Ubuntu: 1936-1: Linux kernel (Raring HWE) vulnerabilities

Aug22
by Ike on August 22, 2013 at 12:06 am
Posted In: Uncategorized

(Aug 20) Several security issues were fixed in the kernel.

 Comment 

Red Hat: 2013:1166-01: kernel: Important Advisory

Aug21
by Ike on August 21, 2013 at 11:37 pm
Posted In: Uncategorized

(Aug 20) Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More…]

 Comment 

Security Advisory 2013-08-20

Aug21
by Ike on August 21, 2013 at 1:48 pm
Posted In: Uncategorized

SUMMARY

The PHP development team announces the immediate availability of PHP 5.4.18. About 30 bugs were fixed, including security issues CVE-2013-4113 and CVE-2013-4248. All users of PHP are encouraged to upgrade to this release. cPanel has released EasyApache 3.22.5 with this updated version of PHP 5.4.18 to address this issue.

AFFECTED VERSIONS

All versions of PHP5 before 5.4.18

SECURITY RATING

The National Vulnerability Database (NIST) has given the following severity rating of these CVEs:
CVE-2013-4113 — MEDIUM
CVE-2013-4248 — MEDIUM

PHP 5.4.18

CVE-2013-4113: ext/xml/xml.c in PHP before 5.3.27 (also 5.4.x) does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibility have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function.

CVE-2013-4248: The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a “character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attacks to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

SOLUTION

cPanel, Inc. has released EasyApache 3.22.5 with updated version PHP5.4 to correct these issues. To update, please rebuild your EasyApache profile. For more information on rebuilding profiles, please consult our documentation (http://go.cpanel.net/ea).
Unless EasyApache updates are disabled on your system, the latest version of EasyApache will be used whenever EasyApache is run. Note that EasyApache updates must be done manually.

REFERENCES

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4248
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4113
http://www.php.net/ChangeLog-5.php#5.4.18
http://php.net/archive/2013.php#id2013-08-15-1

For the PGP signed message, please go here.

 Comment 

Ubuntu: 1929-1: Linux kernel vulnerability

Aug20
by Ike on August 20, 2013 at 11:58 pm
Posted In: Uncategorized

(Aug 20) The system could be made to expose sensitive information.

 Comment 

Ubuntu: 1935-1: Linux kernel vulnerabilities

Aug20
by Ike on August 20, 2013 at 11:58 pm
Posted In: Uncategorized

(Aug 20) Several security issues were fixed in the kernel.

 Comment 

58 queries. 8.25 mb Memory usage. 1.238 seconds.