|
|
Log in / Subscribe / Register

Security

Security implications for user interface changes?

By Jake Edge
November 28, 2012

Free software users are not generally known for their quiet acceptance of user interface changes. Many changes to the UI of desktop environments or popular applications lead to long and loud threads from users—with some percentage of those users claiming they will move to an alternative rather than "put up" with the change. But what happens if the alternative is to stick with an earlier, unsupported version of the application? That's the question that came up in a short, but interesting, thread on the Mozilla security mailing list.

Plans for Firefox to remove the "tabs on bottom" feature have so incensed a vocal subset of users (see this bug report or this lengthy thread on the mozilla.dev.apps.firefox group) that they don't plan to upgrade the browser once this change is implemented. For many releases now, Firefox has had its tabs below the controls and "awesome bar", which is the behavior called "tabs on bottom". More recent versions have had a "Tabs on top" toggle in the toolbar configuration, which moves the tabs to just below the menu (and above the controls and awesome bar). The toggle is slated for removal, with tabs on top becoming the default. The old behavior will still be available by setting browser.tabs.onTop to false in about:config, but users are concerned that will eventually disappear as well.

The ferocity of the arguments against moving the tabs (and removing the toggle) led Zack Weinberg to suggest keeping the toggle and feature:

Obviously, refusing to upgrade Firefox opens up these users to serious security risks. I would like to suggest that we put that toggle back in, and commit to preserving tabs-on-bottom mode for the foreseeable future, *just because* it will encourage this upset minority of users to continue upgrading. Remember that the actual size of the upset minority here is probably at least 100x larger than the number of people who have gone to the trouble of complaining about it in the newsgroups and/or the bug report.

Web browsers, by their nature, need frequent updates. Because browsers face the often hostile internet and can provide a portal to users' documents, photos, passwords, and so forth, it is critically important for users to keep up with browser updates. Anything that gets in the way of that process is (and should be) worrisome. That is the main reason that Chrome and Firefox have moved to automatic updates, for example.

But there is a tradeoff to be made here. Mozilla's VP of Firefox Engineering Johnathan Nightingale argues that, over the years, too much attention has been paid to the most vocal user contingent. There is code that is "in desperate need of clean up", he said, so Firefox developers cannot necessarily afford to heed the negative feedback:

[...] but on balance I believe we bias far too much towards letting vocal, conservative complaint chill the evolution of our products.

Every community has conservative elements. They are helpful; they remind us who we are when we forget. But conservative forces prevent change (by definition!) and we have important aspects of our code that need changing.

Weinberg is not convinced that cleaning up the code base overrides the security issue, however. He is concerned that the "tabs on bottom" issue is really just the straw that broke the camel's back for some segment of users. Even a small percentage of the Firefox install base can make for a rather large problem:

But with my security hat on, even a small minority of our users is still tens or hundreds of thousands of people, and if their computers are 0wned because they refused security updates because they didn't like our UI changes, that potentially has cascading fallout upon a much larger population (as the 0wned machines become malware sources themselves). That's not something I think is justifiable by code cleanliness concerns on our end.

Drawing a clear line is difficult, though. If any change to the UI can be seen as a "security problem" because users might decide not to upgrade, it will be difficult for Firefox to make any changes. Users have to take some responsibility for their choices. As Curtis Koenig put it:

While it is concerning when users choose to resist change in hazardous manners we cannot and should not halt forward movement due to the real or perceived threat that some portion of the user base will make ill conceived choices. This would allow anyone to hold up anything with the cry of "I won't update" and then we get nowhere.

Users will make poor choices at times, and it is certainly possible that some change will drive some of them to make those choices. Is there a "moral responsibility", as Weinberg claimed, for Firefox (and, by implication, other applications, desktops, etc.) to continue to deliver a user experience that its users have become accustomed to? Are UI changes always potential security problems? There are obviously some kinds of UI changes that are security flaws, but simply changing the way the user interacts with the program likely doesn't really reach that level.

Both Koenig and Nightingale do not see the "tabs on bottom" change as a security issue. There may be design or development issues that need to be resolved—though Nightingale seems confident that those have largely been dealt with—but changing some UI elements around is not cause for a security red flag. In fact, Nightingale called the security concern "a red herring (or a slippery slope, take your pick)".

There is only so much that a project can do to protect its users. Part of the problem with this particular case is that the other "major" free alternative, Chrome/Chromium, also has its tabs at the top. One guesses that the uproar would be good deal more subdued if there were an "easy" alternative that behaved the way the "vocal conservatives" want. There may be good reasons to consider leaving the "tabs on bottom" feature alone; security isn't really one of them. But it is always good to see projects thinking about and debating where these lines are.

Comments (57 posted)

Brief items

Security quotes of the week

New York City say they found shredded police documents mixed in with confetti at the Macy's Thanksgiving Day Parade.

The documents contained confidential information, including detectives' Social Security numbers, bank information and unveiled undercover officers' identities, WPIX-TV, New York, reported.

-- UPI

Letting the Internet be rewired by bureaucrats would be like handing a Stradivarius to a gorilla.
-- L. Gordon Crovitz in The Wall Street Journal

Comments (2 posted)

Backdoor inserted into Piwik

The Piwik web server analytics package was given an undesirable feature — a backdoor — as the result of a compromise of the piwik.org server. "You would be at risk only if you installed or updated to Piwik 1.9.2 on Nov 26th from 15:43 UTC to 23:59 UTC. If you are not using 1.9.2, or if you have updated to 1.9.2 earlier than Nov 26th 15:40 UTC or from Nov 27th, you should be safe." The announcement has details on the backdoor and how to detect it.

Comments (2 posted)

New vulnerabilities

awstats: unspecified vulnerability

Package(s):awstats CVE #(s):CVE-2012-4547
Created:November 28, 2012 Updated:April 8, 2013
Description: From the CVE entry:

Unspecified vulnerability in awredir.pl in AWStats before 7.1 has unknown impact and attack vectors.

Alerts:
Mandriva MDVSA-2013:061 awstats 2013-04-08
Fedora FEDORA-2012-18423 awstats 2012-11-28

Comments (none posted)

bugzilla: multiple vulnerabilities

Package(s):bugzilla CVE #(s):
Created:November 26, 2012 Updated:November 28, 2012
Description: From the Fedora advisory:

Update to 4.0.9

  • Confidential product and component names can be disclosed to unauthorized users if they are used to control the visibility of a custom field.
  • When calling the 'User.get' WebService method with a 'groups' argument, it is possible to check if the given group names exist or not.
  • Due to incorrectly filtered field values in tabular reports, it is possible to inject code which can lead to XSS.
  • When trying to mark an attachment in a bug you cannot see as obsolete, the description of the attachment is disclosed in the error message.
  • A vulnerability in swfstore.swf from YUI2 can lead to XSS.
Alerts:
Fedora FEDORA-2012-18224 bugzilla 2012-11-24
Fedora FEDORA-2012-18210 bugzilla 2012-11-24

Comments (none posted)

firefox: multiple vulnerabilities

Package(s):firefox CVE #(s):CVE-2012-5843 CVE-2012-5836 CVE-2012-4203 CVE-2012-4204 CVE-2012-4205 CVE-2012-4208 CVE-2012-4212 CVE-2012-4213 CVE-2012-4217 CVE-2012-4218 CVE-2012-5838
Created:November 22, 2012 Updated:January 8, 2013
Description:

From the Ubuntu advisory:

Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and Andrew McCreight discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Firefox. (CVE-2012-5842, CVE-2012-5843)

Jonathan Stephens discovered that combining vectors involving the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text could cause Firefox to crash. If a user were tricked into opening a malicious web page, an attacker could cause a denial of service via application crash or execute arbitrary code with the privliges of the user invoking the program. (CVE-2012-5836)

It was discovered that if a javascript: URL is selected from the list of Firefox "new tab" page, the script will inherit the privileges of the privileged "new tab" page. This allows for the execution of locally installed programs if a user can be convinced to save a bookmark of a malicious javascript: URL. (CVE-2012-4203)

Scott Bell discovered a memory corruption issue in the JavaScript engine. If a user were tricked into opening a malicious website, an attacker could exploit this to execute arbitrary JavaScript code within the context of another website or arbitrary code as the user invoking the program. (CVE-2012-4204)

Gabor Krizsanits discovered that XMLHttpRequest objects created within sandboxes have the system principal instead of the sandbox principal. This can lead to cross-site request forgery (CSRF) or information theft via an add-on running untrusted code in a sandbox. (CVE-2012-4205)

Peter Van der Beken discovered XrayWrapper implementation in Firefox does not consider the compartment during property filtering. An attacker could use this to bypass intended chrome-only restrictions on reading DOM object properties via a crafted web site. (CVE-2012-4208)

Abhishek Arya discovered multiple use-after-free and buffer overflow issues in Firefox. If a user were tricked into opening a malicious page, an attacker could exploit these to execute arbitrary code as the user invoking the program. (CVE-2012-4214, CVE-2012-4215, CVE-2012-4216, CVE-2012-5829, CVE-2012-5839, CVE-2012-5840, CVE-2012-4212, CVE-2012-4213, CVE-2012-4217, CVE-2012-4218)

Several memory corruption flaws were discovered in Firefox. If a user were tricked into opening a malicious page, an attacker could exploit these to execute arbitrary code as the user invoking the program. (CVE-2012-5830, CVE-2012-5833, CVE-2012-5835, CVE-2012-5838)

Alerts:
openSUSE openSUSE-SU-2014:1100-1 Firefox 2014-09-09
openSUSE openSUSE-SU-2013:0175-1 mozilla 2013-01-23
Gentoo 201301-01 firefox 2013-01-07
Fedora FEDORA-2012-18661 thunderbird-lightning 2012-12-19
Fedora FEDORA-2012-18661 xulrunner 2012-12-19
Fedora FEDORA-2012-18661 thunderbird-enigmail 2012-12-19
Fedora FEDORA-2012-18661 thunderbird 2012-12-19
Fedora FEDORA-2012-18661 firefox 2012-12-19
Mageia MGASA-2012-0353 iceape 2012-12-07
openSUSE openSUSE-SU-2012:1583-1 firefox 2012-11-28
SUSE SUSE-SU-2012:1592-1 Mozilla Firefox 2012-11-29
openSUSE openSUSE-SU-2012:1586-1 xulrunner 2012-11-28
Ubuntu USN-1638-2 ubufox 2012-11-21
Ubuntu USN-1636-1 thunderbird 2012-11-21
Fedora FEDORA-2012-18931 seamonkey 2012-12-04
Fedora FEDORA-2012-18952 seamonkey 2012-12-04
Ubuntu USN-1638-3 firefox 2012-12-03
openSUSE openSUSE-SU-2012:1585-1 thunderbird 2012-11-28
Ubuntu USN-1638-1 firefox 2012-11-21
Ubuntu USN-1430-5 mozilla-devscripts 2012-11-29
openSUSE openSUSE-SU-2012:1584-1 seamonkey 2012-11-28

Comments (none posted)

hyper-v: denial of service

Package(s):Hyper-V CVE #(s):CVE-2012-2669
Created:November 22, 2012 Updated:November 28, 2012
Description:

From the openSUSE advisory:

The source code without this patch caused hv_kvp_daemon to exit when it processed a spoofed Netlink packet which has been sent from an untrusted local user. Now Netlink messages with a non-zero nl_pid source address are ignored and a warning is printed into the syslog. This fixes the previous change from CVE-2012-2669.

