[KIS-2014-13] Tuleap <= 7.6-4 (register.php) PHP Object Injection Vulnerability

------------------------------------------------------------
-----
Tuleap <= 7.6-4 (register.php) PHP Object Injection Vulnerability
-----------------------------------------------------------------


[-] Software Links:

https://www.tuleap.org/
https://www.enalean.com/


[-] Affected Versions:

Version 7.6-4 and prior versions.


[-] Vulnerability Description:

The vulnerable code is located in the /src/www/project/register.php script:

27.     $request = HTTPRequest::instance();
28.
29.     if (Config::get('sys_create_project_in_one_step')) {
30.         $router = new Project_OneStepCreation_OneStepCreationRouter(
31.             ProjectManager::instance(),
32.             new Project_CustomDescription_CustomDescriptionFactory(new Project_CustomDescription ...
33.         );
34.         $router->route($request);
35.         exit;
36.     }
37.
38.     $current_step = $request->exist('current_step') ? $request->get('current_step') : 0;
39.     $data         = $request->exist('data') ? unserialize($request->get('data')) : array();

CVE-2014-8682 Multiple Unauthenticated SQL Injections in Gogs

Unauthenticated SQL Injection in Gogs repository search
=======================================================
Researcher: Timo Schmid <tschmid@ernw.de>


Description
===========
Gogs(Go Git Service) is a painless self-hosted Git Service written in
Go. (taken
 from [1])

It is very similiar to the github hosting plattform. Multiple users can
create
multiple repositories and share code with others with the git version
control
system. Repositories can be marked as public or private to prevent
access from
 unauthorized users.

Gogs provides an api view to give javascript code the possibility to
search for
existing repositories in the system. This view is accessible at
/api/v1/repos/search?q=<search query>.

The q Parameter of this view is vulnerable to SQL injection.

CVE-2014-8683 XSS in Gogs Markdown Renderer

XSS in Gogs Markdown Renderer
=============================
Researcher: Timo Schmid <tschmid@ernw.de>


Description
===========
Gogs(Go Git Service) is a painless self-hosted Git Service written in
Go. (taken
 from [1])

It is very similiar to the github hosting plattform. Multiple users can
create
multiple repositories and share code with others with the git version
control
system. Repositories can be marked as public or private to prevent
access from
 unauthorized users.

Gogs provides two api views to transform markdown into HTML at the urls
/api/v1/markdown and /api/v1/markdown/raw

The transformation is vulnerable to XSS.

[SECURITY] [DSA 3076-1] wireshark security update

Debian Security Advisory DSA-3076-1                   security@debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
November 25, 2014                      http://www.debian.org/security/faq
- ------------------------------------------------------------
-------------

Package        : wireshark
CVE ID         : CVE-2014-8710 CVE-2014-8711 CVE-2014-8712 CVE-2014-8713
                 CVE-2014-8714

Multiple vulnerabilities were discovered in the dissectors/parsers for
SigComp UDVM, AMQP, NCP and TN5250, which could result in denial of
service.

For the stable distribution (wheezy), these problems have been fixed in
version 1.8.2-5wheezy13.

For the upcoming stable distribution (jessie), these problems have been
fixed in version 1.12.1+g01b65bf-2.

For the unstable distribution (sid), these problems have been fixed in
version 1.12.1+g01b65bf-2.

We recommend that you upgrade your wireshark packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

[SECURITY] [DSA 3077-1] openjdk-6 security update

Debian Security Advisory DSA-3077-1                   security@debian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
November 26, 2014                      http://www.debian.org/security/faq
- ------------------------------------------------------------
-------------

Package        : openjdk-6
CVE ID         : CVE-2014-6457 CVE-2014-6502 CVE-2014-6504 CVE-2014-6506
                 CVE-2014-6511 CVE-2014-6512 CVE-2014-6517 CVE-2014-6519
                 CVE-2014-6531 CVE-2014-6558

Several vulnerabilities have been discovered in OpenJDK, an
implementation of the Oracle Java platform, resulting in the execution
of arbitrary code, information disclosure or denial of service.

For the stable distribution (wheezy), these problems have been fixed in
version 6b33-1.13.5-2~deb7u1.

We recommend that you upgrade your openjdk-6 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org