CVE-2016-5195 Oracle Enterprise Linux Security Update for kernel (ELSA-2016-2574)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for kernel to fix the vulnerabilities.

Affected Products:
Oracle Linux 7

漏洞危害

Successful exploitation of the vulnerabilities can allow a remote attackers to obtain sensitive information from kernel memory by reading packet data.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisoryOracle Linux 7 for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2016-2574: Oracle Linux 7

0day

CVE-2016-6313 Oracle Enterprise Linux Security Update for libgcrypt (ELSA-2016-2674)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for libgcrypt to fix the vulnerabilities.

Affected Products:
Oracle Linux 6
Oracle Linux 7

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisoryOracle Linux 6 Oracle Linux 7 for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2016-2674: Oracle Linux 6

ELSA-2016-2674: Oracle Linux 7

0day

CVE-2016-1583 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2016-3636)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for unbreakable enterprise kernel to fix the vulnerabilities.

Affected Products:
Oracle Linux 7
Oracle Linux 6

漏洞危害

Successful exploitation of the vulnerability can allow local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisoryOracle Linux 7 Oracle Linux 6 for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2016-3636: Oracle Linux 7

ELSA-2016-3636: Oracle Linux 6

ELSA-2016-3636

0day

CVE-2016-1583 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2016-3635)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for unbreakable enterprise kernel to fix the vulnerabilities.

Affected Products:
Oracle Linux 7
Oracle Linux 6

漏洞危害

Successful exploitation of the vulnerability can allow local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisoryOracle Linux 7 Oracle Linux 6 for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2016-3635: Oracle Linux 7

ELSA-2016-3635: Oracle Linux 6

ELSA-2016-3635

0day

CVE-2016-8864 Oracle Enterprise Linux Security Update for bind97 (ELSA-2016-2142)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for bind97 to fix the vulnerabilities.

Affected Products:
Oracle Linux 5

漏洞危害

Successful Exploitation of the vulnerability can allow a remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisoryOracle Linux 5 for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2016-2142: Oracle Linux 5

0day

CVE-2016-8864 Oracle Enterprise Linux Security Update for bind (ELSA-2016-2141)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for bind to fix the vulnerabilities.

Affected Products:
Oracle Linux 6
Oracle Linux 5

漏洞危害

Successful Exploitation of the vulnerability can allow a remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisoryOracle Linux 6 Oracle Linux 5 for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2016-2141: Oracle Linux 6

ELSA-2016-2141: Oracle Linux 5

0day

CVE-2016-7426 NTP.org ntpd Multiple Security Vulnerabilities

漏洞类别:General remote services

漏洞等级:

漏洞信息

The Network Time Protocol (NTP) is used to synchronize the time of a computer client or server to another server or reference time source.

This update fixes the following vulnerabilities:
– Trap crash. (CVE-2016-9311)
– Mode 6 unauthenticated trap information disclosure and DDoS vector. (CVE-2016-9310)
– Broadcast Mode Replay Prevention DoS. (CVE-2016-7427)
– Broadcast Mode Poll Interval Enforcement DoS. (CVE-2016-7428)
– Windows: ntpd DoS by oversized UDP packet. (CVE-2016-9312)
– Regression: 010-origin: Zero Origin Timestamp Bypass. (CVE-2016-7431)
– Null pointer dereference in _IO_str_init_static_internal(). (CVE-2016-7434)
– Interface selection attack. (CVE-2016-7429)
– Client rate limiting and server responses. (CVE-2016-7426)
– Reboot sync calculation problem. (CVE-2016-7433)

Affected Versions:
NTP versions prior to 4.2.8p9

漏洞危害

A remote unauthenticated attacker may be able to perform a denial of service on targeted system.

解决方案

User are advised to upgrade to the 4.2.8p9 or later version to fix the issues. Latest version can be downloaded from here

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ntp-4.2.8p9 or later

0day

Fedora Security Update for sudo (FEDORA-2016-3a0df9e256)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for sudop1 to fix the vulnerability.

Affected OS:
Fedora 24
Fedora 25

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

Fedora has issued updated packages to fix this vulnerability. Updates can be installed using the yum utility, which can be downloaded from the Fedora Web site.

Refer to the following Fedora security advisories :Fedora 24 Update Fedora 25 Update for more information about the vulnerability and obtaining patches.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2016-3a0df9e256: Fedora 24

FEDORA-2016-3a0df9e256: Fedora 25

0day

CVE-2016-5291 Oracle Enterprise Linux Security Update for firefox (ELSA-2016-2780)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for firefox to fix the vulnerabilities.

Affected Products:
Oracle Linux 6
Oracle Linux 7
Oracle Linux 5

漏洞危害

Successful exploitation allows attacker to compromise the system

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisoryOracle Linux 6 Oracle Linux 7 Oracle Linux 5 for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2016-2780: Oracle Linux 5

ELSA-2016-2780: Oracle Linux 6

ELSA-2016-2780: Oracle Linux 7

0day

CVE-2016-7795 Oracle Enterprise Linux Security Update for systemd (ELSA-2016-2610)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for systemd to fix the vulnerabilities.

Affected Products:
Oracle Linux 7

漏洞危害

Successful exploitation could allow local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisoryOracle Linux 7 for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2016-2610: Oracle Linux 7

0day

CVE-2016-7050 Oracle Enterprise Linux Security Update for resteasy-base (ELSA-2016-2604)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for resteasy-base to fix the vulnerabilities.

Affected Products:
Oracle Linux 7

漏洞危害

An attacker could possibly use this flaw to execute arbitrary code with the permissions of the application using RESTEasy.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisoryOracle Linux 7 for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2016-2604: Oracle Linux 7

0day

CVE-2016-5423 Oracle Enterprise Linux Security Update for postgresql (ELSA-2016-2606)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for postgresql to fix the vulnerabilities.

Affected Products:
Oracle Linux 7

漏洞危害

A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisoryOracle Linux 7 for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2016-2606: Oracle Linux 7

0day

CVE-2016-5011 Oracle Enterprise Linux Security Update for util-linux (ELSA-2016-2605)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for util-linux to fix the vulnerabilities.

Affected Products:
Oracle Linux 7

漏洞危害

This vulnerability can be used to cause a limited denial of service in the form of interruptions in resource availability.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisoryOracle Linux 7 for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2016-2605: Oracle Linux 7

0day

CVE-2016-7091 Oracle Enterprise Linux Security Update for sudo (ELSA-2016-2593)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for sudo to fix the vulnerabilities.

Affected Products:
Oracle Linux 7

漏洞危害

A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisoryOracle Linux 7 for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2016-2593: Oracle Linux 7

0day

CVE-2016-0764 Oracle Enterprise Linux Security Update for NetworkManager (ELSA-2016-2581)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for networkmanager to fix the vulnerabilities.

Affected Products:
Oracle Linux 7

漏洞危害

On successful exploitation it allow local users to read connection secrets such as VPN passwords or WiFi keys.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisoryOracle Linux 7 for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2016-2581: Oracle Linux 7

0day

CVE-2015-8868 Oracle Enterprise Linux Security Update for poppler (ELSA-2016-2580)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for poppler to fix the vulnerabilities.

Affected Products:
Oracle Linux 7

漏洞危害

Sucessful exploitation of the vulnerability can allow a remote attacker to denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in the ExtGState dictionary in a crafted PDF document.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisoryOracle Linux 7 for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2016-2580: Oracle Linux 7

0day

CVE-2016-5008 Oracle Enterprise Linux Security Update for libvirt (ELSA-2016-2577)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for libvirt to fix the vulnerabilities.

Affected Products:
Oracle Linux 7

漏洞危害

Sucessful exploitation of the vulnerability can allow an attacker to:

1)allows remote attackers to bypass authentication and establish a VNC session by connecting to the server.

2)allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisoryOracle Linux 7 for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2016-2577: Oracle Linux 7

0day

CVE-2016-5542 Oracle Enterprise Linux Security Update for java-1.7.0-openjdk (ELSA-2016-2658)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for java-1.7.0-openjdk to fix the vulnerabilities.

Affected Products:
Oracle Linux 6
Oracle Linux 5
Oracle Linux 7

漏洞危害

Successful exploitation of the vulnerability can allow remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisoryOracle Linux 6 Oracle Linux 5 Oracle Linux 7 for updates and pat

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2016-2658: Oracle Linux 5

ELSA-2016-2658: Oracle Linux 6

ELSA-2016-2658: Oracle Linux 7

0day

CVE-2016-8704 2016-11-29 22:08:27 Oracle Enterprise Linux Security Update for memcached (ELSA-2016-2820)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for memcached to fix the vulnerabilities.

Affected Products:
Oracle Linux 7

漏洞危害

An attacker could create a specially crafted message that would cause the memcached server to crash or, potentially, execute arbitrary code.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisoryOracle Linux 7 for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2016-2819: Oracle Linux 7

0day

CVE-2016-8638 Oracle Enterprise Linux Security Update for ipsilon (ELSA-2016-2809)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for ipsilon to fix the vulnerabilities.

Affected Products:
Oracle Linux 7

漏洞危害

An attacker will be able to hit the logout URL, could determine what service providers other users are logged in to and terminate their sessions.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisoryOracle Linux 7 for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2016-2809: Oracle Linux 7

0day

CVE-2015-8956 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2016-3645)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for unbreakable enterprise kernel to fix the vulnerabilities.

Affected Products:
Oracle Linux 7
Oracle Linux 6

漏洞危害

Successful exploitation of the vulnerability can allow local users to obtain sensitive information or cause a denial of service.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisoryOracle Linux 7 Oracle Linux 6 for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2016-3645: Oracle Linux 7

ELSA-2016-3645: Oracle Linux 6

ELSA-2016-3645

0day

CVE-2015-8956 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2016-3644)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for unbreakable enterprise kernel to fix the vulnerabilities.

Affected Products:
Oracle Linux 7
Oracle Linux 6

漏洞危害

Successful exploitation of the vulnerability can allow local users to obtain sensitive information or cause a denial of service.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisoryOracle Linux 7 Oracle Linux 6 for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2016-3644: Oracle Linux 7

ELSA-2016-3644: Oracle Linux 6

ELSA-2016-3644

0day

CVE-2014-3566 Apple Mac OS X Server v4.1 Not Installed (APPLE-SA-2015-04-24-1)

漏洞类别:Local

漏洞等级:

漏洞信息

Apple Mac OS X Server v4.1 is missing on the target host.

Apple Mac OS X Server v4.1 is now available to resolve multiple security vulnerabilities.

Refer to Apple Security Update APPLE-SA-2015-04-24-1 for further details on these vulnerabilities.

漏洞危害

Successfully exploiting these vulnerabilities might allow an attacker to downgrade server to use SSL 3.0 or by pass firewall rules.

解决方案

Apple Mac OS X Server v4.1 has been released to address these issues. The update can be downloaded and installed viaApple Downloads.

Refer to Apple Security Update APPLE-SA-2015-04-24-1 for more information on these vulnerabilities.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

APPLE-SA-2015-04-24-1: Apple Mac OS X Server v4.1

0day

CVE-2016-5195 Oracle Enterprise Linux Security Update for Unbreakable Enterprise kernel (ELSA-2016-3632)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for Unbreakable Enterprise kernel to fix the vulnerabilities.

Affected Products:
Oracle Linux 6
Oracle Linux 7.

漏洞危害

An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisoryOracle Linux 6 Oracle Linux 7 for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2016-3632: Oracle Enterprise Linux 6

ELSA-2016-3632: Oracle Enterprise Linux 7

0day

CVE-2016-3492 SUSE Enterprise Linux Security Update for (SUSE-SU-2016:2933-1)

漏洞类别:SUSE

漏洞等级:

漏洞信息

Suse has released security update for to fix the vulnerabilities.

Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Software Development Kit 12-SP1
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Server 12-SP1
SUSE Linux Enterprise Desktop 12-SP2
SUSE Linux Enterprise Desktop 12-SP1

漏洞危害

This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

解决方案

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command “yum update”.

Refer to Suse security advisory SUSE-SU-2016:2933-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SUSE-SU-2016:2933-1: SUSE Enterprise Linux

0day