote cite="http://openjpeg.googlecode.com/svn/tags/version.1.5.1/NEWS">
<p>That CVE-2012-3535 and CVE-2012-3358 are fixed in the 1.5.1
release.</p>
</blockquote>
<blockquote cite="http://openjpeg.googlecode.com/svn/tags/version.1.5.2/NEWS">
<p>That CVE-2013-4289, CVE-2013-4290, CVE-2013-1447, CVE-2013-6045,
CVE-2013-6052, CVE-2013-6054, CVE-2013-6053, CVE-2013-6887,
where fixed in the 1.5.2 release.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2012-3358</cvename>
<cvename>CVE-2012-3535</cvename>
<cvename>CVE-2013-1447</cvename>
<cvename>CVE-2013-4289</cvename>
<cvename>CVE-2013-4290</cvename>
<cvename>CVE-2013-6045</cvename>
<cvename>CVE-2013-6052</cvename>
<cvename>CVE-2013-6053</cvename>
<cvename>CVE-2013-6054</cvename>
<cvename>CVE-2013-6887</cvename>
<url>http://openjpeg.googlecode.com/svn/tags/version.1.5.1/NEWS</url>
<url>http://openjpeg.googlecode.com/svn/tags/version.1.5.2/NEWS</url>
</references>
<dates>
<discovery>2012-05-13</discovery>
<entry>2014-05-24</entry>
</dates>
</vuln>
<vuln vid="b060ee50-daba-11e3-99f2-bcaec565249c">
<topic>libXfont -- X Font Service Protocol and Font metadata file handling issues</topic>
<affects>
<package>
<name>libXfont</name>
<range><lt>1.4.7_3</lt></range>
</package>
<package>
<name>linux-c6-xorg-libs</name>
<range><lt>7.4_2</lt></range>
</package>
<package>
<name>linux-f10-xorg-libs</name>
<range><ge>*</ge></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Alan Coopersmith reports:</p>
<blockquote cite="http://lists.x.org/archives/xorg-announce/2014-May/002431.html">
<p>Ilja van Sprundel, a security researcher with IOActive, has
discovered several issues in the way the libXfont library
handles the responses it receives from xfs servers, and has
worked with X.Org's security team to analyze, confirm, and fix
these issues.</p>
<p>Most of these issues stem from libXfont trusting the font server
to send valid protocol data, and not verifying that the values
will not overflow or cause other damage. This code is commonly
called from the X server when an X Font Server is active in the
font path, so may be running in a setuid-root process depending
on the X server in use. Exploits of this path could be used by
a local, authenticated user to attempt to raise privileges; or
by a remote attacker who can control the font server to attempt
to execute code with the privileges of the X server.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-0209</cvename>
<cvename>CVE-2014-0210</cvename>
<cvename>CVE-2014-0211</cvename>
<url>http://lists.x.org/archives/xorg-announce/2014-May/002431.html</url>
</references>
<dates>
<discovery>2014-05-13</discovery>
<entry>2014-05-13</entry>
<modified>2015-07-15</modified>
</dates>
</vuln>
<vuln vid="e7bb3885-da40-11e3-9ecb-2c4138874f7d">
<topic>libxml2 -- lack of end-of-document check DoS</topic>
<affects>
<package>
<name>libxml2</name>
<range><lt>2.9.1</lt></range>
</package>
<package>
<name>linux-c6-libxml2</name>
<range><lt>2.7.6_2</lt></range>
</package>
<package>
<name>linux-f10-libxml2</name>
<range><ge>*</ge></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>CVE MITRE reports:</p>
<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2877">
<p>parser.c in libxml2 before 2.9.0, as used in Google
Chrome before 28.0.1500.71 and other products, allows remote
attackers to cause a denial of service (out-of-bounds read)
via a document that ends abruptly, related to the lack of
certain checks for the XML_PARSER_EOF state.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2013-2877</cvename>
<url>https://git.gnome.org/browse/libxml2/tag/?id=CVE-2013-2877</url>
<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2877</url>
<url>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2877</url>
</references>
<dates>
<discovery>2013-04-11</discovery>
<entry>2013-07-10</entry>
<modified>2015-07-15</modified>
</dates>
</vuln>
<vuln vid="efdd0edc-da3d-11e3-9ecb-2c4138874f7d">
<topic>libxml2 -- entity substitution DoS</topic>
<affects>
<package>
<name>libxml2</name>
<range><lt>2.9.1</lt></range>
</package>
<package>
<name>linux-c6-libxml2</name>
<range><lt>2.7.6_2</lt></range>
</package>
<package>
<name>linux-f10-libxml2</name>
<range><ge>*</ge></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Stefan Cornelius reports:</p>
<blockquote cite="http://www.openwall.com/lists/oss-security/2014/05/06/4">
<p>It was discovered that libxml2, a library providing
support to read, modify and write XML files, incorrectly
performs entity substitution in the doctype prolog, even if
the application using libxml2 disabled any entity
substitution. A remote attacker could provide a
specially-crafted XML file that, when processed, would lead
to the exhaustion of CPU and memory resources or file
descriptors.</p>
<p>This issue was discovered by Daniel Berrange of Red Hat.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-0191</cvename>
<url>http://www.openwall.com/lists/oss-security/2014/05/06/4</url>
<url>https://git.gnome.org/browse/libxml2/tag/?id=CVE-2014-0191</url>
<url>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0191</url>
</references>
<dates>
<discovery>2013-12-03</discovery>
<entry>2014-05-06</entry>
<modified>2015-07-15</modified>
</dates>
</vuln>
<vuln vid="1959e847-d4f0-11e3-84b0-0018fe623f2b">
<topic>OpenSSL -- NULL pointer dereference / DoS</topic>
<affects>
<package>
<name>openssl</name>
<range><ge>1.0.1</ge><lt>1.0.1_12</lt></range>
</package>
<package>
<name>FreeBSD</name>
<range><ge>10.0</ge><lt>10.0_3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>OpenBSD and David Ramos reports:</p>
<blockquote cite="http://www.openwall.com/lists/oss-security/2014/05/02/5">
<p>Applications that use SSL_MODE_RELEASE_BUFFERS, such as nginx/apache,
are prone to a race condition which may allow a remote attacker to
crash the current service.</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.openwall.com/lists/oss-security/2014/05/02/5</url>
<url>https://rt.openssl.org/Ticket/Display.html?user=guest&amp;pass=guest&amp;id=3321</url>
<freebsdsa>SA-14:10.openssl</freebsdsa>
<cvename>CVE-2014-0198</cvename>
</references>
<dates>
<discovery>2014-05-02</discovery>
<entry>2014-05-03</entry>
<modified>2016-08-09</modified>
</dates>
</vuln>
<vuln vid="89709e58-d497-11e3-a3d5-5453ed2e2b49">
<topic>qt4-xml -- XML Entity Expansion Denial of Service</topic>
<affects>
<package>
<name>qt4-xml</name>
<range><lt>4.8.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Richard J. Moore reports:</p>
<blockquote cite="http://lists.qt-project.org/pipermail/announce/2013-December/000036.html">
<p>QXmlSimpleReader in Qt versions prior to 5.2 supports
expansion of internal entities in XML documents without
placing restrictions to ensure the document does not cause
excessive memory usage. If an application using this API
processes untrusted data then the application may use
unexpected amounts of memory if a malicious document is
processed.</p>
<p>It is possible to construct XML documents using internal
entities that consume large amounts of memory and other
resources to process, this is known as the 'Billion Laughs'
attack. Qt versions prior to 5.2 did not offer protection
against this issue.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2013-4549</cvename>
<url>http://lists.qt-project.org/pipermail/announce/2013-December/000036.html</url>
</references>
<dates>
<discovery>2013-12-05</discovery>
<entry>2014-05-05</entry>
</dates>
</vuln>
<vuln vid="6fb521b0-d388-11e3-a790-000c2980a9f3">
<topic>strongswan -- Remote Authentication Bypass</topic>
<affects>
<package>
<name>strongswan</name>
<range><lt>5.1.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>strongSwan developers report:</p>
<blockquote cite="www.strongswan.org/blog/2014/04/14/strongswan-authentication-bypass-vulnerability-(cve-2014-2338).html">
<p>Remote attackers are able to bypass authentication by rekeying an
IKE_SA during (1) initiation or (2) re-authentication, which
triggers the IKE_SA state to be set to established.</p>
<p>Only installations that actively initiate or re-authenticate IKEv2
IKE_SAs are affected.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-2338</cvename>
<url>http://www.strongswan.org/blog/2014/04/14/strongswan-authentication-bypass-vulnerability-%28cve-2014-2338%29.html</url>
</references>
<dates>
<discovery>2014-03-12</discovery>
<entry>2014-05-04</entry>
</dates>
</vuln>
<vuln vid="670d732a-cdd4-11e3-aac2-0022fb6fcf92">
<topic>mohawk -- multiple vulnerabilities</topic>
<affects>
<package>
<name>mohawk</name>
<range><lt>2.0.12</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The mohawk project reports:</p>
<blockquote cite="http://fossil.bsdsx.fr/mohawk/tktview?name=1707f0e351">
<p>Segfault when parsing malformed / unescaped url, coredump when setting syslog facility.</p>
</blockquote>
</body>
</description>
<references>
<url>http://fossil.bsdsx.fr/mohawk/tktview?name=1707f0e351</url>
<url>http://fossil.bsdsx.fr/mohawk/tktview?name=1c7565019e</url>
</references>
<dates>
<discovery>2014-04-10</discovery>
<entry>2014-04-30</entry>
</dates>
</vuln>
<vuln vid="985d4d6c-cfbd-11e3-a003-b4b52fce4ce8">
<topic>mozilla -- multiple vulnerabilities</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>29.0,1</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>24.5.0,1</lt></range>
</package>
<package>
<name>linux-firefox</name>
<range><lt>29.0,1</lt></range>
</package>
<package>
<name>linux-seamonkey</name>
<range><lt>2.26</lt></range>
</package>
<package>
<name>linux-thunderbird</name>
<range><lt>24.5.0</lt></range>
</package>
<package>
<name>seamonkey</name>
<range><lt>2.26</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>24.5.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Mozilla Project reports:</p>
<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
<p>MFSA 2014-34 Miscellaneous memory safety hazards
(rv:29.0 / rv:24.5)</p>
<p>MFSA 2014-35 Privilege escalation through Mozilla Maintenance
Service Installer</p>
<p>MFSA 2014-36 Web Audio memory corruption issues</p>
<p>MFSA 2014-37 Out of bounds read while decoding JPG images</p>
<p>MFSA 2014-38 Buffer overflow when using non-XBL object as
XBL</p>
<p>MFSA 2014-39 Use-after-free in the Text Track Manager
for HTML video</p>
<p>MFSA 2014-41 Out-of-bounds write in Cairo</p>
<p>MFSA 2014-42 Privilege escalation through Web Notification
API</p>
<p>MFSA 2014-43 Cross-site scripting (XSS) using history
navigations</p>
<p>MFSA 2014-44 Use-after-free in imgLoader while resizing
images</p>
<p>MFSA 2014-45 Incorrect IDNA domain name matching for
wildcard certificates</p>
<p>MFSA 2014-46 Use-after-free in nsHostResolve</p>
<p>MFSA 2014-47 Debugger can bypass XrayWrappers
with JavaScript</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-1492</cvename>
<cvename>CVE-2014-1518</cvename>
<cvename>CVE-2014-1519</cvename>
<cvename>CVE-2014-1520</cvename>
<cvename>CVE-2014-1522</cvename>
<cvename>CVE-2014-1523</cvename>
<cvename>CVE-2014-1524</cvename>
<cvename>CVE-2014-1525</cvename>
<cvename>CVE-2014-1526</cvename>
<cvename>CVE-2014-1527</cvename>
<cvename>CVE-2014-1528</cvename>
<cvename>CVE-2014-1529</cvename>
<cvename>CVE-2014-1530</cvename>
<cvename>CVE-2014-1531</cvename>
<cvename>CVE-2014-1532</cvename>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-34.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-35.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-36.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-37.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-38.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-39.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-41.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-42.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-43.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-44.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-45.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-46.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-47.html</url>
<url>http://www.mozilla.org/security/known-vulnerabilities/</url>
</references>
<dates>
<discovery>2014-04-29</discovery>
<entry>2014-04-29</entry>
</dates>
</vuln>
<vuln vid="59e72db2-cae6-11e3-8420-00e0814cab4e">
<topic>django -- multiple vulnerabilities</topic>
<affects>
<package>
<name>py26-django</name>
<range><ge>1.6</ge><lt>1.6.3</lt></range>
</package>
<package>
<name>py27-django</name>
<range><ge>1.6</ge><lt>1.6.3</lt></range>
</package>
<package>
<name>py31-django</name>
<range><ge>1.6</ge><lt>1.6.3</lt></range>
</package>
<package>
<name>py32-django</name>
<range><ge>1.6</ge><lt>1.6.3</lt></range>
</package>
<package>
<name>py33-django</name>
<range><ge>1.6</ge><lt>1.6.3</lt></range>
</package>
<package>
<name>py34-django</name>
<range><ge>1.6</ge><lt>1.6.3</lt></range>
</package>
<package>
<name>py26-django15</name>
<range><ge>1.5</ge><lt>1.5.6</lt></range>
</package>
<package>
<name>py27-django15</name>
<range><ge>1.5</ge><lt>1.5.6</lt></range>
</package>
<package>
<name>py31-django15</name>
<range><ge>1.5</ge><lt>1.5.6</lt></range>
</package>
<package>
<name>py32-django15</name>
<range><ge>1.5</ge><lt>1.5.6</lt></range>
</package>
<package>
<name>py33-django15</name>
<range><ge>1.5</ge><lt>1.5.6</lt></range>
</package>
<package>
<name>py34-django15</name>
<range><ge>1.5</ge><lt>1.5.6</lt></range>
</package>
<package>
<name>py26-django14</name>
<range><ge>1.4</ge><lt>1.4.11</lt></range>
</package>
<package>
<name>py27-django14</name>
<range><ge>1.4</ge><lt>1.4.11</lt></range>
</package>
<package>
<name>py31-django14</name>
<range><ge>1.4</ge><lt>1.4.11</lt></range>
</package>
<package>
<name>py32-django14</name>
<range><ge>1.4</ge><lt>1.4.11</lt></range>
</package>
<package>
<name>py33-django14</name>
<range><ge>1.4</ge><lt>1.4.11</lt></range>
</package>
<package>
<name>py34-django14</name>
<range><ge>1.4</ge><lt>1.4.11</lt></range>
</package>
<package>
<name>py26-django-devel</name>
<range><lt>20140423,1</lt></range>
</package>
<package>
<name>py27-django-devel</name>
<range><lt>20140423,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Django project reports:</p>
<blockquote cite="https://www.djangoproject.com/weblog/2014/apr/21/security/">
<p>These releases address an unexpected code-execution issue, a
caching issue which can expose CSRF tokens and a MySQL typecasting
issue. While these issues present limited risk and may not affect
all Django users, we encourage all users to evaluate their own
risk and upgrade as soon as possible.</p>
</blockquote>
</body>
</description>
<references>
<url>https://www.djangoproject.com/weblog/2014/apr/21/security/</url>
<cvename>CVE-2014-0472</cvename>
<cvename>CVE-2014-0473</cvename>
<cvename>CVE-2014-0474</cvename>
</references>
<dates>
<discovery>2014-04-21</discovery>
<entry>2014-04-23</entry>
<modified>2014-04-30</modified>
</dates>
</vuln>
<vuln vid="0b8d7194-ca88-11e3-9d8d-c80aa9043978">
<topic>OpenSSL -- Remote Data Injection / DoS</topic>
<affects>
<package>
<name>openssl</name>
<range><ge>1.0.1</ge><lt>1.0.1_11</lt></range>
</package>
<package>
<name>mingw32-openssl</name>
<range><ge>1.0.1</ge><le>1.0.1g</le></range>
</package>
<package>
<name>FreeBSD</name>
<range><ge>10.0</ge><lt>10.0_2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Applications that use SSL_MODE_RELEASE_BUFFERS, such as nginx, are
prone to a race condition which may allow a remote attacker to
inject random data into other connections.</p>
</body>
</description>
<references>
<url>https://rt.openssl.org/Ticket/Display.html?id=2167</url>
<url>http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse</url>
<freebsdsa>SA-14:09.openssl</freebsdsa>
<cvename>CVE-2010-5298</cvename>
</references>
<dates>
<discovery>2010-02-09</discovery>
<entry>2014-04-23</entry>
<modified>2016-08-09</modified>
</dates>
</vuln>
<vuln vid="608ed765-c700-11e3-848c-20cf30e32f6d">
<topic>bugzilla -- Cross-Site Request Forgery</topic>
<affects>
<package>
<name>bugzilla40</name>
<range><ge>2.0.0</ge><lt>4.4.3</lt></range>
</package>
<package>
<name>bugzilla42</name>
<range><ge>2.0.0</ge><lt>4.4.3</lt></range>
</package>
<package>
<name>bugzilla44</name>
<range><ge>2.0.0</ge><lt>4.4.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>A Bugzilla Security Advisory reports:</h1>
<blockquote cite="http://www.bugzilla.org/security/4.0.11/">
<p>The login form had no CSRF protection, meaning that
an attacker could force the victim to log in using the
attacker's credentials. If the victim then reports a new
security sensitive bug, the attacker would get immediate
access to this bug.</p>
<p>
Due to changes involved in the Bugzilla API, this fix is
not backported to the 4.0 and 4.2 branches, meaning that
Bugzilla 4.0.12 and older, and 4.2.8 and older, will
remain vulnerable to this issue.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-1517</cvename>
<url>https://bugzilla.mozilla.org/show_bug.cgi?id=713926</url>
</references>
<dates>
<discovery>2014-04-17</discovery>
<entry>2014-04-18</entry>
<modified>2014-04-18</modified>
</dates>
</vuln>
<vuln vid="60bfa396-c702-11e3-848c-20cf30e32f6d">
<topic>bugzilla -- Social Engineering</topic>
<affects>
<package>
<name>bugzilla40</name>
<range><ge>2.0.0</ge><lt>4.0.12</lt></range>
</package>
<package>
<name>bugzilla42</name>
<range><ge>4.1.1</ge><lt>4.2.8</lt></range>
</package>
<package>
<name>bugzilla44</name>
<range><ge>4.4.0</ge><lt>4.4.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>A Bugzilla Security Advisory reports:</h1>
<blockquote cite="http://www.bugzilla.org/security/4.0.11/">
<p>Dangerous control characters can be inserted into
Bugzilla, notably into bug comments. If the text, which
may look safe, is copied into a terminal such as xterm or
gnome-terminal, then unexpected commands could be executed
on the local machine.</p>
</blockquote>
</body>
</description>
<references>
<url>https://bugzilla.mozilla.org/show_bug.cgi?id=968576</url>
</references>
<dates>
<discovery>2014-04-17</discovery>
<entry>2014-04-18</entry>
<modified>2014-04-18</modified>
</dates>
</vuln>
<vuln vid="abad20bf-c1b4-11e3-a5ac-001b21614864">
<topic>OpenLDAP -- incorrect handling of NULL in certificate Common Name</topic>
<affects>
<package>
<name>openldap24-client</name>
<range><lt>2.4.18</lt></range>
</package>
<package>
<name>linux-f10-openldap</name>
<range><lt>2.4.18</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Jan Lieskovsky reports:</p>
<blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3767">
<p>OpenLDAP does not properly handle a '\0' character in a domain name
in the subject's Common Name (CN) field of an X.509 certificate,
which allows man-in-the-middle attackers to spoof arbitrary SSL
servers via a crafted certificate issued by a legitimate
Certification Authority</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2009-3767</cvename>
<url>https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3767</url>
</references>
<dates>
<discovery>2009-08-07</discovery>
<entry>2014-04-11</entry>
</dates>
</vuln>
<vuln vid="9aecb94c-c1ad-11e3-a5ac-001b21614864">
<topic>cURL -- inappropriate GSSAPI delegation</topic>
<affects>
<package>
<name>curl</name>
<range><ge>7.10.6</ge><le>7.21.6</le></range>
</package>
<package>
<name>linux-f10-curl</name>
<range><ge>7.10.6</ge><le>7.21.6</le></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>cURL reports:</p>
<blockquote cite="http://curl.haxx.se/docs/adv_20110623.html">
<p>When doing GSSAPI authentication, libcurl unconditionally performs
credential delegation. This hands the server a copy of the client's
security credentials, allowing the server to impersonate the client
to any other using the same GSSAPI mechanism.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-2192</cvename>
<url>http://curl.haxx.se/docs/adv_20110623.html</url>
</references>
<dates>
<discovery>2011-06-23</discovery>
<entry>2014-04-11</entry>
