Re: Multiple Vulnerabilities with Aztech Modem Routers

[Federick Joe P Fajardo]

The following CVE's have been assigned for this issues:

CVE-2014-6435 - Potential DoS attack 
Link to OSVDB ID: 111432 - http://osvdb.org/show/osvdb/111432

CVE-2014-6436 - Broken Session Management
Link to OSVDB ID: 111433 - http://osvdb.org/show/osvdb/111433

CVE-2014-6437 - File and Data Exposure
Link to OSVDB ID: 111434 - http://osvdb.org/show/osvdb/111434
Link to OSVDB ID: 111435 - http://osvdb.org/show/osvdb/111435

09/01/2014 - Notified vendor. No response.
09/12/2014 - Reported to Mitre
09/14/2014 - Initial public announcement.
09/19/2014 - CVE reservation.
09/19/2014 - Resend full-disclosure to vendor, awaiting response.

Complete reference: http://x.arpa.ph/fjpf/aztech.html

[SECURITY] [DSA 3025-2] apt regression update

[Salvatore Bonaccorso]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

- -
Debian Security Advisory DSA-3025-2   secur...@debian.org
http://www.debian.org/security/  Salvatore Bonaccorso
September 18, 2014 http://www.debian.org/security/faq
- -

Package: apt
Debian Bug : 762079

The previous update for apt, DSA-3025-1, introduced a regression when
file:/// sources are used and those are on a different partition than
the apt state directory. This update fixes the regression.

For reference, the original advisory follows.

It was discovered that APT, the high level package manager, does not
properly invalidate unauthenticated data (CVE-2014-0488), performs
incorrect verification of 304 replies (CVE-2014-0487), does not perform
the checksum check when the Acquire::GzipIndexes option is used
(CVE-2014-0489) and does not properly perform validation for binary
packages downloaded by the apt-get download command (CVE-2014-0490).

For the stable distribution (wheezy), this problem has been fixed in
version 0.9.7.9+deb7u4.

For the unstable distribution (sid), this problem has been fixed in
version 1.0.9.1.

We recommend that you upgrade your apt packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-annou...@lists.debian.org
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBCgAGBQJUG0CmAAoJEAVMuPMTQ89EBM8P/2rKhZFYQZpbVVPkSd/97VcL
6j6lmyEAgazAr0NEnrihOxDmU5DW96+WzUaA7GMoe2AW+eptjKDkTo7B6HM1WuR9
VDwTsD8yRRSXHbzGEOa2b1OBTsWvdEQWHc/RIPhyiZ+JKETcvPdCA7ZItys5odch
+4u1xlJX876Oz+OJy206Q/knJhrZUypgT6cm7WUAPxm+UyIxxj7Mzt5EL9i5okdf
AppvyREbMou1XrU86nSKBGk4YZRkX8Eh2vPu9NiYLEn4eJs8SjuUV9OCr/QGVJxj
8ElZ9Lhv0orsySUzIWZagqBcg+PPHiqzykbuYSvDdAgjB4aQAPwlHbDUFLtyappX
j5f9I4qGkmCbi7LXISScFopdzARWeObLIKxZe1C/jDjDoUNo81Hu7pSRWFvY6nar
02R3rIxLbbmqDI9h6Xd4/i7DkyVZ4shyeWeivBJ4y3kY7OB+dUXn7AelKH920whO
3P3GbXJM2iWPPAFqc0Du59HH8mmLr477n1RO7KtjyXR+3oCz+ikQ5dSqYSS4RDkt
Jwd5fyTr0U4C1ghZwLQMJsJ435i5PpqYnjrs+oRRjFWyX0cofblHCcEaa5UL9h2X
E4nKZ9YP5uHjU70b73Y7JiBAITv5/uB+9U5YBJNd4pftSTz8oocOtUwxdKM4tIg+
Yq0GAPy1aQfab62HfVES
=IgUC
-END PGP SIGNATURE-

AST-2014-010: Remote crash when handling out of call message in certain dialplan configurations

[Asterisk Security Team]

   Asterisk Project Security Advisory - AST-2014-010

 ProductAsterisk  
 SummaryRemote crash when handling out of call message in 
certain dialplan configurations   
Nature of Advisory  Remotely triggered crash of Asterisk  
  SusceptibilityRemote authenticated sessions 
 Severity   Minor 
  Exploits KnownNo
   Reported On  05 September 2014 
   Reported By  Philippe Lindheimer   
Posted On   18 September 2014 
 Last Updated OnSeptember 18, 2014
 Advisory Contact   Matt Jordan
 CVE Name   Pending   

Description  When an out of call message - delivered by either the SIP
 or PJSIP channel driver or the XMPP stack - is handled in
 Asterisk, a crash can occur if the channel servicing the 
 message is sent into the ReceiveFax dialplan application 
 while using the res_fax_spandsp module.  
  
 Note that this crash does not occur when using the   
 res_fax_digium module.   
  
 While this crash technically occurs due to a configuration   
 issue, as attempting to receive a fax from a channel driver  
 that only contains textual information will never succeed,   
 the likelihood of having it occur is sufficiently high as
 to warrant this advisory.

Resolution  The fax family of applications have been updated to handle
the Message channel driver correctly. Users using the fax 
family of applications along with the out of call text
messaging features are encouraged to upgrade their versions   
of Asterisk to the versions specified in this security
advisory. 
  
Additionally, users of Asterisk are encouraged to use a   
separate dialplan context to process text messages. This  
avoids issues where the Message channel driver is passed to   
dialplan applications that assume a media stream is   
available. Note that the various channel drivers and stacks   
provide such an option; an example being the SIP channel  
driver's outofcall_message_context option.

   Affected Versions   
 Product   Release  
   Series   
  Asterisk Open Source  11.xAll versions  
  Asterisk Open Source  12.xAll versions  
   Certified Asterisk   11.6All versions  

  Corrected In   
Product  Release  
 Asterisk Open Source11.12.1, 12.5.1  
  Certified Asterisk   11.6-cert6 

 Patches 
SVN URL  Revision  
   http://downloads.asterisk.org/pub/security/AST-2014-010-11.diff   Asterisk  
 11
   http://downloads.asterisk.org/pub/security/AST-2014-010-12.diff   Asterisk  
 12
   http://downloads.asterisk.org/pub/security/AST-2014-010-11.6.diff Certified 
 Asterisk  
 11.6  

Links  https://issues.asterisk.org/jira/browse/ASTERISK-24301 

Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security  
 

AST-2014-009: Remote crash based on malformed SIP subscription requests

[Asterisk Security Team]

   Asterisk Project Security Advisory - AST-2014-009

 ProductAsterisk  
 SummaryRemote crash based on malformed SIP subscription  
requests  
Nature of Advisory  Remotely triggered crash of Asterisk  
  SusceptibilityRemote authenticated sessions 
 Severity   Major 
  Exploits KnownNo
   Reported On  30 July, 2014 
   Reported By  Mark Michelson
Posted On   18 September, 2014
 Last Updated OnSeptember 18, 2014
 Advisory Contact   Mark Michelson  
 CVE Name   Pending   

Description  It is possible to trigger a crash in Asterisk by sending a   
 SIP SUBSCRIBE request with unexpected mixes of headers for   
 a given event package. The crash occurs because Asterisk 
 allocates data of one type at one layer and then interprets  
 the data as a separate type at a different layer. The crash  
 requires that the SUBSCRIBE be sent from a configured
 endpoint, and the SUBSCRIBE must pass any authentication 
 that has been configured.
  
 Note that this crash is Asterisk's PJSIP-based   
 res_pjsip_pubsub module and not in the old chan_sip module.  

Resolution  Type-safety has been built into the pubsub API where it   
previously was absent. A test has been added to the   
testsuite that previously would have triggered the crash. 

   Affected Versions  
Product   Release  
  Series   
  Asterisk Open Source 1.8.x   Unaffected 
  Asterisk Open Source 11.xUnaffected 
  Asterisk Open Source 12.x12.1.0 and up  
   Certified Asterisk 1.8.15   Unaffected 
   Certified Asterisk  11.6Unaffected 

  Corrected In 
 Product  Release 
  Asterisk Open Source12.5.1  

Patches  
SVN URL  Revision 
   http://downloads.asterisk.org/pub/security/AST-2014-009-12.diff   Asterisk 
 12   

Links  https://issues.asterisk.org/jira/browse/ASTERISK-24136 

Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security  
  
This document may be superseded by later versions; if so, the latest  
version will be posted at 
http://downloads.digium.com/pub/security/AST-2014-009.pdf and 
http://downloads.digium.com/pub/security/AST-2014-009.html

Revision History
 DateEditor  Revisions Made   
19 August, 2014  Mark Michelson  Initial version of document  

   Asterisk Project Security Advisory - AST-2014-009
  Copyright (c) 2014 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
   original, unaltered form.

CVE ID Syntax Change - Deadline Approaching

[Christey, Steven M.]

As we approach the end of 2014, CVE identifiers are getting closer and
closer to the magic CVE-2014- mark, which means that MITRE will be
issuing a 5-digit CVE ID within a matter of months, in accordance with
the new syntax that was selected in 2013 (basically using 5, 6, or
even more digits as needed).  Some people are still unaware that this
change has happened or have been slow to implement it.

Once a CVE identifier is issued using the new syntax, some security
products and processes could break or report incorrect vulnerability
identifiers, making vulnerability management more difficult.  Consider
a product that stops processing an XML document because its validation
step assumes that CVE IDs have only 4 digits.  Perhaps worse, consider
a critical vulnerability in a popular product that is given a 5-digit
CVE ID, which is inadvertently and silently truncated to a 4-digit ID
for a low-priority issue in a rarely-used product.  We know of at
least 6 different products or services that have had problems.
Custom, in-house software is not necessarily immune, either.

MITRE has been assigning CVE IDs faster than ever; we're up to
CVE-2014-6446 even though it's only September, which puts us on pace
to exceed 9000 for 2014 by the end of the year - and the rate of
assignment could increase in the coming months.  Even if we don't
reach 10,000 CVE-2014- identifiers by the end of 2014, MITRE will
be issuing at least one 5-digit identifier no later than January 13,
2015, to ensure that all software is tested for support of the new
syntax.

To help people address this problem, we have created a web page about
the ID syntax change, including the product features most likely to be
affected, along with some test data.

  http://cve.mitre.org/cve/identifiers/syntaxchange.html

For a list of the 19 early adopters who have stated that they are
compliant with the new syntax, see:

  http://cve.mitre.org/cve/identifiers/compliant_organizations.html

The clock is ticking!  You can reach us at cve-id-cha...@mitre.org if
you have any questions.


Thank you,
The MITRE CVE Team

APPLE-SA-2014-09-17-7 Xcode 6.0.1

[Apple Product Security]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

APPLE-SA-2014-09-17-7 Xcode 6.0.1

Xcode 6.0.1 is now available and addresses the following:

subversion
Available for:  OS X Mavericks v10.9.4 or later
Impact:  A malicious attacker may be able to cause Subversion
to terminate unexpectedly
Description:  A denial of service issue existed in Subversion when
SVNListParentPath was enabled. This issue was addressed by updating
Subversion to version 1.7.17.
CVE-ID
CVE-2014-0032

Xcode 6.0.1 may be obtained from the Downloads section of the
Apple Developer Connection Member site:  http://developer.apple.com/
Login is required, and membership is free.

Xcode 6.0.1 is also available from the App Store. It is free to
anyone with OS X Mavericks v10.9.4 and later.

To check that the Xcode has been updated:

* Select Xcode in the menu bar
* Select About Xcode
* The version after applying this update will be "6.0.1".

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJUGvwLAAoJEBcWfLTuOo7tDiEP/1Tac1/EMN3gRqhAD0CyB9jJ
58rGOIkykANzfx1UItvZBb88oDy+EGhK9ZtFSyFFdC8wxq1M1UeDayYC2IoLlYQ1
dJLYZwX1FEcgZKRKMzJQRV1GusXCGLSHG+w0iol2DdCIWbNfSt5aaqwSyJBuuklD
hlIToL3rCDpHQmhfU/D2MSK56xWxExfDofYV3DNn9eETP5TnB6RFQJYxbEMpQ6DC
Gkgm6BvnF5091XNLRJ+KYTdYbCfaY1X7TUg5uBDN8xC6ygNVKw14n/wZGpbTPT+P
asyKLEVxpwvpI5QqBD6kEJlf5ALFAv5AehpCoheM40N/AOYhQ4lBL+yhHjlXmMeH
J5Ir8nWrfGTiw2e4V7+t79RZrHQq+1jutxwWRSsEh28kBJbVYSXP2ALNfjePoNLO
58tqyN5BAVi3LIPh8Zo270iIyCggHNnWN3SZlOgtKeyZV0xi7MGHTyQPoWu0nyIx
Irh7tZx514bUg8geNSljQGOReNf4R2d1nm6/gyPhd0ZP+FWfKmUmaouS6rNNW8la
igWLkDwa/iel5ILvqXXG9ZfgjGoO9sqls1ED4lV2ETLTSIgG/+2x6tfT4xfw5a6t
UiM9yByWnVrZ51DWshIfxGxcv+Gv2ciW/u/AYH3GVtSc20RXrC0vzBIbpO6BbpSS
LZkBJnMwAJAPIG/Dq385
=/vKz
-END PGP SIGNATURE-



signature.asc
Description: Message signed with OpenPGP using GPGMail

Oracle Corporation MyOracle - Persistent Vulnerability

[Vulnerability Lab]

Document Title:
===
Oracle Corporation MyOracle - Persistent Vulnerability


References (Source):

http://www.vulnerability-lab.com/get_content.php?id=1261

Oracle Security ID (Team Tracking ID): ad...@vulnerability-lab.com-001:2014

http://vulnerability-db.com/magazine/articles/2014/09/17/oracle-corporation-fixed-vulnerability-myoracle-online-service-application


Release Date:
=
2014-09-17


Vulnerability Laboratory ID (VL-ID):

1261


Common Vulnerability Scoring System:

3.9


Product & Service Introduction:
===
Oracle Corporation is an American multinational computer technology corporation 
headquartered in Redwood City, California, United States. 
The company specializes in developing and marketing computer hardware systems 
and enterprise software products – particularly its own brands 
of database management systems. Oracle is the second-largest software maker by 
revenue, after Microsoft. The company also builds tools for 
database development and systems of middle-tier software, enterprise resource 
planning (ERP) software, customer relationship management (CRM) 
software and supply chain management (SCM) software. Larry Ellison, a 
co-founder of Oracle, has served as Oracle`s CEO throughout its history. 
He also served as the Chairman of the Board until his replacement by Jeffrey O. 
Henley in 2004. On August 22, 2008, the Associated Press 
ranked Ellison as the top-paid chief executive in the world.

(Copy of the Homepage: http://en.wikipedia.org/wiki/Oracle_Corporation )


Abstract Advisory Information:
==
The Vulnerability Laboratory Research Team discovered a persistent 
vulnerability in the official Oracle Corporation `MyOracle` service 
web-application.


Vulnerability Disclosure Timeline:
==
2014-04-28: Researcher Notification & Coordination (Benjamin Kunz Mejri)
2014-04-30: Vendor Notification (Oracle Sec Alert Security Team)
2014-05-03: Vendor Response/Feedback (Oracle Sec Alert Security Team)
2014-09-01: Vendor Fix/Patch (Oracle Developer Team - Acknowledgments 2014 
October CPU Advisory)
2014-09-17: Public Disclosure (Vulnerability Laboratory)



Discovery Status:
=
Published


Affected Product(s):


Exploitation Technique:
===
Remote


Severity Level:
===
Medium


Technical Details & Description:

A filter and persistent input validation mail encoding web vulnerability has 
been discovered in the official Oracle Corporation `MyOracle` service 
web-application.
The vulnerability allows to bypass the regular web/system validation to inject 
own script codes in outgoing emails of the account system mail server service.

The vulnerability is located in the name values of the my-oracle `registration` 
module. Remote attackers are able to inject in the first and lastname input 
fields of the 
registration formular own script codes via POST method request. The injected 
script code activates the account mail service notification which returns with 
the persistent 
code in the myoracle token activation site. The issue impact a critical risk 
because an attacker is able to inject own tokens or can manipulate the full 
mail body context.
Further send notification mails by the myoracle service can also be affected by 
the issue. The encoding of the server does not recognize outgoing service mails 
which 
results in the persistent issue in outgoing emails. The injection point is a 
profile values update or directly the remote registration itself. The security 
risk of the 
persistent mail encoding and filter web vulnerability is estimated as medium 
with a cvss (common vulnerability scoring system) count of 3.9.

