CVE-2016-5195 Oracle Enterprise Linux Security Update for kernel (ELSA-2016-2574)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for kernel to fix the vulnerabilities.

Affected Products:
Oracle Linux 7

漏洞危害

Successful exploitation of the vulnerabilities can allow a remote attackers to obtain sensitive information from kernel memory by reading packet data.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisoryOracle Linux 7 for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2016-2574: Oracle Linux 7

0day

CVE-2016-6313 Oracle Enterprise Linux Security Update for libgcrypt (ELSA-2016-2674)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for libgcrypt to fix the vulnerabilities.

Affected Products:
Oracle Linux 6
Oracle Linux 7

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisoryOracle Linux 6 Oracle Linux 7 for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2016-2674: Oracle Linux 6

ELSA-2016-2674: Oracle Linux 7

0day

CVE-2016-1583 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2016-3636)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for unbreakable enterprise kernel to fix the vulnerabilities.

Affected Products:
Oracle Linux 7
Oracle Linux 6

漏洞危害

Successful exploitation of the vulnerability can allow local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisoryOracle Linux 7 Oracle Linux 6 for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2016-3636: Oracle Linux 7

ELSA-2016-3636: Oracle Linux 6

ELSA-2016-3636

0day

CVE-2016-1583 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2016-3635)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for unbreakable enterprise kernel to fix the vulnerabilities.

Affected Products:
Oracle Linux 7
Oracle Linux 6

漏洞危害

Successful exploitation of the vulnerability can allow local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisoryOracle Linux 7 Oracle Linux 6 for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2016-3635: Oracle Linux 7

ELSA-2016-3635: Oracle Linux 6

ELSA-2016-3635

0day

CVE-2016-8864 Oracle Enterprise Linux Security Update for bind97 (ELSA-2016-2142)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for bind97 to fix the vulnerabilities.

Affected Products:
Oracle Linux 5

漏洞危害

Successful Exploitation of the vulnerability can allow a remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisoryOracle Linux 5 for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2016-2142: Oracle Linux 5

0day

CVE-2016-8864 Oracle Enterprise Linux Security Update for bind (ELSA-2016-2141)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for bind to fix the vulnerabilities.

Affected Products:
Oracle Linux 6
Oracle Linux 5

漏洞危害

Successful Exploitation of the vulnerability can allow a remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisoryOracle Linux 6 Oracle Linux 5 for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2016-2141: Oracle Linux 6

ELSA-2016-2141: Oracle Linux 5

0day

CVE-2016-7426 NTP.org ntpd Multiple Security Vulnerabilities

漏洞类别:General remote services

漏洞等级:

漏洞信息

The Network Time Protocol (NTP) is used to synchronize the time of a computer client or server to another server or reference time source.

This update fixes the following vulnerabilities:
- Trap crash. (CVE-2016-9311)
- Mode 6 unauthenticated trap information disclosure and DDoS vector. (CVE-2016-9310)
- Broadcast Mode Replay Prevention DoS. (CVE-2016-7427)
- Broadcast Mode Poll Interval Enforcement DoS. (CVE-2016-7428)
- Windows: ntpd DoS by oversized UDP packet. (CVE-2016-9312)
- Regression: 010-origin: Zero Origin Timestamp Bypass. (CVE-2016-7431)
- Null pointer dereference in _IO_str_init_static_internal(). (CVE-2016-7434)
- Interface selection attack. (CVE-2016-7429)
- Client rate limiting and server responses. (CVE-2016-7426)
- Reboot sync calculation problem. (CVE-2016-7433)

Affected Versions:
NTP versions prior to 4.2.8p9

漏洞危害

A remote unauthenticated attacker may be able to perform a denial of service on targeted system.

解决方案

User are advised to upgrade to the 4.2.8p9 or later version to fix the issues. Latest version can be downloaded from here

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ntp-4.2.8p9 or later

0day

Fedora Security Update for sudo (FEDORA-2016-3a0df9e256)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for sudop1 to fix the vulnerability.

Affected OS:
Fedora 24
Fedora 25

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

Fedora has issued updated packages to fix this vulnerability. Updates can be installed using the yum utility, which can be downloaded from the Fedora Web site.

Refer to the following Fedora security advisories :Fedora 24 Update Fedora 25 Update for more information about the vulnerability and obtaining patches.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2016-3a0df9e256: Fedora 24

FEDORA-2016-3a0df9e256: Fedora 25

0day

CVE-2016-5291 Oracle Enterprise Linux Security Update for firefox (ELSA-2016-2780)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for firefox to fix the vulnerabilities.

Affected Products:
Oracle Linux 6
Oracle Linux 7
Oracle Linux 5

漏洞危害

Successful exploitation allows attacker to compromise the system

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisoryOracle Linux 6 Oracle Linux 7 Oracle Linux 5 for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2016-2780: Oracle Linux 5

ELSA-2016-2780: Oracle Linux 6

ELSA-2016-2780: Oracle Linux 7

0day

CVE-2016-7795 Oracle Enterprise Linux Security Update for systemd (ELSA-2016-2610)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for systemd to fix the vulnerabilities.

Affected Products:
Oracle Linux 7

漏洞危害

Successful exploitation could allow local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisoryOracle Linux 7 for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2016-2610: Oracle Linux 7

0day