Linux Advisory Watch: September 21st, 2015

Security Report Summary

Security Report Summary

Security Report Summary

Security Report Summary

Security Report Summary

Security Report Summary

Security Report Summary

libxl fails to honour readonly flag on disks with qemu-xen [XSA-142 (possiblefix)]

Security fix for use after free vulnerability

unzip-6.0-22.fc21 - Fix heap overflow and infinite loop when invalid input isgiven (#1260947) unzip-6.0-22.fc22 - Fix heap overflow and infinite loop wheninvalid input is given (#1260947) unzip-6.0-23.fc23 - Fix heap overflow andinfinite loop when invalid input is given (#1260947)

Security fix for CVE-2015-5146, CVE-2015-5194, CVE-2015-5219, CVE-2015-5195,CVE-2015-5196

libvpx-1.3.0-7.fc21 - set --size-limit=16384x16384 to fix CVE-2015-1258libvpx-1.3.0-7.fc22 - set --size-limit=16384x16384 to fix CVE-2015-1258libvpx-1.4.0-5.fc23 - set --size-limit=16384x16384 to avoid CVE-2015-1258

From changelog for **Version 1.12.5** * add OPSYS_Z_CPM missing constantBackported from **1.13.0** * Fixed bug #70350 (ZipArchive::extractTo allows fordirectory traversal when creating directories). (neal at fb dot com)

From changelog for **Version 1.12.5** * add OPSYS_Z_CPM missing constantBackported from **1.13.0** * Fixed bug #70350 (ZipArchive::extractTo allows fordirectory traversal when creating directories). (neal at fb dot com)

Upstream change, **Version 1.13** * update bundled libzip to 1.0.1 (Remi,Anatol) * new methods for ZipArchive: setCompressionName, setCompressionIndex(Cedric Delmas) * allow to build with PHP 7 * Fixed bug 70350(ZipArchive::extractTo allows for directory traversal when creatingdirectories). (neal at fb dot com) * Fixed bug 70322 (ZipArchive::close()doesn't indicate errors). (cmb)

pcs-0.9.137-5.fc21 - Fix for CVE-2015-5189 incorrect authorization - Fix forCVE-2015-5190 command injection

pcs-0.9.139-7.fc22 - Fix for CVE-2015-5189 incorrect authorization - Fix forCVE-2015-5190 command injection

Fix typo causing qemu-img to link against entire world (bz #1260996) ---- *CVE-2015-5225: heap memory corruption in vnc_refresh_server_surface (bz#1255899)

smuxi-1.0-2.fc23 - Added patch to not expose the user's realnameautomatically (bz#1257597)

Upstream release v0.7.1-1

moodle-2.9.1-1.fc23 - 2.9.1

03 Sep 2015, **PHP 5.6.13** **Core:** * Fixed bug #69900 (Too long timeout onpipes). (Anatol) * Fixed bug #69487 (SAPI may truncate POST data). (cmb) * Fixedbug #70198 (Checking liveness does not work as expected). (Shafreeck Sea, AnatolBelski) * Fixed bug #70172 (Use After Free Vulnerability in unserialize()).(Stas) * Fixed bug #70219 (Use after free vulnerability in sessiondeserializer). (taoguangchen at icloud dot com) **CLI server:** * Fixed bug#66606 (Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE). (wusuopu, cmb) * Fixed bug#70264 (CLI server directory traversal). (cmb) **Date:** * Fixed bug #70266(DateInterval::__construct.interval_spec is not supposed to be optional). (cmb)* Fixed bug #70277 (new DateTimeZone($foo) is ignoring text after null byte).(cmb) **EXIF:** * Fixed bug #70385 (Buffer over-read in exif_read_data withTIFF IFD tag byte value of 32 bytes). (Stas) **hash:** * Fixed bug #70312(HAVAL gives wrong hashes in specific cases). (letsgolee at naver dot com)**MCrypt:** * Fixed bug #69833 (mcrypt fd caching not working). (Anatol)**Opcache:** * Fixed bug #70237 (Empty while and do-while segmentation faultwith opcode on CLI enabled). (Dmitry, Laruence) **PCRE:** * Fixed bug #70232(Incorrect bump-along behavior with \K and empty string match). (cmb) * Fixedbug #70345 (Multiple vulnerabilities related to PCRE functions). (Anatol Belski)**SOAP:** * Fixed bug #70388 (SOAP serialize_function_call() type confusion /RCE). (Stas) **SPL:** * Fixed bug #70290 (Null pointer deref (segfault) inspl_autoload via ob_start). (hugh at allthethings dot co dot nz) * Fixed bug#70303 (Incorrect constructor reflection for ArrayObject). (cmb) * Fixed bug#70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage).(taoguangchen at icloud dot com) * Fixed bug #70366 (Use-after-freevulnerability in unserialize() with SplDoublyLinkedList). (taoguangchen aticloud dot com) **Standard:** * Fixed bug #70052 (getimagesize() fails forvery large and very small WBMP). (cmb) * Fixed bug #70157 (parse_ini_string()segmentation fault with INI_SCANNER_TYPED). (Tjerk) **XSLT:** * Fixed bug#69782 (NULL pointer dereference). (Stas)

CVE-2015-5723 https://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html

## 1.5.2 (2015-08-31) ### Security: * Fix Security MisconfigurationVulnerability, allowing potential local arbitrary code execution *CVE-2015-5723 * https://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html ## 1.5.1 (2015-08-12)### Bugfix: * Fixed the JS expanding all queries in the profiler in case ofmultiple connections * Fixed the retrieval of the namespace inDisconnectedMetadataFactory * Changed the composer constraint to allow Symfony3.0 for people wanting to do early testing

CVE-2015-5723 https://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html

phpMyAdmin 4.4.14.1 (2015-09-08) ================================ - [security]reCaptcha bypass

Use %configure macro as it deals with config.sub/guess and various flagsproperly ---- nrpe-2.15-6.el7 - Fix spec file for missing/usr/share/libtool/config/config.guess nrpe-2.15-6.el6 - Fix spec file formissing /usr/share/libtool/config/config.guess nrpe-2.15-6.fc23 - Fix specfile for missing /usr/share/libtool/config/config.guess nrpe-2.15-6.fc22 -Fix spec file for missing /usr/share/libtool/config/config.guessnrpe-2.15-6.fc21 - Fix spec file for missing/usr/share/libtool/config/config.guess

Add upstream patch to fix XSS vulnerability (bug #1259405)

Add upstream patch to fix XSS vulnerability (bug #1259405)

This is an update to the set of CA certificates version 2.5 as released with NSSversion 3.19.3 However, as in previous versions of the ca-certificatespackage, the CA list has been modified to keep several legacy CAs still trustedfor compatibility reasons. Please refer to the project URL for details. Ifyou prefer to use the unchanged list provided by Mozilla, and if you accept anycompatibility issues it may cause, an administrator may configure the system byexecuting the "ca-legacy disable" command.

- oggenc: fix large alloca on bad AIFF input (CVE-2015-6749)

moodle-2.7.9-1.fc21 - 2.7.9.

moodle-2.8.7-1.fc22 - Latest upstream release.

03 Sep 2015, **PHP 5.6.13** **Core:** * Fixed bug #69900 (Too long timeout onpipes). (Anatol) * Fixed bug #69487 (SAPI may truncate POST data). (cmb) * Fixedbug #70198 (Checking liveness does not work as expected). (Shafreeck Sea, AnatolBelski) * Fixed bug #70172 (Use After Free Vulnerability in unserialize()).(Stas) * Fixed bug #70219 (Use after free vulnerability in sessiondeserializer). (taoguangchen at icloud dot com) **CLI server:** * Fixed bug#66606 (Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE). (wusuopu, cmb) * Fixed bug#70264 (CLI server directory traversal). (cmb) **Date:** * Fixed bug #70266(DateInterval::__construct.interval_spec is not supposed to be optional). (cmb)* Fixed bug #70277 (new DateTimeZone($foo) is ignoring text after null byte).(cmb) **EXIF:** * Fixed bug #70385 (Buffer over-read in exif_read_data withTIFF IFD tag byte value of 32 bytes). (Stas) **hash:** * Fixed bug #70312(HAVAL gives wrong hashes in specific cases). (letsgolee at naver dot com)**MCrypt:** * Fixed bug #69833 (mcrypt fd caching not working). (Anatol)**Opcache:** * Fixed bug #70237 (Empty while and do-while segmentation faultwith opcode on CLI enabled). (Dmitry, Laruence) **PCRE:** * Fixed bug #70232(Incorrect bump-along behavior with \K and empty string match). (cmb) * Fixedbug #70345 (Multiple vulnerabilities related to PCRE functions). (Anatol Belski)**SOAP:** * Fixed bug #70388 (SOAP serialize_function_call() type confusion /RCE). (Stas) **SPL:** * Fixed bug #70290 (Null pointer deref (segfault) inspl_autoload via ob_start). (hugh at allthethings dot co dot nz) * Fixed bug#70303 (Incorrect constructor reflection for ArrayObject). (cmb) * Fixed bug#70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage).(taoguangchen at icloud dot com) * Fixed bug #70366 (Use-after-freevulnerability in unserialize() with SplDoublyLinkedList). (taoguangchen aticloud dot com) **Standard:** * Fixed bug #70052 (getimagesize() fails forvery large and very small WBMP). (cmb) * Fixed bug #70157 (parse_ini_string()segmentation fault with INI_SCANNER_TYPED). (Tjerk) **XSLT:** * Fixed bug#69782 (NULL pointer dereference). (Stas)

## 1.5.2 (2015-08-31) ### Security: * Fix Security MisconfigurationVulnerability, allowing potential local arbitrary code execution *CVE-2015-5723 * https://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html ## 1.5.1 (2015-08-12)### Bugfix: * Fixed the JS expanding all queries in the profiler in case ofmultiple connections * Fixed the retrieval of the namespace inDisconnectedMetadataFactory * Changed the composer constraint to allow Symfony3.0 for people wanting to do early testing

CVE-2015-5723 https://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html

CVE-2015-5723 https://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html

CVE-2015-5723 https://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html

## 1.5.2 (2015-08-31) ### Security: * Fix Security MisconfigurationVulnerability, allowing potential local arbitrary code execution *CVE-2015-5723 * https://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html ## 1.5.1 (2015-08-12)### Bugfix: * Fixed the JS expanding all queries in the profiler in case ofmultiple connections * Fixed the retrieval of the namespace inDisconnectedMetadataFactory * Changed the composer constraint to allow Symfony3.0 for people wanting to do early testing

03 Sep 2015, **PHP 5.6.13** **Core:** * Fixed bug #69900 (Too long timeout onpipes). (Anatol) * Fixed bug #69487 (SAPI may truncate POST data). (cmb) * Fixedbug #70198 (Checking liveness does not work as expected). (Shafreeck Sea, AnatolBelski) * Fixed bug #70172 (Use After Free Vulnerability in unserialize()).(Stas) * Fixed bug #70219 (Use after free vulnerability in sessiondeserializer). (taoguangchen at icloud dot com) **CLI server:** * Fixed bug#66606 (Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE). (wusuopu, cmb) * Fixed bug#70264 (CLI server directory traversal). (cmb) **Date:** * Fixed bug #70266(DateInterval::__construct.interval_spec is not supposed to be optional). (cmb)* Fixed bug #70277 (new DateTimeZone($foo) is ignoring text after null byte).(cmb) **EXIF:** * Fixed bug #70385 (Buffer over-read in exif_read_data withTIFF IFD tag byte value of 32 bytes). (Stas) **hash:** * Fixed bug #70312(HAVAL gives wrong hashes in specific cases). (letsgolee at naver dot com)**MCrypt:** * Fixed bug #69833 (mcrypt fd caching not working). (Anatol)**Opcache:** * Fixed bug #70237 (Empty while and do-while segmentation faultwith opcode on CLI enabled). (Dmitry, Laruence) **PCRE:** * Fixed bug #70232(Incorrect bump-along behavior with \K and empty string match). (cmb) * Fixedbug #70345 (Multiple vulnerabilities related to PCRE functions). (Anatol Belski)**SOAP:** * Fixed bug #70388 (SOAP serialize_function_call() type confusion /RCE). (Stas) **SPL:** * Fixed bug #70290 (Null pointer deref (segfault) inspl_autoload via ob_start). (hugh at allthethings dot co dot nz) * Fixed bug#70303 (Incorrect constructor reflection for ArrayObject). (cmb) * Fixed bug#70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage).(taoguangchen at icloud dot com) * Fixed bug #70366 (Use-after-freevulnerability in unserialize() with SplDoublyLinkedList). (taoguangchen aticloud dot com) **Standard:** * Fixed bug #70052 (getimagesize() fails forvery large and very small WBMP). (cmb) * Fixed bug #70157 (parse_ini_string()segmentation fault with INI_SCANNER_TYPED). (Tjerk) **XSLT:** * Fixed bug#69782 (NULL pointer dereference). (Stas)

CVE-2015-5723 https://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html

Updated kernel-rt packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. [More...]

Updated qemu-kvm packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security [More...]

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security [More...]

Updated kernel-rt packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. [More...]

Updated qemu-kvm-rhev packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0, 6.0 and 7.0, for Red Hat Enterprise Linux 7. [More...]

Unity Settings Daemon would allow mounting removable media while the screenis locked.

Several security issues were fixed in ICU.

Several security issues were fixed in OpenLDAP.