Exploitation of the vulnerability requires low user interaction and no 
privileged application user account. Successful exploitation results in 
persistent session hijacking 
attacks, unauthorized external redirects to malicious sources and persistent 
manipulation of affected or connected module context.

Request Method(s):
[+] POST

Vulnerable Service(s):
[+] MyOracle

Vulnerable Module(s):
[+] Registration (exp.)

Vulnerable Parameter(s):
[+] Profile name values (firstname & lastname 
...)


[Sender]:
[+] oracle-acct...@oracle.com

[Receiver]:
[+] ad...@evolution-sec.com & 
b...@evolution-sec.com


Proof of Concept (PoC):
===
The persistent mail encoding web vulnerability can be exploited by remote 
attackers with low user interaction and without privileged application user 
account.
For security demonstration or to reproduce the persistent mail encoding web 
vulnerability foll

Apple iOS / OSX Foundation NSXMLParser XML eXternal Entity (XXE) Flaw

[VSR Advisories]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


 VSR Security Advisory
   http://www.vsecurity.com/

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Advisory Name: Apple Foundation NSXMLParser XML eXternal Entity (XXE) Flaw
 Release Date: 2014-09-17
  Application: Apple iOS Foundation Framework
   Apple OS X Foundation Framework
 Versions: iOS 7.0, 7.1, OS X 10.9 - 10.9.4
 Severity: High
   Author: George D. Gal 
Vendor Status: Fix Available
CVE Candidate: CVE-2014-4374
Reference: http://www.vsecurity.com/resources/advisory/20140917-1/
   http://support.apple.com/kb/HT1222

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=


Product Description
~-~
- From [1]:
"Xcode includes software development kits (SDKs) that enable you to create
  applications that run on specific versions of iOS or OS X?including
  versions different from the one you are developing on. This technology
  lets you build a single binary that takes advantage of new features when
  running on a system that supports them, and gracefully degrades when
  running on an older system. Some Apple frameworks automatically modify
  their behavior based on the SDK an application is built against for
  improved compatibility."


Vulnerability Overview
~~
In May 2014, VSR identified a vulnerability in versions 7.0 and 7.1 of
the iOS
SDK whereby the NSXMLParser class, resolves XML External Entities by default
despite documentation which indicates otherwise.  In addition, settings to
change the behavior of XML External Entity resolution appears to be
non-functional.

This vulnerability, commonly known as XXE (XML eXternal Entities) attacks
could allow for an attacker's ability to use the XML parser to carry out
attacks ranging from network port scanning, information disclosure,
denial of service, and potentially to carry out remote file retrieval.

Further review also revealed that the Foundation Framework used in OS X
10.9.x is also vulnerable.

The severity of this vulnerability varies. For example, in situations where
the application does not reflect user influenced XML, retrieval of files
may be limited, however using external HTTP entities could be used to
conduct port scans. In other scenarios if core iOS applications transmit XML
over plaintext protocols, these protocols could potentially be intercepted
to leak contents of any file on the mobile device. For App Store
applications
files which could be accessed may be limited to those under the individual
chrooted application directories, or in the case of jailbroken devices, any
file on the filesystem.


Vulnerability Details
~---~

Apple's NSXMLParser documentation [2] indicates that external entity
resolution is disabled in the parser by default. However, inspection of
multiple applications running on iOS 7.0 and 7.1 now appear to resolve
external entities by default, and even when attempting to disable entity
resolution explicitly as shown below:

[nsXmlParser setShouldResolveExternalEntities:NO];

The following source code demonstrates the flaw:


- - (void) doParse:(NSData *)data {

// create and init NSXMLParser object
NSXMLParser *nsXmlParser = [[NSXMLParser alloc] initWithData:data];

// Why does the following not even work!?
[nsXmlParser setShouldResolveExternalEntities:NO];

// create and init our delegate
VSRParser *parser = [[VSRParser alloc] initXMLParser];

// set delegate
[nsXmlParser setDelegate:parser];

// parsing...
BOOL success = [nsXmlParser parse];

// test the result
if (success) {
NSLog(@"No errors");
NSMutableArray *stuff = [parser tests];

} else {
NSLog(@"Error parsing document!");
}

[parser release];
[nsXmlParser release];

}


When using a vulnerable input XML file as shown below, the XML parser
attempts
to perform network name resolution and access the resource defined by &http;


http://iossdk-xxe.apt.vsecurity.org/";>

]>


&file;
&http;



The following DNS and web server log entries demonstrate attempts to resolve
&http;

2014-05-19_13:26:28.31088 ...  iossdk-xxe.apt.vsecurity.org

XX.XX.XX.XX - - [19/May/2014:09:26:28 -0400] "GET /xxe HTTP/1.0" 404 446
"-" "-"


In more serious exploitation scenarios, plaintext XML communications between
a server and iOS mobile application, or OS X client application could be
intercepted and modified in transit to reference a file present on the
client
device. If the device reflects this value in subsequent communications or
errors the contents of files stored on the device could be leaked to an
attacker

Versions Affected
~---~
VSR's analysis revealed that the IOS 7.0, 7.1 SDKs are vulnerable, while
earlier versions of IOS and the IOS SDK do not appear to be affected. This

Apple iOS / OSX Foundation NSXMLParser XML eXternal Entity (XXE) Flaw

[VSR Advisories]

hope that it will help promote public safety.  This advisory comes with
absolutely NO WARRANTY; not even the implied warranty of merchantability or
fitness for a particular purpose.  Neither Virtual Security Research, LLC nor
the author accepts any liability for any direct, indirect, or consequential
loss or damage arising from use of, or reliance on, this information.

See the VSR disclosure policy for more information on our responsible
disclosure practices:
  http://www.vsecurity.com/company/disclosure

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Copyright 2014 Virtual Security Research, LLC.  All rights reserved.


signature.asc
Description: Message signed with OpenPGP using GPGMail

APPLE-SA-2014-09-17-6 OS X Server 2.2.3

[Apple Product Security]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

APPLE-SA-2014-09-17-6 OS X Server 2.2.3

OS X Server 2.2.3 is now available and addresses the following:

CoreCollaboration
Available for:  OS X Mountain Lion v10.8.5
Impact:  A remote attacker may be able to execute arbitrary SQL
queries
Description:  A SQL injection issue existed in Wiki Server. This
issue was addressed through additional validation of SQL queries.
CVE-ID
CVE-2014-4424 : Sajjad Pourali (saj...@securation.com) of CERT of
Ferdowsi University of Mashhad

OS X Server 2.2.3 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJUGkbuAAoJEBcWfLTuOo7tYVMQAKaz8CbU1iJrm+5fvLPnXrBF
eWp0tYCDPcoj1tUJ79+XJplJHsZ2Ezb0bQ8gvNSRLgT32Dw4gtRPmZ9c+/UHMUV6
rbSeF73x4IC6yF56ghbKjTkFJguniaS/k6KWCYhqU2Ew/qya2nJdj/RGS5AICQb3
HVg50yW+jRb5geLOL/+Sd7R+zjg3OZb+Z7h+/ynCI53tGgVB9LzslrI+thNAA2Fz
mAsHtF1Fx6l9F+lbCygJj6sNoBxDJPadBlPPjR7E1C06cCoxlARdz2K74qFONt6+
/zSbWofuszvN23HmY9+JYmIQ7x0wi9Ff7W18Ai5nN2/GCLzOM/lJKHKY2tTG781h
R9g1bX1Q0mB9e+RYqmgwSvdtijFXjtOqNza8X9fBHP5bzArucMaFrhUqCEeSqSfs
6hijGHJzK/buNdIzP2wBceA/EXRAfqUZi8r4FTGLQMqZvath3nhrEP+T2LezBCwS
7foYeCo1AXp6oQDgKA0QUflFZg6eZlLFPngvFQn/7ko+I/K1+RzZwbiwS+61pNva
AaoSTeuzeYKuWIFQU80I+mZ1bwqr60Ns9Q3AtIJlKlu/3+l+G3eOW397SqtqbPdh
jRAsmOpcA6w5afjT1yIlcGis/k3H7VAvuVNu6ZZ6JGdXD+q1O4K9GQA2vqxgBLO8
w5/NX6or7DEXSvpwiLND
=s9TT
-END PGP SIGNATURE-



signature.asc
Description: Message signed with OpenPGP using GPGMail

APPLE-SA-2014-09-17-5 OS X Server 3.2.1

[Apple Product Security]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

APPLE-SA-2014-09-17-5 OS X Server 3.2.1

OS X Server 3.2.1 is now available and addresses the following:

CoreCollaboration
Available for:  OS X Mavericks v10.9.5 or later
Impact:  A remote attacker may be able to execute arbitrary SQL
queries
Description:  A SQL injection issue existed in Wiki Server. This
issue was addressed through additional validation of SQL queries.
CVE-ID
CVE-2014-4424 : Sajjad Pourali (saj...@securation.com) of CERT of
Ferdowsi University of Mashhad

CoreCollaboration
Available for:  OS X Mavericks v10.9.5 or later
Impact:  Visiting a maliciously crafted website may lead to the
execution of arbitrary JavaScript
Description:  A cross-site scripting issue existed in Xcode Server.
This issue was addressed through improved encoding of HTML output.
CVE-ID
CVE-2014-4406 : David Hoyt of Hoyt LLC

CoreCollaboration
Available for:  OS X Mavericks v10.9.5 or later
Impact:  Multiple vulnerabilities in PostgreSQL, the most serious of
which may lead to arbitrary code execution
Description:  Multiple vulnerabilities existed in PostgreSQL. This
issue was addressed by updating PostgreSQL to version 9.2.7.
CVE-ID
CVE-2014-0060
CVE-2014-0061
CVE-2014-0062
CVE-2014-0063
CVE-2014-0064
CVE-2014-0065
CVE-2014-0066


OS X Server 3.2.1 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJUGkbmAAoJEBcWfLTuOo7tSBkP/07Yf4OuqTDwFyDQBo84+YXo
1Qu+xK/c2rawndhYn7EE+U+7pxP+2WMpanTW/UQqiDLJ+c98j63JqKBSL3qtB1ew
NKSBNm9sMEyu6sp0bQfpMh8oIWjLga3U+QCM2x0JFOOVJpleMM8N21oZZcHtALKT
CxGHnAxFny1k4xof1kTxfrcH46mroUf8xut1A6UI2G9pv50YPqtsGzEmnV6lRfkb
ZjvRgrZU6CZbJNwj4hx4+F1is0V1mCV7Tg9w9Ydf5d+i/3XFLKYvYyCTErV6CU3T
/d9rfPkQl3tyZsHWQCQ/wG05ahdiv2AM7hw1C/PdMP0ou0cm8ed61T8doD8DA4D0
BkljUTHKxLlZqt7J1tYLi755HE6Glnc/5nmvGiDp9JXtIBG9WxXq7x34eRhtUOZc
XEdBXO8+53tGDdXi5jRNMZ6eFmi2bO8Jp5Di/o9by1ImNZA9pmc9giaPqaAnDirx
NgFbPGsNMYktrNBJ/gAnH1J/MDFOwZTct6O0vQJmkTN3T9ZKythKcMu4J1aPpC8J
aV/0xf01c5kdCxlzxRsI9pn9lNaepEzX0KM0ZatYuDg+SUFZ93AGYlIBUE47bhbw
XcEsswCPVbsied0sqaqW75rPnqUwm5zYrEDpxOsva9Y754/ZdJwpjEPLkwp9Ptpk
onRbSLPgIJk0BnObVNoY
=HQ9W
-END PGP SIGNATURE-



signature.asc
Description: Message signed with OpenPGP using GPGMail

APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update 2014-004

[Apple Product Security]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update
2014-004

OS X Mavericks 10.9.5 and Security Update 2014-004 are now available
and address the following:

apache_mod_php
Available for:  OS X Mavericks 10.9 to 10.9.4
Impact:  Multiple vulnerabilities in PHP 5.4.24
Description:  Multiple vulnerabilities existed in PHP 5.4.24, the
most serious of which may have led to arbitrary code execution. This
update addresses the issues by updating PHP to version 5.4.30
CVE-ID
CVE-2013-7345
CVE-2014-0185
CVE-2014-0207
CVE-2014-0237
CVE-2014-0238
CVE-2014-1943
CVE-2014-2270
CVE-2014-3478
CVE-2014-3479
CVE-2014-3480
CVE-2014-3487
CVE-2014-3515
CVE-2014-3981
CVE-2014-4049

Bluetooth
Available for:  OS X Mavericks 10.9 to 10.9.4
Impact:  A malicious application may be able to execute arbitrary
code with system privileges
Description:  A validation issue existed in the handling of a
Bluetooth API call. This issue was addressed through improved bounds
checking.
CVE-ID
CVE-2014-4390 : Ian Beer of Google Project Zero

CoreGraphics
Available for:  OS X Mavericks 10.9 to 10.9.4
Impact:  Opening a maliciously crafted PDF file may lead to an
unexpected application termination or an information disclosure
Description:  An out of bounds memory read existed in the handling of
PDF files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4378 : Felipe Andres Manzano of Binamuse VRT working with
the iSIGHT Partners GVP Program

CoreGraphics
Available for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,
OS X Mountain Lion v10.8.5, OS X Mavericks 10.9 to 10.9.4
Impact:  Opening a maliciously crafted PDF file may lead to an
unexpected application termination or arbitrary code execution
Description:  An integer overflow existed in the handling of PDF
files. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4377 : Felipe Andres Manzano of Binamuse VRT working with
the iSIGHT Partners GVP Program

Foundation
Available for:  OS X Mavericks 10.9 to 10.9.4
Impact:  An application using NSXMLParser may be misused to disclose
information
Description:  An XML External Entity issue existed in NSXMLParser's
handling of XML. This issue was addressed by not loading external
entities across origins.
CVE-ID
CVE-2014-4374 : George Gal of VSR (http://www.vsecurity.com/)

Intel Graphics Driver
Available for:  OS X Mountain Lion v10.8.5,
OS X Mavericks 10.9 to 10.9.4
Impact:  Compiling untrusted GLSL shaders may lead to an unexpected
application termination or arbitrary code execution
Description:  A user-space buffer overflow existed in the shader
compiler. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2014-4393 : Apple

Intel Graphics Driver
Available for:  OS X Mountain Lion v10.8.5,
OS X Mavericks 10.9 to 10.9.4
Impact:  A malicious application may be able to execute arbitrary
code with system privileges
Description:  Multiple validation issues existed in some integrated
graphics driver routines. These issues were addressed through
improved bounds checking.
CVE-ID
CVE-2014-4394 : Ian Beer of Google Project Zero
CVE-2014-4395 : Ian Beer of Google Project Zero
CVE-2014-4396 : Ian Beer of Google Project Zero
CVE-2014-4397 : Ian Beer of Google Project Zero
CVE-2014-4398 : Ian Beer of Google Project Zero
CVE-2014-4399 : Ian Beer of Google Project Zero
CVE-2014-4400 : Ian Beer of Google Project Zero
CVE-2014-4401 : Ian Beer of Google Project Zero
CVE-2014-4416 : Ian Beer of Google Project Zero

IOAcceleratorFamily
Available for:  OS X Mountain Lion v10.8.5,
OS X Mavericks 10.9 to 10.9.4
Impact:  A malicious application may be able to execute arbitrary
code with system privileges
Description:  A null pointer dereference existed in the handling of
IOKit API arguments. This issue was addressed through improved
validation of IOKit API arguments.
CVE-ID
CVE-2014-4376 : Ian Beer of Google Project Zero

IOAcceleratorFamily
Available for:  OS X Mavericks 10.9 to 10.9.4
Impact:  A malicious application may be able to execute arbitrary
code with system privileges
Description:  An out-of-bounds read issue existed in the handling of
an IOAcceleratorFamily function. This issue was addressed through
improved bounds checking.
CVE-ID
CVE-2014-4402 : Ian Beer of Google Project Zero

IOHIDFamily
Available for:  OS X Mountain Lion v10.8.5,
OS X Mavericks 10.9 to 10.9.4
Impact:  A local user can read kernel pointers, which can be used to
bypass kernel address space layout randomization
Description:  An out-of-bounds read issue existed in the handling of
an IOHIDFamily function. This issue was addressed through improved
bounds checking.
CVE-ID
CVE-2014-4379 : Ian Beer of Google Project Zero

IOKit
Available for:  OS X Mountain Lion v10.8.5,
OS X Mavericks 10.9 to 10.9.4
Impact:  A malicious application may be able to execute arbitrary
code with system privileges
Description:  A validation issue existed in the handling of certain
metadata fields of I

APPLE-SA-2014-09-17-4 Safari 6.2 and Safari 7.1

[Apple Product Security]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

APPLE-SA-2014-09-17-4 Safari 6.2 and Safari 7.1

Safari 6.2 and Safari 7.1 are now available and address the
following:

Safari
Available for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact:  An attacker with a privileged network position may intercept
user credentials
Description:  Saved passwords were autofilled on http sites, on https
sites with broken trust, and in iframes. This issue was addressed by
restricting password autofill to the main frame of https sites with
valid certificate chains.
CVE-ID
CVE-2014-4363 : David Silver, Suman Jana, and Dan Boneh of Stanford
University working with Eric Chen and Collin Jackson of Carnegie
Mellon University

WebKit
Available for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact:  Visiting a maliciously crafted website may lead to an
unexpected application termination or arbitrary code execution
Description:  Multiple memory corruption issues existed in WebKit.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2013-6663 : Atte Kettunen of OUSPG
CVE-2014-4410 : Eric Seidel of Google
CVE-2014-4411 : Google Chrome Security Team
CVE-2014-4412 : Apple
CVE-2014-4413 : Apple
CVE-2014-4414 : Apple
CVE-2014-4415 : Apple

WebKit
Available for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5
Impact:  A malicious website may be able to track users even when
private browsing is enabled
Description:  A web application could store HTML 5 application cache
data during normal browsing and then read the data during private
browsing. This was addressed by disabling access to the application
cache when in private browsing mode.
CVE-ID
CVE-2014-4409 : Yosuke Hasegawa (NetAgent Co., Led.)


Safari 7.1 and Safari 6.2 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJUGkSxAAoJEBcWfLTuOo7tNVcP/j3m7E6n31A4jJ+KpQK8QSaC
no9gPE/qLSAyHCPY1GvaLqNAiFrfbHvJu0C9GCRQe0K7CElCIovtxUZ91PREInPw
yQHsyFefeICOXwmU7fz1MWJcUufV6vdThcOzLQciSC2SomiptGdfhbi1/oyXWa7b
6W8m2adZBv4XDUfObEVO8S28/XsBRN5zHXGbGmwTqobBAGZp8G/IDiB5RjjY0vC3
TCs4TvhlWqUSyCaubqRGtvTol8+eVqFkFsJb/e4j8IlHi83BF5Gb20F+L3kW9lBH
rez4sz/chnjR5cFc6Be3ciXNdG10d5urMBFTXB8u6Wu7rl5oShD25OB/j4n+8Ik4
tvQZfGsRnTicFgywX28QuRVWwldK4VFvMcHAEPZ+8FuwjJCZSLbk0JPXJTC374N2
+G/fh6knx+yNEezedUAbR93OFIDn9lKniVlfVvALs8DnI4Qvfus1yQ9Pxb4rA6Y6
wguh4HaAeasMVZeL9nA8NHPH4aVhGryhaGq3N4ykag/TKtXAn2EsOsevQ5tWRYV2
LMJiFcDHcqjOftmbkNN/jbR35PX9InSBVeFqWG++01xKpcR/YrP1uEHY3fiQC/Z4
kX7nr26nrMXJkEb28ShAlyMYmGaQdos5S6jfe2liNg2C4y4E4aUbMwi8+L/wzXO+
mlqQ1qQbOepcgb+U0iLX
=muK9
-END PGP SIGNATURE-



signature.asc
Description: Message signed with OpenPGP using GPGMail

CVE ID Syntax Change - Deadline Approaching

[Christey, Steven M.]

As we approach the end of 2014, CVE identifiers are getting closer and
closer to the magic CVE-2014- mark, which means that MITRE will be
issuing a 5-digit CVE ID within a matter of months, in accordance with
the new syntax that was selected in 2013 (basically using 5, 6, or
even more digits as needed).  Some people are still unaware that this
change has happened or have been slow to implement it.

Once a CVE identifier is issued using the new syntax, some security
products and processes could break or report incorrect vulnerability
identifiers, making vulnerability management more difficult.  Consider
a product that stops processing an XML document because its validation
step assumes that CVE IDs have only 4 digits.  Perhaps worse, consider
a critical vulnerability in a popular product that is given a 5-digit
CVE ID, which is inadvertently and silently truncated to a 4-digit ID
for a low-priority issue in a rarely-used product.  We know of at
least 5 different products or services that have had problems.
Custom, in-house software is not necessarily immune, either.

MITRE has been assigning CVE IDs faster than ever; we're up to
CVE-2014-6446 even though it's only September, which puts us on pace
to exceed 9000 for 2014 by the end of the year - and the rate of
assignment could increase in the coming months.  Even if we don't
reach 10,000 CVE-2014- identifiers by the end of 2014, MITRE will
be issuing at least one 5-digit identifier no later than January 13,
2015, to ensure that all software is tested for support of the new
syntax.

To help people address this problem, we have created a web page about
the ID syntax change, including the product features most likely to be
affected, along with some test data.

  http://cve.mitre.org/cve/identifiers/syntaxchange.html

For a list of the 19 early adopters who have stated that they are
compliant with the new syntax, see:

  http://cve.mitre.org/cve/identifiers/compliant_organizations.html

The clock is ticking!  You can reach us at cve-id-cha...@mitre.org if
you have any questions.


Thank you,
The MITRE CVE Team

[SECURITY] [DSA 3028-1] icedove security update

[Moritz Muehlenhoff]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- -
Debian Security Advisory DSA-3028-1   secur...@debian.org
http://www.debian.org/security/Moritz Muehlenhoff
September 17, 2014 http://www.debian.org/security/faq
- -

Package: icedove
CVE ID : CVE-2014-1562 CVE-2014-1567

Multiple security issues have been found in Icedove, Debian's version of
the Mozilla Thunderbird mail and news client: Multiple memory safety 
errors and use-after-frees may lead to the execution of arbitrary code 
or denial of service.

For the stable distribution (wheezy), these problems have been fixed in
version 24.8.0-1~deb7u1.

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your icedove packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-annou...@lists.debian.org
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBAgAGBQJUGeY8AAoJEBDCk7bDfE42pqkP/ibbHZLP+85KXD+UNbWs4JM9
t8BvPYnWGmFQwBT4pUD0uj6LgHyf/wHOHeatiBej5wP3GRLfkRpBfItNa8ujy+V6
lhA1p1+sCTt8UlSOWRidoh1m0cnG7PZM3zFi2fsdparZuCYMM9wDOd206cOOGdoe
Thl50ohEK1PSFgcRvRx9AJF5kwcEp8tieyxHqzTB7yAIATkAGa812+9G9QIpARrH
iSgOW85X3nMIAQanDKbcXikFc6EgneMyJcqMtha24s3R3jut/q4ez25efKvTVM+g
0mZr+euJXYlWL+Rd1uiCePV0lDtaAkKTyNy1oIn5mHzVQ/KKkUkXGn6y+veE8Rdf
ICjSx/sVRNLD634tLFgSS34W1CL6cVeMFNZTvuxplIIBE1RmTO4QStK6lnvqcNnB
PIZL/k1NV4KWIcnk+Go9dF56vHENezB7b6AlE1vc8cwiYKnH3Ia68EKp6Lbwadu9
H/fPIZq/27oeIxo8N3KHsBcfnRHlxtCe5t29gtFaeuCpsmQe8QyUorKiqyMGjTwv
O1U3gwaXco76+dc1YhS6sMS6pn4Nqqg21OnrS5dGD3FCeXANBbmT5/DrSE8m4B7O
7bovLnSw3pQ61kc03timyIUSfkvVzLiNFORjkDJF1+44XykxllrmsENvlzwLTIoz
boWFmcGexJk0LC1//hje
=j5WK
-END PGP SIGNATURE-

[SECURITY] [DSA 3027-1] libav security update

[Moritz Muehlenhoff]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- -
Debian Security Advisory DSA-3027-1   secur...@debian.org
http://www.debian.org/security/Moritz Muehlenhoff
September 17, 2014 http://www.debian.org/security/faq
- -

Package: libav
CVE ID : CVE-2013-7020

Several security issues have been corrected in multiple demuxers and 
decoders of the libav multimedia library. A full list of the changes is 
available at 
http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v0.8.15

For the stable distribution (wheezy), this problem has been fixed in
version 6:0.8.16-1.

For the testing distribution (jessie), this problem has been fixed in
version 6:11~alpha2-1.

For the unstable distribution (sid), this problem has been fixed in
version 6:11~alpha2-1.

We recommend that you upgrade your libav packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-annou...@lists.debian.org
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBAgAGBQJUGeY1AAoJEBDCk7bDfE42YcgQALMeKRyCTYFGUw1Wa1THDwAc
dCDJIFUreGuZZotF0zXryFTmtaE0VoGE1shwNkjYgJI4EM/RRAejE55UQadj4Kw0
kQW17ruso1IK41/rIjZUBNGK2PGq8oX/nJ8qIAw+VS6wDUKDyaFi/sKiWHdOnnKx
gUirXM2WrkCHz88Z0v5R+Xd1wrp6TvwPDuqdUsRAPybNpauqdf0tbazfjC6cctsT
WOAcskXaXwUnUJeU+fWCq2HA1I10ldJsV2TeVrPXkMk6JJwiT7kKmNS7V8VpS48v
KZm4tNIlZu/OhpyouxZuvujCIHyb/1S2sJKuPp5VOegXQPn68usptoJguOPJL+xo
nEZbt37KCBn6PZvIazTpUGbpCASx9T/1ynWsNyQYFGT9/zJsYnL1E6h/0FXxAXqr
lmG5jgPdm0XRCclfHAnNXcBfrmPIsUkRdgZOiTJSWQmAq28tNiKoZwfT1eM2piRj
Dye6/3LK7+w0dNJi2uLIAYE+KpgXFBAgqwDCH5odhFdjTbXbBof9BDmtpc/ybf9Z
TQoZ5AUI04DPjNhw2nhWI7fgRCoO/BqsMzcarwXSumGT6KH7TH78LSY4c/66jdm6
MbcjipXChpCduwIH2ovUZq/p9qW4N6r9j+mqqTvowVlDt2yv0M6I09Ucjqble6HN
jdpExqiFJvtG4sKqb02d
=+a8r
-END PGP SIGNATURE-