Security
Hardware technologies for securing containers
There are plenty of security concerns with running containers and applications that have been containerized—some of those concerns can be reduced or eliminated using hardware techniques. Intel's Arjan van de Ven described some x86 technologies that can help with some of the security problems that containers face at a LinuxCon North America presentation. One of the technologies is brand new, having only been announced a few days before the talk.
Many people are downloading and running containers from the internet without any real checking on their provenance, which "should scare the hell out of you", Van de Ven said. That is a "sharp knife problem" that cannot be solved with hardware technologies, since it all comes down to trust. There are a number of trust issues with that, including whether a container truly comes from where it purports to originate with the binaries that are expected, whether it contains software that has vulnerabilities that have been discovered since it was created, and whether the contents are complying with the licenses that govern the code. Those are all of the same problems that users face when downloading a Linux distribution—the same kinds of solutions will need to applied to containers.
![[Arjan van de Ven]](https://static.lwn.net/images/2015/lcna-vandeven-sm.jpg)
But if you look "beyond the sharp knife", there are security problems where hardware can help. One major concern is that the container is leaky somehow, such that the containerized application can escape its containment. An attacker may use that ability to directly attack the host operating system (OS) or they may attack another container running on the host. In addition, how does a container know that the OS it is running on has not been compromised? These are places where "hardware-assisted security" can help.
Intel's Kernel-Guard Technology (KGT) tries to protect the kernel against certain kinds of malware, Van de Ven said. It places a small monitor between the kernel and the hardware to protect certain kernel data structures or CPU registers from modification. The monitor is not a full hypervisor, but uses similar techniques to protect the system from certain kinds of attacks. Kernel code pages, interrupt descriptor table contents, and page table mappings could be protected using KGT, as could CPU control registers and model-specific registers (MSRs).
Containers, applications, and other components will be able to detect changes in the underlying system and its software using the attestation feature that the Intel Cloud Integrity Technology (CIT) provides. Attestation is a way to prove that the binaries for components like the firmware, bootloader, kernel, and, say, Docker daemon or rkt binary, have not changed. A chain of hashes is calculated for the elements and the Trusted Platform Module (TPM) is used to sign the hash in such a way that others can verify that those elements have not been changed.
The attestation can be extended to prove that a container is running in the right data center or in the right country. That may be important for countries that require their citizens' data to be stored domestically, for example.
It is a "picky and fragile" solution in some ways, since anything that gets changed will change the hash chain. So upgrades need to be handled carefully. In addition, it only proves the state of the software when it was started; if the binary gets changed later by way of a compromise, it won't be detected. There is also a performance cost associated with the feature, so it does not come for free, he said. Attestation is "not for the faint of heart", but can help solve some security problems for containers.
Clear Containers are another technology that can help secure "containers". It provides the isolation of virtualization with the performance of containers by actually running the container in a lightweight virtual machine. He didn't go into much detail about Clear Containers, as he gave another full talk on that subject at the conference. Support for Clear Containers has been added to the rkt container engine as a proof of concept. It works, but there are still plenty of "interesting problems" left to solve, he said.
The supervisor mode access protection (SMAP) and execution prevention (SMEP) features of some x86 processors are changing some of things that we learned in school about CPUs, Van de Ven said. Instead of the traditional ring model, where the most-privileged ring has access to the data in all rings, SMAP and SMEP make the rings almost completely disjoint. If an exploit tricks the kernel into accessing or running user-space code, the CPU will simply fault, stopping the attack in its tracks.
Of course, the kernel needs to access user-space data at times, which is where the overlap between the rings comes into play. The Linux kernel already has special methods to access user-space data; those can lift the SMAP protections for the duration of that access. Any other access will trigger the fault. It doesn't prevent all attacks using bad kernel pointers, but it does make it harder to exploit them. (Support for a feature similar to SMAP for ARM processors has been merged for the 4.3 kernel.)
The final feature he covered had only been announced two days earlier: Intel Software Guard Extensions (SGX). This new feature is "a little weird", Van de Ven said. It allows the system to define a special zone of memory (called an "enclave") that will be used to hold encrypted memory for both code and data. The enclave will also have some defined entry points. Only code that is running inside the enclave can see the unencrypted contents of the memory. Even the kernel cannot access the code and data inside the enclave from the outside.
The typical use case for SGX would be for secure cryptography; the key can be placed in the enclave and cannot be extracted from it. The entry points would provide services using the key, like signing. In addition, the CPU can attest that it is running from within the enclave to a remote server.
It is effectively a "black box with a call table". You may be able to trick the enclave into signing things that it shouldn't have signed, he said, but getting the key out is not possible. If there is a security hole in the code inside the enclave, though, all bets are off. In addition, debugging the code inside the enclave is difficult—you can't simply attach GDB.
The enclave is populated from a driver, Van de Ven said in answer to a question from the audience. Another attendee suggested the "Intel SGX for Dummies" site for more information on the feature.
He circled back around to KGT as he was winding down the talk. That feature will perhaps be the most generally useful for protecting against various kinds of attacks. It can protect all of the read-only memory in the kernel along with all of the MSRs and CPU configuration registers. Many of the data structures in the kernel can be made read-only and be protected using KGT. It can be configured with a set of rules that, for example, would allow only certain functions to change certain parts of memory. So KGT could enforce that only the user-space access methods in the kernel are allowed to change the SMEP and SMAP settings.
KGT is implemented as a mini-hypervisor that requires no kernel changes. The code is available (under the Apache 2.0 license) for those interested.
These hardware technologies are certainly not limited to protecting containers or containerized applications—they are more widely applicable. SMEP and SMAP have been around for a while, but Clear Containers, CIT, KGT, and definitely SGX are all relatively new, so Van de Ven's talk provided a nice quick overview of those ideas. It will be interesting to see how they got used in the future.
[I would like to thank the Linux Foundation for travel assistance to Seattle for LinuxCon North America.]
Brief items
Security quotes of the week
Using such a system, attackers could trick a self-driving car into thinking something is directly ahead of it, thus forcing it to slow down. Or they could overwhelm it with so many spurious signals that the car would not move at all for fear of hitting phantom obstacles.
We have a difficult enough time building secure systems without backdoors, and the presence of a backdoor must necessarily weaken the security of the system still further. With the dreadful history of backdoors, its little wonder most security professionals believe building backdoors right is practically impossible.
Mozilla: Improving Security for Bugzilla
The Mozilla blog has disclosed
that the official Mozilla instance of Bugzilla was recently
compromised by an attacker who stole "security-sensitive
information
" related to unannounced vulnerabilities in
Firefox—in particular, the PDF
Viewer exploit discovered on August 5. The blog post explains that
Mozilla has now taken several steps to reduce the risk of future
attacks using Bugzilla as a stepping stone. "As an immediate
first step, all users with access to security-sensitive information
have been required to change their passwords and use two-factor
authentication. We are reducing the number of users with privileged
access and limiting what each privileged user can do. In other words,
we are making it harder for an attacker to break in, providing fewer
opportunities to break in, and reducing the amount of information an
attacker can get by breaking in.
"
New vulnerabilities
bind: denial of service
| Package(s): | bind | CVE #(s): | CVE-2015-5986 | ||||||||||||||||||||
| Created: | September 3, 2015 | Updated: | September 10, 2015 | ||||||||||||||||||||
| Description: | From the Arch Linux advisory:
CVE-2015-5986 (An incorrect boundary check can trigger a REQUIRE assertion failure in openpgpkey_61.c): An incorrect boundary check in openpgpkey_61.c can cause named to terminate due to a REQUIRE assertion failure. This defect can be deliberately exploited by an attacker who can provide a maliciously constructed response in answer to a query. | ||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||
bind: denial of service
| Package(s): | bind | CVE #(s): | CVE-2015-5722 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | September 3, 2015 | Updated: | October 5, 2015 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the Red Hat advisory:
A denial of service flaw was found in the way BIND parsed certain malformed DNSSEC keys. A remote attacker could use this flaw to send a specially crafted DNS query (for example, a query requiring a response from a zone containing a deliberately malformed key) that would cause named functioning as a validating resolver to crash. (CVE-2015-5722) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
drupal6-ctools: multiple vulnerabilities
| Package(s): | drupal6-ctools | CVE #(s): | |||||||||
| Created: | September 8, 2015 | Updated: | September 10, 2015 | ||||||||
| Description: | From the Drupal advisory:
Cross Site Scripting (XSS) Ctools in Drupal 6 provides a number of APIs and extensions for Drupal, and is a dependency for many of the most popular modules, including Views, Panels and Entityreference. Many features introduced in Drupal Core once lived in ctools. This vulnerability can be mitigated by the fact that ctools must load its javascript on the page and the user has access to submit data through a form (such as a comment or node) that allows 'a' tags. Access bypass This module provides a number of APIs and extensions for Drupal, and is a dependency for many of the most popular modules, including Views, Panels and Features. The module doesn't sufficiently verify the "edit" permission for the "content type" plugins that are used on Panels and similar systems to place content and functionality on a page. This vulnerability is mitigated by the fact that the user must have access to edit a display via a Panels display system, e.g. via Panels pages, Mini Panels, Panel Nodes, Panelizer displays, IPE, Panels Everywhere, etc. Furthermore, either a contributed module provides a CTools content type plugin, or a custom plugin must be written that inherits permissions from another plugin and must have a different permission defined; if no "edit" permission is set up for the child object CTools did not check the permissions of the parent object. One potential scenario would allow people who did not have edit access to Fieldable Panels Panes panes, which were specifically set to not be reusable, to edit them despite the person's lack of access. | ||||||||||
| Alerts: |
| ||||||||||
drupal6-views_bulk_operations: access bypass
| Package(s): | drupal6-views_bulk_operations | CVE #(s): | CVE-2015-5515 | ||||||||
| Created: | September 8, 2015 | Updated: | September 10, 2015 | ||||||||
| Description: | From the Drupal advisory:
The Views Bulk Operations module enables you to add bulk operations to administration views, executing actions on multiple selected rows. The module doesn't sufficiently guard user entities against unauthorized modification. If a user has access to a user account listing view with VBO enabled (such as admin/people when the administration_views module is used), they will be able to edit their own account and give themselves a higher role (such as "administrator") even if they don't have the "'administer users'" permission. This vulnerability is mitigated by the fact that an attacker must have access to such a user listing page and that the bulk operation for changing Roles is enabled. | ||||||||||
| Alerts: |
| ||||||||||
freeimage: integer overflow
| Package(s): | freeimage | CVE #(s): | CVE-2015-0852 | ||||||||||||||||||||||||||||||||
| Created: | September 8, 2015 | Updated: | October 6, 2016 | ||||||||||||||||||||||||||||||||
| Description: | From the Mageia advisory:
FreeImage is vulnerable to an integer overflow in PluginPCX.cpp, making the PCX loader vulnerable to malicious images with a bad window specification. | ||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||
jsoup: cross-site scripting
| Package(s): | jsoup | CVE #(s): | CVE-2015-6748 | ||||
| Created: | September 8, 2015 | Updated: | September 10, 2015 | ||||
| Description: | From the Mageia advisory:
Jsoup before 1.8.3 was vulnerable to a possible XSS issue in the validator, related to how it handled tags without a closing '>' when reaching EOF. | ||||||
| Alerts: |
| ||||||
libvdpau: multiple vulnerabilities
| Package(s): | libvdpau | CVE #(s): | CVE-2015-5198 CVE-2015-5199 CVE-2015-5200 | ||||||||||||||||||||||||||||||||||||
| Created: | September 4, 2015 | Updated: | November 3, 2015 | ||||||||||||||||||||||||||||||||||||
| Description: | From the CVE entries: It was discovered that libvdpau incorrectly checks if the process underwent a security transition at startup, related to processing of the VDPAU_DRIVER_PATH environment variable. This may allow local attackers gain additional privileges. (CVE-2015-5198) It was discovered that libvdpau does not guard against directory traversal while processing the VDPAU_DRIVER environment variable. This may allow local attackers gain additional privileges. (CVE-2015-5199) It was discovered that the trace functionality of libvdpau can be used to overwrite arbitrary files if the process underwent a trust transition at startup. This may allow local attackers gain additional privileges. CVE-2015-5200) | ||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||
mediawiki: multiple vulnerabilities
| Package(s): | mediawiki | CVE #(s): | CVE-2013-7444 CVE-2015-6737 CVE-2015-6736 CVE-2015-6727 CVE-2015-6733 CVE-2015-6732 CVE-2015-6731 CVE-2015-6730 CVE-2015-6728 CVE-2015-6729 CVE-2015-6735 CVE-2015-6734 | ||||||||||||||||
| Created: | September 4, 2015 | Updated: | September 10, 2015 | ||||||||||||||||
| Description: | From the CVE entries: CVE-2013-7444 - The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the "Change block" text. CVE-2015-6737 - Cross-site scripting (XSS) vulnerability in the Widgets extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors involving base64 encoded content. CVE-2015-6736 - The Quiz extension for MediaWiki allows remote attackers to cause a denial of service via regex metacharacters in a regular expression. CVE-2015-6727 - The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block" text. CVE-2015-6733 - GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2, allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors. CVE-2015-6732 - Multiple cross-site scripting (XSS) vulnerabilities in the SemanticForms extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via the (1) wpSummary parameter to Special:FormEdit, the (2) "Template label (optional)" field in a form, or a (3) Field name in a template. CVE-2015-6731 - Multiple cross-site scripting (XSS) vulnerabilities in the SemanticForms extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via a (1) section_*, (2) template_*, (3) label_*, or (4) new_template parameter to Special:CreateForm or (5) target or (6) alt_form parameter to Special:FormEdit. CVE-2015-6730 - Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter, which is not properly handled in an error page, related to "ForeignAPI images." CVE-2015-6728 - The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack. CVE-2015-6729 - Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via the rel404 parameter, which is not properly handled in an error page. CVE-2015-6735 - The reset functionality in the TimedMediaHandler extension for MediaWiki does not create a new transcode, which allows remote attackers to cause a denial of service (transcode deletion) by resetting a transcode. CVE-2015-6734 - Cross-site scripting (XSS) vulnerability in contrib/cssgen.php in the GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
ntp: multiple vulnerabilities
| Package(s): | ntp | CVE #(s): | CVE-2015-5194 CVE-2015-5195 CVE-2015-5196 CVE-2015-5219 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | September 9, 2015 | Updated: | November 11, 2016 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the Mageia advisory:
It was found that ntpd could crash due to an uninitialized variable when
processing malformed logconfig configuration commands, for example,
It was found that ntpd exits with a segmentation fault when a statistics
type that was not enabled during compilation (e.g. timingstats) is
referenced by the statistics or filegen configuration command, for example,
It was found that the :config command can be used to set the pidfile and
driftfile paths without any restrictions. A remote attacker could use
this flaw to overwrite a file on the file system with a file containing
the pid of the ntpd process (immediately) or the current estimated drift
of the system clock (in hourly intervals). For example, It was discovered that sntp would hang in an infinite loop when a crafted NTP packet was received, related to the conversion of the precision value in the packet to double (CVE-2015-5219). | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
openafs: denial of service
| Package(s): | openafs | CVE #(s): | CVE-2015-6587 | ||||||||
| Created: | September 8, 2015 | Updated: | September 10, 2015 | ||||||||
| Description: | From the Mageia advisory:
The vlserver allows pattern matching on volume names via regular expressions when listing attributes. Because the regular expression is not checked for situations which can overflow the buffers used, an attack is possible which reads arbitrary memory beyond the end of the buffer and can act on it as part of the expression evaluation, potentially crashing the process. | ||||||||||
| Alerts: |
| ||||||||||
openshift: denial of service
| Package(s): | openshift | CVE #(s): | CVE-2015-5250 | ||||
| Created: | September 4, 2015 | Updated: | September 10, 2015 | ||||
| Description: | From the Red Hat advisory: Improper error handling in the API server can cause the master process to crash. A user with network access to the master could cause this to happen. | ||||||
| Alerts: |
| ||||||
openslp: denial of service
| Package(s): | openslp-dfsg | CVE #(s): | CVE-2015-5177 | ||||||||||||
| Created: | September 3, 2015 | Updated: | September 10, 2015 | ||||||||||||
| Description: | From the Debian-LTS advisory:
CVE-2015-5177: A double free in the SLPDProcessMessage() function could be used to cause openslp to crash. | ||||||||||||||
| Alerts: |
| ||||||||||||||
openstack-nova: denial of service
| Package(s): | openstack-nova | CVE #(s): | CVE-2015-3241 | ||||||||
| Created: | September 4, 2015 | Updated: | October 16, 2015 | ||||||||
| Description: | From the Red Hat advisory: A denial of service flaw was found in the OpenStack Compute (nova) instance migration process. Because the migration process does not terminate when an instance is deleted, an authenticated user could bypass user quota and deplete all available disk space by repeatedly re-sizing and deleting an instance. | ||||||||||
| Alerts: |
| ||||||||||
oxide-qt: code execution
| Package(s): | oxide-qt | CVE #(s): | CVE-2015-1332 | ||||
| Created: | September 9, 2015 | Updated: | September 10, 2015 | ||||
| Description: | From the Ubuntu advisory:
A heap corruption issue was discovered in oxide::JavaScriptDialogManager. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program. | ||||||
| Alerts: |
| ||||||
php: multiple vulnerabilities
| Package(s): | php | CVE #(s): | CVE-2015-6834 CVE-2015-6835 CVE-2015-6836 CVE-2015-6837 CVE-2015-6838 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | September 9, 2015 | Updated: | October 8, 2015 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | The php package has been updated to version 5.6.13, which fixes several
security issues and other bugs. See the upstream ChangeLog for more details.
The oss-security CVE assignment contains additional information. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
screen: denial of service
| Package(s): | screen | CVE #(s): | CVE-2015-6806 | ||||||||||||
| Created: | September 4, 2015 | Updated: | September 10, 2015 | ||||||||||||
| Description: | From the Red Hat bug report: A vulnerability was found in screen causing stack overflow which results in crashing the screen server process. After running malicious command inside screen, it will recursively call MScrollV to depth n/256. This is time consuming and will overflow the stack if 'n' is huge. | ||||||||||||||
| Alerts: |
| ||||||||||||||
spice: code execution
| Package(s): | spice | CVE #(s): | CVE-2015-3247 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Created: | September 4, 2015 | Updated: | September 15, 2015 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description: | From the Red Hat advisory: A race condition flaw, leading to a heap-based memory corruption, was found in spice's worker_update_monitors_config() function, which runs under the QEMU-KVM context on the host. A user in a guest could leverage this flaw to crash the host QEMU-KVM process or, possibly, execute arbitrary code with the privileges of the host QEMU-KVM process. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
struts: input validation bypass
| Package(s): | struts | CVE #(s): | CVE-2015-0899 | ||||||||||||||||
| Created: | September 4, 2015 | Updated: | September 10, 2015 | ||||||||||||||||
| Description: | From the Red Hat bug report: The Validator in Apache Struts 1.1 and later contains a function to efficiently define rules for input validation across multiple pages during screen transitions. This function contains a vulnerability where input validation may be bypassed. When the Apache Struts 1 Validator is used, the web application may be vulnerable even when this function is not used explicitly. | ||||||||||||||||||
| Alerts: |
| ||||||||||||||||||
thunderbird: code execution
| Package(s): | iceape thunderbird | CVE #(s): | CVE-2015-4496 | ||||
| Created: | September 8, 2015 | Updated: | September 10, 2015 | ||||
| Description: | From the CVE entry:
Multiple integer overflows in libstagefright in Mozilla Firefox before 38.0 allow remote attackers to execute arbitrary code via crafted sample metadata in an MPEG-4 video file. | ||||||
| Alerts: |
| ||||||
tor: information disclosure
| Package(s): | tor | CVE #(s): | |||||
| Created: | September 8, 2015 | Updated: | September 10, 2015 | ||||
| Description: | From the Tor advisory:
When a socks5 client application sends a request with a malformed hostname, the following is logged: Your application (using socks5 to port 42) gave Tor a malformed hostname: [host.example.com]. Rejecting the connection. It should say [scrubbed] as SafeLogging was not set to 0. Bug is in src/or/buffers.c :: parse_socks(), where it uses escaped() on the request address rather than escaped_safe_str_client(). | ||||||
| Alerts: |
| ||||||
util-linux: file name collision
| Package(s): | util-linux | CVE #(s): | CVE-2015-5224 | ||||
| Created: | September 9, 2015 | Updated: | September 10, 2015 | ||||
| Description: | From the Mageia advisory:
The chfn and chsh commands in util-linux's login-utils are vulnerable to a file name collision due to incorrect mkstemp usage. If the chfn and chsh binaries are both setuid-root they eventually call mkostemp in such a way that an attacker could repeatedly call them and eventually be able to overwrite certain files in /etc | ||||||
| Alerts: |
| ||||||
vorbis-tools: buffer overread
| Package(s): | vorbis-tools | CVE #(s): | CVE-2015-6749 | ||||||||||||||||||||
| Created: | September 9, 2015 | Updated: | October 27, 2015 | ||||||||||||||||||||
| Description: | From the Mageia advisory:
A buffer overread is possible in vorbis-tools in oggenc/audio.c when opening a specially crafted AIFF file. | ||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||
webmin: cross-site scripting
| Package(s): | webmin | CVE #(s): | CVE-2015-1990 | ||||
| Created: | September 9, 2015 | Updated: | September 10, 2015 | ||||
| Description: | From the Mageia advisory:
A malicious website could create links or Javascript referencing the xmlrpc.cgi script, triggered when a user logged into Webmin visits the attacking site. | ||||||
| Alerts: |
| ||||||
Page editor: Jake Edge
Next page:
Kernel development>>