User login
Qlustar: Install and enjoy!

[QSA-0423152] Security Bundle

Qlustar Security Advisory 0423152

April 23, 2015


Summary:

Security bundle. A Qlustar security bundle is a cumulative update of packages that are taken from upstream Debian/Ubuntu without modification. Only packages that are used in a typical HPC/Storage cluster installation are mentioned in Qlustar Security Advisories. Other non-HPC related updates also enter the Qlustar repository, but their functionality is not separately verified by the Qlustar team. To track these updates subscribe to the general security mailing lists of Debian/Ubuntu.


Package(s)       : see upstream description of individual package
Qlustar releases : 9.0, 8.1
Affected versions: All versions prior to this update
Vulnerability    : see upstream description of individual package
Problem type     : see upstream description of individual package
Qlustar-specific : no
CVE Id(s)        : see upstream description of individual package

This update includes several security related package updates from Debian/Ubuntu. The following list provides references to the upstream security report of the corresponding packages. You can view the original upstream advisory by clicking on the corresponding title.

OpenJDK 6/7 vulnerabilities

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network.

Alexander Cherepanov discovered that OpenJDK JRE was vulnerable to directory traversal issues with respect to handling jar files. An attacker could use this to expose sensitive data.

Florian Weimer discovered that the RSA implementation in the JCE component in OpenJDK JRE did not follow recommended practices for implementing RSA signatures. An attacker could use this to expose sensitive data.

A vulnerability was discovered in the OpenJDK JRE related to data integrity. An attacker could exploit this expose sensitive data over the network.

A vulnerability was discovered in the OpenJDK JRE related to availability. An attacker could exploit these to cause a denial of service.

PHP vulnerabilities

It was discovered that PHP incorrectly handled cleanup when used with Apache 2.4. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.

It was discovered that PHP incorrectly handled opening tar, zip or phar archives through the PHAR extension. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.

It was discovered that PHP incorrectly handled regular expressions. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.

Paulos Yibelo discovered that PHP incorrectly handled moving files when a pathname contained a null character. A remote attacker could use this issue to possibly bypass filename restrictions.

It was discovered that PHP incorrectly handled unserializing PHAR files. A remote attacker could use this issue to cause PHP to possibly expose sensitive information.

Taoguang Chen discovered that PHP incorrectly handled unserializing certain objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.

libx11, libxrender vulnerability

Abhishek Arya discovered that libX11 incorrectly handled memory in the MakeBigReq macro. A remote attacker could use this issue to cause applications to crash, resulting in a denial of service, or possibly execute arbitrary code.

In addition, following the macro fix in libx11, a number of other packages have also been rebuilt as security updates including libxrender, libxext, libxi, libxfixes, libxrandr, libsdl1.2, libxv, libxp, and xserver-xorg-video-vmware.

NTP vulnerabilities

Miroslav Lichvar discovered that NTP incorrectly validated MAC fields. A remote attacker could possibly use this issue to bypass authentication and spoof packets.

Miroslav Lichvar discovered that NTP incorrectly handled certain invalid packets. A remote attacker could possibly use this issue to cause a denial of service.

Juergen Perlinger discovered that NTP incorrectly generated MD5 keys on big-endian platforms. This issue could either cause ntp-keygen to hang, or could result in non-random keys.

dpkg vulnerability

Jann Horn discovered that dpkg incorrectly validated signatures when extracting local source packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could bypass signature verification checks.

GnuPG vulnerabilities

Daniel Genkin, Lev Pachmanov, Itamar Pipman, and Eran Tromer discovered that GnuPG was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys.

Daniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was susceptible to an attack via physical side channels. A local attacker could use this attack to possibly recover private keys.

Hanno Böck discovered that GnuPG incorrectly handled certain malformed keyrings. If a user or automated system were tricked into opening a malformed keyring, a remote attacker could use this issue to cause GnuPG to crash, resulting in a denial of service, or possibly execute arbitrary code.

In addition, this update improves GnuPG security by validating that the keys returned by keyservers match those requested.

GnuTLS vulnerabilities

It was discovered that GnuTLS did not perform date and time checks on CA certificates, contrary to expectations. This issue only affected Ubuntu 10.04 LTS.

Nikos Mavrogiannopoulos discovered that GnuTLS incorrectly verified that signature algorithms matched. A remote attacker could possibly use this issue to downgrade to a disallowed algorithm.

It was discovered that GnuTLS incorrectly verified certificate algorithms. A remote attacker could possibly use this issue to downgrade to a disallowed algorithm.

OpenSSL vulnerabilities

It was discovered that OpenSSL incorrectly handled malformed EC private key files. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service, or execute arbitrary code.

Stephen Henson discovered that OpenSSL incorrectly handled comparing ASN.1 boolean types. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service.

Emilia Käsper discovered that OpenSSL incorrectly handled ASN.1 structure reuse. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service, or execute arbitrary code.

Brian Carpenter discovered that OpenSSL incorrectly handled invalid certificate keys. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service.

Michal Zalewski discovered that OpenSSL incorrectly handled missing outer ContentInfo when parsing PKCS#7 structures. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service, or execute arbitrary code.

Robert Dugal and David Ramos discovered that OpenSSL incorrectly handled decoding Base64 encoded data. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service, or execute arbitrary code.

Sean Burford and Emilia Käsper discovered that OpenSSL incorrectly handled specially crafted SSLv2 CLIENT-MASTER-KEY messages. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service.

PHP vulnerabilities

Thomas Jarosch discovered that PHP incorrectly limited recursion in the fileinfo extension. A remote attacker could possibly use this issue to cause PHP to consume resources or crash, resulting in a denial of service.

S. Paraschoudis discovered that PHP incorrectly handled memory in the enchant binding. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.

Taoguang Chen discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.

It was discovered that PHP incorrectly handled memory in the phar extension. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following Qlustar package versions in addition to the package versions mentioned in the upstream reports (follow the Qlustar Update Guide):

qlustar-module-core-trusty-amd64-9.0.1     9.0.1.3-b448f967
qlustar-module-core-wheezy-amd64-9.0.1     9.0.1.3-b448f967
qlustar-module-core-precise-amd64-8.1.2    8.1.2.8-b440f968
qlustar-module-core-wheezy-amd64-8.1.2     8.1.2.8-b440f968
glqxz9283 sfy39587stf02 mnesdcuix8
sfy39587stf03
sfy39587p08