【CESA-2016:1978 】最新バージョンのpython-twisted-web が、Red Hat Enterprise Linux 6 / 7からご利用いただけるようになりました

CESA-2016:1978

最新バージョンのpython-twisted-web が、Red Hat Enterprise Linux 6 / 7からご利用いただけるようになりました。

Red Hat製品のセキュリティ及び品質は大変ご好評いただいております。

今回の最新バージョンVulnerability Scoring System(CVSS)は、各セキュリティホールへのアクセス安全面を厳重にクラス分けし、確実・安全に詳細レポートをお送りいたします。参照セクションのリンクをクリックしてください。

 

Twisted is an event-based framework for internet applications. Twisted Web is a
complete web server, aimed at hosting web applications using Twisted and Python,
but fully able to serve static pages too.

Security Fix(es):

* It was discovered that python-twisted-web used the value of the Proxy header
from HTTP requests to initialize the HTTP_PROXY environment variable for CGI
scripts, which in turn was incorrectly used by certain HTTP client
implementations to configure the proxy for outgoing HTTP requests. A remote
attacker could possibly use this flaw to redirect HTTP requests performed by a
CGI script to an attacker-controlled proxy via a malicious HTTP request.
(CVE-2016-1000111)

Note: After this update, python-twisted-web will no longer pass the value of the
Proxy request header to scripts via the HTTP_PROXY environment variable.

Red Hat would like to thank Scott Geary (VendHQ) for reporting this issue.

 

Bugs Fixed

1357345 – CVE-2016-1000111 Python Twisted: sets environmental variable based on user supplied Proxy request header

The kmod-lpfc packages contain the Emulex LightPulse Fibre Channel SCSI driver kernel module, which adds official support for the lpfc devices. The PCI ID supported by this package is 10DF:E300.

The kernel modules delivered by this erratum have been made available as part of the Red Hat Driver Update Program, which provides updated kernel
modules that add support for selected devices in advance of the next Red Hat Enterprise Linux minor update release. We strongly recommend that
these kernel modules be only used when it is necessary to enable the specific hardware mentioned in this erratum. Partners and customers
should continue to use the driver that is shipped in the latest Red Hat Enterprise Linux kernel for all other devices that require this driver.
(BZ#1363621)
All users who require kmod-lpfc are advised to install these new packages.

 

【CESA-2016:1940】最新バージョンのopensslが、Red Hat Enterprise Linux 6/7 からご利用いただけるようになりました

CESA-2016:1940

最新バージョンのopensslが、Red Hat Enterprise Linux 6/7 からご利用いただけるようになりました。

Red Hat製品のセキュリティ及び品質は大変ご好評いただいております。

今回の最新バージョンVulnerability Scoring System(CVSS)は、各セキュリティホールへのアクセス安全面を厳重にクラス分けし、確実・安全に詳細レポートをお送りいたします。参照セクションのリンクをクリックしてください。

 OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and
Transport Layer Security (TLS) protocols, as well as a full-strength
general-purpose cryptography library.

Security Fix(es):

* A memory leak flaw was found in the way OpenSSL handled TLS status request
extension data during session renegotiation. A remote attacker could cause a TLS
server using OpenSSL to consume an excessive amount of memory and, possibly,
exit unexpectedly after exhausting all available memory, if it enabled OCSP
stapling support. (CVE-2016-6304)

* It was discovered that OpenSSL did not always use constant time operations
when computing Digital Signature Algorithm (DSA) signatures. A local attacker
could possibly use this flaw to obtain a private DSA key belonging to another
user or service running on the same system. (CVE-2016-2178)

* It was discovered that the Datagram TLS (DTLS) implementation could fail to
release memory in certain cases. A malicious DTLS client could cause a DTLS
server using OpenSSL to consume an excessive amount of memory and, possibly,
exit unexpectedly after exhausting all available memory. (CVE-2016-2179)

* A flaw was found in the Datagram TLS (DTLS) replay protection implementation
in OpenSSL. A remote attacker could possibly use this flaw to make a DTLS server
using OpenSSL to reject further packets sent from a DTLS client over an
established DTLS connection. (CVE-2016-2181)

* An out of bounds write flaw was discovered in the OpenSSL BN_bn2dec()
function. An attacker able to make an application using OpenSSL to process a
large BIGNUM could cause the application to crash or, possibly, execute
arbitrary code. (CVE-2016-2182)

* A flaw was found in the DES/3DES cipher was used as part of the TLS/SSL
protocol. A man-in-the-middle attacker could use this flaw to recover some
plaintext data by capturing large amounts of encrypted traffic between TLS/SSL
server and client if the communication used a DES/3DES based ciphersuite.
(CVE-2016-2183)

This update mitigates the CVE-2016-2183 issue by lowering priority of DES cipher
suites so they are not preferred over cipher suites using AES. For compatibility
reasons, DES cipher suites remain enabled by default and included in the set of
cipher suites identified by the HIGH cipher string. Future updates may move them
to MEDIUM or not enable them by default.

* An integer underflow flaw leading to a buffer over-read was found in the way
OpenSSL parsed TLS session tickets. A remote attacker could use this flaw to
crash a TLS server using OpenSSL if it used SHA-512 as HMAC for session tickets.
(CVE-2016-6302)

* Multiple integer overflow flaws were found in the way OpenSSL performed
pointer arithmetic. A remote attacker could possibly use these flaws to cause a
TLS/SSL server or client using OpenSSL to crash. (CVE-2016-2177)

* An out of bounds read flaw was found in the way OpenSSL formatted Public Key
Infrastructure Time-Stamp Protocol data for printing. An attacker could possibly
cause an application using OpenSSL to crash if it printed time stamp data from
the attacker. (CVE-2016-2180)

* Multiple out of bounds read flaws were found in the way OpenSSL handled
certain TLS/SSL protocol handshake messages. A remote attacker could possibly
use these flaws to crash a TLS/SSL server or client using OpenSSL.
(CVE-2016-6306)

Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and
CVE-2016-6306 and OpenVPN for reporting CVE-2016-2183. Upstream acknowledges Shi
Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6304 and
CVE-2016-6306; and Karthikeyan Bhargavan (Inria) and Gaëtan Leurent (Inria) as
the original reporters of CVE-2016-2183.

Bugs Fixed

1341705 – CVE-2016-2177 openssl: Possible integer overflow vulnerabilities in codebase
1343400 – CVE-2016-2178 openssl: Non-constant time codepath followed for certain operations in DSA implementation
1359615 – CVE-2016-2180 OpenSSL: OOB read in TS_OBJ_print_bio()
1367340 – CVE-2016-2182 openssl: Out-of-bounds write caused by unchecked errors in BN_bn2dec()
1369113 – CVE-2016-2181 openssl: DTLS replay protection bypass allows DoS against DTLS connection
1369383 – CVE-2016-2183 SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32)
1369504 – CVE-2016-2179 openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer
1369855 – CVE-2016-6302 openssl: Insufficient TLS session ticket HMAC length checks
1377594 – CVE-2016-6306 openssl: certificate message OOB reads
1377600 – CVE-2016-6304 openssl: OCSP Status Request extension unbounded memory growth

=1357345

【CESA-2016:1945】 最新バージョンの bind97 が、Red Hat Enterprise Linux 5 からご利用いただけるようになりました

CESA-2016:1945

最新バージョンの bind97 が、Red Hat Enterprise Linux 5 からご利用いただけるようになりました。
今回の最新バージョン Vulnerability Scoring System (CVSS) は、各セキュリティホールへのアクセス安全面を厳重にクラス分けし、確実・安全に詳細レポートをお送りいたします。参照セクションのリンクをクリックしてください。

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name
System (DNS) protocols. BIND includes a DNS server (named); a resolver library
(routines for applications to use when interfacing with DNS); and tools for
verifying that the DNS server is operating correctly.

Security Fix(es):

* A denial of service flaw was found in the way BIND constructed a response to a
query that met certain criteria. A remote attacker could use this flaw to make
named exit unexpectedly with an assertion failure via a specially crafted DNS
request packet. (CVE-2016-2776)

Red Hat would like to thank ISC for reporting this issue.

Bugs Fixed

1378380 – CVE-2016-2776 bind: assertion failure in buffer.c while building responses to a specifically constructed request

 

【CESA-2016:1944】最新バージョンの bind が、Red Hat Enterprise Linux 5, 6, 7 からご利用いただけるようになりました

CESA-2016:1944

最新バージョンの Bind が、Red Hat Enterprise Linux 5, 6 ,7 からご利用いただけるようになりました。
今回の最新バージョン Vulnerability Scoring System (CVSS) は、各セキュリティホールへのアクセス安全面を厳重にクラス分けし、確実・安全に詳細レポートをお送りいたします。参照セクションのリンクをクリックしてください。

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.

Security Fix(es)

* A denial of service flaw was found in the way BIND constructed a response to a query that met certain criteria. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request packet. (CVE-2016-2776)

Red Hat would like to thank ISC for reporting this issue.

Bug Fixed
Bug 1378380 – (CVE-2016-2776) CVE-2016-2776
https://bugzilla.redhat.com/show_bug.cgi?id=1378380


 

【CESA-2016:1943 】最新バージョンのkvmが、Red Hat Enterprise Linux 5 からご利用いただけるようになりました

CESA-2016:1943 

最新バージョンのkvmが、Red Hat Enterprise Linux 5 からご利用いただけるようになりました。

Red Hat製品のセキュリティ及び品質は大変ご好評いただいております。

今回の最新バージョンVulnerability Scoring System(CVSS)は、各セキュリティホールへのアクセス安全面を厳重にクラス分けし、確実・安全に詳細レポートをお送りいたします。参照セクションのリンクをクリックしてください。

KVM (for Kernel-based Virtual Machine) is a full virtualization solution for
Linux on x86 hardware. Using KVM, one can run multiple virtual machines running
unmodified Linux or Windows images. Each virtual machine has private virtualized
hardware: a network card, disk, graphics adapter, etc.

Security Fix(es):

* An out-of-bounds read/write access flaw was found in the way QEMU’s VGA
emulation with VESA BIOS Extensions (VBE) support performed read/write
operations using I/O port methods. A privileged guest user could use this flaw
to execute arbitrary code on the host with the privileges of the host’s QEMU
process. (CVE-2016-3710)

* Quick Emulator(QEMU) built with the virtio framework is vulnerable to an
unbounded memory allocation issue. It was found that a malicious guest user
could submit more requests than the virtqueue size permits. Processing a request
allocates a VirtQueueElement results in unbounded memory allocation on the host
controlled by the guest. (CVE-2016-5403)

Red Hat would like to thank Wei Xiao (360 Marvel Team) and Qinghao Tang (360
Marvel Team) for reporting CVE-2016-3710 and hongzhenhao (Marvel Team) for
reporting CVE-2016-5403.

 

Bugs fixed (see bugzilla for more information)

1331401 – CVE-2016-3710 qemu: incorrect banked access bounds checking in vga module
1358359 – CVE-2016-5403 Qemu: virtio: unbounded memory allocation on host via guest leading to DoS

 

 

【CESA-2016:1912】最新バージョンのfirefoxが、Red Hat Enterprise Linux5,6,7からご利用いただけるようになりました

CESA-2016:1912

最新バージョンのfirefoxが、Red Hat Enterprise Linux5,6,7からご利用いただけるようになりました。
今回の最新バージョンVulnerability Scoring System(CVSS)は、各セキュリティホールへのアクセス安全面を厳重にクラス分けし、確実・安全に詳細レポートをお送りいたします。参照セクションのリンクをクリックしてください。

Security Fix(es)

* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-5257, CVE-2016-5278, CVE-2016-5270, CVE-2016-5272, CVE-2016-5274, CVE-2016-5276, CVE-2016-5277, CVE-2016-5280, CVE-2016-5281, CVE-2016-5284, CVE-2016-5250, CVE-2016-5261)

Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Samuel Groß, Brian Carpenter, Mei Wang, Ryan Duff, Catalin Dumitru, Mozilla developers, Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp, Carsten Book, Abhishek Arya, Atte Kettunen, and Nils as the original reporters.

Bag Fixed
Bug 1361986 – (CVE-2016-5261) CVE-2016-5261
https://bugzilla.redhat.com/show_bug.cgi?id=1361986

Bug 1361998 – (CVE-2016-5250) CVE-2016-5250
https://bugzilla.redhat.com/show_bug.cgi?id=1361998

Bug 1377543 – (CVE-2016-5257) CVE-2016-5257
https://bugzilla.redhat.com/show_bug.cgi?id=1377543

Bug 1377549 – (CVE-2016-5278) CVE-2016-5278
https://bugzilla.redhat.com/show_bug.cgi?id=1377549

Bug 1377552 – (CVE-2016-5270) CVE-2016-5270
https://bugzilla.redhat.com/show_bug.cgi?id=1377552

Bug 1377554 – (CVE-2016-5272) CVE-2016-5272
https://bugzilla.redhat.com/show_bug.cgi?id=1377554

Bug 1377557 – (CVE-2016-5276) CVE-2016-5276
https://bugzilla.redhat.com/show_bug.cgi?id=1377557
Bug 1377558 – (CVE-2016-5274) CVE-2016-5274
https://bugzilla.redhat.com/show_bug.cgi?id=1377558

Bug 1377559 – (CVE-2016-5277) CVE-2016-5277
https://bugzilla.redhat.com/show_bug.cgi?id=1377559

Bug 1377561 – (CVE-2016-5280) CVE-2016-5280
https://bugzilla.redhat.com/show_bug.cgi?id=1377561

Bug 1377563 – (CVE-2016-5281) CVE-2016-5281
https://bugzilla.redhat.com/show_bug.cgi?id=1377563

Bug 1377565 – (CVE-2016-5284) CVE-2016-5284
https://bugzilla.redhat.com/show_bug.cgi?id=1377565