SecurityFocus

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

This email refers to the advisory found at
https://confluence.atlassian.com/x/qVcGO and
https://confluence.atlassian.com/x/plcGO .

CVE ID:

* CVE-2017-14591.

Product: Fisheye and Crucible.

Affected Fisheye and Crucible product versions:

version < 4.4.3
4.5.0 <= version < 4.5.1

Fixed Fisheye and Crucible product versions:

* for 4.4.x, Fisheye 4.4.3 has been released with a fix for this issue.
* for 4.4.x, Crucible 4.4.3 has been released with a fix for this issue.
* for 4.5.x, Fisheye 4.5.1 has been released with a fix for this issue.
* for 4.5.x, Crucible 4.5.1 has been released with a fix for this issue.

Summary:
This advisory discloses a critical severity security vulnerability which affects
Fisheye and Crucible.
Versions of Fisheye and Crucible before version 4.4.3 (the fixed version for
4.4.x) and from version 4.5.0 before 4.5.1 (the fixed version for 4.5.x) are
affected by this vulnerability.

Customers who have upgraded their Fisheye and Crucible installations to version
4.4.3 or 4.5.1 are not affected.

Customers who have downloaded and installed Fisheye or Crucible less than 4.4.3
(the fixed version for 4.4.x) or who have downloaded and installed
Fisheye or Crucible >= 4.5.0 but less than 4.5.1 (the fixed version for 4.5.x)
please upgrade your Fisheye and Crucible installations immediately to fix
this vulnerability.

Argument injection in Mercurial repository handling (CVE-2017-8907)

Severity:
Atlassian rates the severity level of this vulnerability as critical, according
to the scale published in our Atlassian severity levels. The scale allows us to
rank the severity as critical, high, moderate or low.
This is our assessment and you should evaluate its applicability to your own IT
environment.

Description:

Fisheye and Crucible did not check that the name of a file in a Mercurial
repository contained argument parameters. An attacker who has permission to add
a repository or commit to a mercurial repository tracked by Fisheye or Crucible,
can execute code of their choice on systems that run a vulnerable version of
Fisheye or Crucible. All versions of Fisheye and Crucible before 4.4.3 (the
fixed version for 4.4.x) and from 4.5.0 before 4.5.1 (the fixed version for
4.5.x) are affected by this vulnerability.
This issue can be tracked for Fisheye at:
https://jira.atlassian.com/browse/FE-6955 .
This issue can be tracked for Crucible at
https://jira.atlassian.com/browse/CRUC-8121 .

Fix:

To address this issue, we’ve released the following versions containing a fix:

* Fisheye version 4.4.3
* Crucible version 4.4.3
* Fisheye version 4.5.1
* Crucible version 4.5.1

Remediation:

Upgrade Fisheye and Crucible to version 4.5.1 or higher.

The vulnerabilities and fix versions are described above. If affected, you
should upgrade to the latest version immediately.

If you are running Fisheye or Crucible 4.4.x and cannot upgrade to 4.5.1,
upgrade to version 4.4.3.

For a full description of the latest version of Fisheye, see
the release notes found at
https://confluence.atlassian.com/display/FISHEYE/Fisheye+releases. You can
download the latest version of Fisheye from the download centre found at
https://www.atlassian.com/software/fisheye/download.

For a full description of the latest version of Crucible, see
the release notes found at
https://confluence.atlassian.com/display/CRUCIBLE/Crucible+releases. You can
download the latest version of Crucible from the download centre found at
https://www.atlassian.com/software/crucible/download.

Support:
If you have questions or concerns regarding this advisory, please raise a
support request at https://support.atlassian.com/.
—–BEGIN PGP SIGNATURE—–

iQI0BAEBCgAeBQJaJLq+FxxzZWN1cml0eUBhdGxhc3NpYW4uY29tAAoJECQgl6K8
UnagtKAP/A5xpD9gRXcHJMivV2dLJjim3goiVJWsQbWivRxJbRiWfs8QsJx58gre
luxCYFBw9liGtuBWL1cMYEugoR0X/hYSx2HrrC0n2A8xxZJJC/y3n8xuaONOdD1o
rLRQn5oBuPVMcfqSLeYkY5PBjn3EhE8BGtDZTaiz95tK8efHWbwISF3+b+RfLRDJ
zad3FPF51mw+ULTWkuF9KVIlUEAx3k4FOY8vvBsQYR0/9nSbYYtx7ktw+jnj2+lL
SGuQJofvc/Mkwo3Rngc82Ej9glDyuxSD7KDlijfJiGuFo+i1qHv5jzCmVfY3JzKi
KXpiq7iupmXtYyDUJMZLCpoWrlSEw5x7hY2e3+GRKOE+KUru9tlqS6y/6aEfRTF9
Bzw6rGph10TnhwcbAOLC31HmF5JNXwyqZbvJRv48d/8/UGaFIMV09robDCdITPL6
uIVsN90zrKSSW2e6Gav6/hDl9yqqvNSHBwOmGmZKTkVy5MfuFMU7ifWmX0n65udD
jciGQoGlAvVsuo91hR0k6qEhPUa7PdEjK8uEYFilMX6rHpkCrnEu9w0NE1ExaKn/
o7DGviGfggOCtweAeK8pfvZ4CnpRyWDQEzlvy9wCaFMM08l/UGOK8HI/RxQOAqzT
QU1T86okqJSDEaTpYzwDkm1lOERcnYscknwzR1KOSXquR9j83qNC
=dAlh
—–END PGP SIGNATURE—–

[ reply ]

SecurityFocus

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– ————————————————————————

Debian Security Advisory DSA-4062-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
December 10, 2017 https://www.debian.org/security/faq
– ————————————————————————

Package : firefox-esr
CVE ID : CVE-2017-7843

It discovered that the Private Browsing mode in the Mozilla Firefox
web browser allowed to fingerprint a user across multiple sessions
via IndexedDB.

For the oldstable distribution (jessie), this problem has been fixed
in version 52.5.2esr-1~deb8u1.

For the stable distribution (stretch), this problem has been fixed in
version 52.5.2esr-1~deb9u1.

We recommend that you upgrade your firefox-esr packages.

For the detailed security status of firefox-esr please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/firefox-esr

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce (at) lists.debian (dot) org [email concealed]
—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlotqZsACgkQEMKTtsN8
TjYmLQ//cDxBT+VUStFs5U7B8CbAthSZnu8Thgfc+7pCBQunPUMbD6MH/mIvDQz/
7nn1qgvg1M/CpiQjFshaPRCWjiAaVyJUZNlKdESdKMtzObAK1rLbdb0pLUbbN+t8
1I9Cvrov43dKkqSIgUtKkfCu3V7khjchBw0yuAtnpeCvc2rEXOf7j5hI+xUqlY2E
HeFJurpTq5qs9LEr2Mv/x83L4Zfrfz+lbvQo6yYMKsLeObTXbq0UoKL8KC2ljUIZ
onNJBtzeNTWx1/qzZNSkzSGo+XlsuCuVe3pjwtFZErYP2be+rtQ5Roo9+C+v8c5Q
BmsjXTIywMv4Url4K//yiSd5LNDB+oan6Yup+56CVblqAf0Pk38fcMzQz/MIin/Q
/GoFc7dx9sf8hA6Em9K/XqrByyFA5UazU8N/xWzRgD3UKugBLwO9g6oI4JR9rC/+
NPNjZavgbrzLW5s0L9bDFj4W9XZmKVIRnUVt4b/BflB8JnPmMLPsKib1xxlxIi94
vWlVuxUS2twM5HjzjjfKMTIujcz21zAmJ7vXEnctw/ylvyhCVo/JkhEPRuuo3EbF
g8zp9xcGFKZ1BklrpabchRfHfACydJnYCRPJi6MDFwbbGMcDMRAG1Cqp65FN/u6X
EveKzhBea0V0xjq9AWs6RINDkb6mGaQXhUshi0jWPEmILXfPsbM=
=QZ0/
—–END PGP SIGNATURE—–

[ reply ]

SecurityFocus

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– ————————————————————————

Debian Security Advisory DSA-4061-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
December 10, 2017 https://www.debian.org/security/faq
– ————————————————————————

Package : thunderbird
CVE ID : CVE-2017-7826 CVE-2017-7828 CVE-2017-7830

Multiple security issues have been found in Thunderbird, which may lead
to the execution of arbitrary code or denial of service.

For the oldstable distribution (jessie), these problems have been fixed
in version 1:52.5.0-1~deb8u1.

For the stable distribution (stretch), these problems have been fixed in
version 1:52.5.0-1~deb9u1.

We recommend that you upgrade your thunderbird packages.

For the detailed security status of thunderbird please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/thunderbird

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce (at) lists.debian (dot) org [email concealed]
—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlotqZMACgkQEMKTtsN8
TjaEhw//SF0LoE1dmuau5MeR9weQF5pYEtEr5ys20/n+J2nCcPeDE1SfUM3yDHZS
u4+Tz5e8E2lciiMjkgFXOCzQ3hiiotxLD7ovH8Czjxo70hj7cazBWe8X2+Jrk3a2
tECbFQ9LnWpadUDprT7FEpzhJMCmd3Asw4thx/U0im79msesBX3KqLbZ1A/SVu4e
WUAYrNaEGT1OyqN5tTb2u4r1CYnxpNukI8LRv/qgrMpFfjvlGanBn9NMo25umDTP
qC4T+DPgl7n9Lyhy40qJBAgdl7ep2NO36adKq+anMXVSHPuwszNwN9zHnc15+7i0
HlxilJq+lToS8TFC0TYRo5Yq2XsWXiFiYg/r+BwuSraLOsuY2Xn64ShzmbHBn34Z
8W2WYVROUTvVepHhveLrK8XPMTS8pUOKAUE144UCPwSrlu27acVtLMvJvGNWMmIH
nLQYWJDxhIiw6EiOogKLPjt+pPpJdaOuVLD/zlaDVrFlw/VkpDyTQgWZLZBGW5cx
TYPTfCvcZR2Mrd5MrdGtsBnSPb//tlOryZ1vdw0hmdGb3coZWaFCQvjSv4kdXxQ7
aIpp9/ufSksW1ghA0a538uMGX7MgnPrvusFQB1pXlZVdNqzbiH4kbLWacHyKbAJY
Z/FIj1wosIHx0cdsjgRHtpYKEw4dSRIwkfMYRVXaTyoNm8zibvM=
=qQFx
—–END PGP SIGNATURE—–

[ reply ]

SecurityFocus

[SECURITY] [DSA 4060-1] wireshark security updateDec 09 2017 11:51AM
Moritz Muehlenhoff (jmm debian org)

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– ————————————————————————

Debian Security Advisory DSA-4060-1 security (at) debian (dot) org [email concealed]
https://www.debian.org/security/ Moritz Muehlenhoff
December 09, 2017 https://www.debian.org/security/faq
– ————————————————————————

Package : wireshark
CVE ID : CVE-2017-11408 CVE-2017-13766 CVE-2017-17083 CVE-2017-17084
CVE-2017-17085

It was discovered that wireshark, a network protocol analyzer, contained
several vulnerabilities in the dissectors for CIP Safety, IWARP_MPA,
NetBIOS, Profinet I/O and AMQP, which result in denial of dervice or the
execution of arbitrary code.

For the oldstable distribution (jessie), these problems have been fixed
in version 1.12.1+g01b65bf-4+deb8u12.

For the stable distribution (stretch), these problems have been fixed in
version 2.2.6+g32dac6a-2+deb9u1.

We recommend that you upgrade your wireshark packages.

For the detailed security status of wireshark please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/wireshark

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce (at) lists.debian (dot) org [email concealed]
—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlorzcgACgkQEMKTtsN8
Tjbdrg//TwdPY0X/BByo9yCHBaDJiTjq5YtIW5QY3BpPreFH2vlJnF/xCPc2C01y
XmIOfRmSn17750SI459dUnovaD8OA51lexYWHbCesTdw/9eXSazssYitckUwOSnz
CTx+tp9XqXMrZuDQOdFXqItnZ2nr5K0xTSHVu1lmkJL4C4waItkefEpQHwolKQaH
tMdEWd2jM/jjm+dU9Dlo+6pghZdPNXzawzm7273Ca8gwGkGt4SCf/s9ruhJc113c
hgQ8NzdASNdvnj28o9dQ0V9ooUxq6SEItSOCMXeq+P+Qfk1RTqT83SOZtEdGmtol
yFMenLaVeoNzrrDTSNJuXeGPwJFOFcKY5la5ob3+pae4F+mAmyd7CVMsXVLhiVf8
CS6sGnsyaXugTXQKsfG2l9d5chfMJ/Qj1iAzY0gn2Jt6zOc5sROVvG/ItT6U2vF1
WiUPVULyUdHR1cFdDudA04fQaeY+PzDj0TJ7/iRAT0evK6lp405Yhz0mz6Ro2b3K
eQfuF7aLVKYOLEqvjdnEZV1cFAYyySEMPXsxWS9sKyWzImKsOIEBFzTMDglMoZd8
1TMgvr+WCRmpp5XMldIoDNydUkmMdeGQcEtUH4kKWdOs/RRC3218GwtYaJ10WfwX
7rSSoViG1VSG/HPXRY++S8GLSe6aRE0ABfP9stsY2HKheKcXowA=
=JKbF
—–END PGP SIGNATURE—–

[ reply ]

Microsoft Edge CVE-2017-11833 Information Disclosure Vulnerability

Vulnerable:

Microsoft Edge 0

+

Microsoft Windows 10 for 32-bit Systems 0

+

Microsoft Windows 10 for 32-bit Systems 0

+

Microsoft Windows 10 for 32-bit Systems 0

+

Microsoft Windows 10 for 32-bit Systems 0

+

Microsoft Windows 10 for x64-based Systems 0

+

Microsoft Windows 10 for x64-based Systems 0

+

Microsoft Windows 10 for x64-based Systems 0

+

Microsoft Windows 10 for x64-based Systems 0

+

Microsoft Windows 10 version 1511 for 32-bit Systems 0

+

Microsoft Windows 10 version 1511 for 32-bit Systems 0

+

Microsoft Windows 10 version 1511 for 32-bit Systems 0

+

Microsoft Windows 10 version 1511 for 32-bit Systems 0

+

Microsoft Windows 10 version 1511 for x64-based Systems 0

+

Microsoft Windows 10 version 1511 for x64-based Systems 0

+

Microsoft Windows 10 version 1511 for x64-based Systems 0

+

Microsoft Windows 10 version 1511 for x64-based Systems 0

+

Microsoft Windows 10 Version 1607 for 32-bit Systems 0

+

Microsoft Windows 10 Version 1607 for 32-bit Systems 0

+

Microsoft Windows 10 Version 1607 for 32-bit Systems 0

+

Microsoft Windows 10 Version 1607 for x64-based Systems 0

+

Microsoft Windows 10 Version 1607 for x64-based Systems 0

+

Microsoft Windows 10 Version 1607 for x64-based Systems 0

+

Microsoft Windows 10 version 1703 for 32-bit Systems 0

+

Microsoft Windows 10 version 1703 for 32-bit Systems 0

+

Microsoft Windows 10 version 1703 for x64-based Systems 0

+

Microsoft Windows 10 version 1703 for x64-based Systems 0

+

Microsoft Windows 10 version 1709 for 32-bit Systems 0

+

Microsoft Windows 10 version 1709 for 32-bit Systems 0

+

Microsoft Windows 10 version 1709 for x64-based Systems 0

+

Microsoft Windows 10 version 1709 for x64-based Systems 0

+

Microsoft Windows Server 2016 0

+

Microsoft Windows Server 2016 for x64-based Systems 0

+

Microsoft Windows Server 2016 for x64-based Systems 0

+

Microsoft Windows Server 2016 for x64-based Systems 0

Microsoft Word CVE-2017-11854 Memory Corruption Vulnerability


Microsoft Word CVE-2017-11854 Memory Corruption Vulnerability

Bugtraq ID: 101746
Class: Unknown
CVE:

CVE-2017-11854

Remote: Yes
Local: No
Published: Nov 14 2017 12:00AM
Updated: Dec 13 2017 12:10AM
Credit: Wayne Low (@x9090) of Fortinetâ??s FortiGuard Lab.
Vulnerable:

Microsoft Word 2010 Service Pack 2 (64-bit editions) 0
Microsoft Word 2010 Service Pack 2 (32-bit editions) 0
Microsoft Office Compatibility Pack Service Pack 3 0
Microsoft Office 2010 (64-bit edition) SP2
Microsoft Office 2010 (32-bit edition) SP2
Microsoft Excel 2007 SP3

Not Vulnerable:

Adobe Photoshop CC 2017 APSB17-34 Multiple Remote Code Execution Vulnerabilities

Bugtraq ID: 101829 Class: Unknown CVE:

CVE-2017-11303
CVE-2017-11304 Remote: Yes Local: No Published: Nov 14 2017 12:00AM Updated: Dec 13 2017 12:10AM Credit: Honggang Ren of Fortinet’s FortiGuard Labs and TrendyTofu working with Trend Micro’s Zero Day Initiative Vulnerable:

Adobe Photoshop CC 2017 18.1.1 (2017.1.1) Not Vulnerable:

Adobe Photoshop CC 2017 19.0 (2018.0)
Adobe Photoshop CC 2017 18.1.2 (2017.1.2)

Microsoft Edge CVE-2017-11803 Information Disclosure Vulnerability

Vulnerable:

Microsoft Edge 0

+

Microsoft Windows 10 for 32-bit Systems 0

+

Microsoft Windows 10 for 32-bit Systems 0

+

Microsoft Windows 10 for 32-bit Systems 0

+

Microsoft Windows 10 for 32-bit Systems 0

+

Microsoft Windows 10 for x64-based Systems 0

+

Microsoft Windows 10 for x64-based Systems 0

+

Microsoft Windows 10 for x64-based Systems 0

+

Microsoft Windows 10 for x64-based Systems 0

+

Microsoft Windows 10 version 1511 for 32-bit Systems 0

+

Microsoft Windows 10 version 1511 for 32-bit Systems 0

+

Microsoft Windows 10 version 1511 for 32-bit Systems 0

+

Microsoft Windows 10 version 1511 for 32-bit Systems 0

+

Microsoft Windows 10 version 1511 for x64-based Systems 0

+

Microsoft Windows 10 version 1511 for x64-based Systems 0

+

Microsoft Windows 10 version 1511 for x64-based Systems 0

+

Microsoft Windows 10 version 1511 for x64-based Systems 0

+

Microsoft Windows 10 Version 1607 for 32-bit Systems 0

+

Microsoft Windows 10 Version 1607 for 32-bit Systems 0

+

Microsoft Windows 10 Version 1607 for 32-bit Systems 0

+

Microsoft Windows 10 Version 1607 for x64-based Systems 0

+

Microsoft Windows 10 Version 1607 for x64-based Systems 0

+

Microsoft Windows 10 Version 1607 for x64-based Systems 0

+

Microsoft Windows 10 version 1703 for 32-bit Systems 0

+

Microsoft Windows 10 version 1703 for 32-bit Systems 0

+

Microsoft Windows 10 version 1703 for x64-based Systems 0

+

Microsoft Windows 10 version 1703 for x64-based Systems 0

+

Microsoft Windows 10 version 1709 for 32-bit Systems 0

+

Microsoft Windows 10 version 1709 for 32-bit Systems 0

+

Microsoft Windows 10 version 1709 for x64-based Systems 0

+

Microsoft Windows 10 version 1709 for x64-based Systems 0

+

Microsoft Windows Server 2016 0

+

Microsoft Windows Server 2016 for x64-based Systems 0

+

Microsoft Windows Server 2016 for x64-based Systems 0

+

Microsoft Windows Server 2016 for x64-based Systems 0

ROBOT Attack: 19-Year-Old Bleichenbacher Attack On Encrypted Web Reintroduced

bleichenbacher-robot-rsa-attack

A 19-year-old vulnerability has been re-discovered in the RSA implementation from at least 8 different vendors—including F5, Citrix, and Cisco—that can give man-in-the-middle attackers access to encrypted messages.

Dubbed ROBOT (Return of Bleichenbacher’s Oracle Attack), the attack allows an attacker to perform RSA decryption and cryptographic operations using the private key configured on the vulnerable TLS servers.

ROBOT attack is nothing but a couple of minor variations to the old Bleichenbacher attack on the RSA encryption protocol.

First discovered in 1998 and named after Swiss cryptographer Daniel Bleichenbacher, the Bleichenbacher attack is a padding oracle attack on RSA-based PKCS#1 v1.5 encryption scheme used in SSLv2.

Leveraging an adaptive chosen-ciphertext attack which occurred due to error messages by SSL servers for errors in the PKCS #1 1.5 padding, Bleichenbacher attack allows attackers to determine whether a decrypted message is correctly padded.

This information eventually helps attackers decrypt RSA ciphertexts without recovering the server’s private key, completely breaking the confidentiality of TLS when used with RSA encryption.

“An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions.” Cisco explains in an advisory.

In 1998, Bleichenbacher proposed to upgrade encryption scheme, but instead, TLS designers kept the vulnerable encryption modes and added a series of complicated countermeasures to prevent the leakage of error details.

Now, a team of security researchers has discovered that these countermeasures were incomplete and just by using some slight variations, this attack can still be used against many HTTPS websites.

“We changed it to allow various different signals to distinguish between error types like timeouts, connection resets, duplicate TLS alerts,” the researchers said. 

“We also discovered that by using a shortened message flow where we send the ClientKeyExchange message without a ChangeCipherSpec and Finished message allows us to find more vulnerable hosts.”

According to the researchers, some of the most popular websites on the Internet, including Facebook and Paypal, are affected by the vulnerability. The researchers found “vulnerable subdomains on 27 of the top 100 domains as ranked by Alexa.

ROBOT attack stems from the above-mentioned implementation flaw that only affects TLS cipher modes using RSA encryption, allowing an attacker to passively record traffic and later decrypt it.

“For hosts that usually use forward secrecy, but still support a vulnerable RSA encryption key exchange the risk depends on how fast an attacker is able to perform the attack,” the researchers said. 

“We believe that a server impersonation or man in the middle attack is possible, but it is more challenging.”

The ROBOT attack has been discovered by Hanno Böck, Juraj Somorovsky of Ruhr-Universitat Bochum/Hackmanit GmbH, and Craig Young of Tripwire VERT, who also created a dedicated website explaining the whole attack, its implications, mitigations and more.

The attack affects implementations from several different vendors, some of which have already released patches and most have support notes acknowledging the issue.

You will find the list of affected vendors on the ROBOT website.

The researchers have also released a python tool to scan for vulnerable hosts. You can also check your HTTPS server against ROBOT attack on their website.

Software and Security Information