Huzaifa Sidhpurwala

**Nome do software vulnerável e versões afetadas** Versões do Pacemaker anteriores à 1.1.24-rc1 Versões do Pacemaker anteriores à 2.0.5-rc2 **Descrição** O problema está relacionado a uma falha de contorno de ACL no Pacemaker, que poderia permitir que um invasor com uma conta local no cluster e no grupo haclient utilizasse a comunicação IPC diretamente com vários daemons, realizando tarefas que seriam impedidas pelas ACLs se fossem executadas pela configuração. Isso poderia potencialmente levar ao acesso não autorizado a informações confidenciais ou causar uma negação de serviço. **Recomendações** Para versões do Pacemaker anteriores à 1.1.24-rc1, atualize para a versão 1.1.24-rc1 ou posterior para resolver o problema. Para versões do Pacemaker anteriores à 2.0.5-rc2, atualize para a versão 2.0.5-rc2 ou posterior para resolver o problema. Como solução alternativa temporária, considere restringir o acesso ao grupo haclient e limitar a comunicação IPC com daemons para minimizar o risco de exploração.

**Name of the Vulnerable Software and Affected Versions** Firefox ESR versions prior to 52.7.2 Firefox versions prior to 59.0.1 **Description** The issue is related to the libtremor library, which has a flaw similar to a previously known issue. This library is utilized by Firefox on Android and ARM platforms as a replacement for libvorbis. **Recommendations** For Firefox ESR versions prior to 52.7.2, update to version 52.7.2 or later. For Firefox versions prior to 59.0.1, update to version 59.0.1 or later.

**Name of the Vulnerable Software and Affected Versions** libevent versions prior to 2.1.6-beta **Description** The issue is related to a stack-based buffer overflow in the `evutil parse sockaddr port` function, which can be exploited by attackers to cause a denial of service, resulting in a segmentation fault. This can be achieved by providing a long string in brackets in the `ip as string` argument. The vulnerability allows remote attackers to disrupt service. **Recommendations** For versions prior to 2.1.6-beta, update to version 2.1.6-beta or later to resolve the issue. As a temporary workaround, consider restricting input to the `evutil parse sockaddr port` function to prevent long strings in brackets from being processed.

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions prior to 1.0.1o OpenSSL versions prior to 1.0.2c **Description** The issue is caused by a buffer overflow in the ASN.1 implementation, allowing remote attackers to execute arbitrary code or cause a denial of service via a crafted ANY field in serialized data. This can lead to memory corruption. The vulnerability is related to the misinterpretation of large universal tags as negative zero values in ANY structures. **Recommendations** For versions prior to 1.0.1o, update to version 1.0.1o or later. For versions prior to 1.0.2c, update to version 1.0.2c or later. As a temporary workaround, consider restricting the use of the `d2i ASN1 TYPE` function until a patch is available. Avoid deserializing untrusted ASN.1 structures containing an ANY field to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Squid versions 3.4.4 through 3.4.11 Squid versions 3.5.0.1 through 3.5.1 **Description** The issue allows remote authenticated users to retain access by leveraging a stale nonce when Digest authentication is used. **Recommendations** For Squid versions 3.4.4 through 3.4.11, update to a version outside of this range to resolve the issue. For Squid versions 3.5.0.1 through 3.5.1, update to a version outside of this range to resolve the issue. As a temporary workaround, consider disabling Digest authentication until a patch is available.

**Name of the Vulnerable Software and Affected Versions** libtar versions prior to 1.2.20 **Description** The issue is related to multiple integer overflows in the `th read` function in `lib/block.c` in libtar, which can lead to a denial of service (crash) and possibly allow remote attackers to execute arbitrary code via a long name or link in an archive, triggering a heap-based buffer overflow. Exploitation of this issue can be done remotely and may result in the disruption of confidentiality, integrity, and availability of protected information. **Recommendations** For versions prior to 1.2.20, update to version 1.2.20 or later to resolve the issue. As a temporary workaround, consider restricting access to the `th read` function in `lib/block.c` until a patch is available. Avoid using long names or links in archives to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Oracle MySQL versions 5.5.38 and earlier Oracle MySQL versions 5.6.19 and earlier MariaDB versions 5.5.28a and earlier MariaDB version 5.3.11 MariaDB version 5.2.13 MariaDB version 5.1.66 **Description** The issue allows remote attackers to enumerate valid usernames by generating different error messages with different time delays depending on whether a user name exists. **Recommendations** For Oracle MySQL versions 5.5.38 and earlier, update to a version later than 5.5.38 to resolve the issue. For Oracle MySQL versions 5.6.19 and earlier, update to a version later than 5.6.19 to resolve the issue. For MariaDB versions 5.5.28a and earlier, consider updating to a newer version to mitigate the risk. For MariaDB version 5.3.11, consider updating to a newer version to mitigate the risk. For MariaDB version 5.2.13, consider updating to a newer version to mitigate the risk. For MariaDB version 5.1.66, consider updating to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the user enumeration functionality to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MySQL versions 5.5.19 and possibly other versions MariaDB versions 5.5.28a and possibly other versions **Description** The issue allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator, when configured to assign the FILE privilege to users who should not have administrative privileges. The vendor disputes this issue, stating that it is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. **Recommendations** For MySQL version 5.5.19, consider restricting the FILE privilege to only administrative users. For MariaDB version 5.5.28a, consider restricting the FILE privilege to only administrative users. As a temporary workaround, consider disabling the assignment of the FILE privilege to non-administrative users until a proper configuration is in place. Restrict access to sensitive files and directories to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Oracle MySQL versions 5.5.19 through 5.5.28 MariaDB versions 5.5.28a and possibly other versions **Description** A heap-based buffer overflow issue allows remote authenticated users to cause a denial of service, resulting in memory corruption and crash, and possibly execute arbitrary code. This can be demonstrated using various database commands, including `USE`, `SHOW TABLES`, `DESCRIBE`, `SHOW FIELDS FROM`, `SHOW COLUMNS FROM`, `SHOW INDEX FROM`, `CREATE TABLE`, `DROP TABLE`, `ALTER TABLE`, `DELETE FROM`, `UPDATE`, and `SET PASSWORD`. **Recommendations** For Oracle MySQL versions 5.5.19 through 5.5.28, update to a version outside of this range to resolve the issue. For MariaDB versions 5.5.28a and possibly other versions, consider restricting access to the affected database commands as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Oracle MySQL versions 5.1.53 through 5.1.66 Oracle MySQL versions 5.5.19 through 5.5.28 MariaDB versions 5.1.x through 5.1.66 MariaDB versions 5.2.x through 5.2.13 MariaDB versions 5.3.x through 5.3.11 MariaDB versions 5.5.2.x through 5.5.28a **Description** The issue is a stack-based buffer overflow in the `acl get` function, allowing remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command. **Recommendations** For Oracle MySQL versions 5.1.53 through 5.1.66, update to a version later than 5.1.66. For Oracle MySQL versions 5.5.19 through 5.5.28, update to a version later than 5.5.28. For MariaDB versions 5.1.x through 5.1.66, update to a version later than 5.1.66. For MariaDB versions 5.2.x through 5.2.13, update to a version later than 5.2.13. For MariaDB versions 5.3.x through 5.3.11, update to a version later than 5.3.11. For MariaDB versions 5.5.2.x through 5.5.28a, update to a version later than 5.5.28a.

**Name of the Vulnerable Software and Affected Versions** dracut versions in Red Hat Enterprise Linux 6, Fedora 16 and 17 **Description** The issue allows local users to potentially obtain sensitive information due to world-readable permissions in initramfs images created by dracut.sh. **Recommendations** For Red Hat Enterprise Linux 6, consider changing the permissions of initramfs images to prevent world-readable access. For Fedora 16 and 17, restrict access to the initramfs images until a fix is applied.

**Name of the Vulnerable Software and Affected Versions** OpenJPEG versions prior to 1.5.1 Gentoo Linux (affected versions not specified) **Description** The issue concerns multiple vulnerabilities in the OpenJPEG package that can be exploited remotely, potentially leading to breaches of confidentiality, integrity, and availability of protected information. Specifically, a heap-based buffer overflow in OpenJPEG 1.5.0 and earlier versions allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted JPEG2000 file. **Recommendations** For OpenJPEG versions prior to 1.5.1, update to version 1.5.1 or later to resolve the issue. For Gentoo Linux, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libTIFF versions 4.0.2 and earlier **Description** The issue is related to the `t2p read tiff init` function in `tiff2pdf` (tools/tiff2pdf.c) which does not properly initialize the T2P context struct pointer in certain error conditions. This allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers a heap-based buffer overflow. The vulnerability can be exploited remotely. **Recommendations** For libTIFF versions 4.0.2 and earlier, consider disabling the `t2p read tiff init` function until a patch is available to prevent potential exploitation. Restrict access to the `tiff2pdf` tool to minimize the risk of exploitation. Avoid using the `tiff2pdf` tool with untrusted TIFF images until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenJPEG versions 1.3 through 1.5 **Description** The issue allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted tile information in a Gray16 TIFF image. This is due to the `tcd free encode` function in `tcd.c` causing insufficient memory to be allocated, leading to an "invalid free." The vulnerability can be exploited remotely and may lead to a violation of confidentiality, integrity, and availability of protected information. **Recommendations** For OpenJPEG versions 1.3 through 1.5, update to version 1.5.1 or later to resolve the issue. At the moment, there is no information about other specific fixes for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenJPEG versions prior to 1.5.1 **Description** The issue is related to multiple heap-based buffer overflows in the `j2k read sot` function, which can be triggered by a crafted JPEG 2000 image file. This can cause a denial of service, leading to an application crash, and potentially allow the execution of arbitrary code. The exploitation can be done remotely, affecting the confidentiality, integrity, and availability of protected information. **Recommendations** For OpenJPEG versions prior to 1.5.1, update to version 1.5.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `j2k read sot` function in the `j2k.c` file until a patch is available. Avoid using crafted JPEG 2000 image files that may exploit the buffer overflows in the `j2k read sot` function.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 1.4.x through 1.4.11 Wireshark versions 1.6.x through 1.6.5 **Description** The issue allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference and application crash, via a malformed packet. This is due to a problem in the ANSI A dissector. **Recommendations** For Wireshark versions 1.4.x through 1.4.11, update to version 1.4.12 or later. For Wireshark versions 1.6.x through 1.6.5, update to version 1.6.6 or later.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 1.6.x through 1.6.5 **Description** The issue allows remote attackers to cause a denial of service, resulting in an infinite loop, via a crafted packet. This is related to the IEEE 802.11 dissector in the epan/dissectors/packet-ieee80211.c file. **Recommendations** For Wireshark versions 1.6.x through 1.6.5, update to version 1.6.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 1.4.x through 1.4.11 Wireshark versions 1.6.x through 1.6.5 **Description** The issue allows remote attackers to cause a denial of service, resulting in an application crash. This is achieved by sending a packet with an invalid pointer value, which triggers an incorrect memory-allocation attempt in the `mp2t process fragmented payload` function of the MP2T dissector. **Recommendations** For Wireshark versions 1.4.x through 1.4.11, update to version 1.4.12 or later. For Wireshark versions 1.6.x through 1.6.5, update to version 1.6.6 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 18.0.1025.142 **Description** The issue is caused by an off-by-one error in the OpenType Sanitizer, allowing remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted OpenType file. **Recommendations** For versions prior to 18.0.1025.142, update to version 18.0.1025.142 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 1.4.0 through 1.4.9 Wireshark versions 1.6.x before 1.6.3 **Description** The issue is related to a heap-based buffer overflow in the `erf read header` function in the ERF file parser. This can be exploited by remote attackers via a malformed file, leading to a denial of service (application crash). **Recommendations** For Wireshark versions 1.4.0 through 1.4.9, update to a version outside of this range to resolve the issue. For Wireshark versions 1.6.x before 1.6.3, update to version 1.6.3 or later to resolve the issue.