[security bulletin] HPSBHF03652 rev.1 - HPE iMC PLAT Network Products running Apache Commons FileUpload, Remote Denial of Service (DoS)

2016-09-26 Thread security-alert 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05289840

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05289840
Version: 1

HPSBHF03652 rev.1 - HPE iMC PLAT Network Products running Apache Commons
FileUpload, Remote Denial of Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2016-09-26
Last Updated: 2016-09-26

Potential Security Impact: Remote Denial of Service (DoS)

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY
A potential vulnerability in Apache Commons FileUpload was addressed by HPE
iMC PLAT network products. The vulnerability could be exploited remotely
resulting in a Denial of Service (DoS).

References:

  - CVE-2016-3092
  - PSRT110190

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
  - HPE iMC PLAT - Please refer to the RESOLUTION
 below for a list of impacted products. All product versions are impacted
prior to the fixed version listed.

BACKGROUND

  CVSS Base Metrics
  =
  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

CVE-2016-3092
  7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)

Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

RESOLUTION
HPE has made the following software update available to resolve the
vulnerability in the iMC PLAT network products listed.

 + **iMC PLAT - Version: IMC PLAT 7.2, E0403P10**

  - JD125A  HP IMC Std S/W Platform w/100-node
  - JD126A  HP IMC Ent S/W Platform w/100-node
  - JD808A  HP IMC Ent Platform w/100-node License
  - JD814A   HP A-IMC Enterprise Edition Software DVD Media
  - JD815A  HP IMC Std Platform w/100-node License
  - JD816A  HP A-IMC Standard Edition Software DVD Media
  - JF288AAE  HP Network Director to Intelligent Management Center
Upgrade E-LTU
  - JF289AAE  HP Enterprise Management System to Intelligent Management
Center Upgrade E-LTU
  - JF377A  HP IMC Std S/W Platform w/100-node Lic
  - JF377AAE  HP IMC Std S/W Pltfrm w/100-node E-LTU
  - JF378A  HP IMC Ent S/W Platform w/200-node Lic
  - JF378AAE  HP IMC Ent S/W Pltfrm w/200-node E-LTU
  - JG546AAE  HP IMC Basic SW Platform w/50-node E-LTU
  - JG747AAE  HP IMC Std SW Plat w/ 50 Nodes E-LTU
  - JG548AAE  HP PCM+ to IMC Bsc Upgr w/50-node E-LTU
  - JG549AAE  HP PCM+ to IMC Std Upgr w/200-node E-LTU
  - JG748AAE  HP IMC Ent SW Plat w/ 50 Nodes E-LTU
  - JG550AAE HPE PCM+ Mobility Manager to IMC Basic WLAN Platform Upgrade
50-node and 150-AP E-LTU
  - JG590AAE HPE IMC Basic WLAN Manager Software Platform 50 Access Point
E-LTU
  - JG660AAE HP IMC Smart Connect with Wireless Manager Virtual Appliance
Edition E-LTU
  - JG766AAE HP IMC Smart Connect Virtual Appliance Edition E-LTU
  - JG767AAE HP IMC Smart Connect with Wireless Manager Virtual Appliance
Edition E-LTU
  - JG768AAE HPE PCM+ to IMC Standard Software Platform Upgrade with
200-node E-LTU

**Note:** Please contact HPE Technical Support if any assistance is needed
acquiring the software updates.

HISTORY
Version:1 (rev.1) - 26 September 2016 Initial release

Third Party Security Patches: Third party security patches that are to be
installed on systems running Hewlett Packard Enterprise (HPE) software
products should be applied in accordance with the customer's patch management
policy.

Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HPE Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-al...@hpe.com.

Report: To report a potential security vulnerability for any HPE supported
product:
  Web form: https://www.hpe.com/info/report-security-vulnerability
  Email: security-al...@hpe.com

Subscribe: To initiate a subscription to receive future HPE Security Bulletin
alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is
available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.

3C = 3COM
3P = 3rd Party Software
GN = HPE General Software
HF = HPE Hardware and Firmware
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PV = ProCurve
ST = Storage Software
UX = HP-UX

Copyright 2016 Hewlett Packard Enterprise

Hewlett Packard Enterprise shall not be liable for technical or editorial
errors or omissions contained herein. The information provided is provided
"as is" without warranty of any kind. To the extent permitted by law, neither
HP or its

[security bulletin] HPSBHF03654 rev.1 - HPE iMC PLAT Network Products using SSL/TLS, Multiple Remote Vulnerabilities

2016-09-26 Thread security-alert 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05289935

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05289935
Version: 1

HPSBHF03654 rev.1 - HPE iMC PLAT Network Products using SSL/TLS, Multiple
Remote Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2016-09-26
Last Updated: 2016-09-26

Potential Security Impact: Multiple Remote Vulnerabilities

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HPE iMC PLAT
network products using SSL/TLS. These vulnerabilities could be exploited
remotely resulting in disclosure of information and other impacts including:

  - The MD5 Message-Digest Algorithm is not collision resistant, which makes
it easier for context-dependent attackers to conduct spoofing attacks, as
demonstrated by attacks on the use of MD5 in the signature algorithm of an
X.509 certificate.
  - The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many
single-byte biases, which makes it easier for remote attackers to conduct
plaintext-recovery attacks via statistical analysis of ciphertext in a large
number of sessions that use the same plaintext.
  - The RC4 stream cipher vulnerability in SSL/TLS known as "Bar Mitzvah"
could be exploited remotely to allow disclosure of information.

References:

  - CVE-2004-2761 - SSL/TLS MD5 Algorithm is not collision resistant
  - CVE-2013-2566 - SSL/TLS RC4 algorithm vulnerability
  - CVE-2015-2808 - SSL/TLS RC4 stream vulnerability known as "Bar Mitzvah"
  - PSRT110210

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
  - HPE iMC PLAT - Please refer to the RESOLUTION
 below for a list of impacted products. All product versions are impacted
prior to the fixed version listed.

BACKGROUND

  CVSS Base Metrics
  =
  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

CVE-2004-2761
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
  5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVE-2013-2566
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVE-2015-2808
  5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)

Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

RESOLUTION
HPE has made the following software available to resolve the vulnerabilities
in the iMC PLAT network products listed.

  + **iMC PLAT - Version: IMC PLAT 7.2, E0403P10**

  - JD125A  HP IMC Std S/W Platform w/100-node
  - JD126A  HP IMC Ent S/W Platform w/100-node
  - JD808A  HP IMC Ent Platform w/100-node License
  - JD814A   HP A-IMC Enterprise Edition Software DVD Media
  - JD815A  HP IMC Std Platform w/100-node License
  - JD816A  HP A-IMC Standard Edition Software DVD Media
  - JF288AAE  HP Network Director to Intelligent Management Center
Upgrade E-LTU
  - JF289AAE  HP Enterprise Management System to Intelligent Management
Center Upgrade E-LTU
  - JF377A  HP IMC Std S/W Platform w/100-node Lic
  - JF377AAE  HP IMC Std S/W Pltfrm w/100-node E-LTU
  - JF378A  HP IMC Ent S/W Platform w/200-node Lic
  - JF378AAE  HP IMC Ent S/W Pltfrm w/200-node E-LTU
  - JG546AAE  HP IMC Basic SW Platform w/50-node E-LTU
  - JG548AAE  HP PCM+ to IMC Bsc Upgr w/50-node E-LTU
  - JG549AAE  HP PCM+ to IMC Std Upgr w/200-node E-LTU
  - JG747AAE  HP IMC Std SW Plat w/ 50 Nodes E-LTU
  - JG748AAE  HP IMC Ent SW Plat w/ 50 Nodes E-LTU
  - JG550AAE HPE PCM+ Mobility Manager to IMC Basic WLAN Platform Upgrade
50-node and 150-AP E-LTU
  - JG590AAE HPE IMC Basic WLAN Manager Software Platform 50 Access Point
E-LTU
  - JG660AAE HP IMC Smart Connect with Wireless Manager Virtual Appliance
Edition E-LTU
  - JG766AAE HP IMC Smart Connect Virtual Appliance Edition E-LTU
  - JG767AAE HP IMC Smart Connect with Wireless Manager Virtual Appliance
Edition E-LTU
  - JG768AAE HPE PCM+ to IMC Standard Software Platform Upgrade with
200-node E-LTU

**Note:** Please contact HPE Technical Support if any assistance is needed
acquiring the software updates.

HISTORY
Version:1 (rev.1) - 26 September 2016 Initial release

Third Party Security Patches: Third party security patches that are to be
installed on systems running Hewlett Packard Enterprise (HPE) software
products should be applied in accordance with the customer's patch management
policy.

Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HPE Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-al...@hpe.com.

[security bulletin] HPSBHF03655 rev.1 - HPE iMC PLAT Network Products running Apache Axis2, Multiple Remote Vulnerabilities

2016-09-26 Thread security-alert 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05289984

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05289984
Version: 1

HPSBHF03655 rev.1 - HPE iMC PLAT Network Products running Apache Axis2,
Multiple Remote Vulnerabilities

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2016-09-26
Last Updated: 2016-09-26

Potential Security Impact: Multiple Remote Vulnerabilities

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HPE iMC PLAT
network products running Apache Axis2. These vulnerabilities could be
exploited remotely resulting in Denial of Service (DoS), disclosure of
information, and other impacts.

References:

  - CVE-2010-1632
  - PSRT110216

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
  - HPE iMC PLAT - Please refer to the RESOLUTION
 below for a list of impacted products. All product versions are impacted
prior to the fixed version listed.

BACKGROUND

  CVSS Base Metrics
  =
  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

CVE-2010-1632
  7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

RESOLUTION
HPE has made the following software update available to resolve the
vulnerability in the iMC PLAT network products listed.

 + **iMC PLAT - Version: IMC PLAT 7.2, E0403P10**

  - JD125A  HP IMC Std S/W Platform w/100-node
  - JD126A  HP IMC Ent S/W Platform w/100-node
  - JD808A  HP IMC Ent Platform w/100-node License
  - JD814A   HP A-IMC Enterprise Edition Software DVD Media
  - JD815A  HP IMC Std Platform w/100-node License
  - JD816A  HP A-IMC Standard Edition Software DVD Media
  - JF288AAE  HP Network Director to Intelligent Management Center
Upgrade E-LTU
  - JF289AAE  HP Enterprise Management System to Intelligent Management
Center Upgrade E-LTU
  - JF377A  HP IMC Std S/W Platform w/100-node Lic
  - JF377AAE  HP IMC Std S/W Pltfrm w/100-node E-LTU
  - JF378A  HP IMC Ent S/W Platform w/200-node Lic
  - JF378AAE  HP IMC Ent S/W Pltfrm w/200-node E-LTU
  - JG546AAE  HP IMC Basic SW Platform w/50-node E-LTU
  - JG548AAE  HP PCM+ to IMC Bsc Upgr w/50-node E-LTU
  - JG549AAE  HP PCM+ to IMC Std Upgr w/200-node E-LTU
  - JG747AAE  HP IMC Std SW Plat w/ 50 Nodes E-LTU
  - JG748AAE  HP IMC Ent SW Plat w/ 50 Nodes E-LTU
  - JG550AAE HPE PCM+ Mobility Manager to IMC Basic WLAN Platform Upgrade
50-node and 150-AP E-LTU
  - JG590AAE HPE IMC Basic WLAN Manager Software Platform 50 Access Point
E-LTU
  - JG660AAE HP IMC Smart Connect with Wireless Manager Virtual Appliance
Edition E-LTU
  - JG766AAE HP IMC Smart Connect Virtual Appliance Edition E-LTU
  - JG767AAE HP IMC Smart Connect with Wireless Manager Virtual Appliance
Edition E-LTU
  - JG768AAE HPE PCM+ to IMC Standard Software Platform Upgrade with
200-node E-LTU

**Note:** Please contact HPE Technical Support if any assistance is needed
acquiring the software updates.

HISTORY
Version:1 (rev.1) - 26 September 2016 Initial release

Third Party Security Patches: Third party security patches that are to be
installed on systems running Hewlett Packard Enterprise (HPE) software
products should be applied in accordance with the customer's patch management
policy.

Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HPE Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-al...@hpe.com.

Report: To report a potential security vulnerability for any HPE supported
product:
  Web form: https://www.hpe.com/info/report-security-vulnerability
  Email: security-al...@hpe.com

Subscribe: To initiate a subscription to receive future HPE Security Bulletin
alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is
available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.

3C = 3COM
3P = 3rd Party Software
GN = HPE General Software
HF = HPE Hardware and Firmware
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PV = ProCurve
ST = Storage Software
UX = HP-UX

Copyright 2016 Hewlett Packard Enterprise

Hewlett Packard Enterprise shall not be liable for technical or editorial
errors or omissions contained herein. The information provided is provided
"as is" without warranty of any kind. To the extent

[SECURITY] [DSA 3678-1] python-django security update

2016-09-26 Thread Florian Weimer 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- -
Debian Security Advisory DSA-3678-1   secur...@debian.org
https://www.debian.org/security/   Florian Weimer
September 26, 2016https://www.debian.org/security/faq
- -

Package: python-django
CVE ID : CVE-2016-7401

Sergey Bobrov discovered that cookie parsing in Django and Google
Analytics interacted such a way that an attacker could set arbitrary
cookies.  This allows other malicious web sites to bypass the
Cross-Site Request Forgery (CSRF) protections built into Django.

For the stable distribution (jessie), this problem has been fixed in
version 1.7.11-1+deb8u1.

For the unstable distribution (sid), this problem has been fixed in
version 1:1.10-1.

We recommend that you upgrade your python-django packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-annou...@lists.debian.org
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJX6ZZnAAoJEL97/wQC1SS+dykH/2CovPvBanbq6bdqyFJumSQS
bQoD1beB7Chue4zthCvkH+tQMYG6f/mZbRL4bUTjTYUrI0FL5OF7bmc40bKFatDL
EJU9LrWGxlPaDHbp3//eOgN8/jJrxHzcmgZC9r5IlEvxZMlOoYjHO4g1dswh7lH/
g5Mi/nnlsKPEpgyjUKLXryx2hHDsigsqMl6DpAeXsklmRiGArrOYK7OfD5Fq4utB
2T/QvlRm43kQ9p/bpSvUJkkRm+7QjXElSNBa79fQ1dED8gGAi0iYEu46JOydmMqB
9lHfsLuBjWYKRDPPcxYKDnvKejI84pSSMWVenGKdhVZKbZYar2MS2h4QCcqHjxc=
=QUR6
-END PGP SIGNATURE-

[slackware-security] openssl (SSA:2016-270-01)

2016-09-26 Thread Slackware Security Team 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

[slackware-security]  openssl (SSA:2016-270-01)

New openssl packages are available for Slackware 14.2 and -current to
fix a security issue.


Here are the details from the Slackware 14.2 ChangeLog:
+--+
patches/packages/openssl-1.0.2j-i586-1_slack14.2.txz:  Upgraded.
  This update fixes a security issue:
  Missing CRL sanity check (CVE-2016-7052)
  For more information, see:
https://www.openssl.org/news/secadv/20160926.txt
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7052
  (* Security fix *)
patches/packages/openssl-solibs-1.0.2j-i586-1_slack14.2.txz:  Upgraded.
+--+


Where to find the new packages:
+-+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-1.0.2j-i586-1_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/openssl-solibs-1.0.2j-i586-1_slack14.2.txz

Updated packages for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-1.0.2j-x86_64-1_slack14.2.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/openssl-solibs-1.0.2j-x86_64-1_slack14.2.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-1.0.2j-i586-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-1.0.2j-i586-1.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-1.0.2j-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-1.0.2j-x86_64-1.txz


MD5 signatures:
+-+

Slackware 14.2 packages:
cf3e90f91b35ee96f5a900e5f2ec8fd5  openssl-1.0.2j-i586-1_slack14.2.txz
31cc46351fdd4c487f75abdbfcd696e7  openssl-solibs-1.0.2j-i586-1_slack14.2.txz

Slackware x86_64 14.2 packages:
333fd278752b5f04a805aeabd77f28c4  openssl-1.0.2j-x86_64-1_slack14.2.txz
6b25daf23b1cfc59351308b9c11e830a  openssl-solibs-1.0.2j-x86_64-1_slack14.2.txz

Slackware -current packages:
98337bdfe00f04be784953fee5c023ca  a/openssl-solibs-1.0.2j-i586-1.txz
3cd05a7ed655e7f51f652a31b9b908e7  n/openssl-1.0.2j-i586-1.txz

Slackware x86_64 -current packages:
6907d9a091ace959d8f04aa92cd7e5f6  a/openssl-solibs-1.0.2j-x86_64-1.txz
4017d82d5c4c370ab6850a5d623d321a  n/openssl-1.0.2j-x86_64-1.txz


Installation instructions:
++

Upgrade the packages as root:
# upgradepkg openssl-1.0.2j-i586-1_slack14.2.txz 
openssl-solibs-1.0.2j-i586-1_slack14.2.txz


+-+

Slackware Linux Security Team
http://slackware.com/gpg-key
secur...@slackware.com

++
| To leave the slackware-security mailing list:  |
++
| Send an email to majord...@slackware.com with this text in the body of |
| the email message: |
||
|   unsubscribe slackware-security   |
||
| You will get a confirmation message back containing instructions to|
| complete the process.  Please do not reply to this email address.  |
++
-BEGIN PGP SIGNATURE-

iEYEARECAAYFAlfpZcsACgkQakRjwEAQIjPMMACbB1R3zcPgLf11KPr1jtmRE7PN
BvgAnjd81wwT0k1DTOieELSStonzadsk
=AuZJ
-END PGP SIGNATURE-

[security bulletin] HPSBGN03648 rev.1 - HPE LoadRunner and Performance Center, Remote Denial of Service (DoS)

2016-09-26 Thread security-alert 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05278882

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05278882
Version: 1

HPSBGN03648 rev.1 - HPE LoadRunner and Performance Center, Remote Denial of
Service (DoS)

NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.

Release Date: 2016-09-20
Last Updated: 2016-09-20

Potential Security Impact: Remote Denial of Service (DoS)

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY
Potential security vulnerability have been identified in HPE LoadRunner and
Performance Center. This vulnerability could be exploited remotely to allow
Denial of Service (DoS).

References:

CVE-2016-4384
PSRT110230

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

HPE Performance Center - all versions prior to v12.50
HPE LoadRunner - all versions prior to v12.50

BACKGROUND

  CVSS Base Metrics
  =
  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

CVE-2016-4384
  8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
  8.3 (AV:N/AC:M/Au:N/C:P/I:P/A:C)

Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

Hewlett Packard Enterprise thanks Tenable Network Security for reporting this
issue to security-al...@hpe.com

RESOLUTION

HPE has released following updates to resolve the vulnerabilities in the
impacted versions of LoadRunner and Performance Center:

Performance Center v12.53 - https://softwaresupport.hp.com/group/softwaresupp
ort/search-result/-/facetsearch/document/KM02354255

LoadRunner v12.53 - https://softwaresupport.hp.com/group/softwaresupport/sear
ch-result/-/facetsearch/document/KM02320462

LoadRunner v12.50 patch 3 - https://softwaresupport.hp.com/group/softwaresupp
ort/search-result/-/facetsearch/document/KM02040111

HISTORY
Version:1 (rev.1) - 20 September 2016 Initial release

Third Party Security Patches: Third party security patches that are to be
installed on systems running Hewlett Packard Enterprise (HPE) software
products should be applied in accordance with the customer's patch management
policy.

Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HPE Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-al...@hpe.com.

Report: To report a potential security vulnerability for any HPE supported
product:
  Web form: https://www.hpe.com/info/report-security-vulnerability
  Email: security-al...@hpe.com

Subscribe: To initiate a subscription to receive future HPE Security Bulletin
alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is
available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.

3C = 3COM
3P = 3rd Party Software
GN = HPE General Software
HF = HPE Hardware and Firmware
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PV = ProCurve
ST = Storage Software
UX = HP-UX

Copyright 2016 Hewlett Packard Enterprise

Hewlett Packard Enterprise shall not be liable for technical or editorial
errors or omissions contained herein. The information provided is provided
"as is" without warranty of any kind. To the extent permitted by law, neither
HP or its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice. Hewlett
Packard Enterprise and the names of Hewlett Packard Enterprise products
referenced herein are trademarks of Hewlett Packard Enterprise in the United
States and other countries. Other product and company names mentioned herein
may be trademarks of their respective owners.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEcBAEBAgAGBQJX6VBSAAoJEGIGBBYqRO9/kV8IANtX4baDp0m/0Dnqfi0hlxga
TQnS1TL9d38NDzvYLSzhbKIYLEoM4ymM/W376q+SD8bOjkiCZ7kmHAlZw/PHp0ny
KewKknH/FPTjqoBCspHMxN8Cgos18/B4v8QPfnJE/xsFQcEmsPUnghB8ENR6m9ST
rfPom6nDEg1zzMB5VdTuwQEx729/EQzSCEOm2yOLxMD9YPEhX/JMlf8UnQQW1skE
MGr13WD89wBxM+tNMhQJDNLTMLd8lWfB9PTwxwOr4TE+mq+Pfiw1E9SvjUuZ/ikZ
GBq4x7RHD3ZE37CR9aSxq55l1UwVaCMmBzyq8l20XjRvfQkyBggYYM3IV8ChmbM=
=PGVh
-END PGP SIGNATURE-

OS-S Security Advisory 2016-19: Epson WorkForce multi-function printers do not use signed firmware images and allow unauthorized malicious firmware-updates (CVSS 10)

2016-09-26 Thread Ralf Spenneberg 
OpenSource Security Ralf Spenneberg
Am Bahnhof 3-5
48565 Steinfurt
i...@os-s.net

OS-S Security Advisory 2016-19

Title: Epson WorkForce multi-function printers do not use signed
firmware images and allow unauthorized malicious firmware-updates
Authors: Yves-Noel Weweler , Ralf Spenneberg
,  Hendrik Schwartke 

Date: September 26th 2015
Vendor contacted: September 29th 2015
Vendor response: December 12th 2015
Updated firmware available: January 28th 2016
CVSS: 10

Abstract
Epson multi function printers support firmware-Updates via USB and HTTP.
When using HTTP, the update is initialized with a GET request and the
firmware is uploaded via a POST request. No authorization is required.
An attacker can exploit this unauthorized mechanism  using
Cross-Site-Request-Forgery (CSRF). Because the firmware itself is
neither  encrypted nor digitaly signed an attacker can create malicious
firmware images including backdoors and other malware.

Impact
Very High. Epson is the third largest printer manufacturer worldwide and
sells millions of devices with this vulnerability. If this devices are
network enabled, an attacker can upload malicious firmware directly or
implicitly using CSRF. We were able to craft and install a malicious
firmware image implementing a backdoor using the builtin data/fax modem.
This backdoor may serve as a bridge head in to a network otherwise not
connected to the internet.

Exploit
Exploit code just needs to mimic the HTTP update mechanism directly or
using CRSF. With a basic understanding of the firmware format and
checksums, an attacker can create malicious firmware images including
backdoors and malware for the devices.
Vulnerable

Tested: Epson WF-2540 MFP
Not-tested but probable after inspection of the firmware and IPv4-scans
are most of the devices in the WorkForce and Stylus series.
We believe huge amounts of the devices produced since 1999 to use this
mechanism and could be vulnerable.

Technical description
Firmware provided for these devices consists of an embedded linux
operating system
packaged in Epson's proprietary firmware format. This format is not
digitaly signed. With basic knowlege of the checksums used in the
firmware an attacker is able to create a malicious firmware image.
Using the HTTP based firmware update mechanism this firmware may be
installed like follows:
1. Initialize update
GET /FIRMWAREUPDATE HTTP/1.1\r\n
Accept: */*\r\n
Connection: Keep-Alive\r\n
\r\n

2. Upload firmware
POST /DOWN/FIRMWAREUPDATE/ROM1 HTTP/1.1\r\n
Accept: */*\r\n
Content-Type: multipart/form-data; boundary=---
EPSONOP2HANAOKAGROUP1999\r\n
Content-Length: xxx\r\n
Connection: Keep-Alive\r\n
\r\n
---EPSONOP2HANAOKAGROUP1999\r\n
Content-Disposition: form-data; name=``fname'';
filename=``/DUMMY.DAT''\r\n
Content-Type: application/octet-stream\r\n
\r\n
insert firmware here
\r\n
---EPSONOP2HANAOKAGROUP1999--\r\n

After uploading the firmware the device automatically installs the
image. Since this mechanism does not require any authorization and no
further counter-measures against CSRF are met, an attacker can easily
upload new firmware.

Solution
A Modification of the Upgrade Mechanism is required.

Vendor Response
Epson responded on December 2nd 2015:

>>>Quote-Start
>>>[Vulnerability]
>>>WF-2540 MFP has the vulnerability that you kindly advised. However
>>>firmware check function by our original algorithm has been
>>>implemented to the current products as the countermeasure for the
>>>vulnerability, and it will be implemented to all the future products
>>>also.
>>>
>>>[Solution]
>>>We will release new firmware for WF-2540 by the end of January,
>>>2016. (It will be delivered to a customer by a firmware updater
>>>(utility) from our internet server or website.)
>>>In addition, we may be willing to provide a new firmware for other
>>>older products corresponding to the request by a customer.
>>>
>>>[Network security for our products]
>>>We are going to publish network security guidance for customers so
>>>that they will mitigate the effects of this issue by following the
>>>guidance.
>>>Quote-End
-- 
OpenSource Training Ralf Spenneberg http://www.os-t.de
Am Bahnhof 3-5  48565 Steinfurt Germany
Fon: +49(0)2552 638 755 Fax: +49(0)2552 638 757

[slackware-security] php (SSA:2016-267-01)

2016-09-26 Thread Slackware Security Team 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

[slackware-security]  php (SSA:2016-267-01)

New php packages are available for Slackware 14.0, 14.1, 14.2, and -current to
fix security issues.


Here are the details from the Slackware 14.2 ChangeLog:
+--+
patches/packages/php-5.6.26-i586-1_slack14.2.txz:  Upgraded.
  This release fixes bugs and security issues.
  For more information, see:
https://php.net/ChangeLog-5.php#5.6.26
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7416
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7412
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7414
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7417
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7411
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7413
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7418
  (* Security fix *)
+--+


Where to find the new packages:
+-+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/php-5.6.26-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/php-5.6.26-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/php-5.6.26-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/php-5.6.26-x86_64-1_slack14.1.txz

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/php-5.6.26-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/php-5.6.26-x86_64-1_slack14.2.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-5.6.26-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-5.6.26-x86_64-1.txz


MD5 signatures:
+-+

Slackware 14.0 package:
c35c9a2ecb0efe18d30ac9afd09f2f18  php-5.6.26-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
5d717620237618ae0da8306fb0e103a6  php-5.6.26-x86_64-1_slack14.0.txz

Slackware 14.1 package:
c86df189624511380930799eedf7147a  php-5.6.26-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
2c306082ce7462c43a975dbf723e  php-5.6.26-x86_64-1_slack14.1.txz

Slackware 14.2 package:
fe9dc583d44d71b359a52f787a3a3586  php-5.6.26-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
42ba7fa4b436381f508e21fa48c66d40  php-5.6.26-x86_64-1_slack14.2.txz

Slackware -current package:
56a547e8bc4db3c91d6bfa5c31592175  n/php-5.6.26-i586-1.txz

Slackware x86_64 -current package:
28256516f8df30cc31d6937c9447853b  n/php-5.6.26-x86_64-1.txz


Installation instructions:
++

Upgrade the package as root:
# upgradepkg php-5.6.26-i586-1_slack14.2.txz

Then, restart Apache httpd:
# /etc/rc.d/rc.httpd stop
# /etc/rc.d/rc.httpd start


+-+

Slackware Linux Security Team
http://slackware.com/gpg-key
secur...@slackware.com

++
| To leave the slackware-security mailing list:  |
++
| Send an email to majord...@slackware.com with this text in the body of |
| the email message: |
||
|   unsubscribe slackware-security   |
||
| You will get a confirmation message back containing instructions to|
| complete the process.  Please do not reply to this email address.  |
++
-BEGIN PGP SIGNATURE-

iEYEARECAAYFAlflu4cACgkQakRjwEAQIjOm+ACePcHnFavtPmzoaaGjA6hzDT7A
WZQAnRqiR+kEI5nopMXiUx/Eg+VxU1ev
=JznQ
-END PGP SIGNATURE-