[security bulletin] HPESBHF03745 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03745en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03745en_us Version: 1 HPESBHF03745 rev.1 - HPE Intelligent Management Center (iMC) PLAT, Remote Code Execution NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2017-05-14 Last Updated: 2017-05-14 Potential Security Impact: Remote: Code Execution Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in HPE Intelligent Management Center (iMC) PLAT. The vulnerabilities could be exploited remotely to allow execution of code. References: - CVE-2017-5816 - CVE-2017-5817 - CVE-2017-5818 - CVE-2017-5819 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - HP Intelligent Management Center (iMC) All version prior to IMC PLAT 7.3 E0504P04 - Please refer to the RESOLUTION below for a list of impacted products. BACKGROUND CVSS Base Metrics = Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2017-5816 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2017-5817 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) CVE-2017-5818 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C) CVE-2017-5819 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 Hewlett Packard Enterprise thanks sztivi for working with Trend Micro's Zero Day Initiative (ZDI) for reporting these vulnerabilities to security-al...@hpe.com RESOLUTION HPE has made the following software update available to resolve the vulnerabilities in the iMC PLAT network products listed. + **iMC PLAT - Version: Fixed in IMC PLAT 7.3 E0504P04** * HP Network Products - JD125A HP IMC Std S/W Platform w/100-node - JD126A HP IMC Ent S/W Platform w/100-node - JD808A HP IMC Ent Platform w/100-node License - JD814A HP A-IMC Enterprise Edition Software DVD Media - JD815A HP IMC Std Platform w/100-node License - JD816A HP A-IMC Standard Edition Software DVD Media - JF288AAE HP Network Director to Intelligent Management Center Upgrade E-LTU - JF289AAE HP Enterprise Management System to Intelligent Management Center Upgrade E-LTU - JF377A HP IMC Std S/W Platform w/100-node Lic - JF377AAE HP IMC Std S/W Pltfrm w/100-node E-LTU - JF378A HP IMC Ent S/W Platform w/200-node Lic - JF378AAE HP IMC Ent S/W Pltfrm w/200-node E-LTU - JG546AAE HP IMC Basic SW Platform w/50-node E-LTU - JG548AAE HP PCM+ to IMC Bsc Upgr w/50-node E-LTU - JG549AAE HP PCM+ to IMC Std Upgr w/200-node E-LTU - JG747AAE HP IMC Std SW Plat w/ 50 Nodes E-LTU - JG748AAE HP IMC Ent SW Plat w/ 50 Nodes E-LTU - JG768AAE HP PCM+ to IMC Std Upg w/ 200-node E-LTU - JG550AAE HPE PCM+ Mobility Manager to IMC Basic WLAN Platform Upgrade 50-node and 150-AP E-LTU - JG590AAE HPE IMC Basic WLAN Manager Software Platform 50 Access Point E-LTU - JG660AAE HP IMC Smart Connect with Wireless Manager Virtual Appliance Edition E-LTU - JG766AAE HP IMC Smart Connect Virtual Appliance Edition E-LTU - JG767AAE HP IMC Smart Connect with Wireless Manager Virtual Appliance Edition E-LTU - JG768AAE HPE PCM+ to IMC Standard Software Platform Upgrade with 200-node E-LTU **Note:** Please contact HPE Technical Support if any assistance is needed acquiring the software updates. HISTORY Version:1 (rev.1) - 11 May 2017 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-al...@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-al...@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software
Secunia Research: LibRaw "parse_tiff_ifd()" Memory Corruption Vulnerability
== Secunia Research 2017/05/11 LibRaw "parse_tiff_ifd()" Memory Corruption Vulnerability == Table of Contents Affected Software1 Severity.2 Description of Vulnerability.3 Solution.4 Time Table...5 Credits..6 References...7 About Flexera Software...8 Verification.9 == 1) Affected Software * LibRaw 0.x == 2) Severity Rating: Highly critical Impact: Denial of Service and System Access Where: From remote == 3) Description of Vulnerability Secunia Research has discovered a vulnerability in LibRaw, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. 1) An error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) can be exploited to corrupt memory. The vulnerability is confirmed in version 0.18.1. Prior versions may also be affected. == 4) Solution Apply update. http://www.libraw.org/news/libraw-0-18-2 == 5) Time Table 2017/03/08 - Vendor notified about vulnerability. 2017/03/08 - Vendor response. 2017/03/09 - Release of vendor patch. 2017/03/10 - Release of Secunia Advisory SA75737. 2017/05/11 - Public disclosure of Secunia Research Advisory. == 6) Credits Jakub Jirasek, Secunia Research at Flexera Software. == 7) References The Flexera Software CNA has assigned the CVE-2017-6886 identifier for the vulnerability through the Common Vulnerabilities and Exposures (CVE) project. == 8) About Flexera Software Flexera Software helps application producers and enterprises increase application usage and the value they derive from their software. http://www.flexerasoftware.com/enterprise/company/about/ Flexera Software delivers market-leading Software Vulnerability Management solutions enabling enterprises to proactively identify and remediate software vulnerabilities, effectively reducing the risk of costly security breaches. http://www.flexerasoftware.com/enterprise/products/ Flexera Software supports and contributes to the community in several ways. We have always believed that reliable vulnerability intelligence and tools to aid identifying and fixing vulnerabilities should be freely available for consumers to ensure that users, who care about their online privacy and security, can stay secure. Only a few vendors address vulnerabilities in a proper way and help users get updated and stay secure. End-users (whether private individuals or businesses) are otherwise left largely alone, and that is why back in 2002, Secunia Research started investigating, coordinating disclosure and verifying software vulnerabilities. In 2016, Secunia Research became a part of Flexera Software and today our in-house software vulnerability research remains the core of the Software Vulnerability Management products at Flexera Software. http://secunia.com/secunia_research/ The public Advisory database contains sufficient information for researchers, security enthusiasts, and consumers to lookup individual products and vulnerabilities and assess, whether they need to take any actions to secure their systems or whether a given vulnerability has already been discovered http://secunia.com/advisories/ == 9) Verification Please verify this advisory by visiting the Secunia website: https://secuniaresearch.flexerasoftware.com/secunia_research/2017-5/ Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/ ==
Secunia Research: FLAC "read_metadata_vorbiscomment_()" Memory Leak Denial of Service Vulnerability
== Secunia Research 2017/05/11 FLAC "read_metadata_vorbiscomment_()" Memory Leak Denial of Service Vulnerability == Table of Contents Affected Software1 Severity.2 Description of Vulnerability.3 Solution.4 Time Table...5 Credits..6 References...7 About Flexera Software...8 Verification.9 == 1) Affected Software * FLAC version 1.3.2. Other versions may also be affected. == 2) Severity Rating: Moderately critical Impact: Denial of Service Where: From remote == 3) Description of Vulnerability Secunia Research has discovered a vulnerability in FLAC, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the "read_metadata_vorbiscomment_()" function (stream_decoder.c), which can be exploited to cause a memory leak via a specially crafted FLAC file. The vulnerability is confirmed in version 1.3.2. Other versions may also be affected. == 4) Solution Fixed in the source code repository. == 5) Time Table 2017/04/06 - Initial contact to request security contact. 2017/04/06 - Maintainer responds with security contact. 2017/04/06 - Maintainer contacted with the vulnerability details. 2017/04/08 - Maintainer provides a patch in the official source code repository. 2017/04/21 - Release of Secunia Advisory SA76102. 2017/05/11 - Public disclosure of Secunia Research Advisory. == 6) Credits Discovered by Jakub Jirasek, Secunia Research at Flexera Software. == 7) References The Flexera Software CNA has assigned the CVE-2017-6888 identifier for the vulnerability through the Common Vulnerabilities and Exposures (CVE) project. == 8) About Flexera Software Flexera Software helps application producers and enterprises increase application usage and the value they derive from their software. http://www.flexerasoftware.com/enterprise/company/about/ Flexera Software delivers market-leading Software Vulnerability Management solutions enabling enterprises to proactively identify and remediate software vulnerabilities, effectively reducing the risk of costly security breaches. http://www.flexerasoftware.com/enterprise/products/ Flexera Software supports and contributes to the community in several ways. We have always believed that reliable vulnerability intelligence and tools to aid identifying and fixing vulnerabilities should be freely available for consumers to ensure that users, who care about their online privacy and security, can stay secure. Only a few vendors address vulnerabilities in a proper way and help users get updated and stay secure. End-users (whether private individuals or businesses) are otherwise left largely alone, and that is why back in 2002, Secunia Research started investigating, coordinating disclosure and verifying software vulnerabilities. In 2016, Secunia Research became a part of Flexera Software and today our in-house software vulnerability research remains the core of the Software Vulnerability Management products at Flexera Software. http://secunia.com/secunia_research/ The public Advisory database contains sufficient information for researchers, security enthusiasts, and consumers to lookup individual products and vulnerabilities and assess, whether they need to take any actions to secure their systems or whether a given vulnerability has already been discovered http://secunia.com/advisories/ == 9) Verification Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2017-7/ Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/ ===
[SECURITY] [DSA 3853-1] bitlbee security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-3853-1 secur...@debian.org https://www.debian.org/security/ Sebastien Delafond May 15, 2017 https://www.debian.org/security/faq - - Package: bitlbee CVE ID : CVE-2016-10188 CVE-2016-10189 It was discovered that bitlbee, an IRC to other chat networks gateway, contained issues that allowed a remote attacker to cause a denial of service (via application crash), or potentially execute arbitrary commands. For the stable distribution (jessie), these problems have been fixed in version 3.2.2-2+deb8u1. For the upcoming stable (stretch) and unstable (sid) distributions, these problems have been fixed in version 3.5-1. We recommend that you upgrade your bitlbee packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-annou...@lists.debian.org -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAlkZeTwACgkQEL6Jg/PV nWRDYgf9EhqKwSKewMbqjZrPRdk7L3dcQvF1y46T7F3eE3jQkka6vKC2vfR9IY7S WlkDaLbd+9+LqhdBM1vDHI/4zSvehjQwPPyvL0iSM+6NGrED2RtgB0lBUHxfLBSj 0dKzJfl3DROgQ39Ws79Rf5JJxOH0u1fLFM9UphZm2+Rico6dasz3e0prWslBfp0A FKcI/Mvb7Syi/nCZbTZ++yl/QNlVu9p1bxy5y1ZxVdfcakTX0Jcf0pjb+4CmzMtN fv7onbNTr3Z6nB6XzkeviiP6op3P3HC13ayXFvTOm32Q7/hXd9JSGL07/6FyGMqc e5qcgpPXPt9oRgv2eD87uHwqeZu81g== =TcC4 -END PGP SIGNATURE-
APPLE-SA-2017-05-15-4 watchOS 3.2.1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 APPLE-SA-2017-05-15-4 watchOS 3.2.1 watchOS 3.2.1 is now available and addresses the following: AVEVideoEncoder Available for: All Apple Watch models Impact: An application may be able to gain kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-6989: Adam Donenfeld (@doadam) of the Zimperium zLabs Team CoreAudio Available for: All Apple Watch models Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-2502: Yangkang (@dnpushme) of Qihoo360 Qex Team IOSurface Available for: All Apple Watch models Impact: An application may be able to gain kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-6979: Adam Donenfeld of Zimperium zLabs Kernel Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed through improved locking. CVE-2017-2501: Ian Beer of Google Project Zero Kernel Available for: All Apple Watch models Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-2507: Ian Beer of Google Project Zero CVE-2017-6987: Patrick Wardle of Synack SQLite Available for: All Apple Watch models Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: A use after free issue was addressed through improved memory management. CVE-2017-2513: found by OSS-Fuzz SQLite Available for: All Apple Watch models Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: A buffer overflow issue was addressed through improved memory handling. CVE-2017-2518: found by OSS-Fuzz CVE-2017-2520: found by OSS-Fuzz SQLite Available for: All Apple Watch models Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-2519: found by OSS-Fuzz TextInput Available for: All Apple Watch models Impact: Parsing maliciously crafted data may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-2524: Ian Beer of Google Project Zero WebKit Available for: All Apple Watch models Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-2521: lokihardt of Google Project Zero Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -BEGIN PGP SIGNATURE- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJZGdmLAAoJEIOj74w0bLRGGZsP/izdSqAOOAEcPooYThydEm61 UdXdekjbQB6bDq+TgnhReTvnXF/KhXgOwlnCrYXkQVoAGLMr6fXb5Qf1bnZsrhuv HAofCUFrmaTFTb29xe23tVAh6bAkh5ySZx9FftMfyWZYepX21uNxxMa7wF2ZNuHT cyCnrh8+MGICmWzceXT8/UBL+Nvoc/Qft38i0ZpDh+8TEwZ+si7TAEiNQhQxafs2 4gP2GoPxlirDvjIBO1InU1OKbf90a3HqJFrsi4jytK1w+XyHsxJWNQf3nBG/mfrE pxsh6AZsYKA/IsJ5dnAbxL/27eumi1JqJxyj3IS/y+DbB+N7lNwCUzRmZPSZR1t7 PxF76OQdkaQWWRH+m49WytpKKvJ528EvrWx+wAOMsZLRHEbjUAcjsXsebUaVuyuf iEQvRDLZc3fCPFa+hbSQBZLk7ddPLjZTfL++G2vmtYnmHgx4uDKFHhTuSAVLkzZJ iwJA8WrQL40UViIzAA6fn+eaxyOz6RspEkOEYylqj3FFOAhUIzZ5GkUy2NnPHId1 gbYfeou/VKIl/aiKpsp41syMlNcc57wDout/VrxkKFSXzX8Bj9BnzjJzzgDyd4E4 Btqn1clCcLrT4CJoY0ZBqK8QqG68plwgaONXISXBwGDPpFbEfQZlU8O1Q817siSy ocP/dh7qXkhPMcAoH3fG =anIP -END PGP SIGNATURE-
APPLE-SA-2017-05-15-6 iTunes 12.6.1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 APPLE-SA-2017-05-15-6 iTunes 12.6.1 iTunes 12.6.1 is now available and addresses the following: WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-6984: lokihardt of Google Project Zero Installation note: iTunes 12.6.1 may be obtained from: https://www.apple.com/itunes/download/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -BEGIN PGP SIGNATURE- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJZGdmMAAoJEIOj74w0bLRGrEAQANAwX4py0E+fVjErcOSxTuqw XeO2oIgY3Dv97o9Nq652rJuvy9RhH8ezXez85vzu4IOlYtQEfQIknn3bdcN2wz+v SZ2TqLaCi4xteXWqg97eh83mArXnkIB6udS6qzqEzvzhMWadbRFmbDHtctjCspDW KoAC3ycPs27oHxvqovn/LVkZQhQbUTecdpKcxHDz2SEOMoifc8byzTQrUuT3XPuu vkMqbCJBmruj6BRWuG9SKEDiUp0T9qTATQ6O1FMu9nh+Vg8UiA4YXPoam0rXLcHk FDowArWgM1CHs2P5xjYXs1Zw4dx9mznIPIgbp63El0Y7USw1cOyJ1nQ/3yP4Bizh /QRzjeioFYS8hrqr8vg6B715sQ9wQDn68WFLo818Rk1qqLJsBGXlVhaeHdMAjVri ig3Tp0zFmpgR5VRi0/rLyoBIgOpiupFtnfmpmA0PNr8xIUQRQSdVgs7OF03kvhav N8ZUBaWw0DX1OL3FmI6hp9MjEGIqFBLvHkjXrPN7hNgXtu7Xphnat++5K/6sG1Cy raYolhWly9ZyPbcnvin12wtHvPD5nkMs++GOVdEVXrnkRlxTfUIBuFbrEc9LRzsB OQLIYT20MwhqiZ8WJ0YWfk62ynlL83Vb9kS2ANATCyqsduU1gVBV7a5FOtaiQMrS a66PY5+nkqJlwci99PtG =IupJ -END PGP SIGNATURE-