<modified>2014-04-30</modified>
</dates>
</vuln>
<vuln vid="77bb0541-c1aa-11e3-a5ac-001b21614864">
<topic>dbus-glib -- privledge escalation</topic>
<affects>
<package>
<name>dbus-glib</name>
<range><lt>0.100.1</lt></range>
</package>
<package>
<name>linux-f10-dbus-glib</name>
<range><lt>0.100.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Sebastian Krahmer reports:</p>
<blockquote cite="https://bugs.freedesktop.org/show_bug.cgi?id=60916">
<p>A privilege escalation flaw was found in the way dbus-glib, the
D-Bus add-on library to integrate the standard D-Bus library with
the GLib thread abstraction and main loop, performed filtering of
the message sender (message source subject), when the
NameOwnerChanged signal was received. A local attacker could use
this flaw to escalate their privileges.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2013-0292</cvename>
<url>https://bugs.freedesktop.org/show_bug.cgi?id=60916</url>
</references>
<dates>
<discovery>2013-02-15</discovery>
<entry>2014-04-11</entry>
<modified>2014-04-30</modified>
</dates>
</vuln>
<vuln vid="bf7912f5-c1a8-11e3-a5ac-001b21614864">
<topic>nas -- multiple vulnerabilities</topic>
<affects>
<package>
<name>nas</name>
<range><lt>1.9.4</lt></range>
</package>
<package>
<name>linux-f10-nas-libs</name>
<range><lt>1.9.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Hamid Zamani reports:</p>
<blockquote cite="http://radscan.com/pipermail/nas/2013-August/001270.html">
<p>multiple security problems (buffer overflows, format string
vulnerabilities and missing input sanitising), which could lead to
the execution of arbitrary code.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2013-4256</cvename>
<cvename>CVE-2013-4257</cvename>
<cvename>CVE-2013-4258</cvename>
<url>http://radscan.com/pipermail/nas/2013-August/001270.html</url>
</references>
<dates>
<discovery>2013-08-07</discovery>
<entry>2014-04-11</entry>
</dates>
</vuln>
<vuln vid="09f47c51-c1a6-11e3-a5ac-001b21614864">
<topic>libaudiofile -- heap-based overflow in Microsoft ADPCM compression module</topic>
<affects>
<package>
<name>libaudiofile</name>
<range><lt>0.2.7</lt></range>
</package>
<package>
<name>linux-f10-libaudiofile</name>
<range><lt>0.2.7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Debian reports:</p>
<blockquote cite="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510205">
<p>Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile
0.2.6 allows context-dependent attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted
WAV file.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-0159</cvename>
<url>https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510205</url>
</references>
<dates>
<discovery>2008-12-30</discovery>
<entry>2014-04-11</entry>
<modified>2014-04-30</modified>
</dates>
</vuln>
<vuln vid="972837fc-c304-11e3-8758-00262d5ed8ee">
<topic>ChaSen -- buffer overflow</topic>
<affects>
<package>
<name>chasen-base</name>
<range><lt>2.4.5</lt></range>
</package>
<package>
<name>chasen</name>
<range><lt>2.4.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>JVN iPedia reports:</p>
<blockquote cite="http://jvn.jp/en/jp/JVN16901583/index.html">
<p>ChaSen provided by Nara Institute of Science and Technology is a
software for morphologically analyzing Japanese. ChaSen contains an
issue when reading in strings, which may lead to a buffer
overflow.</p>
<p>An arbitrary script may be executed by an attacker with access to
a system that is running a product listed in "Products
Affected."</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-4000</cvename>
<url>http://jvn.jp/en/jp/JVN16901583/index.html</url>
</references>
<dates>
<discovery>2011-11-08</discovery>
<entry>2014-04-13</entry>
</dates>
</vuln>
<vuln vid="7ccd4def-c1be-11e3-9d09-000c2980a9f3">
<topic>OpenSSL -- Local Information Disclosure</topic>
<affects>
<package>
<name>openssl</name>
<range><ge>1.0.1</ge><lt>1.0.1_10</lt></range>
</package>
<package>
<name>mingw32-openssl</name>
<range><ge>1.0.1</ge><lt>1.0.1g</lt></range>
</package>
<package>
<name>FreeBSD</name>
<range><ge>8.3</ge><lt>8.3_15</lt></range>
<range><ge>8.4</ge><lt>8.4_8</lt></range>
<range><ge>9.1</ge><lt>9.1_11</lt></range>
<range><ge>9.2</ge><lt>9.2_4</lt></range>
<range><ge>10.0</ge><lt>10.0_1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>OpenSSL reports:</p>
<blockquote cite="https://www.openssl.org/news/vulnerabilities.html#2014-0076">
<p>A flaw in the implementation of Montgomery Ladder Approach would
create a side-channel that leaks sensitive timing information.</p>
<p>A local attacker might be able to snoop a signing process and
might recover the signing key from it.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-0076</cvename>
<freebsdsa>SA-14:06.openssl</freebsdsa>
<url>https://www.openssl.org/news/vulnerabilities.html#2014-0076</url>
</references>
<dates>
<discovery>2014-04-07</discovery>
<entry>2014-04-11</entry>
</dates>
</vuln>
<vuln vid="c0c31b27-bff3-11e3-9d09-000c2980a9f3">
<topic>openafs -- Denial of Service</topic>
<affects>
<package>
<name>openafs</name>
<range><ge>1.4.8</ge><lt>1.6.7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The OpenAFS development team reports:</p>
<blockquote cite="http://openafs.org/security/OPENAFS-SA-2014-001.txt">
<p>An attacker with the ability to connect to an OpenAFS fileserver can
trigger a buffer overflow, crashing the server.</p>
<p>The buffer overflow can be triggered by sending an unauthenticated
request for file server statistical information.</p>
<p>Clients are not affected.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-0159</cvename>
<url>http://openafs.org/security/OPENAFS-SA-2014-001.txt</url>
</references>
<dates>
<discovery>2014-04-09</discovery>
<entry>2014-04-09</entry>
</dates>
</vuln>
<vuln vid="5631ae98-be9e-11e3-b5e3-c80aa9043978">
<topic>OpenSSL -- Remote Information Disclosure</topic>
<affects>
<package>
<name>openssl</name>
<range><ge>1.0.1</ge><lt>1.0.1_10</lt></range>
</package>
<package>
<name>mingw32-openssl</name>
<range><ge>1.0.1</ge><lt>1.0.1g</lt></range>
</package>
<package>
<name>FreeBSD</name>
<range><ge>10.0</ge><lt>10.0_1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>OpenSSL Reports:</p>
<blockquote cite="https://www.openssl.org/news/secadv_20140407.txt">
<p>A missing bounds check in the handling of the TLS heartbeat extension can be
used to reveal up to 64k of memory to a connected client or server.</p>
<p>Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately
upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.</p>
</blockquote>
<blockquote cite="http://www.heartbleed.com">
<p>The bug allows anyone on the Internet to read the memory of the
systems protected by the vulnerable versions of the OpenSSL software.
This compromises the secret keys used to identify the service
providers and to encrypt the traffic, the names and passwords of the
users and the actual content. This allows attackers to eavesdrop
communications, steal data directly from the services and users and
to impersonate services and users.</p>
</blockquote>
<blockquote cite="http://www.freebsd.org/security/advisories/FreeBSD-SA-14:06.openssl.asc">
<p>The code used to handle the Heartbeat Extension does not do
sufficient boundary checks on record length, which allows reading
beyond the actual payload.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-0160</cvename>
<freebsdsa>SA-14:06.openssl</freebsdsa>
<url>https://www.openssl.org/news/secadv_20140407.txt</url>
<url>https://www.openssl.org/news/vulnerabilities.html#2014-0076</url>
<url>http://www.heartbleed.com</url>
</references>
<dates>
<discovery>2014-04-07</discovery>
<entry>2014-04-07</entry>
<modified>2014-04-11</modified>
</dates>
</vuln>
<vuln vid="ffa7c6e4-bb29-11e3-8136-60a44c524f57">
<topic>otrs -- Clickjacking issue</topic>
<affects>
<package>
<name>otrs</name>
<range><lt>3.1.21</lt></range>
<range><gt>3.2.*</gt><lt>3.2.16</lt></range>
<range><gt>3.3.*</gt><lt>3.3.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The OTRS Project reports:</p>
<blockquote cite="http://www.otrs.com/security-advisory-2014-05-clickjacking-issue/">
<p>An attacker could embed OTRS in a hidden iframe tag of another
page, tricking the user into clicking links in OTRS.</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.w3.org/1999/xhtml</url>
<cvename>CVE-2014-2554</cvename>
</references>
<dates>
<discovery>2014-04-01</discovery>
<entry>2014-04-03</entry>
</dates>
</vuln>
<vuln vid="580cc46b-bb1e-11e3-b144-2c4138874f7d">
<topic>LibYAML input sanitization errors</topic>
<affects>
<package>
<name>libyaml</name>
<range><lt>0.1.6</lt></range>
</package>
<package>
<name>mingw32-libyaml</name>
<range><lt>0.1.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>oCERT reports:</p>
<blockquote cite="http://www.ocert.org/advisories/ocert-2014-003.html">
<p>The LibYAML project is an open source YAML 1.1 parser and
emitter written in C.</p>
<p>The library is affected by a heap-based buffer overflow
which can lead to arbitrary code execution. The
vulnerability is caused by lack of proper expansion for the
string passed to the yaml_parser_scan_uri_escapes()
function.</p>
<p>A specially crafted YAML file, with a long sequence of
percent-encoded characters in a URL, can be used to trigger
the overflow.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-2525</cvename>
<url>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2525</url>
</references>
<dates>
<discovery>2014-03-11</discovery>
<entry>2014-03-26</entry>
</dates>
</vuln>
<vuln vid="4e95eb4e-b737-11e3-87cd-f0def10dca57">
<topic>Icinga -- buffer overflow in classic web interface</topic>
<affects>
<package>
<name>icinga</name>
<range><lt>1.11.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Icinga Team reports:</p>
<blockquote cite="https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=73285093b71a5551abdaab0a042d3d6bae093b0d">
<p>Wrong strlen check against MAX_INPUT_BUFFER without taking '\0' into account [...]</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-2386</cvename>
<url>http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2386</url>
</references>
<dates>
<discovery>2014-02-18</discovery>
<entry>2014-03-29</entry>
</dates>
</vuln>
<vuln vid="7e61a839-b714-11e3-8195-001966155bea">
<topic>file -- out-of-bounds access in search rules with offsets from input file</topic>
<affects>
<package>
<name>file</name>
<range><lt>5.18</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Aaron Reffett reports:</p>
<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2270">
<p>softmagic.c in file ... and libmagic allows context-dependent
attackers to cause a denial of service (out-of-bounds memory access and
crash) via crafted offsets in the softmagic of a PE executable.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-2270</cvename>
<url>http://bugs.gw.com/view.php?id=31</url>
</references>
<dates>
<discovery>2013-12-20</discovery>
<entry>2014-03-29</entry>
</dates>
</vuln>
<vuln vid="9fa1a0ac-b2e0-11e3-bb07-6cf0490a8c18">
<topic>Joomla! -- Core - Multiple Vulnerabilities</topic>
<affects>
<package>
<name>joomla2</name>
<range><ge>2.5.*</ge><le>2.5.18</le></range>
</package>
<package>
<name>joomla3</name>
<range><ge>3.0.*</ge><le>3.2.2</le></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The JSST and the Joomla! Security Center report:</p>
<blockquote cite="http://developer.joomla.org/security/578-20140301-core-sql-injection.html">
<h2>[20140301] - Core - SQL Injection</h2>
<p>Inadequate escaping leads to SQL injection vulnerability.</p>
</blockquote>
<blockquote cite="http://developer.joomla.org/security/579-20140302-core-xss-vulnerability.html">
<h2>[20140302] - Core - XSS Vulnerability</h2>
<p>Inadequate escaping leads to XSS vulnerability in com_contact.</p>
</blockquote>
<blockquote cite="http://developer.joomla.org/security/580-20140303-core-xss-vulnerability.html">
<h2>[20140303] - Core - XSS Vulnerability</h2>
<p>Inadequate escaping leads to XSS vulnerability.</p>
</blockquote>
<blockquote cite="http://developer.joomla.org/security/581-20140304-core-unauthorised-logins.html">
<h2>[20140304] - Core - Unauthorised Logins</h2>
<p>Inadequate checking allowed unauthorised logins via GMail authentication.</p>
</blockquote>
</body>
</description>
<references>
<url>http://developer.joomla.org/security/578-20140301-core-sql-injection.html</url>
<url>http://developer.joomla.org/security/579-20140302-core-xss-vulnerability.html</url>
<url>http://developer.joomla.org/security/580-20140303-core-xss-vulnerability.html</url>
<url>http://developer.joomla.org/security/581-20140304-core-unauthorised-logins.html</url>
</references>
<dates>
<discovery>2014-03-01</discovery>
<entry>2014-03-23</entry>
<modified>2014-04-30</modified>
</dates>
</vuln>
<vuln vid="36f9ac43-b2ac-11e3-8752-080027ef73ec">
<topic>mail/trojita -- may leak mail contents (not user credentials) over unencrypted connection</topic>
<affects>
<package>
<name>trojita</name>
<range><lt>0.4.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Jan Kundrát reports:</p>
<blockquote cite="http://jkt.flaska.net/blog/Trojita_0_4_1__a_security_update_for_CVE_2014_2567.html">
<p>An SSL stripping vulnerability was discovered in Trojitá, a fast Qt
IMAP e-mail client. User's credentials are never leaked, but if a
user tries to send an e-mail, the automatic saving into the "sent"
or "draft" folders could happen over a plaintext connection even if
the user's preferences specify STARTTLS as a requirement.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-2567</cvename>
<url>http://jkt.flaska.net/blog/Trojita_0_4_1__a_security_update_for_CVE_2014_2567.html</url>
</references>
<dates>
<discovery>2014-03-20</discovery>
<entry>2014-03-23</entry>
</dates>
</vuln>
<vuln vid="da4b89ad-b28f-11e3-99ca-f0def16c5c1b">
<topic>nginx-devel -- SPDY heap buffer overflow</topic>
<affects>
<package>
<name>nginx-devel</name>
<range><ge>1.3.15</ge><lt>1.5.12</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The nginx project reports:</p>
<blockquote cite="http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html">
<p>A bug in the experimental SPDY implementation in nginx was found, which
might allow an attacker to cause a heap memory buffer overflow in a
worker process by using a specially crafted request, potentially
resulting in arbitrary code execution (CVE-2014-0133).</p>
<p>The problem affects nginx 1.3.15 - 1.5.11, compiled with the
ngx_http_spdy_module module (which is not compiled by default) and
without --with-debug configure option, if the "spdy" option of the
"listen" directive is used in a configuration file.</p>
<p>The problem is fixed in nginx 1.5.12, 1.4.7.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-0133</cvename>
<url>http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html</url>
</references>
<dates>
<discovery>2014-03-18</discovery>
<entry>2014-03-23</entry>
</dates>
</vuln>
<vuln vid="fc28df92-b233-11e3-99ca-f0def16c5c1b">
<topic>nginx -- SPDY heap buffer overflow</topic>
<affects>
<package>
<name>nginx</name>
<range><lt>1.4.7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The nginx project reports:</p>
<blockquote cite="http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html">
<p>A bug in the experimental SPDY implementation in nginx was found, which
might allow an attacker to cause a heap memory buffer overflow in a
worker process by using a specially crafted request, potentially
resulting in arbitrary code execution (CVE-2014-0133).</p>
<p>The problem affects nginx 1.3.15 - 1.5.11, compiled with the
ngx_http_spdy_module module (which is not compiled by default) and
without --with-debug configure option, if the "spdy" option of the
"listen" directive is used in a configuration file.</p>
<p>The problem is fixed in nginx 1.5.12, 1.4.7.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-0133</cvename>
<url>http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html</url>
</references>
<dates>
<discovery>2014-03-18</discovery>
<entry>2014-03-23</entry>
</dates>
</vuln>
<vuln vid="91ecb546-b1e6-11e3-980f-20cf30e32f6d">
<topic>apache -- several vulnerabilities</topic>
<affects>
<package>
<name>apache24</name>
<range><gt>2.4.0</gt><lt>2.4.9</lt></range>
</package>
<package>
<name>apache22</name>
<range><gt>2.2.0</gt><lt>2.2.27</lt></range>
</package>
<package>
<name>apache22-event-mpm</name>
<range><gt>2.2.0</gt><lt>2.2.27</lt></range>
</package>
<package>
<name>apache22-itk-mpm</name>
<range><gt>2.2.0</gt><lt>2.2.27</lt></range>
</package>
<package>
<name>apache22-peruser-mpm</name>
<range><gt>2.2.0</gt><lt>2.2.27</lt></range>
</package>
<package>
<name>apache22-worker-mpm</name>
<range><gt>2.2.0</gt><lt>2.2.27</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Apache HTTP SERVER PROJECT reports:</h1>
<blockquote cite="http://www.apache.org/dist/httpd/CHANGES_2.2.27">
<p>Clean up cookie logging with fewer redundant string parsing passes.
Log only cookies with a value assignment. Prevents segfaults when
logging truncated cookies.</p>
<p>mod_dav: Keep track of length of cdata properly when removing leading
spaces. Eliminates a potential denial of service from specifically
crafted DAV WRITE requests.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-0098</cvename>
<cvename>CVE-2013-6438</cvename>
</references>
<dates>
<discovery>2014-02-25</discovery>
<entry>2014-03-22</entry>
</dates>
</vuln>
<vuln vid="610de647-af8d-11e3-a25b-b4b52fce4ce8">
<topic>mozilla -- multiple vulnerabilities</topic>
<affects>
<package>
<name>firefox</name>
<range><lt>28.0,1</lt></range>
</package>
<package>
<name>firefox-esr</name>
<range><lt>24.4.0,1</lt></range>
</package>
<package>
<name>linux-firefox</name>
<range><lt>28.0,1</lt></range>
</package>
<package>
<name>linux-seamonkey</name>
<range><lt>2.25</lt></range>
</package>
<package>
<name>linux-thunderbird</name>
<range><lt>24.4.0</lt></range>
</package>
<package>
<name>seamonkey</name>
<range><lt>2.25</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>24.4.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Mozilla Project reports:</p>
<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
<p>MFSA 2014-15 Miscellaneous memory safety hazards
(rv:28.0 / rv:24.4)</p>
<p>MFSA 2014-16 Files extracted during updates are not always
read only</p>
<p>MFSA 2014-17 Out of bounds read during WAV file decoding</p>
<p>MFSA 2014-18 crypto.generateCRMFRequest does not validate
type of key</p>
<p>MFSA 2014-19 Spoofing attack on WebRTC permission prompt</p>
<p>MFSA 2014-20 onbeforeunload and Javascript navigation DOS</p>
<p>MFSA 2014-21 Local file access via Open Link in new tab</p>
<p>MFSA 2014-22 WebGL content injection from one domain to
rendering in another</p>
<p>MFSA 2014-23 Content Security Policy for data: documents
not preserved by session restore</p>
<p>MFSA 2014-24 Android Crash Reporter open to manipulation</p>
<p>MFSA 2014-25 Firefox OS DeviceStorageFile object vulnerable
to relative path escape</p>
<p>MFSA 2014-26 Information disclosure through polygon
rendering in MathML</p>
<p>MFSA 2014-27 Memory corruption in Cairo during PDF font
rendering</p>
<p>MFSA 2014-28 SVG filters information disclosure through
feDisplacementMap</p>
<p>MFSA 2014-29 Privilege escalation using WebIDL-implemented
APIs</p>
<p>MFSA 2014-30 Use-after-free in TypeObject</p>
<p>MFSA 2014-31 Out-of-bounds read/write through neutering
ArrayBuffer objects</p>
<p>MFSA 2014-32 Out-of-bounds write through TypedArrayObject
after neutering</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-1493</cvename>
<cvename>CVE-2014-1494</cvename>
<cvename>CVE-2014-1496</cvename>
<cvename>CVE-2014-1497</cvename>
<cvename>CVE-2014-1498</cvename>
<cvename>CVE-2014-1499</cvename>
<cvename>CVE-2014-1500</cvename>
<cvename>CVE-2014-1501</cvename>
<cvename>CVE-2014-1502</cvename>
<cvename>CVE-2014-1504</cvename>
