【CESA-2017:0838】An update for openjpeg is now available for Red Hat Enterprise Linux 7

/in , /by

CESA-2017:0838

An update for openjpeg is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

OpenJPEG is an open source library for reading and writing image files in
JPEG2000 format.

Security Fix(es):

* Multiple integer overflow flaws, leading to heap-based buffer overflows, were
found in OpenJPEG. A specially crafted JPEG2000 image could cause an application
using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-2016-5139,
CVE-2016-5158, CVE-2016-5159, CVE-2016-7163)

* An out-of-bounds read vulnerability was found in OpenJPEG, in the j2k_to_image
tool. Converting a specially crafted JPEG2000 file to another format could cause
the application to crash or, potentially, disclose some data from the heap.
(CVE-2016-9573)

* A heap-based buffer overflow vulnerability was found in OpenJPEG. A specially
crafted JPEG2000 image, when read by an application using OpenJPEG, could cause
the application to crash or, potentially, execute arbitrary code.
(CVE-2016-9675)

Red Hat would like to thank Liu Bingchang (IIE) for reporting CVE-2016-9573. The
CVE-2016-9675 issue was discovered by Doran Moppert (Red Hat Product Security).

Bugs Fixed

1363982 – CVE-2016-5139 chromium-browser, openjpeg: Heap overflow in parsing of JPEG2000 precincts
1372219 – CVE-2016-5158 chromium-browser, openjpeg: heap overflow due to unsafe use of opj_aligned_malloc
1372220 – CVE-2016-5159 chromium-browser, openjpeg: heap overflow in parsing of JPEG2000 code blocks
1374329 – CVE-2016-7163 openjpeg: Integer overflow in opj_pi_create_decode
1382202 – CVE-2016-9675 openjpeg: incorrect fix for CVE-2013-6045
1402711 – CVE-2016-9573 openjpeg: heap out-of-bounds read due to insufficient check in imagetopnm()

【CESA-2017:0837】An update for icoutils is now available for Red Hat Enterprise Linux 7

/in , /by

CESA-2017:0837

An update for icoutils is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

The icoutils are a set of programs for extracting and converting images in
Microsoft Windows icon and cursor files. These files usually have the extension
.ico or .cur, but they can also be embedded in executables or libraries.

Security Fix(es):

* Multiple vulnerabilities were found in icoutils, in the wrestool program. An
attacker could create a crafted executable that, when read by wrestool, could
result in memory corruption leading to a crash or potential code execution.
(CVE-2017-5208, CVE-2017-5333, CVE-2017-6009)

* A vulnerability was found in icoutils, in the wrestool program. An attacker
could create a crafted executable that, when read by wrestool, could result in
failure to allocate memory or an over-large memcpy operation, leading to a
crash. (CVE-2017-5332)

* Multiple vulnerabilities were found in icoutils, in the icotool program. An
attacker could create a crafted ICO or CUR file that, when read by icotool,
could result in memory corruption leading to a crash or potential code
execution. (CVE-2017-6010, CVE-2017-6011)

Bugs fixed

1411251 – CVE-2017-5208 icoutils: Check_offset overflow on 64-bit systems
1412259 – CVE-2017-5333 icoutils: Integer overflow vulnerability in extract.c
1412263 – CVE-2017-5332 icoutils: Access to unallocated memory possible in extract.c
1422906 – CVE-2017-6009 icoutils: Buffer overflow in the decode_ne_resource_id function
1422907 – CVE-2017-6010 icoutils: Buffer overflow in the extract_icons function
1422908 – CVE-2017-6011 icoutils: Buffer overflow in the simple_vec function

【CESA-2017:0559】An update for openjpeg is now available for Red Hat Enterprise Linux 6

/in , /by

CESA-2017:0559

An update for openjpeg is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

OpenJPEG is an open source library for reading and writing image files in
JPEG2000 format.

Security Fix(es):

* Multiple integer overflow flaws, leading to heap-based buffer overflows, were
found in OpenJPEG. A specially crafted JPEG2000 image could cause an application
using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-2016-5139,
CVE-2016-5158, CVE-2016-5159, CVE-2016-7163)

* A vulnerability was found in the patch for CVE-2013-6045 for OpenJPEG. A
specially crafted JPEG2000 image, when read by an application using OpenJPEG,
could cause heap-based buffer overflows leading to a crash or, potentially,
arbitrary code execution. (CVE-2016-9675)

The CVE-2016-9675 issue was discovered by Doran Moppert (Red Hat Product
Security).

Bugs Fixed

1363982 – CVE-2016-5139 chromium-browser, openjpeg: Heap overflow in parsing of JPEG2000 precincts
1372219 – CVE-2016-5158 chromium-browser, openjpeg: heap overflow due to unsafe use of opj_aligned_malloc
1372220 – CVE-2016-5159 chromium-browser, openjpeg: heap overflow in parsing of JPEG2000 code blocks
1374329 – CVE-2016-7163 openjpeg: Integer overflow in opj_pi_create_decode
1382202 – CVE-2016-9675 openjpeg: incorrect fix for CVE-2013-6045

【CESA-2017:0558】An update for firefox is now available for Red Hat Enterprise Linux 7

/in , /by

CESA-2017:0558

An update for firefox is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of
Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

Mozilla Firefox is an open source web browser.

Security Fix(es):

* A flaw was found in the processing of malformed web content. A web page
containing malicious content could cause Firefox to crash or, potentially,
execute arbitrary code with the privileges of the user running Firefox.
(CVE-2017-5428)

Red Hat would like to thank the Mozilla project for reporting this issue.
Upstream acknowledges Chaitin Security Research Lab via Trend Micro’s Zero Day
Initiative as the original reporters.

Bugs Fixed

1433202 – CVE-2017-5428 Mozilla: integer overflow in createImageBitmap() (MFSA 2017-08)

【CESA-2017:0527】An update for tomcat6 is now available for Red Hat Enterprise Linux 6

/in , /by

CESA-2017:0527

An update for tomcat6 is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages
(JSP) technologies.

Security Fix(es):

* It was discovered that the code that parsed the HTTP request line permitted
invalid characters. This could be exploited, in conjunction with a proxy that
also permitted the invalid characters but with a different interpretation, to
inject data into the HTTP response. By manipulating the HTTP response the
attacker could poison a web-cache, perform an XSS attack, or obtain sensitive
information from requests other then their own. (CVE-2016-6816)

Note: This fix causes Tomcat to respond with an HTTP 400 Bad Request error when
request contains characters that are not permitted by the HTTP specification to
appear not encoded, even though they were previously accepted. The newly
introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow
can be used to configure Tomcat to accept curly braces ({ and }) and the pipe
symbol (|) in not encoded form, as these are often used in URLs without being
properly encoded.

* A bug was discovered in the error handling of the send file code for the NIO
HTTP connector. This led to the current Processor object being added to the
Processor cache multiple times allowing information leakage between requests
including, and not limited to, session ID and the response body. (CVE-2016-8745)

Bugs Fixed

1397484 – CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests
1403824 – CVE-2016-8745 tomcat: information disclosure due to incorrect Processor sharing

【CESA-2017:0498】An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7

/in , /by

CESA-2017:0498

An update for thunderbird is now available for Red Hat Enterprise Linux 5, Red
Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 45.8.0.

Security Fix(es):

* Multiple flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Thunderbird to crash or,
potentially, execute arbitrary code with the privileges of the user running
Thunderbird. (CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402,
CVE-2017-5404, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5405)

Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Nils, Jerri Rice, Rh0, Anton Eliasson, David Kohlbrenner,
Ivan Fratric of Google Project Zero, Anonymous, Eric Lawrence of Chrome
Security, Boris Zbarsky, Christian Holler, Honza Bambas, Jon Coppeard, Randell
Jesup, André Bargull, Kan-Ru Chen, and Nathan Froyd as the original reporters.

Bugs Fixed

1429778 – CVE-2017-5400 Mozilla: asm.js JIT-spray bypass of ASLR and DEP (MFSA 2017-06)
1429779 – CVE-2017-5401 Mozilla: Memory Corruption when handling ErrorResult (MFSA 2017-06)
1429780 – CVE-2017-5402 Mozilla: Use-after-free working with events in FontFace objects (MFSA 2017-06)
1429781 – CVE-2017-5404 Mozilla: Use-after-free working with ranges in selections (MFSA 2017-06)
1429782 – CVE-2017-5407 Mozilla: Pixel and history stealing via floating-point timing side channel with SVG filters (MFSA 2017-06)
1429783 – CVE-2017-5410 Mozilla: Memory corruption during JavaScript garbage collection incremental sweeping (MFSA 2017-06)
1429784 – CVE-2017-5408 Mozilla: Cross-origin reading of video captions in violation of CORS (MFSA 2017-06)
1429785 – CVE-2017-5405 Mozilla: FTP response codes can cause use of uninitialized values for ports (MFSA 2017-06)
1429786 – CVE-2017-5398 Mozilla: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8 (MFSA 2017-06)

【CESA-2017:0461】An update for firefox is now available for Red Hat Enterprise Linux 7

/in , /by

CESA-2017:0461

An update for firefox is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of
Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

Mozilla Firefox is an open source web browser.

This update upgrades Firefox to version 52.0 ESR.

Security Fix(es):

* Multiple flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or, potentially,
execute arbitrary code with the privileges of the user running Firefox.
(CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404,
CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5405)

Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Nils, Jerri Rice, Rh0, Anton Eliasson, David Kohlbrenner,
Ivan Fratric of Google Project Zero, Anonymous, Eric Lawrence of Chrome
Security, Boris Zbarsky, Christian Holler, Honza Bambas, Jon Coppeard, Randell
Jesup, André Bargull, Kan-Ru Chen, and Nathan Froyd as the original reporters.

Bugs Fixed

1429778 – CVE-2017-5400 Mozilla: asm.js JIT-spray bypass of ASLR and DEP (MFSA 2017-06)
1429779 – CVE-2017-5401 Mozilla: Memory Corruption when handling ErrorResult (MFSA 2017-06)
1429780 – CVE-2017-5402 Mozilla: Use-after-free working with events in FontFace objects (MFSA 2017-06)
1429781 – CVE-2017-5404 Mozilla: Use-after-free working with ranges in selections (MFSA 2017-06)
1429782 – CVE-2017-5407 Mozilla: Pixel and history stealing via floating-point timing side channel with SVG filters (MFSA 2017-06)
1429783 – CVE-2017-5410 Mozilla: Memory corruption during JavaScript garbage collection incremental sweeping (MFSA 2017-06)
1429784 – CVE-2017-5408 Mozilla: Cross-origin reading of video captions in violation of CORS (MFSA 2017-06)
1429785 – CVE-2017-5405 Mozilla: FTP response codes can cause use of uninitialized values for ports (MFSA 2017-06)
1429786 – CVE-2017-5398 Mozilla: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8 (MFSA 2017-06)

【CESA-2017:0459】最新バージョンのfirefoxが、Red Hat Enterprise Linux 5/6 からご利用いただけるようになりました

/in /by

CESA-2017:0459

最新バージョンのfirefoxが、Red Hat Enterprise Linux 5/6 からご利用いただけるようになりました。

Red Hat製品のセキュリティ及び品質は大変ご好評いただいております。

今回の最新バージョンVulnerability Scoring System(CVSS)は、各セキュリティホールへのアクセス安全面を厳重にクラス分けし、確実・安全に詳細レポートをお送りいたします。参照セクションのリンクをクリックしてください。

 

Mozilla Firefox is an open source web browser.

This update upgrades Firefox to version 45.8.0 ESR.

Security Fix(es):

* Multiple flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or, potentially,
execute arbitrary code with the privileges of the user running Firefox.
(CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404,
CVE-2017-5407, CVE-2017-5408, CVE-2017-5410, CVE-2017-5405)

Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Nils, Jerri Rice, Rh0, Anton Eliasson, David Kohlbrenner,
Ivan Fratric of Google Project Zero, Anonymous, Eric Lawrence of Chrome
Security, Boris Zbarsky, Christian Holler, Honza Bambas, Jon Coppeard, Randell
Jesup, André Bargull, Kan-Ru Chen, and Nathan Froyd as the original reporters.

Bugs Fixed

1429778 – CVE-2017-5400 Mozilla: asm.js JIT-spray bypass of ASLR and DEP (MFSA 2017-06)
1429779 – CVE-2017-5401 Mozilla: Memory Corruption when handling ErrorResult (MFSA 2017-06)
1429780 – CVE-2017-5402 Mozilla: Use-after-free working with events in FontFace objects (MFSA 2017-06)
1429781 – CVE-2017-5404 Mozilla: Use-after-free working with ranges in selections (MFSA 2017-06)
1429782 – CVE-2017-5407 Mozilla: Pixel and history stealing via floating-point timing side channel with SVG filters (MFSA 2017-06)
1429783 – CVE-2017-5410 Mozilla: Memory corruption during JavaScript garbage collection incremental sweeping (MFSA 2017-06)
1429784 – CVE-2017-5408 Mozilla: Cross-origin reading of video captions in violation of CORS (MFSA 2017-06)
1429785 – CVE-2017-5405 Mozilla: FTP response codes can cause use of uninitialized values for ports (MFSA 2017-06)
1429786 – CVE-2017-5398 Mozilla: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8 (MFSA 2017-06)

【CESA-2017:0454】An update for kvm is now available for Red Hat Enterprise Linux 5

/in , , /by

CESA-2017:0454

An update for kvm is now available for Red Hat Enterprise Linux 5.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

KVM (for Kernel-based Virtual Machine) is a full virtualization solution for
Linux on x86 hardware. Using KVM, one can run multiple virtual machines running
unmodified Linux or Windows images. Each virtual machine has private virtualized
hardware: a network card, disk, graphics adapter, etc.

Security Fix(es):

* Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator support is
vulnerable to an out-of-bounds access issue. It could occur while copying VGA
data via bitblt copy in backward mode. A privileged user inside a guest could
use this flaw to crash the QEMU process resulting in DoS or potentially execute
arbitrary code on the host with privileges of QEMU process on the host.
(CVE-2017-2615)

* Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA Emulator support is
vulnerable to an out-of-bounds access issue. The issue could occur while copying
VGA data in cirrus_bitblt_cputovideo. A privileged user inside guest could use
this flaw to crash the QEMU process OR potentially execute arbitrary code on
host with privileges of the QEMU process. (CVE-2017-2620)

Red Hat would like to thank Wjjzhang (Tencent.com Inc.) and Li Qiang (360.cn
Inc.) for reporting CVE-2017-2615.

Bugs Fixed

1418200 – CVE-2017-2615 Qemu: display: cirrus: oob access while doing bitblt copy backward mode
1420484 – CVE-2017-2620 Qemu: display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo

【CESA-2017:0388】An update for qemu-kvm is now available for Red Hat Enterprise Linux 6

/in , /by

CESA-2017:0388

An update for qemu-kvm is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

Red Hat Identity Management (IdM) is a centralized authentication, identity
management, and authorization solution for both traditional and cloud-based
enterprise environments.

Security Fix(es):

* It was found that IdM’s ca-del, ca-disable, and ca-enable commands did not
properly check the user’s permissions while modifying CAs in Dogtag. An
authenticated, unauthorized attacker could use this flaw to delete, disable, or
enable CAs causing various denial of service problems with certificate issuance,
OCSP signing, and deletion of secret keys. (CVE-2017-2590)

This issue was discovered by Fraser Tweedale (Red Hat).

Bug Fix(es):

* Previously, during an Identity Management (IdM) replica installation that runs
on domain level “1” or higher, Directory Server was not configured to use TLS
encryption. As a consequence, installing a certificate authority (CA) on that
replica failed. Directory Server is now configured to use TLS encryption during
the replica installation and as a result, the CA installation works as expected.
(BZ#1410760)

* Previously, the Identity Management (IdM) public key infrastructure (PKI)
component was configured to listen on the “::1” IPv6 localhost address. In
environments have the the IPv6 protocol disabled, the replica installer was
unable to retrieve the Directory Server certificate, and the installation
failed. The default listening address of the PKI connector has been updated from
the IP address to “localhost”. As a result, the PKI connector now listens on the
correct addresses in IPv4 and IPv6 environments. (BZ#1416481)

* Previously, when installing a certificate authority (CA) on a replica,
Identity Management (IdM) was unable to provide third-party CA certificates to
the Certificate System CA installer. As a consequence, the installer was unable
to connect to the remote master if the remote master used a third-party server
certificate, and the installation failed. This updates applies a patch and as a
result, installing a CA replica works as expected in the described situation.
(BZ#1415158)

* When installing a replica, the web server service entry is created on the
Identity Management (IdM) master and replicated to all IdM servers. Previously,
when installing a replica without a certificate authority (CA), in certain
situations the service entry was not replicated to the new replica on time, and
the installation failed. The replica installer has been updated and now waits
until the web server service entry is replicated. As a result, the replica
installation no longer fails in the described situation. (BZ#1416488)

Bugs Fixed

1410760 – ipa-ca-install fails on replica when IPA Master is installed without CA
1413137 – CVE-2017-2590 ipa: Insufficient permission check for ca-del, ca-disable and ca-enable commands
1415158 – ipa-ca-install fails on replica when IPA server is converted from CA-less to CA-full
1416481 – IPA replica install fails with dirsrv errors.
1416488 – replication race condition prevents IPA to install