【CESA-2017:1440】An update for firefox is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7

CESA-2017:1440

An update for firefox is now available for Red Hat Enterprise Linux 6 and Red
Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of
Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

Mozilla Firefox is an open source web browser.

This update upgrades Firefox to version 52.2.0 ESR.

Security Fix(es):

* Multiple flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or, potentially,
execute arbitrary code with the privileges of the user running Firefox.
(CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7751, CVE-2017-7756,
CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775,
CVE-2017-7776, CVE-2017-7777, CVE-2017-7778, CVE-2017-7750, CVE-2017-7752,
CVE-2017-7754, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764)

Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Nils, Nicolas Trippar of Zimperium zLabs, Mats Palmgren,
Philipp, Masayuki Nakano, Christian Holler, Andrew McCreight, Gary Kwong, André
Bargull, Carsten Book, Jesse Schwartzentruber, Julian Hector, Marcia Knous,
Ronald Crane, Samuel Erb, Holger Fuhrmannek, Tyson Smith, Abhishek Arya, and F.
Alonso (revskills) as the original reporters.

Bugs Fixed

1461252 – CVE-2017-5472 Mozilla: Use-after-free using destroyed node when regenerating trees (MFSA 2017-16)
1461253 – CVE-2017-7749 Mozilla: Use-after-free during docshell reloading (MFSA 2017-16)
1461254 – CVE-2017-7750 Mozilla: Use-after-free with track elements (MFSA 2017-16)
1461255 – CVE-2017-7751 Mozilla: Use-after-free with content viewer listeners (MFSA 2017-16)
1461256 – CVE-2017-7752 Mozilla: Use-after-free with IME input (MFSA 2017-16)
1461257 – CVE-2017-7754 Mozilla: Out-of-bounds read in WebGL with ImageInfo object (MFSA 2017-16)
1461258 – CVE-2017-7756 Mozilla: Use-after-free and use-after-scope logging XHR header errors (MFSA 2017-16)
1461259 – CVE-2017-7757 Mozilla: Use-after-free in IndexedDB (MFSA 2017-16)
1461260 – CVE-2017-7778 CVE-2017-7771 CVE-2017-7772 CVE-2017-7773 CVE-2017-7774 CVE-2017-7775 CVE-2017-7776 CVE-2017-7777 CVE-2017-7778 Mozilla: Vulnerabilities in the Graphite 2 library (MFSA 2017-16)
1461261 – CVE-2017-7758 Mozilla: Out-of-bounds read in Opus encoder (MFSA 2017-16)
1461262 – CVE-2017-7764 Mozilla: Domain spoofing with combination of Canadian Syllabics and other unicode blocks (MFSA 2017-16)
1461264 – CVE-2017-5470 Mozilla: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2 (MFSA 2017-16)

【CESA-2017:1430】An update for qemu-kvm is now available for Red Hat Enterprise Linux 7

CESA-2017:1430

An update for qemu-kvm is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux
on a variety of architectures. The qemu-kvm package provides the user-space
component for running virtual machines that use KVM.

Security Fix(es):

* An out-of-bounds r/w access issue was found in QEMU’s Cirrus CLGD 54xx VGA
Emulator support. The vulnerability could occur while copying VGA data via
various bitblt functions. A privileged user inside a guest could use this flaw
to crash the QEMU process or, potentially, execute arbitrary code on the host
with privileges of the QEMU process. (CVE-2017-7980)

* An out-of-bounds access issue was found in QEMU’s Cirrus CLGD 54xx VGA
Emulator support. The vulnerability could occur while copying VGA data using
bitblt functions (for example, cirrus_bitblt_rop_fwd_transp_). A privileged user
inside a guest could use this flaw to crash the QEMU process, resulting in
denial of service. (CVE-2017-7718)

Red Hat would like to thank Jiangxin (PSIRT Huawei Inc) and Li Qiang (Qihoo 360
Gear Team) for reporting CVE-2017-7980 and Jiangxin (PSIRT Huawei Inc) for
reporting CVE-2017-7718.

Bug Fix(es):

* Previously, guest virtual machines in some cases became unresponsive when the
“pty” back end of a serial device performed an irregular I/O communication. This
update improves the handling of serial I/O on guests, which prevents the
described problem from occurring. (BZ#1452332)

Bugs Fixed

1443441 – CVE-2017-7718 Qemu: display: cirrus: OOB read access issue
1444371 – CVE-2017-7980 Qemu: display: cirrus: OOB r/w access issues in bitblt routines
1452332 – RHEL 7.2 based VM (Virtual Machine) hung for several hours apparently waiting for lock held by main_loop

【CESA-2017:1365】An update for nss is now available for Red Hat Enterprise Linux 7

CESA-2017:1365

An update for nss is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

Network Security Services (NSS) is a set of libraries designed to support the
cross-platform development of security-enabled client and server applications.

Security Fix(es):

* A null pointer dereference flaw was found in the way NSS handled empty SSLv2
messages. An attacker could use this flaw to crash a server application compiled
against the NSS library. (CVE-2017-7502)

Bug Fix(es):

* The Network Security Services (NSS) code and Certificate Authority (CA) list
have been updated to meet the recommendations as published with the latest
Mozilla Firefox Extended Support Release (ESR). The updated CA list improves
compatibility with the certificates that are used in the Internet Public Key
Infrastructure (PKI). To avoid certificate validation refusals, Red Hat
recommends installing the updated CA list on June 12, 2017. (BZ#1451421)

 

【CESA-2017:1364】An update for sudo is now available for Red Hat Enterprise Linux 6

CESA-2017:1364

An update for sudo is now available for Red Hat Enterprise Linux 6 and Red Hat
Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

The sudo packages contain the sudo utility which allows system administrators to
provide certain users with the permission to execute privileged commands, which
are used for system management purposes, without having to log in as root.

Security Fix(es):

* A flaw was found in the way sudo parsed tty information from the process
status file in the proc filesystem. A local user with privileges to execute
commands via sudo could use this flaw to escalate their privileges to root.
(CVE-2017-1000367)

Red Hat would like to thank Qualys Security for reporting this issue.

 

【CESA-2017:1382】An update for sudo is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7

CESA-2017:1382

An update for sudo is now available for Red Hat Enterprise Linux 6 and Red Hat
Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

The sudo packages contain the sudo utility which allows system administrators to
provide certain users with the permission to execute privileged commands, which
are used for system management purposes, without having to log in as root.

Security Fix(es):

* A flaw was found in the way sudo parsed tty information from the process
status file in the proc filesystem. A local user with privileges to execute
commands via sudo could use this flaw to escalate their privileges to root.
(CVE-2017-1000367)

Red Hat would like to thank Qualys Security for reporting this issue.

Bugs Fixed

1453074 – CVE-2017-1000367 sudo: Privilege escalation in via improper get_process_ttyname() parsing

【CESA-2017:1364】An update for nss is now available for Red Hat Enterprise Linux 6

CESA-2017:1364

An update for nss is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

Network Security Services (NSS) is a set of libraries designed to support the
cross-platform development of security-enabled client and server applications.

Security Fix(es):

* A null pointer dereference flaw was found in the way NSS handled empty SSLv2
messages. An attacker could use this flaw to crash a server application compiled
against the NSS library. (CVE-2017-7502)

Bug Fix(es):

* The Network Security Services (NSS) code and Certificate Authority (CA) list
have been updated to meet the recommendations as published with the latest
Mozilla Firefox Extended Support Release (ESR). The updated CA list improves
compatibility with the certificates that are used in the Internet Public Key
Infrastructure (PKI). To avoid certificate validation refusals, Red Hat
recommends installing the updated CA list on June 12, 2017. (BZ#1448488)

 

【CESA-2017:1308】An update for kernel is now available for Red Hat Enterprise Linux 7

CESA-2017:1308

An update for kernel is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating
system.

Security Fix(es):

* It was found that the packet_set_ring() function of the Linux kernel’s
networking implementation did not properly validate certain block-size data. A
local attacker with CAP_NET_RAW capability could use this flaw to trigger a
buffer overflow, resulting in the crash of the system. Due to the nature of the
flaw, privilege escalation cannot be fully ruled out. (CVE-2017-7308, Important)

* Mounting a crafted EXT4 image read-only leads to an attacker controlled memory
corruption and SLAB-Out-of-Bounds reads. (CVE-2016-10208, Moderate)

* A flaw was found in the Linux kernel’s implementation of seq_file where a
local attacker could manipulate memory in the put() function pointer. This could
lead to memory corruption and possible privileged escalation. (CVE-2016-7910,
Moderate)

* A vulnerability was found in the Linux kernel. An unprivileged local user
could trigger oops in shash_async_export() by attempting to force the in-kernel
hashing algorithms into decrypting an empty data set. (CVE-2016-8646, Moderate)

* It was reported that with Linux kernel, earlier than version v4.10-rc8, an
application may trigger a BUG_ON in sctp_wait_for_sndbuf if the socket tx buffer
is full, a thread is waiting on it to queue more data, and meanwhile another
thread peels off the association being used by the first thread. (CVE-2017-5986,
Moderate)

Red Hat would like to thank Igor Redko (Virtuozzo kernel team) for reporting
CVE-2016-8646.

Additional Changes:

This update also fixes several bugs and adds various enhancements. Documentation
for these changes is available from the Technical Notes document linked to in
the References section.

Bugs Fixed

1388821 – CVE-2016-8646 kernel: Oops in shash_async_export()
1395190 – CVE-2016-10208 kernel: EXT4 memory corruption / SLAB out-of-bounds read
1399727 – CVE-2016-7910 kernel: Use after free in seq file
1420276 – CVE-2017-5986 kernel: Reachable BUG_ON from userspace in sctp_wait_for_sndbuf
1437404 – CVE-2017-7308 kernel: net/packet: overflow in check for priv area size

【CESA-2017:1270】An update for samba is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7

CESA-2017:1270

An update for samba is now available for Red Hat Enterprise Linux 6 and Red Hat
Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

Samba is an open-source implementation of the Server Message Block (SMB)
protocol and the related Common Internet File System (CIFS) protocol, which
allow PC-compatible machines to share files, printers, and various information.

Security Fix(es):

* A remote code execution flaw was found in Samba. A malicious authenticated
samba client, having write access to the samba share, could use this flaw to
execute arbitrary code as root. (CVE-2017-7494)

Red Hat would like to thank the Samba project for reporting this issue. Upstream
acknowledges steelo as the original reporter.

Bugs Fixed

1450347 – CVE-2017-7494 samba: Loading shared modules from any path in the system leading to RCE

【CESA-2017:1271】An update for samba4 is now available for Red Hat Enterprise Linux 6

CESA-2017:1271

An update for samba4 is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

Samba is an open-source implementation of the Server Message Block (SMB) or
Common Internet File System (CIFS) protocol, which allows PC-compatible machines
to share files, printers, and other information.

Security Fix(es):

* A remote code execution flaw was found in Samba. A malicious authenticated
samba client, having write access to the samba share, could use this flaw to
execute arbitrary code as root. (CVE-2017-7494)

Red Hat would like to thank the Samba project for reporting this issue. Upstream
acknowledges steelo as the original reporter.

Bugs Fixed

1450347 – CVE-2017-7494 samba: Loading shared modules from any path in the system leading to RCE

【CESA-2017:1267】An update for rpcbind is now available for Red Hat Enterprise Linux 6

CESA-2017:1267

An update for rpcbind is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

The rpcbind utility is a server that converts Remote Procedure Call (RPC)
program numbers into universal addresses. It must be running on the host to be
able to make RPC calls on a server on that machine.

Security Fix(es):

* It was found that due to the way rpcbind uses libtirpc (libntirpc), a memory
leak can occur when parsing specially crafted XDR messages. An attacker sending
thousands of messages to rpcbind could cause its memory usage to grow without
bound, eventually causing it to be terminated by the OOM killer. (CVE-2017-8779)

Bugs Fixed

1448124 – CVE-2017-8779 rpcbind, libtirpc, libntirpc: Memory leak when failing to parse XDR strings or bytearrays