User: Password:
|
|
Subscribe / Log in / New account

Security

Enabling Intel TXT in Fedora

By Jake Edge
April 7, 2010

Intel's Trusted Execution Technology (TXT) has always been somewhat controversial because it enables the complete lockdown of a computer system. For the DRM-loving crowd, that is seen as a feature, of course, but others, who might want to make their own choices about what code runs on their hardware, do not see it quite the same way. TXT was added to Linux in 2.6.32, without much in the way of complaints—though there were some concerns about protests—now Fedora is discussing whether to enable it for its kernels. The sticking point is not the DRM-lockdown that TXT allows, but is, instead, the fact that it requires an opaque binary "blob" in order to operate.

TXT is a means for ensuring that the code running on a system is what is intended to be run there. By looking at all of the code that the system runs, including things like BIOS, option ROMs, the bootloader, the kernel, and the initrd image, TXT can determine whether any of that code or data has been altered. The idea is to protect the integrity of the system as a whole, and to thwart rootkits or offline attacks, such as swapping in a new hard disk or BIOS for systems like voting machines, medical devices, or ATMs. As mentioned, though, it can also be used to ensure that only code signed by some authority is allowed to run on the device. For ATMs, that's probably a good thing, but if it becomes widespread, it could become a serious impediment to freedom.

As described in an article from a year ago, there are two separate components that collaborate to provide the TXT integrity checking: the tboot "trusted boot" hypervisor and an Authenticated Code Module. The latter, often referred to as the "SINIT AC", is distributed as a binary-only object, which is signed by Intel.

Because there is no source available for SINIT AC—even if there were, without Intel's keys users couldn't build and use their own—some Fedora developers are leery of enabling TXT in Fedora kernels. Stephen Smalley's request to enable TXT, which he sent to the fedora-kernel list in October 2009 shortly after TXT was added to the kernel, was quickly shot down. Eric Paris explained:

After some discussion with a couple of people on the Fedora kernel team on IRC they decided that we should not enable CONFIG_INTEL_TXT until it is useful for something other than a closed source binary blob which Fedora is unable to distribute. We have messaged that Fedora was unable to include the binary blob from Intel and it has been suggested that they create an open module rather than forcing Linux users to trust some part of their system security to an unknown binary blob. Hopefully you can add your weight to that discussion and help intel see the need for an open source blob.

More recently, IBM has agreed to move the blob into the BIOS of its xSeries servers. That would alleviate the problem of needing to ship a binary blob to make TXT work—though it does nothing to open up the code, of course. But, that announcement led Paris to reopen the discussion on enabling TXT. In a fairly long message, he lays out the case for enabling the feature. Because xSeries users will be able to use TXT without installing the Intel blob, he sees it as a desirable feature for Fedora:

This config option allows a user to download new (open source) software (tboot) along with other third party software to verify the correctness of the BOOTED system. This allows us to build future solutions such as utilizing the TPM chip in many laptops to harden the disk encryption key. It can be used as root of trust for the verification of the software originally loaded on a machine before it is allowed network access (aka machines with a rootkit couldn't get on the network.) The technology can also be extended to provide usefulness to system integrity checkers like aide or IMA for tamper proof software integrity logging. These are all things which are impossible to do with today's kernels.

But Fedora engineering manager Tom "spot" Callaway is less enthusiastic. He notes that IBM is just taking the same binary blob and stuffing it into the BIOS. He is also concerned about supporting Fedora users:

For the rest of the x86/x86_64 computing universe, this means binary blobs, and I think you're fooling yourself if you think that all the other hardware vendors will be so willing to shove prebuilt code from a third party into their BIOS (or even have room to do so).

In the non-IBM Xseries case (which is by far, the more common one for Fedora), we would be enabling this option solely to enable proprietary binary blobs during the boot process. In my opinion, given that it is not possible at all for us to troubleshoot or bug fix systems in such a scenario, we should not imply to our userbase that it is supportable by enabling this kernel option.

Smalley thinks that getting TXT into Fedora would allow more testing, but Callaway isn't convinced that's necessarily a good thing:

We enable this in Fedora. This sends a message to Fedora's users that altering their bootup configuration to support SINIT (whether loaded from BIOS or from a binary-only blob that Intel will be so happy to provide) is _Supported_.

And then, it breaks. And we get bugs filed. Which we have absolutely 0 chance of being able to fix.

Others see the SINIT AC blob as no different than the firmware blobs that are required to make various hardware function—and are shipped by Fedora. Callaway counters that the firmware "is the only way to enable that hardware to work." But, as Chris Wright points out, that leads to an inconsistency: "And TXT needs SINIT AC to work. It's just inconsistent reasoning."

If the proposal were to distribute SINIT AC with Fedora, the situation would be more "analogous", Callaway said, "but Intel already tried that, and it doesn't meet the strict guidelines we have defined in Fedora for what is considered acceptable firmware". Red Hat has apparently tried to convince Intel to open up the SINIT AC code, but without success.

The core difference, at least in Callaway's mind, seems to be that users will be depending on this code, which they cannot inspect, for the security of their systems. Faulty firmware for other hardware may make the system unstable or fail entirely, but that firmware isn't vouching for the security of the whole system as the SINIT AC does. TXT "requires that we explicitly trust a third party vendor for security. [...] This makes me extremely uncomfortable, and also makes me wonder why the NSA seems comfortable with such a scenario in practice."

Callaway is referring to the US National Security Agency (NSA), which is where Smalley works. But, as Smalley points out, adding TXT doesn't really change anything: "And you were already dependent on Intel for correct operation of their hardware. Nothing new to see here, move along..."

Red Hat's James Morris, who seems a bit surprised that the TXT code made it into the kernel without any ACKs from the security subsystem folks, is also a bit concerned about the secrecy surrounding the code: "I really hope the secrecy of the AC module is not part of its security design." He also noted that bugs in the SINIT AC were recently used to break TXT, but he doesn't see any technical barriers to enabling it in the Fedora kernel. The security of TXT is not reliant on "keeping the SINIT module closed source", according to Smalley, but Intel "adamantly" refuses to open source it, Callaway said.

It's not clear why Intel is being so secretive, nor why there isn't support for other signing keys on AC modules. That, at least, would allow others to potentially create alternative AC modules. Intel may believe that "security through obscurity" will help prevent exploits, though there is good reason to believe that it won't—and hasn't.

No conclusion was reached in the thread, though one would guess that Callaway's opinions would carry a fair amount of weight. Had Intel originally placed SINIT AC in the BIOS, rather than providing it as a separate—and separately upgradable—component, it seems likely that this issue would not have reared its head. Certainly users who really want TXT support can build their own kernels, as was suggested, but then they will be on their own for support. That may not be much of an issue for Fedora users, who don't have much of a support plan beyond what the distribution provides, but it will affect RHEL users—and that may be the real target of this effort.

Depending on hardware vendors for security solutions is not without pitfalls, but we are already dependent on them for the correct functioning of our systems, which includes security. It's a question of how far one wants to follow the rabbit hole. Until there are fully free hardware solutions, there will always be hardware dependencies. Its hard to imagine that RHEL, at least, doesn't get TXT support at some point; Fedora would make a good testbed for that support.

Comments (13 posted)

Brief items

Microsoft: Google Chrome doesn't respect your privacy (ars technica)

Ars technica reports on a Microsoft offensive against Google's Chrome browser, which is contained in a video presentation by IE product manager Pete LePage. While some of the complaints are, perhaps unsurprisingly, disingenuous, there is a real privacy issue in the way that Chrome handles the address bar. With only one box to type in, Chrome sends all keystrokes, even when typing a URL, to the search provider, which potentially leaks information about which sites are being visited. "It's worth taking a closer look at LePage's first accusation. Even though he didn't really elaborate, the reason for the striking difference for IE8's and Chrome's behaviors is really that simple: IE8 has two boxes and Chrome has one. LePage makes an important mistake in his accusation against Google: his statement should not be 'Chrome sends a request back to Google' but it should be 'Chrome sends a request back to the search provider.'"

