November 2017 - java-sig-commits - Fedora Mailing-Lists

[Bug 1459158] New: CVE-2017-5664 tomcat: Security constrained bypass in error page mechanism

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1459158 Bug ID: 1459158 Summary: CVE-2017-5664 tomcat: Security constrained bypass in error page mechanism Product: Security Response Component: vulnerability Keywords: Security Severity: high Priority: high Assignee: security-response-team(a)redhat.com Reporter: amaris(a)redhat.com CC: aileenc(a)redhat.com, alee(a)redhat.com, apintea(a)redhat.com, bkundal(a)redhat.com, bmaxwell(a)redhat.com, ccoleman(a)redhat.com, cdewolf(a)redhat.com, chazlett(a)redhat.com, csutherl(a)redhat.com, darran.lofthouse(a)redhat.com, dedgar(a)redhat.com, dimitris(a)redhat.com, dmcphers(a)redhat.com, dosoudil(a)redhat.com, felias(a)redhat.com, fgavrilo(a)redhat.com, gvarsami(a)redhat.com, gzaronik(a)redhat.com, hchiorea(a)redhat.com, hhorak(a)redhat.com, ivan.afonichev(a)gmail.com, java-sig-commits(a)lists.fedoraproject.org, jawilson(a)redhat.com, jclere(a)redhat.com, jcoleman(a)redhat.com, jdoyle(a)redhat.com, jgoulding(a)redhat.com, joelsmith(a)redhat.com, jolee(a)redhat.com, jondruse(a)redhat.com, jorton(a)redhat.com, jshepherd(a)redhat.com, kconner(a)redhat.com, krzysztof.daniel(a)gmail.com, ldimaggi(a)redhat.com, lgao(a)redhat.com, loleary(a)redhat.com, mbabacek(a)redhat.com, me(a)coolsvap.net, mizdebsk(a)redhat.com, myarboro(a)redhat.com, nwallace(a)redhat.com, pavelp(a)redhat.com, pgier(a)redhat.com, pjurak(a)redhat.com, ppalaga(a)redhat.com, psakar(a)redhat.com, pslavice(a)redhat.com, rnetuka(a)redhat.com, rstancel(a)redhat.com, rsvoboda(a)redhat.com, rwagner(a)redhat.com, spinder(a)redhat.com, sstavrev(a)redhat.com, tcunning(a)redhat.com, theute(a)redhat.com, tkirby(a)redhat.com, trick(a)vanstaveren.us, twalsh(a)redhat.com, vhalbert(a)redhat.com, vtunka(a)redhat.com, weli(a)redhat.com The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTT method. Tomcat's Default Servlet did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Affects: 7.0.0 to 7.0.77, 8.0.0.RC1 to 8.0.43, 8.5.0 to 8.5.14 Upstream fixes: Tomcat 7.x: https://svn.apache.org/viewvc?view=revision&revision=1793471 https://svn.apache.org/viewvc?view=revision&revision=1793491 Tomcat 8.0.x: https://svn.apache.org/viewvc?view=revision&revision=1793470 https://svn.apache.org/viewvc?view=revision&revision=1793489 Tomcat 8.5.x: https://svn.apache.org/viewvc?view=revision&revision=1793469 https://svn.apache.org/viewvc?view=revision&revision=1793488 External References: https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.78 https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.44 https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.15 -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 1 month

1
66
0 / 0

[Bug 1508129] New: CVE-2016-5004 xmlrpc: XSS in Content-Encoding HTTP header of xmlrpc

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1508129 Bug ID: 1508129 Summary: CVE-2016-5004 xmlrpc: XSS in Content-Encoding HTTP header of xmlrpc Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: psampaio(a)redhat.com CC: abhgupta(a)redhat.com, bmcclain(a)redhat.com, dbhole(a)redhat.com, dblechte(a)redhat.com, dwalluck(a)redhat.com, eedri(a)redhat.com, hhorak(a)redhat.com, java-maint(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jorton(a)redhat.com, krzysztof.daniel(a)gmail.com, kseifried(a)redhat.com, mgoldboi(a)redhat.com, michal.skrivanek(a)redhat.com, mizdebsk(a)redhat.com, msimacek(a)redhat.com, puntogil(a)libero.it, sbonazzo(a)redhat.com, sherold(a)redhat.com, sochotni(a)redhat.com, tiwillia(a)redhat.com, ykaul(a)redhat.com, ylavi(a)redhat.com The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as used in Apache Archiva allows remote attackers to cause a denial of service (resource consumption) by decompressing a large file containing zeroes. References: http://www.openwall.com/lists/oss-security/2016/07/12/5 https://0ang3el.blogspot.in/2016/07/beware-of-ws-xmlrpc-library-in-your.html -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 1 month

1
14
0 / 0

[Bug 1238245] New: maven-ear-plugin-2.10.1 is available

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1238245 Bug ID: 1238245 Summary: maven-ear-plugin-2.10.1 is available Product: Fedora Version: rawhide Component: maven-ear-plugin Keywords: FutureFeature, Triaged Assignee: huwang(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: huwang(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org Latest upstream release: 2.10.1 Current version/release in rawhide: 2.10-2.fc23 URL: http://repo2.maven.org/maven2/org/apache/maven/plugins/maven-ear-plugin/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=noRQkekdeg&a=cc_unsubscribe

6 years, 1 month

2
4
0 / 0

[Bug 1444759] New: CVE-2017-3523 mysql-connector-java: Connector/ J unspecified vulnerability (CPU Apr 2017)

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1444759 Bug ID: 1444759 Summary: CVE-2017-3523 mysql-connector-java: Connector/J unspecified vulnerability (CPU Apr 2017) Product: Security Response Component: vulnerability Keywords: Security Severity: high Priority: high Assignee: security-response-team(a)redhat.com Reporter: anemec(a)redhat.com CC: abhgupta(a)redhat.com, aileenc(a)redhat.com, avibelli(a)redhat.com, chazlett(a)redhat.com, coneill(a)redhat.com, databases-maint(a)redhat.com, gsterlin(a)redhat.com, gvarsami(a)redhat.com, hhorak(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jbalunas(a)redhat.com, jcoleman(a)redhat.com, jshepherd(a)redhat.com, kconner(a)redhat.com, kseifried(a)redhat.com, ldimaggi(a)redhat.com, mmuzila(a)redhat.com, mschorm(a)redhat.com, nwallace(a)redhat.com, puntogil(a)libero.it, rrajasek(a)redhat.com, rwagner(a)redhat.com, tcunning(a)redhat.com, tiwillia(a)redhat.com, tjay(a)redhat.com, tkirby(a)redhat.com, xjakub(a)fi.muni.cz Blocks: 1444415 Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.40 and eariler. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. External References: http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.ht... -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 1 month

1
17
0 / 0

[Bug 1444406] New: CVE-2017-3586 mysql-connector-java: Connector/ J unspecified vulnerability (CPU Apr 2017)

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1444406 Bug ID: 1444406 Summary: CVE-2017-3586 mysql-connector-java: Connector/J unspecified vulnerability (CPU Apr 2017) Product: Security Response Component: vulnerability Keywords: Security Severity: high Priority: high Assignee: security-response-team(a)redhat.com Reporter: amaris(a)redhat.com CC: abhgupta(a)redhat.com, aileenc(a)redhat.com, avibelli(a)redhat.com, chazlett(a)redhat.com, coneill(a)redhat.com, databases-maint(a)redhat.com, gsterlin(a)redhat.com, gvarsami(a)redhat.com, hhorak(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jbalunas(a)redhat.com, jcoleman(a)redhat.com, jshepherd(a)redhat.com, kconner(a)redhat.com, kseifried(a)redhat.com, ldimaggi(a)redhat.com, mmuzila(a)redhat.com, mschorm(a)redhat.com, nwallace(a)redhat.com, puntogil(a)libero.it, rrajasek(a)redhat.com, rwagner(a)redhat.com, tcunning(a)redhat.com, tiwillia(a)redhat.com, tjay(a)redhat.com, tkirby(a)redhat.com, xjakub(a)fi.muni.cz Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.41 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. While the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data. External References: http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.ht... -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 1 month

1
11
0 / 0

[Bug 1444407] New: CVE-2017-3589 mysql-connector-java: Connector/ J unspecified vulnerability (CPU Apr 2017)

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1444407 Bug ID: 1444407 Summary: CVE-2017-3589 mysql-connector-java: Connector/J unspecified vulnerability (CPU Apr 2017) Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: amaris(a)redhat.com CC: abhgupta(a)redhat.com, aileenc(a)redhat.com, avibelli(a)redhat.com, chazlett(a)redhat.com, coneill(a)redhat.com, databases-maint(a)redhat.com, gsterlin(a)redhat.com, gvarsami(a)redhat.com, hhorak(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jbalunas(a)redhat.com, jcoleman(a)redhat.com, jshepherd(a)redhat.com, kconner(a)redhat.com, kseifried(a)redhat.com, ldimaggi(a)redhat.com, mmuzila(a)redhat.com, mschorm(a)redhat.com, nwallace(a)redhat.com, puntogil(a)libero.it, rrajasek(a)redhat.com, rwagner(a)redhat.com, tcunning(a)redhat.com, tiwillia(a)redhat.com, tjay(a)redhat.com, tkirby(a)redhat.com, xjakub(a)fi.muni.cz Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.41 and earlier. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data. External References: http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.ht... -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 1 month

1
15
0 / 0

[Bug 1291292] New: CVE-2015-5254 activemq: unsafe deserialization

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1291292 Bug ID: 1291292 Summary: CVE-2015-5254 activemq: unsafe deserialization Product: Security Response Component: vulnerability Keywords: Security Severity: high Priority: high Assignee: security-response-team(a)redhat.com Reporter: mprpic(a)redhat.com CC: abhgupta(a)redhat.com, agrimm(a)redhat.com, aileenc(a)redhat.com, ccoleman(a)redhat.com, chazlett(a)redhat.com, dmcphers(a)redhat.com, gvarsami(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jcoleman(a)redhat.com, jialiu(a)redhat.com, joelsmith(a)redhat.com, jokerman(a)redhat.com, kconner(a)redhat.com, kseifried(a)redhat.com, ldimaggi(a)redhat.com, lmeyer(a)redhat.com, mmccomas(a)redhat.com, nwallace(a)redhat.com, pavelp(a)redhat.com, puntogil(a)libero.it, rwagner(a)redhat.com, soa-p-jira(a)post-office.corp.redhat.com, s(a)shk.io, tcunning(a)redhat.com, tdawson(a)redhat.com, tiwillia(a)redhat.com, tkirby(a)redhat.com JMS Object messages depends on Java Serialization for marshaling/unmashaling of the message payload. There are a couple of places inside the broker where deserialization can occur, like web console or stomp object message transformation. As deserialization of untrusted data can leaed to security flaws as demonstrated in various reports, this leaves the broker vunerable to this attack vector. Additionally, applications that consume ObjectMessage type of messages can be vunerable as they deserlize objects on ObjectMessage.getObject() calls. This issue was fixed upstream in Apache ActiveMQ 5.13.0. Additionally, when using ObjectMessage message type, you need to explicitly list trusted packages. To see how to do that, please take a look at: http://activemq.apache.org/objectmessage.html External References: http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announc... -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=gmTDQZJf60&a=cc_unsubscribe

6 years, 1 month

2
39
0 / 0

[Bug 1418717] New: CVE-2017-2606 jenkins: Internal API allowed access to item names that should not be visible ( SECURITY-380)

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1418717 Bug ID: 1418717 Summary: CVE-2017-2606 jenkins: Internal API allowed access to item names that should not be visible (SECURITY-380) Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: anemec(a)redhat.com CC: abhgupta(a)redhat.com, bleanhar(a)redhat.com, ccoleman(a)redhat.com, dedgar(a)redhat.com, dmcphers(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jgoulding(a)redhat.com, jkeck(a)redhat.com, joelsmith(a)redhat.com, kseifried(a)redhat.com, mizdebsk(a)redhat.com, msrb(a)redhat.com, tdawson(a)redhat.com, tiwillia(a)redhat.com The following flaw was found in Jenkins: The method Jenkins#getItems() included a performance optimization that resulted in all items being returned if the Logged in users can do anything authorization strategy was used, and no access was granted to anonymous users (an option added in Jenkins 2.0). This only affects anonymous users (other users legitimately have access) that were able to get a list of items via an UnprotectedRootAction. External References: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+20... Upstream patch: https://github.com/jenkinsci/jenkins/commit/09cfbc9cd5c9df7c763bc976b7f5c... -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 1 month

1
5
0 / 0

[Bug 1493189] New: CVE-2017-14228 nasm: NULL pointer dereference in the paste_tokens function

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1493189 Bug ID: 1493189 Summary: CVE-2017-14228 nasm: NULL pointer dereference in the paste_tokens function Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: anemec(a)redhat.com CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msimacek(a)redhat.com In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function paste_tokens() in preproc.c, aka a NULL pointer dereference. It will lead to a denial of service. Upstream issue: https://bugzilla.nasm.us/show_bug.cgi?id=3392423 -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 1 month

1
2
0 / 0

[Bug 1493190] New: CVE-2017-14228 nasm: NULL pointer dereference in the paste_tokens function [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1493190 Bug ID: 1493190 Summary: CVE-2017-14228 nasm: NULL pointer dereference in the paste_tokens function [fedora-all] Product: Fedora Version: 26 Component: nasm Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: mizdebsk(a)redhat.com Reporter: anemec(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msimacek(a)redhat.com This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 1 month

1
5
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

java-sig-commits November 2017