<cvename>CVE-2014-1505</cvename>
<cvename>CVE-2014-1506</cvename>
<cvename>CVE-2014-1507</cvename>
<cvename>CVE-2014-1508</cvename>
<cvename>CVE-2014-1509</cvename>
<cvename>CVE-2014-1510</cvename>
<cvename>CVE-2014-1511</cvename>
<cvename>CVE-2014-1512</cvename>
<cvename>CVE-2014-1513</cvename>
<cvename>CVE-2014-1514</cvename>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-15.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-16.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-17.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-18.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-19.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-20.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-21.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-22.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-23.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-24.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-25.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-26.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-27.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-28.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-29.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-30.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-31.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-32.html</url>
<url>http://www.mozilla.org/security/known-vulnerabilities/</url>
</references>
<dates>
<discovery>2014-03-19</discovery>
<entry>2014-03-19</entry>
<modified>2014-03-20</modified>
</dates>
</vuln>
<vuln vid="eb426e82-ab68-11e3-9d09-000c2980a9f3">
<topic>mutt -- denial of service, potential remote code execution</topic>
<affects>
<package>
<name>mutt</name>
<range><lt>1.5.23</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Beatrice Torracca and Evgeni Golov report:</p>
<blockquote cite="http://www.securityfocus.com/archive/1/531431">
<p>A buffer overflow has been discovered that could result in
denial of service or potential execution of arbitrary code.</p>
<p>This condition can be triggered by malformed RFC2047 header
lines</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-0467</cvename>
<url>http://packetstormsecurity.com/files/cve/CVE-2014-0467</url>
<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0467</url>
</references>
<dates>
<discovery>2014-03-12</discovery>
<entry>2014-03-14</entry>
</dates>
</vuln>
<vuln vid="777d7b9e-ab02-11e3-841e-60a44c524f57">
<topic>wemux -- read-only can be bypassed</topic>
<affects>
<package>
<name>wemux</name>
<range><lt>3.2.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>JonApps reports:</p>
<blockquote cite="https://github.com/zolrath/wemux/issues/36">
<p>The read-only mode can be bypassed and any command sent to bash session</p>
</blockquote>
</body>
</description>
<references>
<url>https://github.com/zolrath/wemux/issues/36</url>
</references>
<dates>
<discovery>2013-12-24</discovery>
<entry>2014-03-13</entry>
</dates>
</vuln>
<vuln vid="03e48bf5-a96d-11e3-a556-3c970e169bc2">
<topic>samba -- multiple vulnerabilities</topic>
<affects>
<package>
<name>samba34</name>
<range><gt>0</gt></range>
</package>
<package>
<name>samba35</name>
<range><gt>0</gt></range>
</package>
<package>
<name>samba36</name>
<range><gt>3.6.*</gt><lt>3.6.23</lt></range>
</package>
<package>
<name>samba4</name>
<range><gt>4.0.*</gt><lt>4.0.16</lt></range>
</package>
<package>
<name>samba41</name>
<range><gt>4.1.*</gt><lt>4.1.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Samba project reports:</p>
<blockquote cite="http://www.samba.org/samba/security/CVE-2013-4496">
<p>In Samba's SAMR server we neglect to ensure that attempted
password changes will update the bad password count, nor set
the lockout flags. This would allow a user unlimited attempts
against the password by simply calling ChangePasswordUser2
repeatedly.</p>
<p>This is available without any other authentication.</p>
</blockquote>
<blockquote cite="http://www.samba.org/samba/security/CVE-2013-6442">
<p>smbcacls can remove a file or directory ACL by mistake.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2013-4496</cvename>
<cvename>CVE-2013-6442</cvename>
<url>http://www.samba.org/samba/security/CVE-2013-4496</url>
<url>http://www.samba.org/samba/security/CVE-2013-6442</url>
</references>
<dates>
<discovery>2014-03-11</discovery>
<entry>2014-03-11</entry>
</dates>
</vuln>
<vuln vid="03159886-a8a3-11e3-8f36-0025905a4771">
<topic>asterisk -- multiple vulnerabilities</topic>
<affects>
<package>
<name>asterisk11</name>
<range><lt>11.8.1</lt></range>
</package>
<package>
<name>asterisk18</name>
<range><lt>1.8.26.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Asterisk project reports:</p>
<blockquote cite="https://www.asterisk.org/security">
<p>Stack Overflow in HTTP Processing of Cookie Headers. Sending a HTTP
request that is handled by Asterisk with a large number of Cookie
headers could overflow the stack. You could even exhaust memory if you
sent an unlimited number of headers in the request.</p>
<p>Denial of Service Through File Descriptor Exhaustion with chan_sip
Session-Timers. An attacker can use all available file descriptors
using SIP INVITE requests. Asterisk will respond with code 400, 420,
or 422 for INVITEs meeting this criteria.
Each INVITE meeting these conditions will leak a channel and several
file descriptors. The file descriptors cannot be released without
restarting Asterisk which may allow intrusion detection systems to be
bypassed by sending the requests slowly.</p>
<p>Remote Crash Vulnerability in PJSIP channel driver. A remotely
exploitable crash vulnerability exists in the PJSIP channel driver if
the "qualify_frequency" configuration option is enabled on an AOR and
the remote SIP server challenges for authentication of the resulting
OPTIONS request. The response handling code wrongly assumes that a
PJSIP endpoint will always be associated with an outgoing request which
is incorrect.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-2286</cvename>
<cvename>CVE-2014-2287</cvename>
<cvename>CVE-2014-2288</cvename>
<url>http://downloads.asterisk.org/pub/security/AST-2014-001.pdf</url>
<url>http://downloads.asterisk.org/pub/security/AST-2014-002.pdf</url>
<url>http://downloads.asterisk.org/pub/security/AST-2014-003.pdf</url>
<url>https://www.asterisk.org/security</url>
</references>
<dates>
<discovery>2014-03-10</discovery>
<entry>2014-03-10</entry>
</dates>
</vuln>
<vuln vid="1a0de610-a761-11e3-95fe-bcaec565249c">
<topic>freetype2 -- Out of bounds read/write</topic>
<affects>
<package>
<name>freetype2</name>
<range><lt>2.5.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Mateusz Jurczyk reports:</p>
<blockquote cite="http://savannah.nongnu.org/bugs/?41697">
<p>Out of bounds stack-based read/write in
cf2_hintmap_build.</p>
<p>This is a critical vulnerability in the CFF Rasterizer
code recently contributed by Adobe, leading to potential
arbitrary code execution in the context of the FreeType2
library client.</p>
</blockquote>
</body>
</description>
<references>
<url>http://savannah.nongnu.org/bugs/?41697</url>
</references>
<dates>
<discovery>2014-02-25</discovery>
<entry>2014-03-09</entry>
</dates>
</vuln>
<vuln vid="20e23b65-a52e-11e3-ae3a-00224d7c32a2">
<topic>xmms -- Integer Overflow And Underflow Vulnerabilities</topic>
<affects>
<package>
<name>xmms</name>
<range><le>1.2.11_20</le></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/secunia_research/2007-47/advisory/">
<p>Secunia Research has discovered two vulnerabilities in XMMS, which can
be exploited by malicious people to compromise a user's system.</p>
<p>1) An integer underflow error exists in the processing of skin bitmap
images. This can be exploited to cause a stack-based buffer overflow
via specially crafted skin images containing manipulated header
information.</p>
<p>Successful exploitation allows execution of arbitrary code.</p>
<p>2) An integer overflow error exists in the processing of skin bitmap
images. This can be exploited to cause memory corruption via specially
crafted skin images containing manipulated header information.</p>
<p>Successful exploitation may allow the execution of arbitrary code.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2007-0653</cvename>
<cvename>CVE-2007-0654</cvename>
</references>
<dates>
<discovery>2007-02-06</discovery>
<entry>2014-03-06</entry>
</dates>
</vuln>
<vuln vid="89db3b31-a4c3-11e3-978f-f0def16c5c1b">
<topic>nginx -- SPDY memory corruption</topic>
<affects>
<package>
<name>nginx-devel</name>
<range><eq>1.5.10</eq></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The nginx project reports:</p>
<blockquote cite="http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html">
<p>A bug in the experimental SPDY implementation in nginx 1.5.10 was found,
which might allow an attacker to corrupt worker process memory by using
a specially crafted request, potentially resulting in arbitrary code
execution (CVE-2014-0088).</p>
<p>The problem only affects nginx 1.5.10 on 32-bit platforms, compiled with
the ngx_http_spdy_module module (which is not compiled by default), if
the "spdy" option of the "listen" directive is used in a configuration
file.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-0088</cvename>
<url>http://mailman.nginx.org/pipermail/nginx-announce/2014/000132.html</url>
</references>
<dates>
<discovery>2014-03-04</discovery>
<entry>2014-03-06</entry>
</dates>
</vuln>
<vuln vid="f645aa90-a3e8-11e3-a422-3c970e169bc2">
<topic>gnutls -- multiple certificate verification issues</topic>
<affects>
<package>
<name>gnutls</name>
<range><lt>2.12.23_4</lt></range>
</package>
<package>
<name>linux-f10-gnutls</name>
<range><lt>2.12.23_4</lt></range>
</package>
<package>
<name>gnutls-devel</name>
<range><lt>3.1.22</lt></range>
<range><gt>3.2.0</gt><lt>3.2.12</lt></range>
</package>
<package>
<name>gnutls3</name>
<range><lt>3.1.22</lt></range>
<range><gt>3.2.0</gt><lt>3.2.12</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>GnuTLS project reports:</p>
<blockquote cite="http://www.gnutls.org/security.html#GNUTLS-SA-2014-2">
<p>A vulnerability was discovered that affects the
certificate verification functions of all gnutls
versions. A specially crafted certificate could
bypass certificate validation checks. The
vulnerability was discovered during an audit of
GnuTLS for Red Hat.</p>
</blockquote>
<blockquote cite="http://www.gnutls.org/security.html#GNUTLS-SA-2014-1">
<p>Suman Jana reported a vulnerability that affects
the certificate verification functions of
gnutls 2.11.5 and later versions. A version 1
intermediate certificate will be considered as
a CA certificate by default (something that
deviates from the documented behavior).</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-0092</cvename>
<cvename>CVE-2014-1959</cvename>
<url>http://www.gnutls.org/security.html#GNUTLS-SA-2014-1</url>
<url>http://www.gnutls.org/security.html#GNUTLS-SA-2014-2</url>
</references>
<dates>
<discovery>2014-03-03</discovery>
<entry>2014-03-04</entry>
<modified>2014-04-30</modified>
</dates>
</vuln>
<vuln vid="815dbcf9-a2d6-11e3-8088-002590860428">
<topic>file -- denial of service</topic>
<affects>
<package>
<name>file</name>
<range><lt>5.17</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Fine Free file project reports:</p>
<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1943">
<p>file before 5.17 allows context-dependent attackers to
cause a denial of service (infinite recursion, CPU consumption, and
crash) via a crafted indirect offset value in the magic of a file.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-1943</cvename>
<mlist>http://mx.gw.com/pipermail/file/2014/001327.html</mlist>
</references>
<dates>
<discovery>2014-02-16</discovery>
<entry>2014-03-03</entry>
</dates>
</vuln>
<vuln vid="8e5e6d42-a0fa-11e3-b09a-080027f2d077">
<topic>Python -- buffer overflow in socket.recvfrom_into()</topic>
<affects>
<package>
<name>python27</name>
<range><le>2.7.6_3</le></range>
</package>
<package>
<name>python31</name>
<range><le>3.1.5_10</le></range>
</package>
<package>
<name>python32</name>
<range><le>3.2.5_7</le></range>
</package>
<package>
<name>python33</name>
<range><le>3.3.3_2</le></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Vincent Danen via Red Hat Issue Tracker reports:</p>
<blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=1062370">
<p>A vulnerability was reported in Python's socket module, due to a
boundary error within the sock_recvfrom_into() function, which could be
exploited to cause a buffer overflow. This could be used to crash a
Python application that uses the socket.recvfrom_info() function or,
possibly, execute arbitrary code with the permissions of the user
running vulnerable Python code.</p>
<p>This vulnerable function, socket.recvfrom_into(), was introduced in
Python 2.5. Earlier versions are not affected by this flaw.</p>
</blockquote>
</body>
</description>
<references>
<bid>65379</bid>
<cvename>CVE-2014-1912</cvename>
<mlist>https://mail.python.org/pipermail/python-dev/2014-February/132758.html</mlist>
<url>http://bugs.python.org/issue20246</url>
<url>https://bugzilla.redhat.com/show_bug.cgi?id=1062370</url>
</references>
<dates>
<discovery>2014-01-14</discovery>
<entry>2014-03-01</entry>
</dates>
</vuln>
<vuln vid="1839f78c-9f2b-11e3-980f-20cf30e32f6d">
<topic>subversion -- mod_dav_svn vulnerability</topic>
<affects>
<package>
<name>subversion</name>
<range><ge>1.3.0</ge><lt>1.7.16</lt></range>
<range><ge>1.8.0</ge><lt>1.8.8</lt></range>
</package>
<package>
<name>subversion16</name>
<range><ge>1.3.0</ge><lt>1.7.16</lt></range>
</package>
<package>
<name>subversion17</name>
<range><ge>1.3.0</ge><lt>1.7.16</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Subversion Project reports:</p>
<blockquote cite="http://subversion.apache.org/security/">
<p>Subversion's mod_dav_svn Apache HTTPD server module will crash when it
receives an OPTIONS request against the server root and Subversion is
configured to handle the server root and SVNListParentPath is on.
This can lead to a DoS. There are no known instances of this
problem being exploited in the wild, but the details of how to exploit
it have been disclosed on the Subversion development mailing list.</p>
</blockquote>
</body>
</description>
<references>
<url>CVE-2014-0032</url>
<url>https://subversion.apache.org/security/CVE-2014-0032-advisory.txt</url>
</references>
<dates>
<discovery>2014-01-10</discovery>
<entry>2014-02-26</entry>
<modified>2014-04-30</modified>
</dates>
</vuln>
<vuln vid="70b72a52-9e54-11e3-babe-60a44c524f57">
<topic>otrs -- XSS Issue</topic>
<affects>
<package>
<name>otrs</name>
<range><lt>3.1.20</lt></range>
<range><gt>3.2.*</gt><lt>3.2.15</lt></range>
<range><gt>3.3.*</gt><lt>3.3.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The OTRS Project reports:</p>
<blockquote cite="https://www.otrs.com/security-advisory-2014-03-xss-issue/">
<p>An attacker could send a specially prepared HTML email to OTRS. If
he can then trick an agent into following a special link to display this email,
JavaScript code would be executed.</p>
</blockquote>
</body>
</description>
<references>
<url>https://www.otrs.com/security-advisory-2014-03-xss-issue/</url>
<cvename>CVE-2014-1695</cvename>
</references>
<dates>
<discovery>2014-02-25</discovery>
<entry>2014-02-25</entry>
</dates>
</vuln>
<vuln vid="42d42090-9a4d-11e3-b029-08002798f6ff">
<topic>PostgreSQL -- multiple privilege issues</topic>
<affects>
<package>
<name>postgresql-server</name>
<range><lt>8.4.20</lt></range>
<range><ge>9.0.0</ge><lt>9.0.16</lt></range>
<range><ge>9.1.0</ge><lt>9.1.12</lt></range>
<range><ge>9.2.0</ge><lt>9.2.7</lt></range>
<range><ge>9.3.0</ge><lt>9.3.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>PostgreSQL Project reports:</p>
<blockquote cite="http://www.postgresql.org/about/news/1506/">
<p>This update fixes CVE-2014-0060, in which PostgreSQL did not
properly enforce the WITH ADMIN OPTION permission for ROLE management.
Before this fix, any member of a ROLE was able to grant others access
to the same ROLE regardless if the member was given the WITH ADMIN
OPTION permission. It also fixes multiple privilege escalation issues,
including: CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064,
CVE-2014-0065, and CVE-2014-0066. More information on these issues can
be found on our security page and the security issue detail wiki page.
</p>
<p>
With this release, we are also alerting users to a known security hole
that allows other users on the same machine to gain access to an
operating system account while it is doing "make check":
CVE-2014-0067. "Make check" is normally part of building PostgreSQL
from source code. As it is not possible to fix this issue without
causing significant issues to our testing infrastructure, a patch will
be released separately and publicly. Until then, users are strongly
advised not to run "make check" on machines where untrusted users have
accounts.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-0060</cvename>
<cvename>CVE-2014-0061</cvename>
<cvename>CVE-2014-0062</cvename>
<cvename>CVE-2014-0063</cvename>
<cvename>CVE-2014-0064</cvename>
<cvename>CVE-2014-0065</cvename>
<cvename>CVE-2014-0066</cvename>
<cvename>CVE-2014-0067</cvename>
</references>
<dates>
<discovery>2014-02-20</discovery>
<entry>2014-02-20</entry>
</dates>
</vuln>
<vuln vid="0871d18b-9638-11e3-a371-6805ca0b3d42">
<topic>phpMyAdmin -- Self-XSS due to unescaped HTML output in import.</topic>
<affects>
<package>
<name>phpMyAdmin</name>
<range><ge>3.3.1</ge><lt>4.1.7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The phpMyAdmin development team reports:</p>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-1.php">
<p> When importing a file with crafted filename, it is
possible to trigger an XSS. We consider this vulnerability
to be non critical.</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-1.php</url>
<cvename>CVE-2014-1879</cvename>
</references>
<dates>
<discovery>2014-02-15</discovery>
<entry>2014-02-15</entry>
</dates>
</vuln>
<vuln vid="3e0507c6-9614-11e3-b3a5-00e0814cab4e">
<topic>jenkins -- multiple vulnerabilities</topic>
<affects>
<package>
<name>jenkins</name>
<range><lt>1.551</lt></range>
</package>
<package>
<name>jenkins-lts</name>
<range><lt>1.532.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Jenkins Security Advisory reports:</p>
<blockquote cite="https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14">
<p>This advisory announces multiple security vulnerabilities that
were found in Jenkins core.</p>
<p>Please reference CVE/URL list for details</p>
</blockquote>
</body>
</description>
<references>
<url>https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-02-14</url>
<cvename>CVE-2013-5573</cvename>
<cvename>CVE-2013-7285</cvename>
</references>
<dates>
<discovery>2014-02-14</discovery>
<entry>2014-02-15</entry>
</dates>
</vuln>
<vuln vid="90b27045-9530-11e3-9d09-000c2980a9f3">
<topic>lighttpd -- multiple vulnerabilities</topic>
<affects>
<package>
<name>lighttpd</name>
<range><lt>1.4.34</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>lighttpd security advisories report:</p>
<blockquote cite="http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_01.txt">
<p>It is possible to inadvertantly enable vulnerable ciphers when using
ssl.cipher-list.</p>
</blockquote>
<blockquote cite="http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_02.txt">
<p>In certain cases setuid() and similar can fail, potentially triggering
lighttpd to restart running as root.</p>
</blockquote>
<blockquote cite="http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_03.txt">
<p>If FAMMonitorDirectory fails, the memory intended to store the context is
released; some lines below the "version" compoment of that context is read.
Reading invalid data doesn't matter, but the memory access could trigger a
segfault.</p>
</blockquote>
</body>
</description>
<references>
<url>http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_01.txt</url>
<url>http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_02.txt</url>
<url>http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_03.txt</url>
<cvename>CVE-2013-4508</cvename>
<cvename>CVE-2013-4559</cvename>
<cvename>CVE-2013-4560</cvename>
</references>
<dates>
<discovery>2013-11-28</discovery>
<entry>2014-02-14</entry>
</dates>
</vuln>
<vuln vid="4dd575b8-8f82-11e3-bb11-0025905a4771">
<topic>phpmyfaq -- multiple vulnerabilities</topic>
<affects>
<package>
<name>phpmyfaq</name>
<range><lt>2.8.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The phpMyFAQ team reports:</p>
<blockquote cite="http://www.phpmyfaq.de/advisory_2014-02-04.php">
<p> An arbitrary script may be executed on the user's Internet
Explorer when using an older version of the browser. If a user views
a malicious page while logged in, settings may be changed
unintentionally.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-0813</cvename>
<cvename>CVE-2014-0814</cvename>
<url>http://www.phpmyfaq.de/advisory_2014-02-04.php</url>
</references>
<dates>
<discovery>2014-02-04</discovery>
<entry>2014-02-06</entry>
</dates>
</vuln>
<vuln vid="b7a7576d-8e0a-11e3-9976-9c4e36909cc0">
<topic>linux-flashplugin -- multiple vulnerabilities</topic>
<affects>
<package>
<name>linux-f10-flashplugin</name>
<range><lt>11.2r202.336</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Adobe reports:</p>
<blockquote cite="http://www.adobe.com/support/security/bulletins/apsb14-04.html">
<p>These updates address vulnerabilities that could cause a crash
and potentially allow an attacker to take control of the affected system.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-0497</cvename>
<url>http://www.adobe.com/support/security/bulletins/apsb14-04.html</url>
</references>
<dates>
<discovery>2014-02-04</discovery>
<entry>2014-02-04</entry>
<modified>2014-02-05</modified>
</dates>
</vuln>
<vuln vid="1753f0ff-8dd5-11e3-9b45-b4b52fce4ce8">
<topic>mozilla -- multiple vulnerabilities</topic>
<affects>
<package>
<name>firefox</name>
<range><gt>25.0,1</gt><lt>27.0,1</lt></range>
<range><lt>24.3.0,1</lt></range>
</package>
<package>
<name>linux-firefox</name>
<range><lt>27.0,1</lt></range>
</package>
<package>
<name>linux-seamonkey</name>
<range><lt>2.24</lt></range>
</package>
<package>
<name>linux-thunderbird</name>
<range><lt>24.3.0</lt></range>
</package>
<package>
<name>seamonkey</name>
<range><lt>2.24</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>24.3.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Mozilla Project reports:</p>
<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
<p>MFSA 2014-01 Miscellaneous memory safety hazards
(rv:27.0 / rv:24.3)</p>
<p>MFSA 2014-02 Clone protected content with XBL scopes</p>
<p>MFSA 2014-03 UI selection timeout missing on download
prompts</p>
<p>MFSA 2014-04 Incorrect use of discarded images by
RasterImage</p>
<p>MFSA 2014-05 Information disclosure with *FromPoint on
iframes</p>
<p>MFSA 2014-06 Profile path leaks to Android system log</p>
<p>MFSA 2014-07 XSLT stylesheets treated as styles in Content
Security Policy</p>
<p>MFSA 2014-08 Use-after-free with imgRequestProxy and image
proccessing</p>
<p>MFSA 2014-09 Cross-origin information leak through web
workers</p>
<p>MFSA 2014-10 Firefox default start page UI content invokable
by script</p>
<p>MFSA 2014-11 Crash when using web workers with asm.js</p>
<p>MFSA 2014-12 NSS ticket handling issues</p>
<p>MFSA 2014-13 Inconsistent JavaScript handling of access to
Window objects</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-1477</cvename>
<cvename>CVE-2014-1478</cvename>
<cvename>CVE-2014-1479</cvename>
<cvename>CVE-2014-1480</cvename>
<cvename>CVE-2014-1481</cvename>
<cvename>CVE-2014-1482</cvename>
<cvename>CVE-2014-1483</cvename>
<cvename>CVE-2014-1484</cvename>
<cvename>CVE-2014-1485</cvename>
<cvename>CVE-2014-1486</cvename>
<cvename>CVE-2014-1487</cvename>
<cvename>CVE-2014-1488</cvename>
<cvename>CVE-2014-1489</cvename>
<cvename>CVE-2014-1490</cvename>
<cvename>CVE-2014-1491</cvename>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-01.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-02.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-03.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-04.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-05.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-06.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-07.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-08.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-09.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-10.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-11.html</url>
<url>https://www.mozilla.org/security/announce/2014/mfsa2014-12.html</url>
<url>http://www.mozilla.org/security/known-vulnerabilities/</url>
</references>
<dates>
<discovery>2014-02-04</discovery>
<entry>2014-02-04</entry>
</dates>
</vuln>
<vuln vid="111f1f84-1d14-4ff2-a9ea-cf07119c0d3b">
<topic>libyaml heap overflow resulting in possible code execution</topic>
<affects>
<package>
<name>libyaml</name>
<range><lt>0.1.4_3</lt></range>
</package>
<package>
<name>pkg</name>
<range><lt>1.2.6</lt></range>
</package>
<package>
<name>pkg-devel</name>
<range><lt>1.2.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>libyaml was prone to a heap overflow that could result in
arbitrary code execution. Pkg uses libyaml to parse
the package manifests in some cases. Pkg also used libyaml
to parse the remote repository until 1.2.</p>
<p>RedHat Product Security Team reports on libyaml:</p>
<blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=1033990">
<p>A heap-based buffer overflow flaw was found in the way libyaml
parsed YAML tags. A remote attacker could provide a
specially-crafted YAML document that, when parsed by an application
using libyaml, would cause the application to crash or, potentially,
execute arbitrary code with the privileges of the user running the
application.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2013-6393</cvename>
<url>https://bugzilla.redhat.com/show_bug.cgi?id=1033990</url>
</references>
<dates>
<discovery>2013-11-24</discovery>
<entry>2014-02-01</entry>
<modified>2014-02-01</modified>
</dates>
</vuln>
<vuln vid="a4c9e12d-88b7-11e3-8ada-10bf48e1088e">
<topic>socat -- buffer overflow with data from command line</topic>
<affects>
<package>
<name>socat</name>
<range><lt>1.7.2.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Florian Weimer of the Red Hat Product Security Team reports:</p>
<blockquote cite="http://www.dest-unreach.org/socat/contrib/socat-secadv5.txt">
<p>Due to a missing check during assembly of the HTTP request line a long
target server name in the PROXY-CONNECT address can cause a stack buffer
overrun. Exploitation requires that the attacker is able to provide the
target server name to the PROXY-CONNECT address in the command line.
This can happen for example in scripts that receive data from untrusted
sources.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-0019</cvename>
<url>http://www.dest-unreach.org/socat/contrib/socat-secadv5.txt</url>
</references>
<dates>
<discovery>2014-01-24</discovery>
<entry>2014-01-29</entry>
</dates>
</vuln>
<vuln vid="c7b5d72b-886a-11e3-9533-60a44c524f57">
<topic>otrs -- multiple vulnerabilities</topic>
<affects>
<package>
<name>otrs</name>
<range><lt>3.1.19</lt></range>
<range><gt>3.2.*</gt><lt>3.2.14</lt></range>
<range><gt>3.3.*</gt><lt>3.3.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The OTRS Project reports:</p>
<blockquote cite="https://www.otrs.com/security-advisory-2014-02-sql-injection-issue/">
<p>SQL injection issue</p>
</blockquote>
<blockquote cite="https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface/">
<p>An attacker that managed to take over the session of a logged in customer
could create tickets and/or send follow-ups to existing tickets due to
missing challenge token checks.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-1471</cvename>
<url>https://www.otrs.com/security-advisory-2014-02-sql-injection-issue/</url>
<url>https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface/</url>
</references>
<dates>
<discovery>2014-01-28</discovery>
<entry>2014-01-28</entry>
<modified>2014-02-06</modified>
</dates>
</vuln>
<vuln vid="080c5370-886a-11e3-9533-60a44c524f57">
<cancelled superseded="c7b5d72b-886a-11e3-9533-60a44c524f57"/>
</vuln>
<vuln vid="d1dfc4c7-8791-11e3-a371-6805ca0b3d42">
<topic>rt42 -- denial-of-service attack via the email gateway</topic>
<affects>
<package>
<name>rt42</name>
<range><ge>4.2</ge><lt>4.2.1_3</lt></range>
<range><ge>4.2.2</ge><lt>4.2.2_2</lt></range>
</package>
<package>
<name>p5-Email-Address-List</name>
<range><lt>0.02</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The RT development team reports:</p>
<blockquote cite="http://blog.bestpractical.com/2014/01/security-vulnerability-in-rt-42.html">
<p>Versions of RT between 4.2.0 and 4.2.2 (inclusive) are
vulnerable to a denial-of-service attack via the email
gateway; any installation which accepts mail from untrusted
sources is vulnerable, regardless of the permissions
configuration inside RT. This vulnerability is assigned
CVE-2014-1474.</p>
<p>This vulnerability is caused by poor parsing performance
in the Email::Address::List module, which RT depends on. We
recommend that affected users upgrade their version of
Email::Address::List to v0.02 or above, which resolves the
issue. Due to a communications mishap, the release on CPAN
will temporarily appear as "unauthorized," and the
command-line cpan client will hence not install it. We
expect this to be resolved shortly; in the meantime, the
release is also available from our server.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-1474</cvename>
<url>http://blog.bestpractical.com/2014/01/security-vulnerability-in-rt-42.html</url>
</references>
<dates>
<discovery>2014-01-27</discovery>
<entry>2014-01-27</entry>
</dates>
</vuln>
<vuln vid="efa663eb-8754-11e3-9a47-00163e1ed244">
<topic>strongswan -- multiple DoS vulnerabilities</topic>
<affects>
<package>
<name>strongswan</name>
<range><lt>5.1.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>strongSwan Project reports:</p>
<blockquote cite="http://www.strongswan.org/blog/2013/11/01/strongswan-denial-of-service-vulnerability-%28cve-2013-6076%29.html">
<p>A DoS vulnerability triggered by crafted IKEv1 fragmentation
payloads was discovered in strongSwan's IKE daemon charon. All
versions since 5.0.2 are affected.</p>
</blockquote>
<blockquote cite="http://www.strongswan.org/blog/2013/11/01/strongswan-denial-of-service-vulnerability-%28cve-2013-6075%29.html">
<p>A DoS vulnerability and potential authorization bypass triggered
by a crafted ID_DER_ASN1_DN ID payload was discovered in strongSwan.
All versions since 4.3.3 are affected.</p>
</blockquote>
<blockquote cite="http://www.strongswan.org/blog/2013/08/01/strongswan-denial-of-service-vulnerability-%28cve-2013-5018%29.html">
<p>A DoS vulnerability in strongSwan was discovered, which is
triggered by XAuth usernames and EAP identities in versions
5.0.3 and 5.0.4.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2013-5018</cvename>
<cvename>CVE-2013-6075</cvename>
<cvename>CVE-2013-6076</cvename>
<url>http://www.strongswan.org/blog/2013/08/01/strongswan-denial-of-service-vulnerability-%28cve-2013-5018%29.html</url>
<url>http://www.strongswan.org/blog/2013/11/01/strongswan-denial-of-service-vulnerability-%28cve-2013-6075%29.html</url>
<url>http://www.strongswan.org/blog/2013/11/01/strongswan-denial-of-service-vulnerability-%28cve-2013-6076%29.html</url>
</references>
<dates>
<discovery>2013-11-01</discovery>
<entry>2014-01-27</entry>
</dates>
</vuln>
<vuln vid="d9dbe6e8-84da-11e3-98bd-080027f2d077">
<topic>varnish -- DoS vulnerability in Varnish HTTP cache</topic>
<affects>
<package>
<name>varnish</name>
<range><lt>3.0.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Varnish Cache Project reports:</p>
<blockquote cite="https://www.varnish-cache.org/lists/pipermail/varnish-announce/2013-October/000686.html">
<p>If Varnish receives a certain illegal request, and the subroutine
'vcl_error{}' restarts the request, the varnishd worker process
will crash with an assert.
</p>
<p>The varnishd management process will restart the worker process, but
there will be a brief interruption of service and the cache will be
emptied, causing more traffic to go to the backend.
</p>
<p>We are releasing this advisory because restarting from vcl_error{} is
both fairly common and documented.</p>
<p>This is purely a denial of service vulnerability, there is no risk of
privilege escalation.</p>
<p>Workaround</p>
<p>Insert this at the top of your VCL file:</p>
<pre>
sub vcl_error {
if (obj.status == 400 || obj.status == 413) {
return(deliver);
}
}
Or add this test at the top of your existing vcl_error{}.
</pre>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2013-4484</cvename>
<mlist>https://www.varnish-cache.org/lists/pipermail/varnish-announce/2013-October/000686.html</mlist>
</references>
<dates>
<discovery>2013-10-30</discovery>
<entry>2014-01-25</entry>
</dates>
</vuln>
<vuln vid="c0ef849e-84ac-11e3-bec4-9c4e36909cc0">
<topic>linux-flashplugin -- multiple vulnerabilities</topic>
<affects>
<package>
<name>linux-f10-flashplugin</name>
<range><lt>11.2r202.335</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Adobe reports:</p>
<blockquote cite="http://helpx.adobe.com/security/products/flash-player/apsb14-02.html">
<p>These updates address vulnerabilities that could cause a crash
and potentially allow an attacker to take control of the affected system.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-0491</cvename>
<cvename>CVE-2014-0492</cvename>
<url>http://helpx.adobe.com/security/products/flash-player/apsb14-02.html</url>
</references>
<dates>
<discovery>2014-01-14</discovery>
<entry>2014-01-24</entry>
</dates>
</vuln>
<vuln vid="6d08fa63-83bf-11e3-bdba-080027ef73ec">
<topic>HTMLDOC -- buffer overflow issues when reading AFM files and parsing page sizes</topic>
<affects>
<package>
<name>htmldoc</name>
<range><lt>1.8.28</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Michael Sweet reports:</p>
<blockquote cite="http://www.msweet.org/projects.php?Z1">
<p>HTMLDOC 1.8.28 fixes some known security issues and
formatting bugs. Changes include:</p>
<ul>
<li>SECURITY: Fixed three buffer overflow issues when
reading AFM files and parsing page sizes.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<url>http://www.msweet.org/projects.php?Z1</url>
</references>
<dates>
<discovery>2014-01-06</discovery>
<entry>2014-01-22</entry>
<modified>2014-01-23</modified>
</dates>
</vuln>
<vuln vid="81f1fdc2-7ec7-11e3-a6c6-00163e1ed244">
<topic>virtualbox-ose -- local vulnerability</topic>
<affects>
<package>
<name>virtualbox-ose</name>
<range><lt>4.2.22</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Oracle reports:</p>
<blockquote cite="http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html">
<p>Unspecified vulnerability in the Oracle VM VirtualBox
component in Oracle Virtualization VirtualBox prior to
3.2.20, 4.0.22, 4.1.30, 4.2.22, and 4.3.6 allows local
users to affect confidentiality, integrity, and availability
via unknown vectors related to Core.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2013-5892</cvename>
<url>http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html</url>
</references>
<dates>
<discovery>2014-01-15</discovery>
<entry>2014-01-16</entry>
</dates>
</vuln>
<vuln vid="3d95c9a7-7d5c-11e3-a8c1-206a8a720317">
<topic>ntpd DRDoS / Amplification Attack using ntpdc monlist command</topic>
<affects>
<package>
<name>ntp</name>
<range><lt>4.2.7p26</lt></range>
</package>
<package>
<name>FreeBSD</name>
<range><ge>8.3</ge><lt>8.3_14</lt></range>
<range><ge>8.4</ge><lt>8.4_7</lt></range>
<range><ge>9.1</ge><lt>9.1_10</lt></range>
<range><ge>9.2</ge><lt>9.2_3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>ntp.org reports:</p>
<blockquote cite="http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using">
<p>Unrestricted access to the monlist feature in
ntp_request.c in ntpd in NTP before 4.2.7p26 allows remote
attackers to cause a denial of service (traffic
amplification) via forged (1) REQ_MON_GETLIST or (2)
REQ_MON_GETLIST_1 requests, as exploited in the wild in
December 2013</p>
<p>Use noquery to your default restrictions to block all
status queries.</p>
<p>Use disable monitor to disable the ``ntpdc -c monlist''
command while still allowing other status queries.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2013-5211</cvename>
<freebsdsa>SA-14:02.ntpd</freebsdsa>
<url>http://support.ntp.org/bin/view/Main/SecurityNotice#DRDoS_Amplification_Attack_using</url>
</references>
<dates>
<discovery>2014-01-01</discovery>
<entry>2014-01-14</entry>
<modified>2016-08-09</modified>
</dates>
</vuln>
<vuln vid="ba04a373-7d20-11e3-8992-00132034b086">
<topic>nagios -- denial of service vulnerability</topic>
<affects>
<package>
<name>nagios</name>
<range><lt>3.5.1_3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Eric Stanley reports:</p>
<blockquote cite="http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/">
<p>Most CGIs previously incremented the input variable counter twice
when it encountered a long key value. This could cause the CGI to
read past the end of the list of CGI variables.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2013-7108</cvename>
<cvename>CVE-2013-7205</cvename>
<url>http://sourceforge.net/p/nagios/nagioscore/ci/d97e03f32741a7d851826b03ed73ff4c9612a866/</url>
<url>https://bugzilla.redhat.com/show_bug.cgi?id=1046113</url>
</references>
<dates>
<discovery>2013-12-20</discovery>
<entry>2014-01-14</entry>
</dates>
</vuln>
<vuln vid="cb252f01-7c43-11e3-b0a6-005056a37f68">
<topic>bind -- denial of service vulnerability</topic>
<affects>
<package>
<name>bind99</name>
<range><lt>9.9.4.2</lt></range>
</package>
<package>
<name>bind99-base</name>
<range><lt>9.9.4.2</lt></range>
</package>
<package>
<name>bind98</name>
<range><lt>9.8.6.2</lt></range>
</package>
<package>
<name>bind98-base</name>
<range><lt>9.8.6.2</lt></range>
</package>
<package>
<name>bind96</name>
<range><lt>9.6.3.2.ESV.R10.2</lt></range>
</package>
<package>
<name>bind96-base</name>
<range><lt>9.6.3.2.ESV.R10.2</lt></range>
</package>
<package>
<name>FreeBSD</name>
<range><ge>9.2</ge><lt>9.2_3</lt></range>
<range><ge>9.1</ge><lt>9.1_10</lt></range>
<range><ge>8.4</ge><lt>8.4_7</lt></range>
<range><ge>8.3</ge><lt>8.3_14</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>ISC reports:</p>
<blockquote cite="https://kb.isc.org/article/AA-01078/74/">
<p>Because of a defect in handling queries for NSEC3-signed zones,
BIND can crash with an "INSIST" failure in name.c when processing
queries possessing certain properties. By exploiting this defect
an attacker deliberately constructing a query with the right
properties could achieve denial of service against an authoritative
nameserver serving NSEC3-signed zones.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2014-0591</cvename>
<freebsdsa>SA-14:04.bind</freebsdsa>
<url>https://kb.isc.org/article/AA-01078/74/</url>
</references>
<dates>
<discovery>2014-01-08</discovery>
<entry>2014-01-13</entry>
<modified>2016-08-09</modified>
</dates>
</vuln>
<vuln vid="28c575fa-784e-11e3-8249-001cc0380077">
<topic>libXfont -- Stack buffer overflow in parsing of BDF font files in libXfont</topic>
<affects>
<package>
<name>libXfont</name>
<range><lt>1.4.7,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>freedesktop.org reports:</p>
<blockquote cite="http://lists.x.org/archives/xorg-announce/2014-January/002389.html">
<p>A BDF font file containing a longer than expected string can cause
a buffer overflow on the stack. Testing in X servers built with
Stack Protector restulted in an immediate crash when reading a
user-proveded specially crafted font.</p>
<p>As libXfont is used to read user-specified font files in all X
servers distributed by X.Org, including the Xorg server which is
often run with root privileges or as setuid-root in order to access
hardware, this bug may lead to an unprivileged user acquiring root
privileges in some systems.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2013-6462</cvename>
<url>http://lists.x.org/archives/xorg-announce/2014-January/002389.html</url>
</references>
<dates>
<discovery>2013-12-24</discovery>
<entry>2014-01-08</entry>
</dates>
</vuln>
<vuln vid="5aaa257e-772d-11e3-a65a-3c970e169bc2">
<topic>openssl -- multiple vulnerabilities</topic>
<affects>
<package>
<name>openssl</name>
<range><lt>1.0.1_9</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>OpenSSL development team reports:</p>
<blockquote cite="http://www.openssl.org/news/openssl-1.0.1-notes.html">
<p>Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014]:</p>
<ul>
<li>Fix for TLS record tampering bug [CVE-2013-4353]</li>
<li>Fix for TLS version checking bug [CVE-2013-6449]</li>
<li>Fix for DTLS retransmission bug [CVE-2013-6450]</li>
</ul>
</blockquote>
</body>
</description>
<references>
<freebsdsa>SA-14:03.openssl</freebsdsa>
<cvename>CVE-2013-4353</cvename>
<cvename>CVE-2013-6449</cvename>
<cvename>CVE-2013-6450</cvename>
<url>http://www.openssl.org/news/openssl-1.0.1-notes.html</url>
</references>
<dates>
<discovery>2014-01-06</discovery>
<entry>2014-01-06</entry>
<modified>2016-08-09</modified>
</dates>
</vuln>
Reference in New Issue View Git Blame Copy Permalink