Comments (20 posted)

Unknown root certificate in Firefox

The Mozilla project has disclosed that Firefox currently contains a root certificate authority that nobody knows anything about. "I have not been able to find the current owner of this root. Both RSA and VeriSign have stated in email that they do not own this root. Therefore, to my knowledge this root has no current owner and no current audit, and should be removed from NSS." It seems past time for the user community to start paying more attention to the root certificates accepted by our browsers.

Comments (9 posted)

Mozilla "unknown root certificate" followup

Here's a post from the Mozilla Security Blog explaining the what was going on with the mysterious root certificate accepted by Mozilla. "The confusion stems from a comment made in the newsgroup threads discussing the removal which suggested that the root didn't have a current owner. We know where the root came from, it was added at RSA's request several years ago and vetted according to our inclusion guidelines." A look at the original discussion shows that they only (re)verified the origin of that certificate on April 6; prior to that, nobody was really sure.

Comments (none posted)

ClamAV 0.94.x end of life announcement

The ClamAV developers have sent out a reminder that the end is near for version 0.94.x - and they really mean the end: "This is a reminder that starting from 15 April 2010 our CVD will contain a special signature which disables all clamd installations older than 0.95 - that is to say older than 1 year." Time for anybody who has not yet upgraded to do it.

Full Story (comments: 1)

New vulnerabilities

firefox: multiple vulnerabilities

Package(s):firefox CVE #(s):CVE-2010-0173 CVE-2010-0181
Created:April 1, 2010 Updated:June 14, 2010
Description:

From the Mozilla advisories: [1, 2]

CVE-2010-0173: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

CVE-2010-0181: phpBB developer Henry Sudhof reported that when an image tag points to a resource that redirects to a mailto: URL, the external mail handler application is launched. This issue poses no security threat to users but could create an annoyance when browsing a site that allows users to post arbitrary images.

Alerts:
openSUSE openSUSE-SU-2014:1100-1 Firefox 2014-09-09
Gentoo 201301-01 firefox 2013-01-07
Mandriva MDVSA-2010:070-1 firefox 2010-04-20
SuSE SUSE-SR:2010:013 apache2-mod_php5/php5, bytefx-data-mysql/mono, flash-player, fuse, java-1_4_2-ibm, krb5, libcmpiutil/libvirt, libmozhelper-1_0-0/mozilla-xulrunner190, libopenssl-devel, libpng12-0, libpython2_6-1_0, libtheora, memcached, ncpfs, pango, puppet, python, seamonkey, te_ams, texlive 2010-06-14
Mandriva MDVSA-2010:070 firefox 2010-04-13
SuSE SUSE-SA:2010:021 MozillaFirefox,MozillaThunderbird,seamonkey,mozilla-nss 2010-04-14
Ubuntu USN-921-1 firefox-3.5, xulrunner-1.9.1 2010-04-09
Fedora FEDORA-2010-5515 xulrunner 2010-04-01
Fedora FEDORA-2010-5840 seamonkey 2010-04-03
Slackware SSA:2010-090-03 seamonkey 2010-04-01
Slackware SSA:2010-090-02 mozilla 2010-04-01
Fedora FEDORA-2010-5515 yelp 2010-04-01
Fedora FEDORA-2010-5506 xulrunner 2010-04-01
Fedora FEDORA-2010-5506 perl-Gtk2-MozEmbed 2010-04-01
Fedora FEDORA-2010-5515 perl-Gtk2-MozEmbed 2010-04-01
Fedora FEDORA-2010-5515 pcmanx-gtk2 2010-04-01
Fedora FEDORA-2010-5506 mozvoikko 2010-04-01
Fedora FEDORA-2010-5515 mozvoikko 2010-04-01
Fedora FEDORA-2010-5506 Miro 2010-04-01
Fedora FEDORA-2010-5515 Miro 2010-04-01
Fedora FEDORA-2010-5515 kazehakase 2010-04-01
Fedora FEDORA-2010-5515 hulahop 2010-04-01
Fedora FEDORA-2010-5515 google-gadgets 2010-04-01
Fedora FEDORA-2010-5506 gnome-web-photo 2010-04-01
Fedora FEDORA-2010-5515 gnome-web-photo 2010-04-01
Fedora FEDORA-2010-5506 gnome-python2-extras 2010-04-01
Fedora FEDORA-2010-5515 gnome-python2-extras 2010-04-01
Fedora FEDORA-2010-5506 galeon 2010-04-01
Fedora FEDORA-2010-5515 galeon 2010-04-01
Fedora FEDORA-2010-5515 evolution-rss 2010-04-01
Fedora FEDORA-2010-5515 epiphany-extensions 2010-04-01
Fedora FEDORA-2010-5515 epiphany 2010-04-01
Fedora FEDORA-2010-5515 chmsee 2010-04-01
Fedora FEDORA-2010-5515 blam 2010-04-01
Fedora FEDORA-2010-5506 firefox 2010-04-01
Fedora FEDORA-2010-5539 sunbird 2010-04-01
Fedora FEDORA-2010-5526 sunbird 2010-04-01
Fedora FEDORA-2010-5539 thunderbird 2010-04-01
Fedora FEDORA-2010-5526 thunderbird 2010-04-01
Fedora FEDORA-2010-5515 firefox 2010-04-01

Comments (none posted)

gnome-screensaver: unauthorized access

Package(s):gnome-screensaver CVE #(s):CVE-2010-0732
Created:April 7, 2010 Updated:May 27, 2010
Description: Hitting the "return" key repeatedly can cause an X error, causing gnome-screensaver to exit.
Alerts:
Gentoo 201412-08 insight, perl-tk, sourcenav, tk, partimage, bitdefender-console, mlmmj, acl, xinit, gzip, ncompress, liblzw, splashutils, m4, kdm, gtk+, kget, dvipng, beanstalkd, pmount, pam_krb5, gv, lftp, uzbl, slim, iputils, dvbstreamer 2014-12-11
Mandriva MDVSA-2010:109 gtk+2.0 2010-05-27
SuSE SUSE-SR:2010:008 gnome-screensaver tomcat libtheora java-1_6_0-sun samba 2010-04-07

Comments (none posted)

hamlib: arbitrary code execution

Package(s):hamlib CVE #(s):CVE-2009-3736
Created:April 5, 2010 Updated:April 7, 2010
Description: From the Red Hat bugzilla:

CERT reported a vulnerability in libltdl (part of libtool) where it could, in some cases, load and execute code from a library in the current directory (or the system's shared library search path) instead of the library that was requested with an absolute path. Systems which don't enforce specific naming for loadable objects, or which search for loadable objects in insecure directories (such as the current working directory), or don't require that loadable objects be signed in some way or have their execute bits set, are particularly vulnerable, and are trivial to exploit via an uploaded file.

Alerts:
Gentoo 201412-08 insight, perl-tk, sourcenav, tk, partimage, bitdefender-console, mlmmj, acl, xinit, gzip, ncompress, liblzw, splashutils, m4, kdm, gtk+, kget, dvipng, beanstalkd, pmount, pam_krb5, gv, lftp, uzbl, slim, iputils, dvbstreamer 2014-12-11
Fedora FEDORA-2010-4352 hamlib 2010-03-13
Fedora FEDORA-2010-4407 hamlib 2010-03-13

Comments (none posted)

horde: cross-site scripting

Package(s):horde CVE #(s):CVE-2008-3824
Created:April 1, 2010 Updated:April 7, 2010
Description:

From the Red Hat bugzilla entry:

oCERT reported an XSS vulnerability discovered by Alexios Fakos affecting horde:

Horde relies on code similar to Popoon's externalinput.php to filter out potential XSS attacks on user-supplied input. This filter, and the original, fail to fully sanitize user data. In particular, this filter fails to protect against '/'s acting as spaces in both Microsoft Internet Explorer and Mozilla Firefox.

For example, the following snippet, supplied by the reporter, is treated as valid by the browsers but safe by the filter: <body/onload=alert(/w00w00/)>

Alerts:
Fedora FEDORA-2010-5520 horde 2010-04-01
Fedora FEDORA-2010-5483 horde 2010-04-01

Comments (none posted)

ikiwiki: cross-site scripting

Package(s):ikiwiki CVE #(s):
Created:April 1, 2010 Updated:April 7, 2010
Description:

From the Red Hat bugzilla entry:

Ivan Shmakov pointed out that the htmlscrubber allowed data:image/* urls, including data:image/svg+xml. But svg can contain javascript, so that is unsafe.

This hole was discovered on 12 March 2010 and fixed the same day with the release of ikiwiki 3.20100312. A fix was also backported to Debian etch, as version 2.53.5. I recommend upgrading to one of these versions if your wiki can be edited by third parties.

Alerts:
Fedora FEDORA-2010-4933 ikiwiki 2010-03-23
Fedora FEDORA-2010-4884 ikiwiki 2010-03-23

Comments (none posted)

imlib2: arbitrary code execution

Package(s):imlib2 CVE #(s):CVE-2008-6079
Created:April 6, 2010 Updated:July 2, 2010
Description: From the Debian advisory:

It was discovered that imlib2, a library to load and process several image formats, did not properly process various image file types. Several heap and stack based buffer overflows - partly due to integer overflows - in the ARGB, BMP, JPEG, LBM, PNM, TGA and XPM loaders can lead to the execution of arbitrary code via crafted image files.

Alerts:
Mandriva MDVSA-2010:127 imlib2 2010-07-02
Debian DSA-2029-1 imlib2 2010-04-05

Comments (none posted)

java-1.6.0-sun: multiple vulnerabilities

Package(s):java-1.6.0-sun CVE #(s):CVE-2010-0082 CVE-2010-0084 CVE-2010-0085 CVE-2010-0087 CVE-2010-0088 CVE-2010-0089 CVE-2010-0090 CVE-2010-0091 CVE-2010-0092 CVE-2010-0093 CVE-2010-0094 CVE-2010-0095 CVE-2010-0837 CVE-2010-0838 CVE-2010-0839 CVE-2010-0840 CVE-2010-0841 CVE-2010-0842 CVE-2010-0843 CVE-2010-0844 CVE-2010-0845 CVE-2010-0846 CVE-2010-0847 CVE-2010-0848 CVE-2010-0849
Created:April 1, 2010 Updated:September 21, 2010
Description:

From the Red Hat advisory. The first number is a reference to the Red Hat bugzilla bug number.

575736 - CVE-2010-0082 OpenJDK Loader-constraint table allows arrays instead of only the base-classes (6626217)

575740 - CVE-2010-0084 OpenJDK Policy/PolicyFile leak dynamic ProtectionDomains. (6633872)

575747 - CVE-2010-0085 OpenJDK File TOCTOU deserialization vulnerability (6736390)

575755 - CVE-2010-0088 OpenJDK Inflater/Deflater clone issues (6745393)

575756 - CVE-2010-0091 OpenJDK Unsigned applet can retrieve the dragged information before drop action occurs(6887703)

575760 - CVE-2010-0092 OpenJDK AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error (6888149)

575764 - CVE-2010-0093 OpenJDK System.arraycopy unable to reference elements beyond Integer.MAX_VALUE bytes (6892265)

575769 - CVE-2010-0094 OpenJDK Deserialization of RMIConnectionImpl objects should enforce stricter checks (6893947)

575772 - CVE-2010-0095 OpenJDK Subclasses of InetAddress may incorrectly interpret network addresses (6893954)

575775 - CVE-2010-0845 OpenJDK No ClassCastException for HashAttributeSet constructors if run with -Xcomp (6894807)

575808 - CVE-2010-0838 OpenJDK CMM readMabCurveData Buffer Overflow Vulnerability (6899653)

575818 - CVE-2010-0837 OpenJDK JAR "unpack200" must verify input parameters (6902299)

575846 - CVE-2010-0840 OpenJDK Applet Trusted Methods Chaining Privilege Escalation Vulnerability (6904691)

575854 - CVE-2010-0841 OpenJDK JPEGImageReader stepX Integer Overflow Vulnerability (6909597)

575865 - CVE-2010-0848 OpenJDK AWT Library Invalid Index Vulnerability (6914823)

575871 - CVE-2010-0847 OpenJDK ImagingLib arbitrary code execution vulnerability (6914866)

578430 - CVE-2010-0846 JDK unspecified vulnerability in ImageIO component

578432 - CVE-2010-0849 JDK unspecified vulnerability in Java2D component

578433 - CVE-2010-0087 JDK unspecified vulnerability in JWS/Plugin component

578436 - CVE-2010-0839 CVE-2010-0842 CVE-2010-0843 CVE-2010-0844 JDK multiple unspecified vulnerabilities

578437 - CVE-2010-0090 JDK unspecified vulnerability in JavaWS/Plugin component

578440 - CVE-2010-0089 JDK unspecified vulnerability in JavaWS/Plugin component

Alerts:
SUSE SUSE-SR:2010:017 java-1_4_2-ibm, sudo, libpng, php5, tgt, iscsitarget, aria2, pcsc-lite, tomcat5, tomcat6, lvm2, libvirt, rpm, libtiff, dovecot12 2010-09-21
Red Hat RHSA-2010:0574-01 java-1.4.2-ibm 2010-07-29
Pardus 2010-59 sun-jre sun-jdk 2010-05-10
SuSE SUSE-SR:2010:011 dovecot12, cacti, java-1_6_0-openjdk, irssi, tar, fuse, apache2, libmysqlclient-devel, cpio, moodle, libmikmod, libicecore, evolution-data-server, libpng/libpng-devel, libesmtp 2010-05-10
Red Hat RHSA-2010:0383-01 java-1.6.0-ibm 2010-04-29
Mandriva MDVSA-2010:084 java-1.6.0-openjdk 2010-04-28
Fedora FEDORA-2010-6039 java-1.6.0-openjdk 2010-04-09
Fedora FEDORA-2010-6025 java-1.6.0-openjdk 2010-04-09
SuSE SUSE-SR:2010:008 gnome-screensaver tomcat libtheora java-1_6_0-sun samba 2010-04-07
Ubuntu USN-923-1 openjdk 2010-04-07
Red Hat RHSA-2010:0339-01 java-1.6.0-openjdk 2010-03-31
Red Hat RHSA-2010:0338-01 java-1.5.0-sun 2010-03-31
Red Hat RHSA-2010:0337-01 java-1.6.0-sun 2010-03-31
Gentoo 201006-18 sun-jre-bin 2010-06-04
SUSE SUSE-SA:2010:028 java-1_5_0-ibm 2010-07-06
SuSE SUSE-SA:2010:026 java-1_6_0-ibm 2010-07-01
Red Hat RHSA-2010:0489-01 java-1.5.0-ibm 2010-06-17
CentOS CESA-2010:0339 java-1.6.0-openjdk 2010-06-12

Comments (none posted)

krb5: denial of service

Package(s):krb5 CVE #(s):CVE-2010-0629
Created:April 7, 2010 Updated:October 18, 2010
Description: The kadmind daemon contains a user-after-free vulnerability which can be exploited by a remote, authenticated user to cause a crash.
Alerts:
Gentoo 201201-13 mit-krb5 2012-01-23
rPath rPSA-2010-0065-1 krb5 2010-10-17
CentOS CESA-2010:0343 krb5 2010-05-28
Pardus 2010-53 mit-kerberos 2010-04-20
Mandriva MDVSA-2010:071 krb5 2010-04-13
SuSE SUSE-SR:2010:009 viewvc, krb5, pango, gimp, kdebase3, kde4-kdm 2010-04-14
Debian DSA-2031-1 krb5 2010-04-11
Fedora FEDORA-2010-6108 krb5 2010-04-09
Ubuntu USN-924-1 krb5 2010-04-07
Red Hat RHSA-2010:0343-01 krb5 2010-04-06

Comments (none posted)

libnids, dsniff: remotely triggerable null pointer dereference

Package(s):dsniff, libnids CVE #(s):
Created:April 1, 2010 Updated:April 7, 2010
Description: libnids 1.24 (Mar 14 2010): - fixed another remotely triggerable NULL dereference in ip_fragment.c
Alerts:
Fedora FEDORA-2010-5535 libnids 2010-04-01
Fedora FEDORA-2010-5545 libnids 2010-04-01
Fedora FEDORA-2010-5535 dsniff 2010-04-01
Fedora FEDORA-2010-5545 dsniff 2010-04-01

Comments (none posted)

libnss-db: information disclosure and possible privilege escalation

Package(s):libnss-db CVE #(s):CVE-2010-0826
Created:April 1, 2010 Updated:May 28, 2010
Description:

From the Ubuntu advisory:

Stephane Chazelas discovered that libnss-db did not correctly set up a database environment. A local attacker could exploit this to read the first line of arbitrary files, leading to a loss of privacy and possibly privilege escalation.

Alerts:
CentOS CESA-2010:0347 nss_db 2010-05-28
Fedora FEDORA-2010-6361 nss_db 2010-04-10
Fedora FEDORA-2010-6331 nss_db 2010-04-10
Mandriva MDVSA-2010:077 nss_db 2010-04-17
Red Hat RHSA-2010:0347-01 nss_db 2010-04-13
Ubuntu USN-922-1 libnss-db 2010-03-31

Comments (none posted)

mahara: SQL injection

Package(s):mahara CVE #(s):CVE-2010-0400
Created:April 7, 2010 Updated:April 7, 2010
Description: The mahara electronic portfolio system does not properly escape input when generating user names, enabling an SQL injection attack and the compromise of the database.
Alerts:
Debian DSA-2030-1 mahara 2010-04-06

Comments (none posted)

openssl: denial of service

Package(s):openssl CVE #(s):CVE-2010-0740
Created:April 1, 2010 Updated:April 20, 2010
Description:

From the CVE entry:

The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information.

Alerts:
Gentoo 201110-01 openssl 2011-10-09
Mandriva MDVSA-2010:076-1 openssl 2010-04-19
Mandriva MDVSA-2010:076 openssl 2010-04-15
Pardus 2010-46 openssl 2010-04-06
Slackware SSA:2010-090-01 openssl 2010-04-01

Comments (none posted)

pidgin-sipe: unspecified vulnerability

Package(s):pidgin-sipe CVE #(s):
Created:April 5, 2010 Updated:April 7, 2010
Description: See the comments to this update: The security update is "NTLMv2 and NTLMv2 Session Security support (pier11)" -- previously it only supported the insecure NTMLv1.
Alerts:
Fedora FEDORA-2010-4830 pidgin-sipe 2010-03-20
Fedora FEDORA-2010-4848 pidgin-sipe 2010-03-20

Comments (none posted)

Page editor: Jake Edge
Next page: Kernel development>>


Copyright © 2010, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds