漏洞类别:Fedora
漏洞等级: 
漏洞信息
Fedora has released security update for polkit to fix the vulnerability.
Affected OS:
Fedora 27
漏洞危害
Successful exploitation allows attacker to compromise the system.
解决方案
Fedora has issued updated packages to fix this vulnerability.
For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
漏洞类别:Fedora
漏洞等级:
漏洞信息
Fedora has released security update for qutebrowser to fix the vulnerability.
Affected OS:
Fedora 27
Fedora 28
漏洞危害
Successful exploitation allows attacker to compromise the system.
解决方案
Fedora has issued updated packages to fix this vulnerability.
For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update
Fedora 28 Update
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
漏洞类别:Fedora
漏洞等级:
漏洞信息
Fedora has released security update for suricata to fix the vulnerability.
Affected OS:
Fedora 28
Fedora 27
漏洞危害
Successful exploitation allows attacker to compromise the system.
解决方案
Fedora has issued updated packages to fix this vulnerability.
For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 28 Update
Fedora 27 Update
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
漏洞类别:Fedora
漏洞等级:
漏洞信息
Fedora has released security update for python34 to fix the vulnerability.
Affected OS:
Fedora 28
Fedora 27
漏洞危害
This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
解决方案
Fedora has issued updated packages to fix this vulnerability.
For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 28 Update
Fedora 27 Update
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
漏洞类别:Fedora
漏洞等级:
漏洞信息
Fedora has released security update for libxml2 to fix the vulnerability.
Affected OS:
Fedora 27
Fedora 28
漏洞危害
This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
解决方案
Fedora has issued updated packages to fix this vulnerability.
For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update
Fedora 28 Update
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
漏洞类别:Fedora
漏洞等级:
漏洞信息
Fedora has released security update for zziplib to fix the vulnerability.
Affected OS:
Fedora 28
漏洞危害
This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
解决方案
Fedora has issued updated packages to fix this vulnerability.
For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 28 Update
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
漏洞类别:Fedora
漏洞等级:
漏洞信息
Fedora has released security update for bibutils to fix the vulnerability.
Affected OS:
Fedora 27
Fedora 28
漏洞危害
This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
解决方案
Fedora has issued updated packages to fix this vulnerability.
For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update
Fedora 28 Update
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
漏洞类别:Fedora
漏洞等级:
漏洞信息
Fedora has released security update for libtomcrypt to fix the vulnerability.
Affected OS:
Fedora 28
漏洞危害
This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.
解决方案
Fedora has issued updated packages to fix this vulnerability.
For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 28 Update
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
漏洞类别:Fedora
漏洞等级:
漏洞信息
Fedora has released security update for soundtouch to fix the vulnerability.
Affected OS:
Fedora 27
漏洞危害
Successful exploitation of the vulnerability will lead to denial of service attacks.
解决方案
Fedora has issued updated packages to fix this vulnerability.
For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
漏洞类别:Fedora
漏洞等级:
漏洞信息
Fedora has released security update for perl-archive-zip to fix the vulnerability.
Affected OS:
Fedora 27
漏洞危害
Successful exploitation allows attacker to compromise the system.
解决方案
Fedora has issued updated packages to fix this vulnerability.
For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
漏洞类别:RedHat
漏洞等级: 
漏洞信息
Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP.
Security Fixes: mutt: Remote code injection vulnerability to an IMAP mailbox (CVE-2018-14354)
mutt: Remote Code Execution via backquote characters (CVE-2018-14357)
mutt: POP body caching path traversal vulnerability (CVE-2018-14362)
Affected Products:
Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux Server 6 x86_64
Red Hat Enterprise Linux Server 6 i386
Red Hat Enterprise Linux Server – Extended Update Support 7.5 x86_64
Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Enterprise Linux Workstation 6 x86_64
Red Hat Enterprise Linux Workstation 6 i386
Red Hat Enterprise Linux Desktop 7 x86_64
Red Hat Enterprise Linux Desktop 6 x86_64
Red Hat Enterprise Linux Desktop 6 i386
Red Hat Enterprise Linux for IBM z Systems 7 s390x
Red Hat Enterprise Linux for IBM z Systems 6 s390x
Red Hat Enterprise Linux for IBM z Systems – Extended Update Support 7.5 s390x
Red Hat Enterprise Linux for Power, big endian 7 ppc64
Red Hat Enterprise Linux for Power, big endian 6 ppc64
Red Hat Enterprise Linux for Power, big endian – Extended Update Support 7.5 ppc64
Red Hat Enterprise Linux for Scientific Computing 7 x86_64
Red Hat Enterprise Linux EUS Compute Node 7.5 x86_64
Red Hat Enterprise Linux
漏洞危害
On successful exploitation it could allow an attacker to execute code.
解决方案
Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.
Refer to Red Hat security advisory RHSA-2018:2526 to address this issue and obtain more information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
Continue reading “CVE-2018-14354 Red Hat Update for mutt (RHSA-2018:2526)”
漏洞类别:RedHat
漏洞等级:
漏洞信息
memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load.Security fix(es): memcached: UDP server support allows spoofed traffic amplification DoS (CVE-2018-1000115)
Affected Products:
Red Hat OpenStack 12 x86_64
Red Hat OpenStack for IBM Power 12 ppc64le
漏洞危害
On successful exploitation it could allow an attacker to execute code.
解决方案
Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.
Refer to Red Hat security advisory RHSA-2018:2331 to address this issue and obtain more information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
漏洞类别:RedHat
漏洞等级:
漏洞信息
OpenStack Compute (nova) launches and schedules large networks of virtualmachines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required toorchestrate a cloud, including running virtual machine instances andcontrolling access through users and projects. The following packages have been upgraded to a later upstream version:openstack-nova (16.1.4). (BZ#1591212)
Security Fixes: openstack-nova: Swapping encrypted volumes can allow an attacker to corrupt the LUKS header causing a denial of service in the host (CVE-2017-18191)
Affected Products:
Red Hat OpenStack 12 x86_64
Red Hat OpenStack for IBM Power 12 ppc64le
漏洞危害
On successful exploitation it could allow an attacker to execute code.
解决方案
Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.
Refer to Red Hat security advisory RHSA-2018:2332 to address this issue and obtain more information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
漏洞类别:RedHat
漏洞等级:
漏洞信息
The OpenStack Identity service (keystone) authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication, including user name and password credentials, token-based systems, and AWS-style logins.
Security Fixes: openstack-keystone: Information Exposure through /v3/OS-FEDERATION/projects (CVE-2018-14432)
Affected Products:
Red Hat OpenStack 12 x86_64
Red Hat OpenStack for IBM Power 12 ppc64le
漏洞危害
On successful exploitation it could allow an attacker to execute code.
解决方案
Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.
Refer to Red Hat security advisory RHSA-2018:2523 to address this issue and obtain more information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
漏洞类别:RedHat
漏洞等级:
漏洞信息
Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.
Security Fixes: dpdk: Information exposure in unchecked guest physical to host virtual address translations (CVE-2018-1059)
Affected Products :
Red Hat OpenStack 12 x86_64
Red Hat OpenStack for IBM Power 12 ppc64le
漏洞危害
On successful exploitation it could allow an attacker to execute code.
解决方案
Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.
Refer to Red Hat security advisory RHSA-2018:2524 to address this issue and obtain more information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
漏洞类别:RedHat
漏洞等级:
漏洞信息
Red Hat JBoss Enterprise Application Platform is a platform for Javaapplications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fixes: guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service (CVE-2018-10237)
bouncycastle: flaw in the low-level interface to RSA key pair generator (CVE-2018-1000180)
cxf: Improper size validation in message attachment header for JAX-WS and JAX-RS services (CVE-2017-12624)
wildfly: wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (CVE-2018-10862)
cxf-core: apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* (CVE-2018-8039)
Affected Products:
JBoss Enterprise Application Platform 7.1 for RHEL 6 x86_64
JBoss Enterprise Application Platform 7.1 for RHEL 6 i386
漏洞危害
On successful exploitation it could allow an attacker to execute code.
解决方案
Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.
Refer to Red Hat security advisory RHSA-2018:2423 to address this issue and obtain more information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
漏洞类别:Ubuntu
漏洞等级:
漏洞信息
It was discovered that OpenJDK did not properly validate types in some situations.
It was discovered that the PatternSyntaxException class in OpenJDK did not properly validate arguments passed to it.
It was discovered a vulnerability in the Galois/Counter Mode (GCM) mode of operation for symmetric block ciphers in OpenJDK.
漏洞危害
An attacker could use this to construct a Java class that could possibly bypass sandbox restrictions. (CVE-2018-2825, CVE-2018-2826)
An attacker could use this to potentially construct a class that caused a denial of service (excessive memory consumption). (CVE-2018-2952)
An attacker could use this to expose sensitive information. (CVE-2018-2972)
解决方案
Refer to Ubuntu advisory USN-3747-1 for affected packages and patching details, or update with your package manager.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
USN-3747-1: 18.04 (bionic) on src (openjdk-11-jre-zero)
0daybank
漏洞类别:Ubuntu
漏洞等级:
漏洞信息
It was discovered that APT incorrectly handled the mirror method (mirror://).
漏洞危害
If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages in environments configured to use mirror:// entries.
解决方案
Refer to Ubuntu advisory USN-3746-1 for affected packages and patching details, or update with your package manager.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
漏洞类别:Ubuntu
漏洞等级:
漏洞信息
It was discovered that wpa_supplicant and hostapd incorrectly handled certain messages.
漏洞危害
An attacker could possibly use this to access sensitive information.
解决方案
Refer to Ubuntu advisory USN-3745-1 for affected packages and patching details, or update with your package manager.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
USN-3745-1: 16.04 (Xenial) on src (hostapd)
USN-3745-1: 14.04 (Kylin) on src (wpasupplicant)
USN-3745-1: 18.04 (bionic) on src (hostapd)
USN-3745-1: 18.04 (bionic) on src (wpasupplicant)
0daybank
漏洞类别:VMware
漏洞等级:
漏洞信息
VMware vCenter is the centralized management tool for the vSphere suite.
VMware vCenter is affected by the following vulnerability:
This issue may allow a malicious VM running on a given CPU core to effectively read the hypervisor or another VM privileged information that resides sequentially or concurrently in the same core L1 Data cache.
QID Detection Logic (Unauthenticated):
This QID checks for vulnerable version of vCenter.
漏洞危害
Successful exploitation allows unauthorized disclosure of information.
解决方案
VMware has issued a fix.
Please refer to VMSA-2018-0020 for further details.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank