User login
Qlustar: Install and enjoy!

[QSA-1124152] Security Bundle

Qlustar Security Advisory 1124152

November 24, 2015


Summary:

Security bundle. A Qlustar security bundle is a cumulative update of packages that are taken from upstream Debian/Ubuntu without modification. Only packages that are used in a typical HPC/Storage cluster installation are mentioned in Qlustar Security Advisories. Other non-HPC related updates also enter the Qlustar repository, but their functionality is not separately verified by the Qlustar team. To track these updates subscribe to the general security mailing lists of Debian/Ubuntu.


    Package(s)       : see upstream description of individual package
    Qlustar releases : 9.0
    Affected versions: All versions prior to this update
    Vulnerability    : see upstream description of individual package
    Problem type     : see upstream description of individual package
    Qlustar-specific : no
    CVE Id(s)        : see upstream description of individual package
  

This update includes several security related package updates from Debian/Ubuntu. The following list provides references to the upstream security report of the corresponding packages. You can view the original upstream advisory by clicking on the corresponding title.

libxml2 vulnerabilities

Florian Weimer discovered that libxml2 incorrectly handled certain XML data. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause resource consumption, resulting in a denial of service.

Michal Zalewski discovered that libxml2 incorrectly handled certain XML data. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service.

Kostya Serebryany discovered that libxml2 incorrectly handled certain XML data. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code.

Gustavo Grieco discovered that libxml2 incorrectly handled certain XML data. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service.

NSS vulnerability

Tyson Smith and David Keeler discovered that NSS incorrectly handled decoding certain ASN.1 data. An remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.

PHP vulnerability

It was discovered that the PHP phar extension incorrectly handled certain files. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service.

NTP vulnerabilities

Aleksis Kauppinen discovered that NTP incorrectly handled certain remote config packets. In a non-default configuration, a remote authenticated attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service.

Miroslav Lichvar discovered that NTP incorrectly handled logconfig directives. In a non-default configuration, a remote authenticated attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service.

Miroslav Lichvar discovered that NTP incorrectly handled certain statistics types. In a non-default configuration, a remote authenticated attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service.

Miroslav Lichvar discovered that NTP incorrectly handled certain file paths. In a non-default configuration, a remote authenticated attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service, or overwrite certain files.

Miroslav Lichvar discovered that NTP incorrectly handled certain packets. A remote attacker could possibly use this issue to cause NTP to hang, resulting in a denial of service.

Aanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that NTP incorrectly handled restarting after hitting a panic threshold. A remote attacker could possibly use this issue to alter the system time on clients.

It was discovered that NTP incorrectly handled autokey data packets. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service, or possibly execute arbitrary code.

It was discovered that NTP incorrectly handled memory when processing certain autokey messages. A remote attacker could possibly use this issue to cause NTP to consume memory, resulting in a denial of service.

Aanchal Malhotra, Isaac E. Cohen, and Sharon Goldberg discovered that NTP incorrectly handled rate limiting. A remote attacker could possibly use this issue to cause clients to stop updating their clock.

Yves Younan discovered that NTP incorrectly handled logfile and keyfile directives. In a non-default configuration, a remote authenticated attacker could possibly use this issue to cause NTP to enter a loop, resulting in a denial of service.

Yves Younan and Aleksander Nikolich discovered that NTP incorrectly handled ascii conversion. A remote attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service, or possibly execute arbitrary code.

Yves Younan discovered that NTP incorrectly handled reference clock memory. A malicious refclock could possibly use this issue to cause NTP to crash, resulting in a denial of service, or possibly execute arbitrary code.

John D "Doug" Birdwell discovered that NTP incorrectly handled decoding certain bogus values. An attacker could possibly use this issue to cause NTP to crash, resulting in a denial of service.

Stephen Gray discovered that NTP incorrectly handled symmetric association authentication. A remote attacker could use this issue to possibly bypass authentication and alter the system clock.

PHP vulnerabilities

It was discovered that the PHP phar extension incorrectly handled certain files. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service.

It was discovered that the PHP phar extension incorrectly handled certain filepaths. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.

Taoguang Chen discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.

Sean Heelan discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.

It was discovered that the PHP phar extension incorrectly handled certain archives. A remote attacker could use this issue to cause files to be placed outside of the destination directory.

Andrea Palazzo discovered that the PHP Soap client incorrectly validated data types. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.

It was discovered that the PHP XSLTProcessor class incorrectly handled certain data. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service.

rpcbind vulnerability

It was discovered that rpcbind incorrectly handled certain memory structures. A remote attacker could use this issue to cause rpcbind to crash, resulting in a denial of service, or possibly execute arbitrary code.

QEMU vulnerabilities

Lian Yihan discovered that QEMU incorrectly handled certain payload messages in the VNC display driver. A malicious guest could use this issue to cause the QEMU process to hang, resulting in a denial of service.

Qinghao Tang discovered that QEMU incorrectly handled receiving certain packets in the NE2000 network driver. A malicious guest could use this issue to cause the QEMU process to hang, resulting in a denial of service.

Qinghao Tang discovered that QEMU incorrectly handled receiving certain packets in the NE2000 network driver. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process.

Qinghao Tang discovered that QEMU incorrectly handled transmit descriptor data when sending network packets. A malicious guest could use this issue to cause the QEMU process to hang, resulting in a denial of service.

Qinghao Tang discovered that QEMU incorrectly handled ATAPI command permissions. A malicious guest could use this issue to cause the QEMU process to crash, resulting in a denial of service.

Bind vulnerability

Hanno Böck discovered that Bind incorrectly handled certain malformed keys when configured to perform DNSSEC validation. A remote attacker could use this issue with specially crafted zone data to cause Bind to crash, resulting in a denial of service.

GnuTLS vulnerabilities

It was discovered that GnuTLS incorrectly handled parsing CRL distribution points. A remote attacker could possibly use this issue to cause a denial of service, or execute arbitrary code.

Kurt Roeckx discovered that GnuTLS incorrectly handled a long DistinguishedName (DN) entry in a certificate. A remote attacker could possibly use this issue to cause a denial of service, or execute arbitrary code.

QEMU vulnerabilities

It was discovered that QEMU incorrectly handled a PRDT with zero complete sectors in the IDE functionality. A malicious guest could possibly use this issue to cause a denial of service.

Donghai Zhu discovered that QEMU incorrectly handled the RTL8139 driver. A malicious guest could possibly use this issue to read sensitive information from arbitrary host memory.

Donghai Zhu discovered that QEMU incorrectly handled unplugging emulated block devices. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process.

Qinghao Tang and Mr. Zuozhi discovered that QEMU incorrectly handled memory in the VNC display driver. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process.

It was discovered that QEMU incorrectly handled the virtio-serial device. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process.

OpenSSH vulnerabilities

Moritz Jodeit discovered that OpenSSH incorrectly handled usernames when using PAM authentication. If an additional vulnerability were discovered in the OpenSSH unprivileged child process, this issue could allow a remote attacker to perform user impersonation.

Moritz Jodeit discovered that OpenSSH incorrectly handled context memory when using PAM authentication. If an additional vulnerability were discovered in the OpenSSH unprivileged child process, this issue could allow a remote attacker to bypass authentication or possibly execute arbitrary code.

Jann Horn discovered that OpenSSH incorrectly handled time windows for X connections. A remote attacker could use this issue to bypass certain access restrictions.

It was discovered that OpenSSH incorrectly handled keyboard-interactive authentication. In a non-default configuration, a remote attacker could possibly use this issue to perform a brute-force password attack.

PCRE vulnerabilities

Michele Spagnuolo discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code.

Kai Lu discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code.

It was discovered that PCRE incorrectly handled certain regular expressions. A remote attacker could use this issue to cause applications using PCRE to crash, resulting in a denial of service, or possibly execute arbitrary code.

Bind vulnerability

Jonathan Foote discovered that Bind incorrectly handled certain TKEY queries. A remote attacker could use this issue with a specially crafted packet to cause Bind to crash, resulting in a denial of service.

QEMU vulnerabilities

Matt Tait discovered that QEMU incorrectly handled PIT emulation. In a non-default configuration, a malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process.

Kevin Wolf discovered that QEMU incorrectly handled processing ATAPI commands. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process.

Zhu Donghai discovered that QEMU incorrectly handled the SCSI driver. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process.

Apache HTTP Server vulnerabilities

It was discovered that the Apache HTTP Server incorrectly parsed chunk headers. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks.

It was discovered that the Apache HTTP Server incorrectly handled the ap_some_auth_required API. A remote attacker could possibly use this issue to bypass intended access restrictions.

NSS vulnerabilities

Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property.

Watson Ladd discovered that NSS incorrectly handled Elliptical Curve Cryptography (ECC) multiplication. A remote attacker could possibly use this issue to spoof ECDSA signatures.

As a security improvement, this update modifies NSS behaviour to reject DH key sizes below 768 bits, preventing a possible downgrade attack. It also refreshes the NSS package to version 3.19.2 which includes the latest CA certificate bundle.

Bind vulnerability

Breno Silveira Soares discovered that Bind incorrectly handled certain zone data when configured to perform DNSSEC validation. A remote attacker could use this issue with specially crafted zone data to cause Bind to crash, resulting in a denial of service.

PHP vulnerabilities

Neal Poole and Tomas Hoger discovered that PHP incorrectly handled NULL bytes in file paths. A remote attacker could possibly use this issue to bypass intended restrictions and create or obtain access to sensitive files.

Emmanuel Law discovered that the PHP phar extension incorrectly handled filenames starting with a NULL byte. A remote attacker could use this issue with a crafted tar archive to cause a denial of service.

Max Spelsberg discovered that PHP incorrectly handled the LIST command when connecting to remote FTP servers. A malicious FTP server could possibly use this issue to execute arbitrary code.

Shusheng Liu discovered that PHP incorrectly handled certain malformed form data. A remote attacker could use this issue with crafted form data to cause CPU consumption, leading to a denial of service.

Andrea Palazzo discovered that the PHP Soap client incorrectly validated data types. A remote attacker could use this issue with crafted serialized data to possibly execute arbitrary code.

Andrea Palazzo discovered that the PHP Soap client incorrectly validated that the uri property is a string. A remote attacker could use this issue with crafted serialized data to possibly obtain sensitive information.

Taoguang Chen discovered that PHP incorrectly validated data types in multiple locations. A remote attacker could possibly use these issues to obtain sensitive information or cause a denial of service.

It was discovered that PHP incorrectly handled table names in php_pgsql_meta_data. A local attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service.

Python vulnerabilities

It was discovered that multiple Python protocol libraries incorrectly limited certain data when connecting to servers. A malicious ftp, http, imap, nntp, pop or smtp server could use this issue to cause a denial of service.

It was discovered that the Python xmlrpc library did not limit unpacking gzip-compressed HTTP bodies. A malicious server could use this issue to cause a denial of service.

It was discovered that the Python json module incorrectly handled a certain argument. An attacker could possibly use this issue to read arbitrary memory and expose sensitive information.

It was discovered that the Python CGIHTTPServer incorrectly handled URL-encoded path separators in URLs. A remote attacker could use this issue to expose sensitive information, or possibly execute arbitrary code.

It was discovered that Python incorrectly handled sizes and offsets in buffer functions. An attacker could possibly use this issue to read arbitrary memory and obtain sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following Qlustar package versions in addition to the package versions mentioned in the upstream reports (follow the Qlustar Update Guide):

    qlustar-module-core-trusty-amd64-9.0.1     9.0.1.6-b451f984
    qlustar-module-core-wheezy-amd64-9.0.1     9.0.1.6-b451f984
  
glqxz9283 sfy39587stf02 mnesdcuix8
sfy39587stf03
sfy39587p08