Alerts:
Mandriva MDVSA-2013:176 kernel 2013-06-24
Ubuntu USN-1726-1 linux-ti-omap4 2013-02-14
Ubuntu USN-1720-1 linux 2013-02-12
Ubuntu USN-1719-1 linux-lts-backport-oneiric 2013-02-12
openSUSE openSUSE-SU-2012:1526-1 Hyper-V 2012-11-22

Comments (none posted)

insight: remote denial of service

Package(s):insight CVE #(s):CVE-2012-3509
Created:November 26, 2012 Updated:August 22, 2014
Description: From the CVE entry:

Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the "addition of CHUNK_HEADER_SIZE to the length," which triggers a heap-based buffer overflow.

Alerts:
Debian-LTS DLA-324-1 binutils 2015-10-02
Mandriva MDVSA-2015:029-1 binutils 2015-03-30
Ubuntu USN-2496-1 binutils 2015-02-09
Mandriva MDVSA-2015:029 binutils 2015-02-05
Mageia MGASA-2014-0346 sdcc 2014-08-22
Fedora FEDORA-2014-8528 sdcc 2014-08-01
Fedora FEDORA-2014-8510 sdcc 2014-08-01
Fedora FEDORA-2014-1828 ghdl 2014-02-08
Fedora FEDORA-2014-1835 ghdl 2014-02-08
Fedora FEDORA-2012-18300 insight 2012-11-24
Fedora FEDORA-2012-18311 insight 2012-11-24

Comments (none posted)

kernel: denial of service

Package(s):kernel CVE #(s):CVE-2012-4461
Created:November 22, 2012 Updated:November 28, 2012
Description:

From the Red Hat Bugzilla entry:

A flaw has been found in the way Linux kernel's KVM subsystem handled vcpu->arch.cr4 X86_CR4_OSXSAVE bit set upon guest enter. On hosts without the XSAVE feature an unprivileged local user could use this flaw to crash the system.

Alerts:
Oracle ELSA-2013-1645 kernel 2013-11-26
openSUSE openSUSE-SU-2013:0925-1 kernel 2013-06-10
Red Hat RHSA-2013:0882-01 kernel 2013-05-30
Debian DSA-2668-1 linux-2.6 2013-05-14
SUSE SUSE-SU-2013:0786-1 Linux kernel 2013-05-14
openSUSE openSUSE-SU-2013:0927-1 kernel 2013-06-10
Oracle ELSA-2013-2507 kernel 2013-02-28
Oracle ELSA-2013-2503 kernel 2013-02-07
Scientific Linux SL-kern-20130206 kernel 2013-02-06
Oracle ELSA-2013-0223 kernel 2013-02-06
CentOS CESA-2013:0223 kernel 2013-02-06
Red Hat RHSA-2013:0223-01 kernel 2013-02-05
Ubuntu USN-1704-2 Quantal kernel 2013-02-01
Ubuntu USN-1696-2 kernel 2013-02-01
Ubuntu USN-1699-2 kernel 2013-02-01
Mageia MGASA-2013-0016 kernel-rt 2013-01-24
Ubuntu USN-1704-1 kernel 2013-01-22
Ubuntu USN-1699-1 linux 2013-01-17
Ubuntu USN-1696-1 linux 2013-01-17
Mageia MGASA-2013-0011 kernel-tmb 2013-01-18
Mageia MGASA-2013-0010 kernel 2013-01-18
Ubuntu USN-1689-1 linux 2013-01-15
Ubuntu USN-1688-1 linux-lts-backport-oneiric 2013-01-15
Mageia MGASA-2013-0012 kernel-vserver 2013-01-18
Mageia MGASA-2013-0009 kernel-linus 2013-01-18
Fedora FEDORA-2012-18691 kernel 2012-11-28
Fedora FEDORA-2012-18684 kernel 2012-11-22

Comments (none posted)

libsocialweb: untrusted connection to flickr

Package(s):libsocialweb CVE #(s):CVE-2012-4511
Created:November 23, 2012 Updated:November 28, 2012
Description:

From the Fedora advisory:

The libsocialweb library is prone to a security vulnerability that allows attackers to perform man-in-the-middle attacks.

Remote attackers can exploit this issue to gain access to sensitive information or modify the integrity of user accounts. Other attacks are also possible.

Alerts:
Fedora FEDORA-2012-17749 libsocialweb 2012-11-23
Fedora FEDORA-2012-17746 libsocialweb 2012-11-23

Comments (none posted)

libssh: code execution

Package(s):libssh CVE #(s):CVE-2012-4559 CVE-2012-4560 CVE-2012-4561 CVE-2012-4562
Created:November 27, 2012 Updated:February 24, 2014
Description: From the Ubuntu advisory:

Xi Wang and Florian Weimer discovered that libssh incorrectly handled memory. A remote attacker could use this to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2012-4559, CVE-2012-4560, CVE-2012-4561, CVE-2012-4562)

Alerts:
Gentoo 201402-26 libssh 2014-02-21
Mandriva MDVSA-2013:045 libssh 2013-04-05
openSUSE openSUSE-SU-2013:0130-1 libssh 2013-01-23
Slackware SSA:2012-341-02 libssh 2012-12-06
openSUSE openSUSE-SU-2012:1622-1 libssh 2012-12-07
openSUSE openSUSE-SU-2012:1620-1 libssh 2012-12-07
Fedora FEDORA-2012-18687 libssh 2012-12-06
Debian DSA-2577-1 libssh 2012-12-01
Ubuntu USN-1640-1 libssh 2012-11-26
Mandriva MDVSA-2012:175 libssh 2012-11-29
Fedora FEDORA-2012-18677 libssh 2012-11-29
Mageia MGASA-2012-0344 libssh 2012-11-29

Comments (none posted)

libssh2: multiple integer overflows

Package(s):libssh2 CVE #(s):CVE-2012-4562
Created:November 22, 2012 Updated:November 29, 2012
Description:

From the SUSE advisory:

This update of libssh fixes multiple integer overflows. CVE-2012-4562 has been assigned to this issue.

Alerts:
Mandriva MDVSA-2013:045 libssh 2013-04-05
Slackware SSA:2012-341-02 libssh 2012-12-06
openSUSE openSUSE-SU-2012:1622-1 libssh 2012-12-07
openSUSE openSUSE-SU-2012:1620-1 libssh 2012-12-07
SUSE SUSE-SU-2012:1520-1 libssh2 2012-11-21

Comments (1 posted)

libvoikko: denial of service

Package(s):libvoikko CVE #(s):
Created:November 26, 2012 Updated:November 28, 2012
Description: From the Mageia advisory:

Version 3.2.1 fixes the handling of embedded null characters in input strings entered through the Python interface. The bug could be used to cause denial of service conditions and possibly other problems. Users of these interfaces are recommended to upgrade to this release. Applications that use the native C++ library directly (this includes all well known desktop applications) are not affected by this bug and no changes to the native library have been made in this release.

Alerts:
Mageia MGASA-2012-0340 libvoikko 2012-11-23

Comments (none posted)

lighttpd: denial of service

Package(s):lighttpd CVE #(s):CVE-2012-5533
Created:November 23, 2012 Updated:January 15, 2014
Description:

From the Novell advisory:

Specially-crafted HTTP header can cause a Denial of Service (infinite loop) in lighttpd.

Alerts:
Gentoo 201406-10 lighttpd 2014-06-14
openSUSE openSUSE-SU-2014:0074-1 lighttpd 2014-01-15
Fedora FEDORA-2013-15345 lighttpd 2013-09-03
Fedora FEDORA-2013-15344 lighttpd 2013-09-03
Mandriva MDVSA-2013:100 lighttpd 2013-04-10
openSUSE openSUSE-SU-2012:1532-1 lighttpd 2012-11-23
Mageia MGASA-2012-0345 lighttpd 2012-11-29

Comments (none posted)

mantis: multiple vulnerabilities

Package(s):mantis CVE #(s):CVE-2012-5522 CVE-2012-5523
Created:November 26, 2012 Updated:November 28, 2012
Description: From the CVE entries:

MantisBT before 1.2.12 does not use an expected default value during decisions about whether a user may modify the status of a bug, which allows remote authenticated users to bypass intended access restrictions and make status changes by leveraging a blank value for a per-status setting. (CVE-2012-5522)

core/email_api.php in MantisBT before 1.2.12 does not properly manage the sending of e-mail notifications about restricted bugs, which might allow remote authenticated users to obtain sensitive information by adding a note to a bug before losing permission to view that bug. (CVE-2012-5523)

Alerts:
Fedora FEDORA-2012-18299 mantis 2012-11-24
Fedora FEDORA-2012-18294 mantis 2012-11-24

Comments (none posted)

moodle: unintended Dropbox access

Package(s):moodle CVE #(s):CVE-2012-5471
Created:November 28, 2012 Updated:November 28, 2012
Description: From the CVE entry:

The Dropbox Repository File Picker in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to access the Dropbox of a different user by leveraging an unattended workstation after a logout.

Alerts:
Fedora FEDORA-2012-18570 moodle 2012-11-28
Fedora FEDORA-2012-18525 moodle 2012-11-28

Comments (none posted)

pcp: insecure temporary file use

Package(s):pcp CVE #(s):CVE-2012-5530
Created:November 23, 2012 Updated:November 28, 2012
Description:

From the Fedora advisory:

A security flaw was found in the way Performance Co-Pilot (PCP), a framework and services to support system-level performance monitoring and performance management, performed management of its temporary files used by various services from the suite. A local attacker could use this flaw to conduct symbolic link attacks (alter or remove different system files, accessible with the privileges of the user running the PCP suite, than it was originally intended).

Alerts:
SUSE SUSE-SU-2013:0190-1 pcp 2013-01-23
Fedora FEDORA-2012-18686 pcp 2012-11-23
Fedora FEDORA-2012-18654 pcp 2012-11-23

Comments (none posted)

perl-CGI: header injection

Package(s):perl-CGI CVE #(s):CVE-2012-5526
Created:November 28, 2012 Updated:December 19, 2012
Description: From the CVE entry:

CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.

Alerts:
Scientific Linux SL-perl-20130327 perl 2013-03-27
Oracle ELSA-2013-0685 perl 2013-03-27
Oracle ELSA-2013-0685 perl 2013-03-26
CentOS CESA-2013:0685 perl 2013-03-26
CentOS CESA-2013:0685 perl 2013-03-26
Red Hat RHSA-2013:0685-01 perl 2013-03-26
openSUSE openSUSE-SU-2013:0502-1 perl 2013-03-20
openSUSE openSUSE-SU-2013:0497-1 perl 2013-03-20
SUSE SUSE-SU-2013:0442-1 Perl 2013-03-13
SUSE SUSE-SU-2013:0441-1 Perl 2013-03-13
Fedora FEDORA-2012-19282 perl-CGI 2012-12-13
Fedora FEDORA-2012-19282 perl 2012-12-13
Fedora FEDORA-2012-18330 perl-CGI 2012-12-18
Fedora FEDORA-2012-18330 perl 2012-12-18
Mandriva MDVSA-2012:180 perl-CGI 2012-12-17
Debian DSA-2587-1 libcgi-pm-perl 2012-12-11
Debian DSA-2586-1 perl 2012-12-11
Ubuntu USN-1643-1 perl 2012-11-29
Mageia MGASA-2012-0346 perl-CGI 2012-11-29
Fedora FEDORA-2012-18318 perl-CGI 2012-11-28

Comments (none posted)

rssh: command execution

Package(s):rssh CVE #(s):CVE-2012-2251 CVE-2012-2252
Created:November 28, 2012 Updated:November 28, 2012
Description: From the Debian advisory:

James Clawson discovered that rssh, a restricted shell for OpenSSH to be used with scp/sftp, rdist and cvs, was not correctly filtering command line options. This could be used to force the execution of a remote script and thus allow arbitrary command execution.

Alerts:
Gentoo 201311-19 rssh 2013-11-28
Fedora FEDORA-2012-20109 rssh 2012-12-19
Debian DSA-2578-1 rssh 2012-11-28

Comments (none posted)

tomcat: multiple vulnerabilities

Package(s):tomcat6 CVE #(s):CVE-2012-2733 CVE-2012-5885 CVE-2012-5886 CVE-2012-5887 CVE-2012-3439
Created:November 22, 2012 Updated:May 29, 2013
Description:

From the Ubuntu advisory:

It was discovered that the Apache Tomcat HTTP NIO connector incorrectly handled header data. A remote attacker could cause a denial of service by sending requests with a large amount of header data. (CVE-2012-2733)

It was discovered that Apache Tomcat incorrectly handled DIGEST authentication. A remote attacker could possibly use these flaws to perform a replay attack and bypass authentication. (CVE-2012-5885, CVE-2012-5886, CVE-2012-5887)

Alerts:
Gentoo 201412-29 tomcat 2014-12-14
Oracle ELSA-2013-0869 tomcat6 2013-05-28
Scientific Linux SL-tomc-20130312 tomcat5 2013-03-12
Oracle ELSA-2013-0640 tomcat5 2013-03-13
CentOS CESA-2013:0640 tomcat5 2013-03-12
Red Hat RHSA-2013:0640-01 tomcat5 2013-03-12
Scientific Linux SL-tomc-20130312 tomcat6 2013-03-12
Oracle ELSA-2013-0623 tomcat6 2013-03-11
CentOS CESA-2013:0623 tomcat6 2013-03-12
Red Hat RHSA-2013:0623-01 tomcat6 2013-03-11
Mandriva MDVSA-2013:004 tomcat5 2013-01-10
openSUSE openSUSE-SU-2013:0147-1 tomcat6 2013-01-23
Mageia MGASA-2013-0015 tomcat6 2013-01-18
openSUSE openSUSE-SU-2012:1700-1 tomcat6 2012-12-27
openSUSE openSUSE-SU-2012:1701-1 tomcat 2012-12-27
Fedora FEDORA-2012-20151 tomcat 2012-12-19
Ubuntu USN-1637-1 tomcat6 2012-11-21

Comments (none posted)

unity-firefox-extension: code execution

Package(s):unity-firefox-extension CVE #(s):CVE-2012-0960
Created:November 22, 2012 Updated:November 28, 2012
Description:

From the Ubuntu advisory:

It was discovered that unity-firefox-extension incorrectly handled certain callbacks. A remote attacker could use this issue to cause unity-firefox-extension to crash, resulting in a denial of service, or possibly execute arbitrary code.

Alerts:
Ubuntu USN-1639-1 unity-firefox-extension 2012-11-22

Comments (none posted)

vlc: denial of service

Package(s):vlc CVE #(s):CVE-2012-5470
Created:November 22, 2012 Updated:November 28, 2012
Description:

From the Mageia advisory:

libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted PNG file (CVE-2012-5470).

Alerts:
Gentoo 201411-01 vlc 2014-11-05
Mageia MGASA-2012-0333 vlc 2012-11-21

Comments (none posted)

weechat: shell injection

Package(s):weechat CVE #(s):CVE-2012-5534
Created:November 28, 2012 Updated:December 3, 2012
Description: From the openSUSE advisory:

added weechat-fix-hook_process-shell-injection.patch which fixes a shell injection vulnerability in the hook_process function (bnc#790217, CVE-2012-5534)

Alerts:
Gentoo 201405-03 weechat 2014-05-03
Mandriva MDVSA-2013:136 weechat 2013-04-10
Debian DSA-2598-1 weechat 2013-01-05
openSUSE openSUSE-SU-2013:0150-1 weechat 2013-01-23
Fedora FEDORA-2012-19538 weechat 2012-12-11
Fedora FEDORA-2012-19533 weechat 2012-12-11
Mageia MGASA-2012-0347 weechat 2012-11-30
Fedora FEDORA-2012-18526 weechat 2012-11-29
Fedora FEDORA-2012-18575 weechat 2012-11-29
openSUSE openSUSE-SU-2012:1580-1 weechat 2012-11-28

Comments (none posted)

Page editor: Jake Edge
Next page: Kernel development>>


Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds