11.5 C
London
Friday, October 20, 2017
Home Tags APV

Tag: APV

Helping partners grow their business in the UK public sectorLondon – November 1, 2016 – UKCloud, formerly Skyscape Cloud Services Limited, the easy to adopt, easy to use and easy to leave assured cloud services company, has today announced the launch of its NEW partner programme.
It will offer both new and existing partners an impressive benefits framework including significant technical, marketing and sales expertise, giving UKCloud partners the best possible chance of selling successfully into the UK public sector. UKCloud Powered By Logo The newly launched partner programme will build on the momentum already achieved by UKCloud’s existing partner programme, which was launched in August 2013. UKCloud has since helped approximately 120 partners onto the G-Cloud Framework and the company has supported more than 465 partner projects across the UK public sector. “Supporting our partner community has always been a top priority for us as a business,” said Simon Hansford, CEO of UKCloud. “And with more than 230 like-minded organisations already in the programme and countless successful collaborations to date, we thought it the perfect time to take our partner programme to the next level; ensuring that as a business, partners remain at the heart of everything we do. Our new partner commitments are a great illustration of this renewed focus.” IT companies looking to break into the UK public sector market need to be familiar with and overcome very specific requirements when it comes to security, assurance, connectivity and commercial governance. UKCloud’s partners are able to take advantage of its industry-leading accreditations and certifications, without needing to dedicate resources to achieving this themselves.

They also benefit from UKCloud’s extensive experience in the public sector, through its work with DVLA, HMRC, the Home Office and MoD to name but a few. “With the digitisation of services ramping up in the public sector as departments look to technology to reduce overheads whilst transforming the end-user experience, there is a growing opportunity in the market and we want to ensure our partners make the most of this potential,” Hansford added. “Our platform has been specifically designed with government policies and requirements in mind and we’re committed to developing it as these demands evolve. Our partners can enjoy the peace of mind that comes with using a trustworthy, reliable, cloud platform, as in turn it strengthens their brand and helps increase their own credibility. We look forward to even further collaboration with our partners, working together as a community to meet the needs of the public sector, both now and in the future”. UKCloud’s hyperscale cloud platform is built to handle government workloads and offers connectivity options to meet different communities’ needs, including PSN, N3 for health and RLI for defence. UKCloud recently announced an expanded range of assured cloud services, including OpenStack and Oracle powered offerings on the latest iteration of the G-Cloud Framework, G-Cloud 8.

The new features and service options provide genuine choice to meet the different requirements of contrasting public sector workloads, which provides UKCloud partners with access to a purpose build cloud for the UK Public Sector, allowing them to focus on delivering innovative products and services to the UK citizen. More information can be found at www.ukcloud.com/why-partner - ends – About UKCloudUKCloud is dedicated to the UK Public Sector. We provide assured, agile and value-based true public cloud that enable our customers to deliver enhanced performance through technology. We’re focused on cloud.

Delivering a true cloud platform that is scalable, flexible, assured and cost-effective. We’re open. You are never locked in. Using industry standards and open source software we enable flexibility and choice across multiple cloud solutions. Dedicated to the UK Public Sector. Our business is designed specifically to serve and understand the needs of public sector organisations. We develop communities. We bring together communities of users that are able to share datasets, reuse code, test ideas and solve problems. Customer engagement. We will only be successful if our customers are successful. We embody this in the promise: Easy to adopt.

Easy to use.

Easy to leave. Additional information about UKCloud can be found at www.ukcloud.com or by following us on Twitter at @ukcloudltd UKCloud.

The power behind public sector technology.
Media ContactsCaitlin Mullally/Charlotte MartinFinn Partners+44 (0)20 3217 7060UKCloudteam@finnpartners.com
Updated packages that provide Red Hat JBoss Enterprise Application Platform6.4.10 natives, fix several bugs, and add various enhancements are now availablefor Red Hat Enterprise Linux 6.Red Hat Product Security has rated this update as having a security impact ofImportant.

A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Red Hat JBoss Enterprise Application Platform 6 is a platform for Javaapplications based on JBoss Application Server 7.This release includes bug fixes and enhancements, as well as a new release ofOpenSSL that addresses a number of outstanding security flaws.

For furtherinformation, see the knowledge base article linked to in the References section.All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red HatEnterprise Linux 6 are advised to upgrade to these updated packages.

The JBossserver process must be restarted for the update to take effect.Security Fix(es):* A flaw was found in the way OpenSSL encoded certain ASN.1 data structures.

Anattacker could use this flaw to create a specially crafted certificate which,when verified or re-encoded by OpenSSL, could cause it to crash, or executearbitrary code using the permissions of the user running an application compiledagainst the OpenSSL library. (CVE-2016-2108)* Multiple flaws were found in the way httpd parsed HTTP requests and responsesusing chunked transfer encoding.

A remote attacker could use these flaws tocreate a specially crafted request, which httpd would decode differently from anHTTP proxy software in front of it, possibly leading to HTTP request smugglingattacks. (CVE-2015-3183)* A memory leak vulnerability was found in the way OpenSSL parsed PKCS#7 and CMSdata.

A remote attacker could use this flaw to cause an application that parsesPKCS#7 or CMS data from untrusted sources to use an excessive amount of memoryand possibly crash. (CVE-2015-3195)* A flaw was found in the way the TLS protocol composes the Diffie-Hellmanexchange (for both export and non-export grade cipher suites).

An attacker coulduse this flaw to downgrade a DHE connection to use export-grade key sizes, whichcould then be broken by sufficient pre-computation.

This can lead to a passiveman-in-the-middle attack in which the attacker is able to decrypt all traffic.(CVE-2015-4000)* An integer overflow flaw, leading to a buffer overflow, was found in the waythe EVP_EncodeUpdate() function of OpenSSL parsed very large amounts of inputdata.

A remote attacker could use this flaw to crash an application usingOpenSSL or, possibly, execute arbitrary code with the permissions of the userrunning that application. (CVE-2016-2105)* An integer overflow flaw, leading to a buffer overflow, was found in the waythe EVP_EncryptUpdate() function of OpenSSL parsed very large amounts of inputdata.

A remote attacker could use this flaw to crash an application usingOpenSSL or, possibly, execute arbitrary code with the permissions of the userrunning that application. (CVE-2016-2106)* It was discovered that it is possible to remotely Segfault Apache http serverwith a specially crafted string sent to the mod_cluster via service messages(MCMP). (CVE-2016-3110)* A denial of service flaw was found in the way OpenSSL parsed certainASN.1-encoded data from BIO (OpenSSL's I/O abstraction) inputs.

An applicationusing OpenSSL that accepts untrusted ASN.1 BIO input could be forced to allocatean excessive amount of data. (CVE-2016-2109)* It was discovered that specifying configuration with a JVMRoute path longerthan 80 characters will cause segmentation fault leading to a server crash.(CVE-2016-4459)Red Hat would like to thank the OpenSSL project for reporting CVE-2016-2108,CVE-2016-2105, and CVE-2016-2106 and Michal Karm Babacek for reportingCVE-2016-3110.

The CVE-2016-4459 issue was discovered by Robert Bost (Red Hat).Upstream acknowledges Huzaifa Sidhpurwala (Red Hat), Hanno Böck, and DavidBenjamin (Google) as the original reporters of CVE-2016-2108; and Guido Vrankenas the original reporter of CVE-2016-2105 and CVE-2016-2106. Before applying this update, back up your existing Red Hat JBoss EnterpriseApplication Platform installation and deployed applications.For details on how to apply this update, which includes the changes described inthis advisory, refer to:https://access.redhat.com/articles/11258For the update to take effect, all services linked to the OpenSSL library mustbe restarted, or the system rebooted.JBoss Enterprise Application Platform 6 EL6 SRPMS: hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el6.src.rpm     MD5: cd62e3452ea727322f407eb7f70197f6SHA-256: 42a0d006acfd4c4a76cb4e4ca1fe43f78f579fda49539cbf7f7a6508f1f22e3d httpd-2.2.26-54.ep6.el6.src.rpm     MD5: eea764698b146f592541c89c33f1750fSHA-256: 500e2f71d7ec5bfdc3a06bc409c1c153295dc9ac19d3cb94b104dd4636492110 jbcs-httpd24-openssl-1.0.2h-4.jbcs.el6.src.rpm     MD5: 963dc03d1a02d317a679000b14fac02aSHA-256: ac5b23430a44667cd0792bb73c6f3c366d4450d6239e7025095bcc72fb165513 mod_cluster-native-1.2.13-3.Final_redhat_2.ep6.el6.src.rpm     MD5: 7398b0838abe76a7fef1ef7978b274beSHA-256: 13f719c9842b1ff8c1bf8a216599ca2e53cb412fec11035cc83ae20e3fe9ade8 mod_jk-1.2.41-2.redhat_4.ep6.el6.src.rpm     MD5: a5e47f6180e7b967b83ed98c2ffc4ec1SHA-256: 7494c511a9af95e50c283d012125f55281f8f9d88361782902189da719d67db7 tomcat-native-1.1.34-5.redhat_1.ep6.el6.src.rpm     MD5: d28d971ae5736394f7fbb125b0e05ed0SHA-256: f36bf2dafa5e715c97cf1a516f944bb4c6f2b98be1199f15b7508191d100b8ad   IA-32: hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el6.i386.rpm     MD5: 390fbfdd259e95b310a73594e6b22883SHA-256: e8056f0ac22b05a5231fd44e89e8a5973977e86fbd36ec965b58b20a5fac49af httpd-2.2.26-54.ep6.el6.i386.rpm     MD5: 2f620897fde7952deda0559fd9f9249dSHA-256: 2ef8cdddf64eee31651657bad31abec8e607dc46b7f4c698351d74a261462d61 httpd-devel-2.2.26-54.ep6.el6.i386.rpm     MD5: b32fe0a48b47ff99c52df86da99d17b3SHA-256: 04722287bb04ab20e50386340906e15279f5acc197ec64adf1ebbc406586e335 httpd-manual-2.2.26-54.ep6.el6.i386.rpm     MD5: acfd1db3e2a03fb7572c761363845758SHA-256: 953df274cb9193c9cab480f8ecd8af48dda6e2d63de6bd4a3dd39e2c0499cd9a httpd-tools-2.2.26-54.ep6.el6.i386.rpm     MD5: 02d0d90b97b00d7d2973040e8e5ed6ecSHA-256: ea1765628eb3e4d08020227c0506b5b3adfa021b31e774f8879af06921b3ecff jbcs-httpd24-1-3.jbcs.el6.noarch.rpm     MD5: 55c3c3b5f68c76fac313b7ca0e184511SHA-256: 4ad48d853b5aa9b54e724c78e144bbde6deeb7a04ae023cf99e7bb04f079f6ff jbcs-httpd24-openssl-1.0.2h-4.jbcs.el6.i686.rpm     MD5: 7f161860ac4557d0d1ac61a8bfe3852aSHA-256: 45b0aad95e6c5e6031e26e36865970c1948cf1a881b0c4e5680468e1a06c49d7 jbcs-httpd24-openssl-devel-1.0.2h-4.jbcs.el6.i686.rpm     MD5: 2b2acec99c551418e47a6fe8223c16bdSHA-256: f5ddc2a4bc86f5ec40f932aceeaf4d87eb1c012a300b4e2ffd11bfd2fecd7ba8 jbcs-httpd24-openssl-libs-1.0.2h-4.jbcs.el6.i686.rpm     MD5: 66978755c0f3ff07731c6e7de5017920SHA-256: ec9f2c353d7f1b3ebbe453ff5eb170304839f6ba4b98d903b1008100e98faa60 jbcs-httpd24-openssl-perl-1.0.2h-4.jbcs.el6.i686.rpm     MD5: 688b86a5500ec07141d70794c6633408SHA-256: e093d1532b16a8ad66a36413fcbfcd0e2b190d555c40308ca70f984cfa35d22d jbcs-httpd24-openssl-static-1.0.2h-4.jbcs.el6.i686.rpm     MD5: fb5353cbf563d1d9c999709f4bcad07aSHA-256: 4e06824b17e7bfe3a69c968517b2573bb38977b93ed1cc6ec3bd9616ab3c4101 jbcs-httpd24-runtime-1-3.jbcs.el6.noarch.rpm     MD5: 26a66efa482cd82904ebdb713607bca3SHA-256: 8ac86a3df21bd84036eaeedcf6a780bc81d36b74924fc05a308cbb3fc0241865 jbossas-hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el6.i386.rpm     MD5: 31a0b89c502622d5c695ee86cbf6bf58SHA-256: 46b530eeeb0ff03aa08296639d1ee62f23668169b17621168f920f2e792ab4ad jbossas-jbossweb-native-1.1.34-5.redhat_1.ep6.el6.i386.rpm     MD5: 8b19d89a9cad62c61439628b5aafa8caSHA-256: a2d3e9e884ef7500c856d4f5a30f563f449375588338a7ae05a5d949492e57f1 mod_cluster-native-1.2.13-3.Final_redhat_2.ep6.el6.i386.rpm     MD5: 0960a08b41ef13c51794bc2b3fcb7056SHA-256: ed043fcb58bce264b360afbd457eddfd9039dab8ff491d8f46ccdf567c6e6caf mod_jk-ap22-1.2.41-2.redhat_4.ep6.el6.i386.rpm     MD5: 18d370e1f246c8202b10be688b6bbe65SHA-256: 00c0f495520cd745811413ba3eb137f5e886c27d711ece911452941c599e0aba mod_ldap-2.2.26-54.ep6.el6.i386.rpm     MD5: b9978abe33bd8fca73a00f1d6053fe2fSHA-256: 4039a3dacde1c77d1d7ba8a6d055af9e4ea86ef25830c81a298e54059a8d531e mod_ssl-2.2.26-54.ep6.el6.i386.rpm     MD5: ad1a0f3f8f4f5203d4171c787f90dcb0SHA-256: 2a5fd27067edc19626604ef553a5490f8a7eba49da369c3043d7a4a7c306779e tomcat-native-1.1.34-5.redhat_1.ep6.el6.i386.rpm     MD5: f5ea8e1260998850436ff0c0d84e63b7SHA-256: d6e7500e9781ff94436a46aec1b0facc37d61429f80bcc9d4696ecfafe7aaac4   PPC: hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el6.ppc64.rpm     MD5: fc027ca74904c221166add5734d45728SHA-256: 46e1fe1e99a7addc91be62ef3ed9aa60106db09341c8308109bd87bb759a0605 httpd-2.2.26-54.ep6.el6.ppc64.rpm     MD5: 730d260c56adef2a83351d94b851951aSHA-256: e88819d657247afd74a1d9569ca4af85a84bc0ad0c341126b2f31541a2d8f6b3 httpd-devel-2.2.26-54.ep6.el6.ppc64.rpm     MD5: 32583d34b85c9d41551e2046bca00e5aSHA-256: 9f53a2587de8302faf309bb1f25b87ae55bb140f6b19772007f39707d148523d httpd-manual-2.2.26-54.ep6.el6.ppc64.rpm     MD5: 9438800d7ad9b096e4d7c65b6000e076SHA-256: 2d64802ded23776cd83f5a9276fd177e9bf1309fb20a951717f9dc7bf9556c20 httpd-tools-2.2.26-54.ep6.el6.ppc64.rpm     MD5: c1145bdd515273bcbbb68a3f6477bf1aSHA-256: 81d95ca8234f7734ae118e0951dad5aa96241c20a880913ff1813f7b7dac6274 jbcs-httpd24-1-3.jbcs.el6.noarch.rpm     MD5: 55c3c3b5f68c76fac313b7ca0e184511SHA-256: 4ad48d853b5aa9b54e724c78e144bbde6deeb7a04ae023cf99e7bb04f079f6ff jbcs-httpd24-openssl-1.0.2h-4.jbcs.el6.ppc64.rpm     MD5: 559f08abb2169ef0c58483df1ece7bdcSHA-256: fb93c148a9e3e636dfe34436b25b07ef4e7ca2630318c2b39eead2892aa34416 jbcs-httpd24-openssl-devel-1.0.2h-4.jbcs.el6.ppc64.rpm     MD5: 748cdd95b14d1ac09c88161d8e09960dSHA-256: 623aa239c016538ee28dd9a48a7997f3affc5e43ec19932fb7f75677f62089f8 jbcs-httpd24-openssl-libs-1.0.2h-4.jbcs.el6.ppc64.rpm     MD5: e549845fda3618e722f457d04ada64b4SHA-256: bfe0e72169d772e7318e6db41a9f4c31f8af72f11cae22ee54da6a393af96c58 jbcs-httpd24-openssl-perl-1.0.2h-4.jbcs.el6.ppc64.rpm     MD5: 4cc3fba1d01725cf022bfc7ed51f95a5SHA-256: 69336af63ea5062c72cfb2f02bc13ec125e89a6e00040837615fa8fac1454aa1 jbcs-httpd24-openssl-static-1.0.2h-4.jbcs.el6.ppc64.rpm     MD5: c3b2e87d6eb03256843f86f78356f6adSHA-256: 7d2bd10540061a83db34359615901bdb39f8a0db1902ba1e6c5baaa5f839394a jbcs-httpd24-runtime-1-3.jbcs.el6.noarch.rpm     MD5: 26a66efa482cd82904ebdb713607bca3SHA-256: 8ac86a3df21bd84036eaeedcf6a780bc81d36b74924fc05a308cbb3fc0241865 jbossas-hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el6.ppc64.rpm     MD5: 25cd16b4ea2f068cc4a10e5465abc468SHA-256: 7d7b1c4d327e31c6f0775bad4cd36c787aca17720d0038943450d2cfc7f2ef83 jbossas-jbossweb-native-1.1.34-5.redhat_1.ep6.el6.ppc64.rpm     MD5: f60065497f75b0306ece04007cefec19SHA-256: 4b21884a73ca27b0871c1171d2dc272de364a32bd6995c03111d2cd788ae475a mod_cluster-native-1.2.13-3.Final_redhat_2.ep6.el6.ppc64.rpm     MD5: c5e6c941aa20046741ee7bd7c3c55332SHA-256: a02e41bb0d4478a6c1e13fba4035dcce6aa3cd513fb06a487c18f983824da16a mod_jk-ap22-1.2.41-2.redhat_4.ep6.el6.ppc64.rpm     MD5: acb73b0b6ac5607b4ec77fe72c76b2ccSHA-256: 3d66976dfafb2d4318bdefc8418c0afbd83dfd6f91e0e57fb96b0f4d64d26387 mod_ldap-2.2.26-54.ep6.el6.ppc64.rpm     MD5: e6ed9807c9b81ebaf6d87baa70e3cb73SHA-256: c91676653409e6e8a06534b7c16ede83858513fc0ed734d4b8bd89a85f568db0 mod_ssl-2.2.26-54.ep6.el6.ppc64.rpm     MD5: 71ce8f549b1c2625d3fc4a7e37ee6a1fSHA-256: 3b6f84a6765ea1593910ff2cab26f675a3b5e905565be813e797b24eabb7f372 tomcat-native-1.1.34-5.redhat_1.ep6.el6.ppc64.rpm     MD5: 2a011488806a7edbca4e7ee3f9c2e083SHA-256: 1df4ed8db1110bbf65192749051d9482c56fa055337f9c0a1117a37018865151   x86_64: hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el6.x86_64.rpm     MD5: aa72f656b66f7a5e91c1635ac65a506cSHA-256: 0d35825de1ca9f8dff9db819a57da22adfd85f3471fef13ffe7db1376a49355d httpd-2.2.26-54.ep6.el6.x86_64.rpm     MD5: 91556faf775acf8a5f130099cb076275SHA-256: 65a1e179b6e455b73a9aa23929f65fda99c2283cf33e0f6cb96f362efd9b2197 httpd-devel-2.2.26-54.ep6.el6.x86_64.rpm     MD5: b00a921577b49c18ea2578e2444b4278SHA-256: 4e5e0e62a3e47307ca75d23e9fb8a97a117163a46d11911e7f926210a86a5a43 httpd-manual-2.2.26-54.ep6.el6.x86_64.rpm     MD5: 456777fc9cfbc7052cab5513cac10c49SHA-256: 8b0470615c47fafc22b9b08eecde0eca9f88371822869e76bbc2935a178a17fa httpd-tools-2.2.26-54.ep6.el6.x86_64.rpm     MD5: b5451282b70f72e3ffb4e850837b83edSHA-256: 4aeb4ecadcca0e06707fd6ef87a629067f353061dd4016c2bbe2115e51f00774 jbcs-httpd24-1-3.jbcs.el6.noarch.rpm     MD5: 55c3c3b5f68c76fac313b7ca0e184511SHA-256: 4ad48d853b5aa9b54e724c78e144bbde6deeb7a04ae023cf99e7bb04f079f6ff jbcs-httpd24-openssl-1.0.2h-4.jbcs.el6.x86_64.rpm     MD5: 411ce2397cddf77a882ddbebcd8a0762SHA-256: 86225769181a6677c8ec92ac74db4281b41e73f0a782cb426867a50b6a0289ac jbcs-httpd24-openssl-devel-1.0.2h-4.jbcs.el6.x86_64.rpm     MD5: a8cdf0f72326e9801671c00af0594d4cSHA-256: 2f558d2b55fa44f8df23471b4d6e2bb67dbf6b05348d2fbe9d414248a93e687d jbcs-httpd24-openssl-libs-1.0.2h-4.jbcs.el6.x86_64.rpm     MD5: 03a954c4787d3ccce6dbb131b922f110SHA-256: 62186db1184d1a37129d44771eeab73630109c5e3fa54f7d2e38e35ad1a98712 jbcs-httpd24-openssl-perl-1.0.2h-4.jbcs.el6.x86_64.rpm     MD5: 7598560deaba3370c3c85f83d6ab980eSHA-256: 588505e83e4e8d4e75d54b7faa1d4e727159d0a98f83b2dad73b6aa2026bb379 jbcs-httpd24-openssl-static-1.0.2h-4.jbcs.el6.x86_64.rpm     MD5: 5f827452f347852789e667798d8964beSHA-256: 744051dbab7f5ad2d3157fdfa904452f51974219f1d66ca4976012e5142a5719 jbcs-httpd24-runtime-1-3.jbcs.el6.noarch.rpm     MD5: 26a66efa482cd82904ebdb713607bca3SHA-256: 8ac86a3df21bd84036eaeedcf6a780bc81d36b74924fc05a308cbb3fc0241865 jbossas-hornetq-native-2.3.25-4.SP11_redhat_1.ep6.el6.x86_64.rpm     MD5: c6857621fd657153131b1d8b91f65261SHA-256: 877874f7e1ffc0924c5fd7d077355532be724b126d9f4b22335087926a91b6df jbossas-jbossweb-native-1.1.34-5.redhat_1.ep6.el6.x86_64.rpm     MD5: 378d0dbe20ca0e8d8df66015922c8691SHA-256: e335c3ea451f7f12d4c7810f9c012f16a0bbb17a485a2e0a6267a2dd0336b594 mod_cluster-native-1.2.13-3.Final_redhat_2.ep6.el6.x86_64.rpm     MD5: 6781a0b7d7c6fbaa720289b367e169ebSHA-256: e67be895b7a3e8f2eec5211052d2dccb6dfd3323ad9884d4abe520b7c881c537 mod_jk-ap22-1.2.41-2.redhat_4.ep6.el6.x86_64.rpm     MD5: cc964b2fbe429f58c8b3016e45ab5bd7SHA-256: edeaf9c06eb7ee6fb752c8d58944fcf8357adbeed7dbf26dc8be786104c45e75 mod_ldap-2.2.26-54.ep6.el6.x86_64.rpm     MD5: 0185716d5ff7efd84767680799e677bfSHA-256: 704e71dc12b7456d610b8de7132ddfd5a472ff5d7b2d98b636da562f41010864 mod_ssl-2.2.26-54.ep6.el6.x86_64.rpm     MD5: 6d218955f6ac6f6bb493467e2b9d6606SHA-256: e345df4f891e8278366a86e5db014d660c8306877aaa3357e9bb6e3af5cab6f4 tomcat-native-1.1.34-5.redhat_1.ep6.el6.x86_64.rpm     MD5: 272492dd826b88ad6bdb5e60d114b42dSHA-256: c66e650acf0a08d8088bec04e59c683358a115185820b1801ca677b7d612f71b   (The unlinked packages above are only available from the Red Hat Network) These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
The ​OpenSSL project has published a set of security advisories for vulnerabilities resolved in the OpenSSL library in December 2015, March, May, June, August and September 2016.

The following is a summary of these vulnerabilities and their status with respect to Juniper products: CVE OpenSSL Severity Rating Summary CVE-2016-6309 Critical statem/statem.c in OpenSSL 1.1.0a does not consider memory-block movement after a realloc call, which allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via a crafted TLS session. CVE-2016-0701 High The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file. CVE-2016-0703 High The get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a accepts a nonzero CLIENT-MASTER-KEY CLEAR-KEY-LENGTH value for an arbitrary cipher, which allows man-in-the-middle attackers to determine the MASTER-KEY value and decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800. CVE-2016-0800 High The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack. CVE-2016-2107 High The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session, NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169. CVE-2016-2108 High The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before 1.0.2c allows remote attackers to execute arbitrary code or cause a denial of service (buffer underflow and memory corruption) via an ANY field in crafted serialized data, aka the "negative zero" issue. CVE-2016-6304 High Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 before 1.0.2i, and 1.1.0 before 1.1.0a allow remote attackers to cause a denial of service (memory consumption) via large OCSP Status Request extensions. CVE-2015-3193 Moderate The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite. CVE-2015-3194 Moderate crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.1 signature that lacks a mask generation function parameter. CVE-2015-3195 Moderate The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. CVE-2016-0704 Moderate An oracle protection mechanism in the get_client_master_key function in s2_srvr.c in the SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a overwrites incorrect MASTER-KEY bytes during use of export cipher suites, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, a related issue to CVE-2016-0800. CVE-2016-6305 Moderate The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call. CVE-2016-7052 Moderate crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by triggering a CRL operation. CVE-2015-1794 Low The ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service (segmentation fault) via a zero p value in an anonymous Diffie-Hellman (DH) ServerKeyExchange message. CVE-2015-3196 Low ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when used for a multi-threaded client, writes the PSK identity hint to an incorrect data structure, which allows remote servers to cause a denial of service (race condition and double free) via a crafted ServerKeyExchange message. CVE-2015-3197 Low ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions. CVE-2016-0702 Low The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank conflicts, aka a "CacheBleed" attack. CVE-2016-0705 Low Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key. CVE-2016-0797 Low Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allow remote attackers to cause a denial of service (heap memory corruption or NULL pointer dereference) or possibly have unspecified other impact via a long digit string that is mishandled by the (1) BN_dec2bn or (2) BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c. CVE-2016-0798 Low Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory consumption) by providing an invalid username in a connection attempt, related to apps/s_server.c and crypto/srp/srp_vfy.c. CVE-2016-0799 Low The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g improperly calculates string lengths, which allows remote attackers to cause a denial of service (overflow and out-of-bounds read) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-2842. CVE-2016-2105 Low Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data. CVE-2016-2106 Low Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data. CVE-2016-2109 Low The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 BIO implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (memory consumption) via a short invalid encoding. CVE-2016-2176 Low The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data. CVE-2016-2182 Low The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. CVE-2016-6303 Low Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors. CVE-2016-2179 Low The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service (memory consumption) by maintaining many crafted DTLS sessions simultaneously, related to d1_lib.c, statem_dtls.c, statem_lib.c, and statem_srvr.c. CVE-2016-2180 Low The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL through 1.0.2h allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted time-stamp file that is mishandled by the "openssl ts" command. CVE-2016-2181 Low The Anti-Replay feature in the DTLS implementation in OpenSSL before 1.1.0 mishandles early use of a new epoch number in conjunction with a large sequence number, which allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records, related to rec_layer_d1.c and ssl3_record.c. CVE-2016-6302 Low The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short. CVE-2016-2177 Low OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c. CVE-2016-2178 Low The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack. CVE-2016-6306 Low The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c. CVE-2016-6307 Low The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted TLS messages, related to statem/statem.c and statem/statem_lib.c. CVE-2016-6308 Low statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 before 1.1.0a allocates memory before checking for an excessive length, which might allow remote attackers to cause a denial of service (memory consumption) via crafted DTLS messages. CVE-2016-2176 is a vulnerability that only affects EBCDIC systems. No Juniper products are affected by this vulnerability. Affected Products: Junos OS: Junos OS is potentially affected by many of these issues. Junos OS is not affected by CVE-2016-0701, CVE-2016-0800, CVE-2016-2107, CVE-2016-2176, CVE-2016-2179, CVE-2016-2181, CVE-2016-6308, CVE-2016-6309 and CVE-2016-7052. ScreenOS: ScreenOS is potentially affected by many of these issues.
ScreenOS is not affected by CVE-2015-1794, CVE-2015-3193, CVE-2015-3194, CVE-2015-3196, CVE-2015-3197, CVE-2016-0701, CVE-2016-2107, CVE-2016-2109, CVE-2016-2179, CVE-2016-2181, CVE-2016-6308, CVE-2016-6309 and CVE-2016-7052. Junos Space: Junos Space is potentially affected by many of these issues. Junos Space is not affected by CVE-2015-1794, CVE-2016-0705, CVE-2016-0798, CVE-2016-2176, CVE-2015-3193, CVE-2015-3196, CVE-2016-0701, CVE-2016-2107, CVE-2016-6305, CVE-2016-6307, CVE-2016-6308, CVE-2016-6309 and CVE-2016-7052. NSM: NSM is potentially affected by many of these issues. NSM is not affected by CVE-2015-1794, CVE-2016-0705, CVE-2016-0798, CVE-2016-2176, CVE-2015-3193, CVE-2015-3196, CVE-2016-0701, CVE-2016-2107, CVE-2016-6305, CVE-2016-6307, CVE-2016-6308, CVE-2016-6309 and CVE-2016-7052. Juniper Secure Analytics (JSA, STRM): STRM, JSA series is potentially affected by these issues. CTPView/CTPOS: CTPView and CTPOS are potentially affected by many these issues.

CTPView and CTPOS are not affected by CVE-2015-1794, CVE-2016-0705, CVE-2016-0798, CVE-2016-2176, CVE-2015-3193, CVE-2015-3196, CVE-2016-0701, CVE-2016-2107, CVE-2016-6305, CVE-2016-6307, CVE-2016-6308, CVE-2016-6309 and CVE-2016-7052. Junos OS: OpenSSL December 2015 advisory: CVE-2015-3193, CVE-2015-3194, CVE-2015-3195, CVE-2015-3196 and CVE-2015-1794 are resolved in 12.1X44-D60, 12.1X46-D45, 12.1X46-D51, 12.1X47-D35, 12.3R12, 12.3R13, 12.3X48-D25, 13.2X51-D40, 13.3R9, 14.1R7, 14.1X53-D35, 14.2R6, 15.1F5, 15.1R3, 15.1X49-D40, 15.1X53-D35, 16.1R1 and all subsequent releases (PR 1144520). OpenSSL March 2016 advisory: CVE-2016-0705, CVE-2016-0798, CVE-2016-0797, CVE-2016-0799, CVE-2016-0702, CVE-2016-0703 and CVE-2016-0704 are resolved in 13.3R10*, 14.1R8, 14.1X53-D40*, 14.2R7, 15.1F5-S4, 15.1F6, 15.1R4, 15.1X49-D60, 15.1X53-D50, 16.1R1 and all subsequent releases (PR 1165523, 1165570). OpenSSL May 2016 advisory: CVE-2016-2105, CVE-2016-2106, CVE-2016-2108, CVE-2016-2109, CVE-2016-2176, CVE-2016-2180 are resolved in 13.3R10*, 14.1R9*, 14.1X53-D40*, 14.2R8*, 15.1F5-S4, 15.1F6-S2, 15.1R4, 15.1X53-D50, 15.1X53-D60, 16.1R1 and all subsequent releases.

Fixes are in progress for other supported Junos releases (PR 1180391). OpenSSL June to September 2016 advisories: CVE-2016-2177, CVE-2016-2178, CVE-2016-2179, CVE-2016-2180, CVE-2016-2181, CVE-2016-2182, CVE-2016-6302, CVE-2016-6303, CVE-2016-6304, CVE-2016-6305, CVE-2016-6306, CVE-2016-6307, CVE-2016-6308, CVE-2016-6309, CVE-2016-7052 are resolved in 13.3R10*, 14.1R9*, 14.2R8*, 15.1R5*, 16.1R4* and all subsequent releases.

Fixes are in progress for other supported Junos releases (PR 1216923). CVE-2016-2108 was resolved when fixes for OpenSSL Advisories in June and July 2015 were implemented in Junos.

At that time OpenSSL version was upgraded to 1.0.1p in Junos 13.3 and later releases which included a fix for this issue. Please see JSA10694​ for solution releases. Note: * - These Junos releases are pending release at the time of publication. Note: While Junos is not affected or impacted by certain CVEs, fixes for those get included with the relevant OpenSSL version upgrade. Hence these are stated as resolved. ScreenOS: CVE-2015-3195 is resolved in 6.3.0r22.

This issue is being tracked as PR 1144749. Please see JSA10733 further details. Rest of the applicable issues in OpenSSL advisories until May 2016 in have been resolved in ScreenOS 6.3.0r23.

These issues are being tracked as PRs 1180504 and 1165796. Fixes for issues in OpenSSL advisories from June to September are being tracked as PR 1217005. Junos Space: OpenSSL software has been upgraded to 1.0.1t in Junos Space 16.1R1 (pending release) to resolve all the issues included in OpenSSL advisories until May 2016.

These issues are being tracked as PRs 1144741, 1158268, 1165853, 1180505, 1212590. Fixes for issues in OpenSSL advisories from June to September are being tracked as PR 1216998. NSM: OpenSSL software has been upgraded to 1.0.2h in NSM 2012.2R13 to resolve all the issues included in OpenSSL advisories until May 2016.

This upgrade is being tracked as PR 1198397. Fixes for issues in OpenSSL advisories from June to September are being tracked as PR 1217003. Juniper Secure Analytics (JSA, STRM): OpenSSL December 2015 and March 2016 advisories: CVE-2015-3194, CVE-2015-3195, CVE-2015-3196, CVE-2015-1794, CVE-2015-3193, CVE-2016-0702, CVE-2016-0703, CVE-2016-0704, CVE-2016-0705, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799 and CVE-2016-0800 have been resolved in 2014.6.R4.A resolution for other issues is pending release.These issues are being tracked as PR 1151137, 1165861. CTPView CVE-2015-3194 and CVE-2015-3195 have been resolved in 7.1R3, 7.2R1 and all subsequent releases (PR 1144746). CVE-2016-0702, CVE-2016-0703, CVE-2016-0704, CVE-2016-0797, CVE-2016-0799 and CVE-2016-0800 have been resolved in 7.1R3, 7.2R2, 7.3R1 and all subsequent releases (PR 1165849). CTPOS CVE-2015-3194 and CVE-2015-3195 have been resolved in 7.2R1 and all subsequent releases (PR 1144964). CVE-2016-0702, CVE-2016-0703, CVE-2016-0704, CVE-2016-0797, CVE-2016-0799 and CVE-2016-0800 have been resolved in 7.0R7, 7.1R3, 7.2R2, 7.3R1 and all subsequent releases (PR 1165847). Standard security best current practices (control plane firewall filters, edge filtering, access lists, etc.) may protect against any remote malicious attacks. Junos OS Since SSL is used for remote network configuration and management applications such as J-Web and SSL Service for JUNOScript (XNM-SSL), viable workarounds for this issue in Junos may include: Disabling J-Web Disable SSL service for JUNOScript and only use Netconf, which makes use of SSH, to make configuration changes Limit access to J-Web and XNM-SSL from only trusted networks ScreenOS Methods to reduce the risk associated with this issue include: Limit access to SSL ports to only trusted hosts. Disabling web administrative services will mitigate the risk of this issue:unset int eth0/0 manage web Refer to KB6713 for enabling SSH on the firewall. General Mitigation It is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the HTTPS or SSL/TLS services only from trusted, administrative networks or hosts.
EnlargeCurious Expeditions reader comments 4 Share this story Google Play was recently found to be hosting more than 400 apps that turned infected phones into listening posts that could siphon sensitive data out of the protected networks they connected to, security researchers said Thursday. One malicious app infected with the so-called DressCode malware had been downloaded from 100,000 to 500,000 times before it was removed from the Google-hosted marketplace, Trend Micro researchers said in a post. Known as Mod GTA 5 for Minecraft PE, it was disguised as a benign game, but included in the code was a component that established a persistent connection with an attacker controlled server.

The server then had the ability to bypass so-called network address translation protections that shield individual devices inside a network.

Trend Micro has found 3,000 such apps in all, 400 of which were available through Play. Enlarge "This malware allows threat actors to infiltrate a user's network environment," Thursday's report stated. "If an infected device connects to an enterprise network, the attacker can either bypass the NAT device to attack the internal server or download sensitive data using the infected device as a springboard." The report continued: The malware installs a SOCKS proxy on the device, building a general purpose tunnel that can control and give commands to the device.
It can be used to turn devices into bots and build a botnet, which is essentially a network of slave devices that can be used for a variety of schemes like distributed denial-of-service (DDoS) attacks—which have become an increasingly severe problem for organizations worldwide—or spam email campaigns.

The botnet can use the proxied IP addresses also generated by the malware to create fake traffic, disguise ad clicks, and generate revenue for the attackers. Google representatives didn't immediately respond to e-mail seeking comment for this post. Trend Micro's report comes three weeks after researchers from separate security firm Checkpoint said they detected 40 DressCode-infected apps in Google Play. Trend said that only a small portion of each malicious app contained the malicious functions, a feature that makes detection difficult.
In 2012, Google introduced a cloud-based security scanner called Bouncer that scours Play for malicious apps.
Since then, thousands of malicious apps have been detected by researchers.

This raises a question: if outside parties can find them, why can't Google find them first?
Details An update to Red Hat JBoss Web Server 2.1.1 httpd Bug 1305580 - httpd supplied jb-ews-2-for-rhel-6-server-rpms deplist is missingapr-util-ldap Solution Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258 Updated packages JBoss Enterprise Web Server v2 EL6 SRPMS: httpd-2.2.26-55.ep6.el6.src.rpm     MD5: ba8c66a2fd6e6d4965c68c0de9418f00SHA-256: 9d65d4f8b60d97626b513fd73aa251a0b988d23a47865a16d9283e68afb4f436   IA-32: httpd-2.2.26-55.ep6.el6.i386.rpm     MD5: 56427f1ab2facc339fc91fab4cebddcdSHA-256: 95b0b6118ad2b50a185433f702e5a38bcda2fe6ee629477e749be6f231798257 httpd-devel-2.2.26-55.ep6.el6.i386.rpm     MD5: 47d5cd20b70139a30048e27789bc3262SHA-256: df307c567419276352369e302de428a2a69d4f62997d52797334ab140c3c09f5 httpd-manual-2.2.26-55.ep6.el6.i386.rpm     MD5: bad91deb1052bd88f96d96caab424373SHA-256: 01470a52be23ea6dbb38540151974c89257b7ca8030b468afd4db6be5cbd611b httpd-tools-2.2.26-55.ep6.el6.i386.rpm     MD5: 15ea1d2b5bc7dc86ca5a4782805f6ce9SHA-256: 6cf80b287d7bb720ac84aa0e4cf024a8a2c14a2d6379c1b09c0646cea75d33a4 mod_ldap-2.2.26-55.ep6.el6.i386.rpm     MD5: 56dabbe3a71f73faa1174a5e23931f14SHA-256: 38218bb61f7eb4d33941cff7e8ab1723e4aaa2a9e29611836a70b934247120cd mod_ssl-2.2.26-55.ep6.el6.i386.rpm     MD5: 7c9d9bbdcd2dda8ce27fc155ec38a322SHA-256: d2738bfbccfac6bc69f7d6422878f47290d5ca8d0c872cf3b4b1767b38f9acdd   x86_64: httpd-2.2.26-55.ep6.el6.x86_64.rpm     MD5: 53174cf0321b838e39c68e8dbc5fdc7eSHA-256: be52b07b3546bec6f7dc9b704e98fe02785806956fec6d1536767279a88e75f0 httpd-devel-2.2.26-55.ep6.el6.x86_64.rpm     MD5: df9397ea8b5816f3e3c886d5e61686b3SHA-256: 6eaaa0dcd70653bfa3ea26497b33e023ff5067f3e3cb961b7a3f8029596844f8 httpd-manual-2.2.26-55.ep6.el6.x86_64.rpm     MD5: 102f5798b26e03c8ae0572934d0a1a2bSHA-256: c3cbe8b3f54a7569369a39a0e42c4c08c8503fbf1288f8845136c2b103c5f9ed httpd-tools-2.2.26-55.ep6.el6.x86_64.rpm     MD5: 3a5111e271161ae17d457174c5e0916bSHA-256: 980a19ddea01bdf17272f0cd17159e8f0921a55e7a1a2f15a3bd26d4c7171a49 mod_ldap-2.2.26-55.ep6.el6.x86_64.rpm     MD5: 82c9f80ea199cae7ef161018a169ed6bSHA-256: 523547e83619263b9abb38ac1926b6b1b0847b2d80b4cdfbdf429e079bd57dec mod_ssl-2.2.26-55.ep6.el6.x86_64.rpm     MD5: 60075fced3be4b72da0e7951846dbfdeSHA-256: 35933b44ffa56cc4c1a6549c642869d471be056e5a1746588824e484b26b1e69   (The unlinked packages above are only available from the Red Hat Network) Bugs fixed (see bugzilla for more information) 1305580 - httpd supplied jb-ews-2-for-rhel-6-server-rpms deplist is missing apr-util-ldap These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:https://www.redhat.com/security/team/key/#package The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/
An update is now available for Red Hat JBoss Enterprise Web Server 2.1 forRHEL 6.Red Hat Product Security has rated this update as having a security impactof Important.

A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section. Red Hat JBoss Web Server is a fully integrated and certified set ofcomponents for hosting Java web applications.
It is comprised of the ApacheHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the TomcatNative library.This release serves as a replacement for Red Hat JBoss Web Server 2.1.0,and includes several bug fixes. Refer to the Red Hat JBoss Web Server 2.1.1Release Notes, linked to in the References section, for information on themost significant of these changes.All users of Red Hat JBoss Web Server 2.1.0 on Red Hat Enterprise Linux 6are advised to upgrade to Red Hat JBoss Web Server 2.1.1.

The JBoss serverprocess must be restarted for this update to take effect.Security Fix(es):* It was discovered that httpd used the value of the Proxy header from HTTPrequests to initialize the HTTP_PROXY environment variable for CGI scripts,which in turn was incorrectly used by certain HTTP client implementationsto configure the proxy for outgoing HTTP requests.

A remote attacker couldpossibly use this flaw to redirect HTTP requests performed by a CGI scriptto an attacker-controlled proxy via a malicious HTTP request.(CVE-2016-5387)* An integer overflow flaw, leading to a buffer overflow, was found in theway the EVP_EncodeUpdate() function of OpenSSL parsed very large amounts ofinput data.

A remote attacker could use this flaw to crash an applicationusing OpenSSL or, possibly, execute arbitrary code with the permissions ofthe user running that application. (CVE-2016-2105)* An integer overflow flaw, leading to a buffer overflow, was found in theway the EVP_EncryptUpdate() function of OpenSSL parsed very large amountsof input data.

A remote attacker could use this flaw to crash anapplication using OpenSSL or, possibly, execute arbitrary code with thepermissions of the user running that application. (CVE-2016-2106)* It was discovered that it is possible to remotely Segfault Apache httpserver with a specially crafted string sent to the mod_cluster via servicemessages (MCMP). (CVE-2016-3110)Red Hat would like to thank Scott Geary (VendHQ) for reportingCVE-2016-5387; the OpenSSL project for reporting CVE-2016-2105 andCVE-2016-2106; and Michal Karm Babacek for reporting CVE-2016-3110.Upstream acknowledges Guido Vranken as the original reporter ofCVE-2016-2105 and CVE-2016-2106. Before applying the update, back up your existing Red Hat JBoss Web Serverinstallation (including all applications and configuration files).For details on how to apply this update, which includes the changesdescribed in this advisory, refer to:https://access.redhat.com/articles/11258For the update to take effect, all services linked to the OpenSSL librarymust be restarted, or the system rebooted.

After installing the updatedpackages, the httpd daemon will be restarted automatically.Refer to the Red Hat JBoss Enterprise Web Server 2.1.1 Release Notes for alist of non security related fixes.JBoss Enterprise Web Server v2 EL6 SRPMS: httpd-2.2.26-54.ep6.el6.src.rpm     MD5: eea764698b146f592541c89c33f1750fSHA-256: 500e2f71d7ec5bfdc3a06bc409c1c153295dc9ac19d3cb94b104dd4636492110 jbcs-httpd24-openssl-1.0.2h-4.jbcs.el6.src.rpm     MD5: 963dc03d1a02d317a679000b14fac02aSHA-256: ac5b23430a44667cd0792bb73c6f3c366d4450d6239e7025095bcc72fb165513 mod_cluster-1.2.13-1.Final_redhat_1.1.ep6.el6.src.rpm     MD5: 8050428d6463af5430e28e70c3d7b474SHA-256: 3a72fb0b75092e961a40017f108538ac289199dfef358bf50597f22f64f9d505 mod_cluster-native-1.2.13-3.Final_redhat_2.ep6.el6.src.rpm     MD5: 7398b0838abe76a7fef1ef7978b274beSHA-256: 13f719c9842b1ff8c1bf8a216599ca2e53cb412fec11035cc83ae20e3fe9ade8 mod_jk-1.2.41-2.redhat_3.ep6.el6.src.rpm     MD5: d6596e425e28c4e92b2261a820dd0e0aSHA-256: 071f674b58df13281c7c39dde9a2b14b99272795373a5ce7d628d704d191df01 tomcat-native-1.1.34-5.redhat_1.ep6.el6.src.rpm     MD5: d28d971ae5736394f7fbb125b0e05ed0SHA-256: f36bf2dafa5e715c97cf1a516f944bb4c6f2b98be1199f15b7508191d100b8ad   IA-32: httpd-2.2.26-54.ep6.el6.i386.rpm     MD5: 2f620897fde7952deda0559fd9f9249dSHA-256: 2ef8cdddf64eee31651657bad31abec8e607dc46b7f4c698351d74a261462d61 httpd-devel-2.2.26-54.ep6.el6.i386.rpm     MD5: b32fe0a48b47ff99c52df86da99d17b3SHA-256: 04722287bb04ab20e50386340906e15279f5acc197ec64adf1ebbc406586e335 httpd-manual-2.2.26-54.ep6.el6.i386.rpm     MD5: acfd1db3e2a03fb7572c761363845758SHA-256: 953df274cb9193c9cab480f8ecd8af48dda6e2d63de6bd4a3dd39e2c0499cd9a httpd-tools-2.2.26-54.ep6.el6.i386.rpm     MD5: 02d0d90b97b00d7d2973040e8e5ed6ecSHA-256: ea1765628eb3e4d08020227c0506b5b3adfa021b31e774f8879af06921b3ecff jbcs-httpd24-1-3.jbcs.el6.noarch.rpm     MD5: 55c3c3b5f68c76fac313b7ca0e184511SHA-256: 4ad48d853b5aa9b54e724c78e144bbde6deeb7a04ae023cf99e7bb04f079f6ff jbcs-httpd24-openssl-1.0.2h-4.jbcs.el6.i686.rpm     MD5: 7f161860ac4557d0d1ac61a8bfe3852aSHA-256: 45b0aad95e6c5e6031e26e36865970c1948cf1a881b0c4e5680468e1a06c49d7 jbcs-httpd24-openssl-devel-1.0.2h-4.jbcs.el6.i686.rpm     MD5: 2b2acec99c551418e47a6fe8223c16bdSHA-256: f5ddc2a4bc86f5ec40f932aceeaf4d87eb1c012a300b4e2ffd11bfd2fecd7ba8 jbcs-httpd24-openssl-libs-1.0.2h-4.jbcs.el6.i686.rpm     MD5: 66978755c0f3ff07731c6e7de5017920SHA-256: ec9f2c353d7f1b3ebbe453ff5eb170304839f6ba4b98d903b1008100e98faa60 jbcs-httpd24-openssl-perl-1.0.2h-4.jbcs.el6.i686.rpm     MD5: 688b86a5500ec07141d70794c6633408SHA-256: e093d1532b16a8ad66a36413fcbfcd0e2b190d555c40308ca70f984cfa35d22d jbcs-httpd24-openssl-static-1.0.2h-4.jbcs.el6.i686.rpm     MD5: fb5353cbf563d1d9c999709f4bcad07aSHA-256: 4e06824b17e7bfe3a69c968517b2573bb38977b93ed1cc6ec3bd9616ab3c4101 jbcs-httpd24-runtime-1-3.jbcs.el6.noarch.rpm     MD5: 26a66efa482cd82904ebdb713607bca3SHA-256: 8ac86a3df21bd84036eaeedcf6a780bc81d36b74924fc05a308cbb3fc0241865 mod_cluster-1.2.13-1.Final_redhat_1.1.ep6.el6.noarch.rpm     MD5: 726be4ff11c8d5071f5b7a05a15df4acSHA-256: fb69cc69b1ddbf4253f0b8232c9ee8191b4e1c1c9baa27eb0dd247ed0a654151 mod_cluster-native-1.2.13-3.Final_redhat_2.ep6.el6.i386.rpm     MD5: 0960a08b41ef13c51794bc2b3fcb7056SHA-256: ed043fcb58bce264b360afbd457eddfd9039dab8ff491d8f46ccdf567c6e6caf mod_cluster-tomcat6-1.2.13-1.Final_redhat_1.1.ep6.el6.noarch.rpm     MD5: 343b039081656533e9eaa79f39704ad7SHA-256: fe6253a930f33cf98a8eae8be88440559edabc13dbdb409a99517e9017fb6c4a mod_cluster-tomcat7-1.2.13-1.Final_redhat_1.1.ep6.el6.noarch.rpm     MD5: fd5163a84832db605e8fc01558c580f1SHA-256: dde11443657f40051c1b698086ad5bab49663bab081636d1a8b4571fe0aa2dc6 mod_jk-ap22-1.2.41-2.redhat_3.ep6.el6.i386.rpm     MD5: 584f2b9b2d6d104c4cca872c92ccca28SHA-256: a8038e44ab60da75b612201793949a5079c6863f0337536589166885649d85c5 mod_jk-manual-1.2.41-2.redhat_3.ep6.el6.i386.rpm     MD5: d9cf6573fbceaf0bfd77ddd0992ca501SHA-256: bb2f5b6bb3907d866e3fea62aea319730aa06a55f13f716ce2cecfc418f8d334 mod_ssl-2.2.26-54.ep6.el6.i386.rpm     MD5: ad1a0f3f8f4f5203d4171c787f90dcb0SHA-256: 2a5fd27067edc19626604ef553a5490f8a7eba49da369c3043d7a4a7c306779e tomcat-native-1.1.34-5.redhat_1.ep6.el6.i386.rpm     MD5: f5ea8e1260998850436ff0c0d84e63b7SHA-256: d6e7500e9781ff94436a46aec1b0facc37d61429f80bcc9d4696ecfafe7aaac4   x86_64: httpd-2.2.26-54.ep6.el6.x86_64.rpm     MD5: 91556faf775acf8a5f130099cb076275SHA-256: 65a1e179b6e455b73a9aa23929f65fda99c2283cf33e0f6cb96f362efd9b2197 httpd-devel-2.2.26-54.ep6.el6.x86_64.rpm     MD5: b00a921577b49c18ea2578e2444b4278SHA-256: 4e5e0e62a3e47307ca75d23e9fb8a97a117163a46d11911e7f926210a86a5a43 httpd-manual-2.2.26-54.ep6.el6.x86_64.rpm     MD5: 456777fc9cfbc7052cab5513cac10c49SHA-256: 8b0470615c47fafc22b9b08eecde0eca9f88371822869e76bbc2935a178a17fa httpd-tools-2.2.26-54.ep6.el6.x86_64.rpm     MD5: b5451282b70f72e3ffb4e850837b83edSHA-256: 4aeb4ecadcca0e06707fd6ef87a629067f353061dd4016c2bbe2115e51f00774 jbcs-httpd24-1-3.jbcs.el6.noarch.rpm     MD5: 55c3c3b5f68c76fac313b7ca0e184511SHA-256: 4ad48d853b5aa9b54e724c78e144bbde6deeb7a04ae023cf99e7bb04f079f6ff jbcs-httpd24-openssl-1.0.2h-4.jbcs.el6.x86_64.rpm     MD5: 411ce2397cddf77a882ddbebcd8a0762SHA-256: 86225769181a6677c8ec92ac74db4281b41e73f0a782cb426867a50b6a0289ac jbcs-httpd24-openssl-devel-1.0.2h-4.jbcs.el6.x86_64.rpm     MD5: a8cdf0f72326e9801671c00af0594d4cSHA-256: 2f558d2b55fa44f8df23471b4d6e2bb67dbf6b05348d2fbe9d414248a93e687d jbcs-httpd24-openssl-libs-1.0.2h-4.jbcs.el6.x86_64.rpm     MD5: 03a954c4787d3ccce6dbb131b922f110SHA-256: 62186db1184d1a37129d44771eeab73630109c5e3fa54f7d2e38e35ad1a98712 jbcs-httpd24-openssl-perl-1.0.2h-4.jbcs.el6.x86_64.rpm     MD5: 7598560deaba3370c3c85f83d6ab980eSHA-256: 588505e83e4e8d4e75d54b7faa1d4e727159d0a98f83b2dad73b6aa2026bb379 jbcs-httpd24-openssl-static-1.0.2h-4.jbcs.el6.x86_64.rpm     MD5: 5f827452f347852789e667798d8964beSHA-256: 744051dbab7f5ad2d3157fdfa904452f51974219f1d66ca4976012e5142a5719 jbcs-httpd24-runtime-1-3.jbcs.el6.noarch.rpm     MD5: 26a66efa482cd82904ebdb713607bca3SHA-256: 8ac86a3df21bd84036eaeedcf6a780bc81d36b74924fc05a308cbb3fc0241865 mod_cluster-1.2.13-1.Final_redhat_1.1.ep6.el6.noarch.rpm     MD5: 726be4ff11c8d5071f5b7a05a15df4acSHA-256: fb69cc69b1ddbf4253f0b8232c9ee8191b4e1c1c9baa27eb0dd247ed0a654151 mod_cluster-native-1.2.13-3.Final_redhat_2.ep6.el6.x86_64.rpm     MD5: 6781a0b7d7c6fbaa720289b367e169ebSHA-256: e67be895b7a3e8f2eec5211052d2dccb6dfd3323ad9884d4abe520b7c881c537 mod_cluster-tomcat6-1.2.13-1.Final_redhat_1.1.ep6.el6.noarch.rpm     MD5: 343b039081656533e9eaa79f39704ad7SHA-256: fe6253a930f33cf98a8eae8be88440559edabc13dbdb409a99517e9017fb6c4a mod_cluster-tomcat7-1.2.13-1.Final_redhat_1.1.ep6.el6.noarch.rpm     MD5: fd5163a84832db605e8fc01558c580f1SHA-256: dde11443657f40051c1b698086ad5bab49663bab081636d1a8b4571fe0aa2dc6 mod_jk-ap22-1.2.41-2.redhat_3.ep6.el6.x86_64.rpm     MD5: ac5114b1ab597246b3cbdc1628f4dba1SHA-256: dd7dd5f7bd57c078160587a45c225ed97e6f713f5ede61468611d3e69f63d9a5 mod_jk-manual-1.2.41-2.redhat_3.ep6.el6.x86_64.rpm     MD5: 768bc1f160d26d9175c901837b0f305aSHA-256: 11ecf9a96e1d788bb4f16492e9688d91ab564f1ec684834f599e9964258c50d1 mod_ssl-2.2.26-54.ep6.el6.x86_64.rpm     MD5: 6d218955f6ac6f6bb493467e2b9d6606SHA-256: e345df4f891e8278366a86e5db014d660c8306877aaa3357e9bb6e3af5cab6f4 tomcat-native-1.1.34-5.redhat_1.ep6.el6.x86_64.rpm     MD5: 272492dd826b88ad6bdb5e60d114b42dSHA-256: c66e650acf0a08d8088bec04e59c683358a115185820b1801ca677b7d612f71b   (The unlinked packages above are only available from the Red Hat Network) 1326320 - CVE-2016-3110 mod_cluster: remotely Segfault Apache http server1331441 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow1331536 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow1337151 - CVE-2016-2105 openssl: EVP_EncodeUpdate overflow [jbews-2.1.0]1337155 - CVE-2016-2106 openssl: EVP_EncryptUpdate overflow [jbews-2.1.0]1337396 - EWS 2.1.1 Tracker Bug for EL61353755 - CVE-2016-5387 Apache HTTPD: sets environmental variable based on user supplied Proxy request header1358118 - CVE-2016-5387 Apache HTTPD: sets environmental variable based on user supplied Proxy request header [jbews-2.1.0]1366541 - RPM: RHEL6: httpd service is not starting, LD_LIBRARY_PATH needs to be set These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
CGI web servers assign Proxy header values from client requests to internal HTTP_PROXY environment variables Original Release date: 18 Jul 2016 | Last revised: 19 Jul 2016 Overview Web servers running in a CGI or CGI-like context may assign client request Proxy header values to internal HTTP_PROXY environment variables.

This vulnerability can be leveraged to conduct man-in-the-middle (MITM) attacks on internal subrequests or to direct the server to initiate connections to arbitrary hosts. Description CWE-807: Reliance on Untrusted Inputs in a Security Decision, CWE-454: External Initialization of Trusted Variables or Data Stores Web servers running in a CGI or CGI-like context may assign client request Proxy header values to internal HTTP_PROXY environment variables.

The vulnerable behavior is the result of a naming convention for meta-variables, defined in RFC 3876, which leads to a name collision: "The HTTP header field name is converted to upper case, has all occurrences of "-" replaced with "_" and has "HTTP_" prepended to give the meta-variable name."According to the researchers, a web server is vulnerable if: A web server, programming language or framework (and in some limited situations the application itself) sets the environmental variable HTTP_PROXY from the user supplied Proxy header in the web request, or sets a similarly used variable (essentially when the request header turns from harmless data into a potentially harmful environmental variable). A web application makes use of HTTP_PROXY or similar variable unsafely (e.g. fails to check the request type) resulting in an attacker controlled proxy being used (essentially when HTTP_PROXY is actually used unsafely). By sending a specially crafted request to a vulnerable server, a remote, unauthenticated attacker may be able to conduct MITM attacks on internal server subrequests or direct the server to initiate connections to arbitrary hosts.

For more information, refer to httpoxy.org. Impact A remote, unauthenticated attacker may be able to conduct MITM attacks on internal server subrequests or direct the server to initiate connections to arbitrary hosts. Solution Apply an updateWhere applicable, affected products and components should be updated to address this vulnerability.

Check with vendors for information about patching.Where patches are unavailable or updating is not an option, consider the following workarounds. Filter Proxy request headersThe researchers and community have identified several filtering strategies that are product-dependent: Apache/CGIIn this configuration, any language may be vulnerable (the HTTP_PROXY env var is "real").
If you are using mod_headers , you can unset the "Proxy" header with this directive:    RequestHeader unset ProxyIf you are using mod_security, you can use a rule like (vary the action to taste):    SecRuleEngine On    SecRule &REQUEST_HEADERS:Proxy "@gt 0"    "id:1000005,log,deny,msg:'httpoxy denied'"Refer to Apache's response for more information.HAProxy    httprequest delheader Proxy lighttpd <= 1.4.40 (reject requests containing "Proxy" header)Create "/path/to/deny-proxy.lua", read-only to lighttpd, with content:    if (lighty.request["Proxy"] == nil) then return 0 else return 403 endModify lighttpd.conf to load mod_magnet and run lua code    server.modules += ( "mod_magnet" )   magnet.attract-raw-url-to = ( "/path/to/deny-proxy.lua" )lighttpd2 (development) (strip "Proxy" header from request)Add to lighttpd.conf:    req_header.remove "Proxy"; Nginx/FastCGIUse this to block the Proxy header from being passed on to PHPFPM, PHPPM, etc.    fastcgi_param HTTP_PROXY ""; Nginx with proxy_passThe following setting should work for people who are using "proxy_pass" with nginx:    proxy_set_header Proxy ""; Microsoft has provided the following guidance for IIS servers utilizing affected third-party frameworks:Microsoft IIS Mitigation steps:Update apphost.config with the following rule:<system.webServer>   <rewrite>        <rules>            <rule name=3D"Erase HTTP_PROXY" patternSyntax=3D"Wildcard">                <match url=3D"*.*" />                <serverVariables>                    <set name=3D"HTTP_PROXY" value=3D"" />                </serverVariables>                <action type=3D"None" />            </rule>        </rules>    </rewrite></system.webServer> Vendor Information (Learn More) Vendor Status Date Notified Date Updated Apache HTTP Server Project Affected 12 Jul 2016 18 Jul 2016 Go Programming Language Affected - 18 Jul 2016 HAProxy Affected - 13 Jul 2016 HHVM Affected - 18 Jul 2016 lighttpd Affected - 19 Jul 2016 Microsoft Corporation Affected 12 Jul 2016 13 Jul 2016 nginx Affected - 13 Jul 2016 Python Affected - 18 Jul 2016 The PHP Group Affected - 18 Jul 2016 EfficientIP SAS Not Affected 12 Jul 2016 12 Jul 2016 ACCESS Unknown 12 Jul 2016 12 Jul 2016 Alcatel-Lucent Unknown 12 Jul 2016 12 Jul 2016 Apple Unknown 12 Jul 2016 12 Jul 2016 Arista Networks, Inc. Unknown 12 Jul 2016 12 Jul 2016 ARRIS Unknown 12 Jul 2016 12 Jul 2016 If you are a vendor and your product is affected, let us know.View More »CVSS Metrics (Learn More) Group Score Vector Base 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P Temporal 4.6 E:POC/RL:ND/RC:C Environmental 1.1 CDP:ND/TD:L/CR:ND/IR:ND/AR:ND References Credit Thanks to Dominic Scheirlinck and Scott Geary of Vend for reporting this vulnerability. This document was written by Joel Land. Other Information Feedback If you have feedback, comments, or additional information about this vulnerability, please send us email.
IBM finds popular stock and mod ROM pwnable through loose over-the-air updater The most popular stock and third-party Android ROM – used by 170 million people – contains a dangerous since-patched remote code execution hole that could hand attackers total control of handsets. The flaw, found by IBM X-Force researcher David Kaplan (@depletionmode), now of Microsoft, exists in MIUI (pronounced Me, You, I) and allows attackers with privileged network access – say over cafe Wi-Fi – to fully compromise devices. IBM researchers with the X-Force security team said in an advisory provided to The Register ahead of publication that the remote code execution flaw exists in the analytics package, which can be abused to provide malicious ROM updates. "The vulnerability we discovered allows for a man-in-the-middle attacker to execute arbitrary code as the highly privileged Android ‘system’ user," IBM researchers say. "The update transaction is performed over an insecure transport link [and] as such, a man-in-the-middle attack. "As there is no cryptographic verification of the update code itself, com.xiaomi.analytics will replace itself with the attacker-supplied version via Android's DexClassLoader mechanism." The security wonks say the flaw allows attackers to inject a JSON response to force an update by replacing the URL and md5 hash with those of a malicious Android application package containing malicious code. Bugged update mechanisms that fail to verify downloaded updates are increasingly common flaws, the researchers say. A further flaw was found in stock ROM app com.cleanmaster.miui which sported a code injection flaw attackers could exploit to gain system-level privileges. The ROM ships on devices manufactured by developer Xiaomi and is also ported and maintained for more than 340 different handsets including Nexus, Samsung, and HTC. CyanogenMod, the most popular strictly third-party ROM, has about 50 million users and supports about 200 devices. Affected users should upgrade to version 7.2, released as an over-the-air update. X-Force researchers thanked Xiaomi for what they say was a rapid response with the vulnerability confirmed, triaged, and a patch date issued within days of first disclosure. They say developers should "transact only code-related data over a verified, secure transport such as TLS with certificate pinning" and ensure code is "cryptographically signed and properly verified" before execution. More specifically, they say Android developers should sit down and discuss banning apps from executing unsigned code via DexClassLoader, dynamic library injection or any other method, a feat that would eliminate such flaws. ® Sponsored: Global DDoS threat landscape report
​Multiple vulnerabilities have been addressed in Junos Space 15.1R1 release.These include cross site scripting (XSS), SQL injection and command injection vulnerabilities.

These vulnerabilities may potentially allow a remote unauthenticated network based attacker with access to Junos Space to execute arbitrary code on Junos Space.

These vulnerabilities were found during internal product testing. These issues have been assigned CVE-2015-7753. OpenJDK runtime was upgraded to 1.7.0 update_79 which resolves: CVE CVSS v2 base score Summary CVE-2014-0429 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) Vulnerability in Java 2D. CVE-2014-0456 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C) Vulnerability in Java Hotspot. CVE-2014-0460 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N) Vulnerability in JNDI. CVE-2014-0453 4.0 (AV:N/AC:H/Au:N/C:P/I:P/A:N) Vulnerability in Java Security. Following vulnerability was resolved in OpenNMS software included with Junos Space: CVE CVSS v2 base score Summary CVE-2015-0975​ 6.5 ​(CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) OpenNMS Authenticated XXE ​​​KVM Package​ was upgraded to kvm-83-273.el5.centos.x86_64.rpm which resolves the following vulnerability: CVE CVSS v2 base score Summary CVE-2015-3209 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Heap-based buffer overflow vulnerability in the PCNET controller in QEMU. Mozilla NSS Package​ was upgraded to nss-3.18.0-6.el5_11 which resolves the following vulnerability: CVE CVSS v2 base score Summary CVE-2014-1568 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) NSS does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures. Apache HTTP Server was upgraded to 2.2.31 resolving the following issues: CVE CVSS v2 base score Summary CVE-2013-2249 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Vulnerability in Apache mod_session_dbd module. CVE-2013-6438 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) Denial of service in Apache mod_dav module. CVE-2014-0098 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) Denial of service in Apache mod_log_config module. MySQL was upgraded to 5.6.23 which resolves the following vulnerabilities that may pose a risk to MySQL as used in Junos Space:​ CVE CVSS v2 base score Summary CVE-2014-6491 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Vulnerability in MySQL Server related to SERVER:SSL:yaSSL. CVE-2014-6500 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Vulnerability in MySQL Server related to SERVER:SSL:yaSSL. CVE-2015-0501 5.7 (AV:N/AC:M/Au:M/C:N/I:N/A:C) Vulnerability in MySQL Server related to Server : Compiling. CVE-2014-6478 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) Vulnerability in MySQL Server related to SERVER:SSL:yaSSL. CVE-2014-6494 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) Vulnerability in MySQL Server related to CLIENT:SSL:yaSSL. CVE-2014-6495 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) Vulnerability in MySQL Server related to SERVER:SSL:yaSSL. CVE-2014-6496 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) Vulnerability in MySQL Server related to CLIENT:SSL:yaSSL. CVE-2014-6559 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) Vulnerability in MySQL Server related to C API SSL CERTIFICATE HANDLING. CVE-2015-2620 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N) Vulnerability in MySQL Server related to Server : Security : Privileges. CVE-2013-5908 2.6 (AV:N/AC:H/Au:N/C:N/I:N/A:P) Vulnerability in MySQL Server related to Error Handling. The following software releases have been updated to resolve these issues: Junos Space 15.1R1, and all subsequent releases.​CVE-2015-0975​ is being tracked as PR 1060097.CVE-2015-3209​ is being tracked as PR ​1067419.​​OpenJDK JRE upgrade is being tracked as PR 987​851.Apache upgrade is being tracked as PR 987853.MySQL upgrade is being tracked as PR 987852.These PRs are visible on the Customer Support website.​KB16765 - "In which releases are vulnerabilities fixed?" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies.​​As a workaround, use access lists or firewall filters to limit access to the device, so that it can only be accessed from trusted hosts which are restricted from accessing potentially hazardous sites and services. Restrict access to only highly trusted administrators.To mitigate XSS vulnerabilities with Junos Space use a dedicated client and dedicated web browser that is not used to access other sites.Information for how Juniper Networks uses CVSS can be found at KB16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories"
The ​OpenSSL project has published a set of security advisories for vulnerabilities resolved in the OpenSSL library in June and July 2015: CVE CVSS v2* base score Summary CVE-2015-1791 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier. CVE-2015-1793 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)​ An error in the implementation of the alternative certificate chain logic could allow an attacker to cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and "issue" an invalid certificate.​ CVE-2015-1790 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a PKCS#7 blob that uses ASN.1 encoding and lacks inner EncryptedContent data. CVE-2015-1792 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P) The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (infinite loop) via vectors that trigger a NULL value of a BIO data structure, as demonstrated by an unrecognized X.660 OID for a hash function. CVE-2015-1788 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in which the curve is over a malformed binary polynomial field, which allows remote attackers to cause a denial of service (infinite loop) via a session that uses an Elliptic Curve algorithm, as demonstrated by an attack against a server that supports client authentication. CVE-2015-1789 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted length field in ASN1_TIME data, as demonstrated by an attack against a server that supports client authentication with a custom verification callback. *CVSS v2 scores provided for backward compatibility with NVD.Junos OS is affected by one or more of these vulnerabilities.  Note that CVE-2014-8176 was also included in an OpenSSL advisory, but no Juniper products use DTLS for communication. ​The following software releases have been​ updated to resolve this specific issue: Junos OS 12.1X44-D55, 12.1X46-D40, 12.1X47-D25​, 12.3R11, 12.3X48-D20, 13.2X51-D40, 13.3R7, 14.1R6, 14.2R4, 15.1R2, 15.1X49-D20​, and all subsequent releases.OpenSSL library has been upgraded to 0.9.8zg in Junos OS 12.1X44-D55, 12.1X46-D40, 12.1X47-D25​, 12.3R11, 12.3X48-D20, 13.2X51-D40 and subsequent releases.OpenSSL library has been upgraded to 1.0.1p in Junos OS 12.1X46-D55, 12.1X47-D45, 12.3X48-D30, 13.3R7, 14.1R6, 14.2R4, 15.1R2, 15.1X49-D20​, and all subsequent releases to resolve all vulnerabilities listed above. Juniper SIRT is not aware of any malicious exploitation of this vulnerability.This issue is being tracked for Junos OS as PRs 1095598, ​1095604​, 1103020 and 1153463 which are visible on the Customer Support website.KB16765 - "In which releases are vulnerabilities fixed?" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies.​​​Since SSL is used for remote network configuration and management applications such as J-Web and SSL Service for JUNOScript (XNM-SSL), viable workarounds for this issue in Junos may include:Disabling J-Web Disable SSL service for JUNOScript and only use Netconf, which makes use of SSH, to make configuration changes Limit access to J-Web and XNM-SSL from only trusted networks How to obtain fixed software:Security vulnerabilities in Junos are fixed in the next available Maintenance Release of each supported Junos version.
In some cases, a Maintenance Release is not planned to be available in an appropriate time-frame.

For these cases, Service Releases are made available in order to be more timely.
Security Advisory and Security Notices will indicate which Maintenance and Service Releases contain fixes for the issues described. Upon request to JTAC, customers will be provided download instructions for a Service Release.

Although Juniper does not provide formal Release Note documentation for a Service Release, a list of "PRs fixed" can be provided on request.Modification History: 2015-10-14: Initial publication2016-10-05: Update the list of Junos releases which have OpenSSL 1.0.1p or later (i.e added 12.1X46-D55, 12.1X47-D45, 12.3X48-D30). Information for how Juniper Networks uses CVSS can be found at KB16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories"