CVE-2017-5754 / Meltdown CPU Vulnerability

An industry-wide issue was found with the manner in which many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. All three rely upon the fact that modern high performance microprocessors implement both speculative execution, and utilize VIPT (Virtually Indexed, Physically Tagged) level 1 data caches that may become allocated with data in the kernel virtual address space during such speculation.

This issue is affecting almost all modern versions of Linux inclduing RHEL & CentOS 5, 6, 7 as well as Debian, Ubuntu and SuSE distributions. Customers under our Linux System Monitoring & Support Subscription is now informed for emergency software update.

Please reach our helpdesk with your designated support account with us, or reach info@entinux.com for any assistance.

【CESA-2017:0906】最新バージョンのhttpdが、Red Hat Enterprise Linux 7 からご利用いただけるようになりました

CESA-2017:0906

最新バージョンのhttpdが、Red Hat Enterprise Linux 7 からご利用いただけるようになりました。

Red Hat製品のセキュリティ及び品質は大変ご好評いただいております。

今回の最新バージョンVulnerability Scoring System(CVSS)は、各セキュリティホールへのアクセス安全面を厳重にクラス分けし、確実・安全に詳細レポートをお送りいたします。参照セクションのリンクをクリックしてください。

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and
extensible web server.

Security Fix(es):

* It was discovered that the mod_session_crypto module of httpd did not use any
mechanisms to verify integrity of the encrypted session data stored in the
user’s browser. A remote attacker could use this flaw to decrypt and modify
session data using a padding oracle attack. (CVE-2016-0736)

* It was discovered that the mod_auth_digest module of httpd did not properly
check for memory allocation failures. A remote attacker could use this flaw to
cause httpd child processes to repeatedly crash if the server used HTTP digest
authentication. (CVE-2016-2161)

* It was discovered that the HTTP parser in httpd incorrectly allowed certain
characters not permitted by the HTTP protocol specification to appear unencoded
in HTTP request headers. If httpd was used in conjunction with a proxy or
backend server that interpreted those characters differently, a remote attacker
could possibly use this flaw to inject data into HTTP responses, resulting in
proxy cache poisoning. (CVE-2016-8743)

Note: The fix for the CVE-2016-8743 issue causes httpd to return “400 Bad
Request” error to HTTP clients which do not strictly follow HTTP protocol
specification. A newly introduced configuration directive “HttpProtocolOptions
Unsafe” can be used to re-enable the old less strict parsing. However, such
setting also re-introduces the CVE-2016-8743 issue.

Bug Fix(es):

* When waking up child processes during a graceful restart, the httpd parent
process could attempt to open more connections than necessary if a large number
of child processes had been active prior to the restart. Consequently, a
graceful restart could take a long time to complete. With this update, httpd has
been fixed to limit the number of connections opened during a graceful restart
to the number of active children, and the described problem no longer occurs.
(BZ#1420002)

* Previously, httpd running in a container returned the 500 HTTP status code
(Internal Server Error) when a connection to a WebSocket server was closed. As a
consequence, the httpd server failed to deliver the correct HTTP status and data
to a client. With this update, httpd correctly handles all proxied requests to
the WebSocket server, and the described problem no longer occurs. (BZ#1429947)

* In a configuration using LDAP authentication with the mod_authnz_ldap module,
the name set using the AuthLDAPBindDN directive was not correctly used to bind
to the LDAP server for all queries. Consequently, authorization attempts failed.
The LDAP modules have been fixed to ensure the configured name is correctly
bound for LDAP queries, and authorization using LDAP no longer fails.
(BZ#1420047)

Bugs Fixed

1406744 – CVE-2016-0736 httpd: Padding Oracle in Apache mod_session_crypto
1406753 – CVE-2016-2161 httpd: DoS vulnerability in mod_auth_digest
1406822 – CVE-2016-8743 httpd: Apache HTTP Request Parsing Whitespace Defects
1420002 – Backport fix for issue with graceful restart taking very long time sometimes
1420047 – AuthLDAPBindDN might not be used for some LDAP searches causing LDAP authz failures
1429947 – Backport: mod_proxy_wstunnel – AH02447: err/hup on backconn

【CESA-2017:0907】最新バージョンのutil-linuxが、Red Hat Enterprise Linux 7 からご利用いただけるようになりました

CESA-2017:0907

最新バージョンのutil-linuxが、Red Hat Enterprise Linux 7 からご利用いただけるようになりました。

Red Hat製品のセキュリティ及び品質は大変ご好評いただいております。

今回の最新バージョンVulnerability Scoring System(CVSS)は、各セキュリティホールへのアクセス安全面を厳重にクラス分けし、確実・安全に詳細レポートをお送りいたします。参照セクションのリンクをクリックしてください。

The util-linux packages contain a large variety of low-level system utilities
that are necessary for a Linux system to function. Among others, these include
the fdisk configuration tool and the login program.

Security Fix(es):

* A race condition was found in the way su handled the management of child
processes. A local authenticated attacker could use this flaw to kill other
processes with root privileges under specific conditions. (CVE-2017-2616)

Red Hat would like to thank Tobias Stöckmann for reporting this issue.

Bug Fix(es):

* The “findmnt –target <path>” command prints all file systems where the mount
point directory is <path>. Previously, when used in the chroot environment,
“findmnt –target <path>” incorrectly displayed all mount points. The command
has been fixed so that it now checks the mount point path and returns
information only for the relevant mount point. (BZ#1414481)

Bugs Fixed

1414481 – findmnt –target behaviour changed in 7.3, shows all mount-points in chroot
1418710 – CVE-2017-2616 util-linux: Sending SIGKILL to other processes with root privileges via su

【CESA-2017:0920】最新バージョンの389-ds-baseが、Red Hat Enterprise Linux 7 からご利用いただけるようになりました

CESA-2017:0920

最新バージョンの389-ds-baseが、Red Hat Enterprise Linux 7 からご利用いただけるようになりました。

Red Hat製品のセキュリティ及び品質は大変ご好評いただいております。

今回の最新バージョンVulnerability Scoring System(CVSS)は、各セキュリティホールへのアクセス安全面を厳重にクラス分けし、確実・安全に詳細レポートをお送りいたします。参照セクションのリンクをクリックしてください。

Security Fix(es):

* An invalid pointer dereference flaw was found in the way 389-ds-base handled
LDAP bind requests. A remote unauthenticated attacker could use this flaw to
make ns-slapd crash via a specially crafted LDAP bind request, resulting in
denial of service. (CVE-2017-2668)

Red Hat would like to thank Joachim Jabs (F24) for reporting this issue.

Bug Fix(es):

* Previously, when adding a filtered role definition that uses the “nsrole”
virtual attribute in the filter, Directory Server terminated unexpectedly. A
patch has been applied, and now the roles plug-in ignores all virtual
attributes. As a result, an error message is logged when an invalid filter is
used. Additionally, the role is deactivated and Directory Server no longer
fails. (BZ#1429498)

* In a replication topology, Directory Server incorrectly calculated the size of
string format entries when a lot of entries were deleted. The calculated size of
entries was smaller than the actual required size. Consequently, Directory
Server allocated insufficient memory and terminated unexpectedly when the data
was written to it. With this update, the size of string format entries is now
calculated correctly in the described situation and Directory Server no longer
terminates unexpectedly. (BZ#1429495)

Bugs Fixed

1429495 – ns-slapd dies under heavy load
1429498 – A filtered nsrole that specifies an empty nsrole in its nsRoleFilter will result in a segfault.
1436575 – CVE-2017-2668 389-ds-base: Remote crash via crafted LDAP messages

【CESA-2017:0018 】 An update for gstreamer-plugins-bad-free is now available for Red Hat Enterprise Linux 7

CESA-2017:0018

An update for gstreamer-plugins-bad-free is now available for Red Hat Enterprise
Linux 7.

Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

GStreamer is a streaming media framework based on graphs of filters which
operate on media data. The gstreamer-plugins-bad-free package contains a
collection of plug-ins for GStreamer.

Security Fix(es):

* An integer overflow flaw, leading to a heap-based buffer overflow, was found
in GStreamer’s VMware VMnc video file format decoding plug-in. A remote attacker
could use this flaw to cause an application using GStreamer to crash or,
potentially, execute arbitrary code with the privileges of the user running the
application. (CVE-2016-9445)

* A memory corruption flaw was found in GStreamer’s Nintendo NSF music file
format decoding plug-in. A remote attacker could use this flaw to cause an
application using GStreamer to crash or, potentially, execute arbitrary code
with the privileges of the user running the application. (CVE-2016-9447)

* An out-of-bounds heap read flaw was found in GStreamer’s H.264 parser. A
remote attacker could use this flaw to cause an application using GStreamer to
crash. (CVE-2016-9809)

Note: This update removes the vulnerable Nintendo NSF plug-in.

Bugs Fixed

1395126 – CVE-2016-9447 gstreamer-plugins-bad-free: Memory corruption flaw in NSF decoder
1395767 – CVE-2016-9445 gstreamer-plugins-bad-free: Integer overflow when allocating render buffer in VMnc decoder
1401880 – CVE-2016-9809 gstreamer-plugins-bad-free: Off-by-one read in gst_h264_parse_set_caps

【CESA-2016:2973】 最新バージョンのthunderbirdが、Red Hat Enterprise Linux 5 / 6 / 7からご利用いただけるようになりました。

CESA-2016:2973
最新バージョンのthunderbirdが、Red Hat Enterprise Linux 5 / 6 / 7からご利用いただけるようになりました。 Red Hat製品のセキュリティ及び品質は大変ご好評いただいております。 今回の最新バージョンVulnerability Scoring System(CVSS)は、各セキュリティホールへのアクセス安全面を厳重にクラス分けし、確実・安全に詳細レポートをお送りいたします。参照セクションのリンクをクリックしてください。

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 45.6.0.

Security Fix(es):

* Multiple flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Thunderbird to crash or,
potentially, execute arbitrary code with the privileges of the user running
Thunderbird. (CVE-2016-9893, CVE-2016-9899, CVE-2016-9895, CVE-2016-9900,
CVE-2016-9901, CVE-2016-9902, CVE-2016-9905)

Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Wladimir Palant, Philipp, Andrew Krasichkov, insertscript,
Jan de Mooij, Iris Hsiao, Christian Holler, Carsten Book, Timothy Nikkel,
Christoph Diehl, Olli Pettay, Raymond Forbes, and Boris Zbarsky as the original
reporters.

Bugs fixed (see bugzilla for more information)

1404083 – CVE-2016-9899 Mozilla: Use-after-free while manipulating DOM events and audio elements (MFSA 2016-94, MFSA 2016-95)
1404086 – CVE-2016-9895 Mozilla: CSP bypass using marquee tag (MFSA 2016-94, MFSA 2016-95)
1404090 – CVE-2016-9900 Mozilla: Restricted external resources can be loaded by SVG images through data URLs (MFSA 2016-94, MFSA 2016-95)
1404094 – CVE-2016-9905 Mozilla: Crash in EnumerateSubDocuments (MFSA 2016-94, MFSA 2016-95)
1404096 – CVE-2016-9893 Mozilla: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6 (MFSA 2016-95)
1404358 – CVE-2016-9901 Mozilla: Data from Pocket server improperly sanitized before execution (MFSA 2016-94, MFSA 2016-95)
1404359 – CVE-2016-9902 Mozilla: Pocket extension does not validate the origin of events (MFSA 2016-94, MFSA 2016-95)

 

 

 

 

【CESA-2016:2872】最新バージョンの sudo がRed Hat Enterprise Linux 6 / 7 からご利用いただけるようになりました

CESA-2016:2872

最新バージョンのsudoが、Red Hat Enterprise Linux 6 / 7からご利用いただけるようになりました。

Red Hat製品のセキュリティ及び品質は大変ご好評いただいております。

今回の最新バージョンVulnerability Scoring System(CVSS)は、各セキュリティホールへのアクセス安全面を厳重にクラス分けし、確実・安全に詳細レポートをお送りいたします。参照セクションのリンクをクリックしてください。

The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.

 

Security Fix(es)

* It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed system(), popen(), or wordexp() C library functions with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could use these flaws to execute arbitrary commands with elevated privileges. (CVE-2016-7032, CVE-2016-7076)

These issues were discovered by Florian Weimer (Red Hat).


Bug Fixed

Bug 1372830 – (CVE-2016-7032) CVE-2016-7032
https://bugzilla.redhat.com/show_bug.cgi?id=1372830
Bug 1384982 – (CVE-2016-7076) CVE-2016-7076
https://bugzilla.redhat.com/show_bug.cgi?id=1384982               

 

【CESA-2016:2142】 最新バージョンのbind97が、Red Hat Enterprise Linux 5 からご利用いただけるようになりました

CESA-2016:2142

最新バージョンのbind97が、Red Hat Enterprise Linux 5 からご利用いただけるようになりました。

Red Hat製品のセキュリティ及び品質は大変ご好評いただいております。

今回の最新バージョンVulnerability Scoring System(CVSS)は、各セキュリティホールへのアクセス安全面を厳重にクラス分けし、確実・安全に詳細レポートをお送りいたします。参照セクションのリンクをクリックしてください。

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name
System (DNS) protocols. BIND includes a DNS server (named); a resolver library
(routines for applications to use when interfacing with DNS); and tools for
verifying that the DNS server is operating correctly.

Security Fix(es):

* A denial of service flaw was found in the way BIND handled responses
containing a DNAME answer. A remote attacker could use this flaw to make named
exit unexpectedly with an assertion failure via a specially crafted DNS
response. (CVE-2016-8864)

Red Hat would like to thank ISC for reporting this issue. Upstream acknowledges
Tony Finch (University of Cambridge) and Marco Davids (SIDN Labs) as the
original reporters.

Bugs Fixed

1389652 – CVE-2016-8864 bind: assertion failure while handling responses containing a DNAME answer

【CESA-2016:2105】 最新バージョンの kernel が、Red Hat Enterprise Linux 6 からご利用いただけるようになりました

CESA-2016:2105

最新バージョンの kernel が、Red Hat Enterprise Linux 6 からご利用いただけるようになりました。

Red Hat製品のセキュリティ及び品質は大変ご好評いただいております。

今回の最新バージョンVulnerability Scoring System(CVSS)は、各セキュリティホールへのアクセス安全面を厳重にクラス分けし、確実・安全に詳細レポートをお送りいたします。参照セクションのリンクをクリックしてください。

An update for kernel is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating
system.

Security Fix(es):

* A race condition was found in the way the Linux kernel’s memory subsystem
handled the copy-on-write (COW) breakage of private read-only memory mappings.
An unprivileged, local user could use this flaw to gain write access to
otherwise read-only memory mappings and thus increase their privileges on the
system. (CVE-2016-5195, Important)

Red Hat would like to thank Phil Oester for reporting this issue.

Bugs Fixed

1384344 – CVE-2016-5195 kernel: mm: privilege escalation via MAP_PRIVATE COW breakage

【CESA-2016:2098】 最新バージョンの kernel がRed Hat Enterprise Linux 7 からご利用いただけるようになりました

CESA-2016:2098

最新バージョンの kernel が、Red Hat Enterprise Linux 7 からご利用いただけるようになりました。

Red Hat製品のセキュリティ及び品質は大変ご好評いただいております。

今回の最新バージョンVulnerability Scoring System(CVSS)は、各セキュリティホールへのアクセス安全面を厳重にクラス分けし、確実・安全に詳細レポートをお送りいたします。参照セクションのリンクをクリックしてください。
Security Fix(es):

* A race condition was found in the way the Linux kernel’s memory subsystem
handled the copy-on-write (COW) breakage of private read-only memory mappings.
An unprivileged, local user could use this flaw to gain write access to
otherwise read-only memory mappings and thus increase their privileges on the
system. (CVE-2016-5195, Important)

Red Hat would like to thank Phil Oester for reporting this issue.

Bugs Fixed

1384344 – CVE-2016-5195 kernel: mm: privilege escalation via MAP_PRIVATE COW breakage