[security bulletin] HPSBHF03652 rev.1 - HPE iMC PLAT Network Products running Apache Commons FileUpload, Remote Denial of Service (DoS)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05289840 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05289840 Version: 1 HPSBHF03652 rev.1 - HPE iMC PLAT Network Products running Apache Commons FileUpload, Remote Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2016-09-26 Last Updated: 2016-09-26 Potential Security Impact: Remote Denial of Service (DoS) Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY A potential vulnerability in Apache Commons FileUpload was addressed by HPE iMC PLAT network products. The vulnerability could be exploited remotely resulting in a Denial of Service (DoS). References: - CVE-2016-3092 - PSRT110190 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - HPE iMC PLAT - Please refer to the RESOLUTION below for a list of impacted products. All product versions are impacted prior to the fixed version listed. BACKGROUND CVSS Base Metrics = Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2016-3092 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 RESOLUTION HPE has made the following software update available to resolve the vulnerability in the iMC PLAT network products listed. + **iMC PLAT - Version: IMC PLAT 7.2, E0403P10** - JD125A HP IMC Std S/W Platform w/100-node - JD126A HP IMC Ent S/W Platform w/100-node - JD808A HP IMC Ent Platform w/100-node License - JD814A HP A-IMC Enterprise Edition Software DVD Media - JD815A HP IMC Std Platform w/100-node License - JD816A HP A-IMC Standard Edition Software DVD Media - JF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU - JF289AAE HP Enterprise Management System to Intelligent Management Center Upgrade E-LTU - JF377A HP IMC Std S/W Platform w/100-node Lic - JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU - JF378A HP IMC Ent S/W Platform w/200-node Lic - JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU - JG546AAE HP IMC Basic SW Platform w/50-node E-LTU - JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU - JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU - JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU - JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU - JG550AAE HPE PCM+ Mobility Manager to IMC Basic WLAN Platform Upgrade 50-node and 150-AP E-LTU - JG590AAE HPE IMC Basic WLAN Manager Software Platform 50 Access Point E-LTU - JG660AAE HP IMC Smart Connect with Wireless Manager Virtual Appliance Edition E-LTU - JG766AAE HP IMC Smart Connect Virtual Appliance Edition E-LTU - JG767AAE HP IMC Smart Connect with Wireless Manager Virtual Appliance Edition E-LTU - JG768AAE HPE PCM+ to IMC Standard Software Platform Upgrade with 200-node E-LTU **Note:** Please contact HPE Technical Support if any assistance is needed acquiring the software updates. HISTORY Version:1 (rev.1) - 26 September 2016 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-al...@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-al...@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its
[security bulletin] HPSBHF03654 rev.1 - HPE iMC PLAT Network Products using SSL/TLS, Multiple Remote Vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05289935 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05289935 Version: 1 HPSBHF03654 rev.1 - HPE iMC PLAT Network Products using SSL/TLS, Multiple Remote Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2016-09-26 Last Updated: 2016-09-26 Potential Security Impact: Multiple Remote Vulnerabilities Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HPE iMC PLAT network products using SSL/TLS. These vulnerabilities could be exploited remotely resulting in disclosure of information and other impacts including: - The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate. - The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext. - The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah" could be exploited remotely to allow disclosure of information. References: - CVE-2004-2761 - SSL/TLS MD5 Algorithm is not collision resistant - CVE-2013-2566 - SSL/TLS RC4 algorithm vulnerability - CVE-2015-2808 - SSL/TLS RC4 stream vulnerability known as "Bar Mitzvah" - PSRT110210 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - HPE iMC PLAT - Please refer to the RESOLUTION below for a list of impacted products. All product versions are impacted prior to the fixed version listed. BACKGROUND CVSS Base Metrics = Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2004-2761 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N) CVE-2013-2566 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) CVE-2015-2808 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 RESOLUTION HPE has made the following software available to resolve the vulnerabilities in the iMC PLAT network products listed. + **iMC PLAT - Version: IMC PLAT 7.2, E0403P10** - JD125A HP IMC Std S/W Platform w/100-node - JD126A HP IMC Ent S/W Platform w/100-node - JD808A HP IMC Ent Platform w/100-node License - JD814A HP A-IMC Enterprise Edition Software DVD Media - JD815A HP IMC Std Platform w/100-node License - JD816A HP A-IMC Standard Edition Software DVD Media - JF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU - JF289AAE HP Enterprise Management System to Intelligent Management Center Upgrade E-LTU - JF377A HP IMC Std S/W Platform w/100-node Lic - JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU - JF378A HP IMC Ent S/W Platform w/200-node Lic - JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU - JG546AAE HP IMC Basic SW Platform w/50-node E-LTU - JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU - JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU - JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU - JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU - JG550AAE HPE PCM+ Mobility Manager to IMC Basic WLAN Platform Upgrade 50-node and 150-AP E-LTU - JG590AAE HPE IMC Basic WLAN Manager Software Platform 50 Access Point E-LTU - JG660AAE HP IMC Smart Connect with Wireless Manager Virtual Appliance Edition E-LTU - JG766AAE HP IMC Smart Connect Virtual Appliance Edition E-LTU - JG767AAE HP IMC Smart Connect with Wireless Manager Virtual Appliance Edition E-LTU - JG768AAE HPE PCM+ to IMC Standard Software Platform Upgrade with 200-node E-LTU **Note:** Please contact HPE Technical Support if any assistance is needed acquiring the software updates. HISTORY Version:1 (rev.1) - 26 September 2016 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-al...@hpe.com.
[security bulletin] HPSBHF03655 rev.1 - HPE iMC PLAT Network Products running Apache Axis2, Multiple Remote Vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05289984 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05289984 Version: 1 HPSBHF03655 rev.1 - HPE iMC PLAT Network Products running Apache Axis2, Multiple Remote Vulnerabilities NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2016-09-26 Last Updated: 2016-09-26 Potential Security Impact: Multiple Remote Vulnerabilities Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HPE iMC PLAT network products running Apache Axis2. These vulnerabilities could be exploited remotely resulting in Denial of Service (DoS), disclosure of information, and other impacts. References: - CVE-2010-1632 - PSRT110216 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - HPE iMC PLAT - Please refer to the RESOLUTION below for a list of impacted products. All product versions are impacted prior to the fixed version listed. BACKGROUND CVSS Base Metrics = Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2010-1632 7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 RESOLUTION HPE has made the following software update available to resolve the vulnerability in the iMC PLAT network products listed. + **iMC PLAT - Version: IMC PLAT 7.2, E0403P10** - JD125A HP IMC Std S/W Platform w/100-node - JD126A HP IMC Ent S/W Platform w/100-node - JD808A HP IMC Ent Platform w/100-node License - JD814A HP A-IMC Enterprise Edition Software DVD Media - JD815A HP IMC Std Platform w/100-node License - JD816A HP A-IMC Standard Edition Software DVD Media - JF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU - JF289AAE HP Enterprise Management System to Intelligent Management Center Upgrade E-LTU - JF377A HP IMC Std S/W Platform w/100-node Lic - JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU - JF378A HP IMC Ent S/W Platform w/200-node Lic - JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU - JG546AAE HP IMC Basic SW Platform w/50-node E-LTU - JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU - JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU - JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU - JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU - JG550AAE HPE PCM+ Mobility Manager to IMC Basic WLAN Platform Upgrade 50-node and 150-AP E-LTU - JG590AAE HPE IMC Basic WLAN Manager Software Platform 50 Access Point E-LTU - JG660AAE HP IMC Smart Connect with Wireless Manager Virtual Appliance Edition E-LTU - JG766AAE HP IMC Smart Connect Virtual Appliance Edition E-LTU - JG767AAE HP IMC Smart Connect with Wireless Manager Virtual Appliance Edition E-LTU - JG768AAE HPE PCM+ to IMC Standard Software Platform Upgrade with 200-node E-LTU **Note:** Please contact HPE Technical Support if any assistance is needed acquiring the software updates. HISTORY Version:1 (rev.1) - 26 September 2016 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-al...@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-al...@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent
[SECURITY] [DSA 3678-1] python-django security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-3678-1 secur...@debian.org https://www.debian.org/security/ Florian Weimer September 26, 2016https://www.debian.org/security/faq - - Package: python-django CVE ID : CVE-2016-7401 Sergey Bobrov discovered that cookie parsing in Django and Google Analytics interacted such a way that an attacker could set arbitrary cookies. This allows other malicious web sites to bypass the Cross-Site Request Forgery (CSRF) protections built into Django. For the stable distribution (jessie), this problem has been fixed in version 1.7.11-1+deb8u1. For the unstable distribution (sid), this problem has been fixed in version 1:1.10-1. We recommend that you upgrade your python-django packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJX6ZZnAAoJEL97/wQC1SS+dykH/2CovPvBanbq6bdqyFJumSQS bQoD1beB7Chue4zthCvkH+tQMYG6f/mZbRL4bUTjTYUrI0FL5OF7bmc40bKFatDL EJU9LrWGxlPaDHbp3//eOgN8/jJrxHzcmgZC9r5IlEvxZMlOoYjHO4g1dswh7lH/ g5Mi/nnlsKPEpgyjUKLXryx2hHDsigsqMl6DpAeXsklmRiGArrOYK7OfD5Fq4utB 2T/QvlRm43kQ9p/bpSvUJkkRm+7QjXElSNBa79fQ1dED8gGAi0iYEu46JOydmMqB 9lHfsLuBjWYKRDPPcxYKDnvKejI84pSSMWVenGKdhVZKbZYar2MS2h4QCcqHjxc= =QUR6 -END PGP SIGNATURE-
[slackware-security] openssl (SSA:2016-270-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] openssl (SSA:2016-270-01) New openssl packages are available for Slackware 14.2 and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/openssl-1.0.2j-i586-1_slack14.2.txz: Upgraded. This update fixes a security issue: Missing CRL sanity check (CVE-2016-7052) For more information, see: https://www.openssl.org/news/secadv/20160926.txt https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7052 (* Security fix *) patches/packages/openssl-solibs-1.0.2j-i586-1_slack14.2.txz: Upgraded. +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2j-i586-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2j-i586-1_slack14.2.txz Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2j-x86_64-1_slack14.2.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2j-x86_64-1_slack14.2.txz Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2j-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2j-i586-1.txz Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2j-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2j-x86_64-1.txz MD5 signatures: +-+ Slackware 14.2 packages: cf3e90f91b35ee96f5a900e5f2ec8fd5 openssl-1.0.2j-i586-1_slack14.2.txz 31cc46351fdd4c487f75abdbfcd696e7 openssl-solibs-1.0.2j-i586-1_slack14.2.txz Slackware x86_64 14.2 packages: 333fd278752b5f04a805aeabd77f28c4 openssl-1.0.2j-x86_64-1_slack14.2.txz 6b25daf23b1cfc59351308b9c11e830a openssl-solibs-1.0.2j-x86_64-1_slack14.2.txz Slackware -current packages: 98337bdfe00f04be784953fee5c023ca a/openssl-solibs-1.0.2j-i586-1.txz 3cd05a7ed655e7f51f652a31b9b908e7 n/openssl-1.0.2j-i586-1.txz Slackware x86_64 -current packages: 6907d9a091ace959d8f04aa92cd7e5f6 a/openssl-solibs-1.0.2j-x86_64-1.txz 4017d82d5c4c370ab6850a5d623d321a n/openssl-1.0.2j-x86_64-1.txz Installation instructions: ++ Upgrade the packages as root: # upgradepkg openssl-1.0.2j-i586-1_slack14.2.txz openssl-solibs-1.0.2j-i586-1_slack14.2.txz +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlfpZcsACgkQakRjwEAQIjPMMACbB1R3zcPgLf11KPr1jtmRE7PN BvgAnjd81wwT0k1DTOieELSStonzadsk =AuZJ -END PGP SIGNATURE-
[security bulletin] HPSBGN03648 rev.1 - HPE LoadRunner and Performance Center, Remote Denial of Service (DoS)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05278882 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05278882 Version: 1 HPSBGN03648 rev.1 - HPE LoadRunner and Performance Center, Remote Denial of Service (DoS) NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2016-09-20 Last Updated: 2016-09-20 Potential Security Impact: Remote Denial of Service (DoS) Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY Potential security vulnerability have been identified in HPE LoadRunner and Performance Center. This vulnerability could be exploited remotely to allow Denial of Service (DoS). References: CVE-2016-4384 PSRT110230 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HPE Performance Center - all versions prior to v12.50 HPE LoadRunner - all versions prior to v12.50 BACKGROUND CVSS Base Metrics = Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2016-4384 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H 8.3 (AV:N/AC:M/Au:N/C:P/I:P/A:C) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 Hewlett Packard Enterprise thanks Tenable Network Security for reporting this issue to security-al...@hpe.com RESOLUTION HPE has released following updates to resolve the vulnerabilities in the impacted versions of LoadRunner and Performance Center: Performance Center v12.53 - https://softwaresupport.hp.com/group/softwaresupp ort/search-result/-/facetsearch/document/KM02354255 LoadRunner v12.53 - https://softwaresupport.hp.com/group/softwaresupport/sear ch-result/-/facetsearch/document/KM02320462 LoadRunner v12.50 patch 3 - https://softwaresupport.hp.com/group/softwaresupp ort/search-result/-/facetsearch/document/KM02040111 HISTORY Version:1 (rev.1) - 20 September 2016 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-al...@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-al...@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEcBAEBAgAGBQJX6VBSAAoJEGIGBBYqRO9/kV8IANtX4baDp0m/0Dnqfi0hlxga TQnS1TL9d38NDzvYLSzhbKIYLEoM4ymM/W376q+SD8bOjkiCZ7kmHAlZw/PHp0ny KewKknH/FPTjqoBCspHMxN8Cgos18/B4v8QPfnJE/xsFQcEmsPUnghB8ENR6m9ST rfPom6nDEg1zzMB5VdTuwQEx729/EQzSCEOm2yOLxMD9YPEhX/JMlf8UnQQW1skE MGr13WD89wBxM+tNMhQJDNLTMLd8lWfB9PTwxwOr4TE+mq+Pfiw1E9SvjUuZ/ikZ GBq4x7RHD3ZE37CR9aSxq55l1UwVaCMmBzyq8l20XjRvfQkyBggYYM3IV8ChmbM= =PGVh -END PGP SIGNATURE-
OS-S Security Advisory 2016-19: Epson WorkForce multi-function printers do not use signed firmware images and allow unauthorized malicious firmware-updates (CVSS 10)
OpenSource Security Ralf Spenneberg Am Bahnhof 3-5 48565 Steinfurt i...@os-s.net OS-S Security Advisory 2016-19 Title: Epson WorkForce multi-function printers do not use signed firmware images and allow unauthorized malicious firmware-updates Authors: Yves-Noel Weweler, Ralf Spenneberg , Hendrik Schwartke Date: September 26th 2015 Vendor contacted: September 29th 2015 Vendor response: December 12th 2015 Updated firmware available: January 28th 2016 CVSS: 10 Abstract Epson multi function printers support firmware-Updates via USB and HTTP. When using HTTP, the update is initialized with a GET request and the firmware is uploaded via a POST request. No authorization is required. An attacker can exploit this unauthorized mechanism using Cross-Site-Request-Forgery (CSRF). Because the firmware itself is neither encrypted nor digitaly signed an attacker can create malicious firmware images including backdoors and other malware. Impact Very High. Epson is the third largest printer manufacturer worldwide and sells millions of devices with this vulnerability. If this devices are network enabled, an attacker can upload malicious firmware directly or implicitly using CSRF. We were able to craft and install a malicious firmware image implementing a backdoor using the builtin data/fax modem. This backdoor may serve as a bridge head in to a network otherwise not connected to the internet. Exploit Exploit code just needs to mimic the HTTP update mechanism directly or using CRSF. With a basic understanding of the firmware format and checksums, an attacker can create malicious firmware images including backdoors and malware for the devices. Vulnerable Tested: Epson WF-2540 MFP Not-tested but probable after inspection of the firmware and IPv4-scans are most of the devices in the WorkForce and Stylus series. We believe huge amounts of the devices produced since 1999 to use this mechanism and could be vulnerable. Technical description Firmware provided for these devices consists of an embedded linux operating system packaged in Epson's proprietary firmware format. This format is not digitaly signed. With basic knowlege of the checksums used in the firmware an attacker is able to create a malicious firmware image. Using the HTTP based firmware update mechanism this firmware may be installed like follows: 1. Initialize update GET /FIRMWAREUPDATE HTTP/1.1\r\n Accept: */*\r\n Connection: Keep-Alive\r\n \r\n 2. Upload firmware POST /DOWN/FIRMWAREUPDATE/ROM1 HTTP/1.1\r\n Accept: */*\r\n Content-Type: multipart/form-data; boundary=--- EPSONOP2HANAOKAGROUP1999\r\n Content-Length: xxx\r\n Connection: Keep-Alive\r\n \r\n ---EPSONOP2HANAOKAGROUP1999\r\n Content-Disposition: form-data; name=``fname''; filename=``/DUMMY.DAT''\r\n Content-Type: application/octet-stream\r\n \r\n insert firmware here \r\n ---EPSONOP2HANAOKAGROUP1999--\r\n After uploading the firmware the device automatically installs the image. Since this mechanism does not require any authorization and no further counter-measures against CSRF are met, an attacker can easily upload new firmware. Solution A Modification of the Upgrade Mechanism is required. Vendor Response Epson responded on December 2nd 2015: >>>Quote-Start >>>[Vulnerability] >>>WF-2540 MFP has the vulnerability that you kindly advised. However >>>firmware check function by our original algorithm has been >>>implemented to the current products as the countermeasure for the >>>vulnerability, and it will be implemented to all the future products >>>also. >>> >>>[Solution] >>>We will release new firmware for WF-2540 by the end of January, >>>2016. (It will be delivered to a customer by a firmware updater >>>(utility) from our internet server or website.) >>>In addition, we may be willing to provide a new firmware for other >>>older products corresponding to the request by a customer. >>> >>>[Network security for our products] >>>We are going to publish network security guidance for customers so >>>that they will mitigate the effects of this issue by following the >>>guidance. >>>Quote-End -- OpenSource Training Ralf Spenneberg http://www.os-t.de Am Bahnhof 3-5 48565 Steinfurt Germany Fon: +49(0)2552 638 755 Fax: +49(0)2552 638 757
[slackware-security] php (SSA:2016-267-01)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [slackware-security] php (SSA:2016-267-01) New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--+ patches/packages/php-5.6.26-i586-1_slack14.2.txz: Upgraded. This release fixes bugs and security issues. For more information, see: https://php.net/ChangeLog-5.php#5.6.26 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7416 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7412 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7414 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7417 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7411 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7413 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7418 (* Security fix *) +--+ Where to find the new packages: +-+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.6.26-i486-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.6.26-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.6.26-i486-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.6.26-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/php-5.6.26-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/php-5.6.26-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.26-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.26-x86_64-1.txz MD5 signatures: +-+ Slackware 14.0 package: c35c9a2ecb0efe18d30ac9afd09f2f18 php-5.6.26-i486-1_slack14.0.txz Slackware x86_64 14.0 package: 5d717620237618ae0da8306fb0e103a6 php-5.6.26-x86_64-1_slack14.0.txz Slackware 14.1 package: c86df189624511380930799eedf7147a php-5.6.26-i486-1_slack14.1.txz Slackware x86_64 14.1 package: 2c306082ce7462c43a975dbf723e php-5.6.26-x86_64-1_slack14.1.txz Slackware 14.2 package: fe9dc583d44d71b359a52f787a3a3586 php-5.6.26-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 42ba7fa4b436381f508e21fa48c66d40 php-5.6.26-x86_64-1_slack14.2.txz Slackware -current package: 56a547e8bc4db3c91d6bfa5c31592175 n/php-5.6.26-i586-1.txz Slackware x86_64 -current package: 28256516f8df30cc31d6937c9447853b n/php-5.6.26-x86_64-1.txz Installation instructions: ++ Upgrade the package as root: # upgradepkg php-5.6.26-i586-1_slack14.2.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start +-+ Slackware Linux Security Team http://slackware.com/gpg-key secur...@slackware.com ++ | To leave the slackware-security mailing list: | ++ | Send an email to majord...@slackware.com with this text in the body of | | the email message: | || | unsubscribe slackware-security | || | You will get a confirmation message back containing instructions to| | complete the process. Please do not reply to this email address. | ++ -BEGIN PGP SIGNATURE- iEYEARECAAYFAlflu4cACgkQakRjwEAQIjOm+ACePcHnFavtPmzoaaGjA6hzDT7A WZQAnRqiR+kEI5nopMXiUx/Eg+VxU1ev =JznQ -END PGP SIGNATURE-