CVE-2016-9637 Red Hat Update for Xen Security (RHSA-2016:2963)

漏洞类别:RedHat

漏洞等级:

漏洞信息

Xen is a virtual machine monitor

An out of bounds array access issue was found in the Xen virtual machine monitor, built with the QEMU ioport support. It could occur while doing ioport read/write operations, if guest was to supply a 32bit address parameter. A privileged guest user/process could use this flaw to potentially escalate their privileges on a host. (CVE-2016-9637)

漏洞危害

A privileged guest user/process could use this flaw to potentially escalate their privileges on a host.

解决方案

Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2016:2963 to address this issue and obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2016:2963: Red Hat Enterprise Linux

0day

CVE-2016-7117 Red Hat Update for Kernel Security (RHSA-2016:2962)

漏洞类别:RedHat

漏洞等级:

漏洞信息

The kernel packages contain the Linux kernel, the core of any Linux operating system.

A use-after-free vulnerability was found in the kernels socket recvmmsg subsystem. This may allows remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function. (CVE-2016-7117, Important)

漏洞危害

On successful exploitation it allows remote attackers to corrupt memory and may allow execution of arbitrary code.

解决方案

Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2016:2962 to address this issue and obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2016:2962: Red Hat Enterprise Linux

上一篇:CVE-2016-9579

0day

CVE-2016-9636 Oracle Enterprise Linux Security Update for gstreamer-plugins-good (ELSA-2016-2975)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for gstreamer-plugins-good to fix the vulnerabilities.

Affected Products:
Oracle Linux 6

漏洞危害

Successful exploitation of the vulnerabilities may allow an remote attacker to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisoryOracle Linux 6 for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2016-2975: Oracle Linux 6

0day

CVE-2016-9445Oracle Enterprise Linux Security Update for gstreamer-plugins-bad-free (ELSA-2016-2974)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for gstreamer-plugins-bad-free to fix the vulnerabilities.

Affected Products:
Oracle Linux 6

漏洞危害

Sucessful exploitation may cause information leakage.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisoryOracle Linux 6 for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2016-2974: Oracle Linux 6

0day

CVE-2016-9899 Oracle Enterprise Linux Security Update for thunderbird (ELSA-2016-2973)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for thunderbird to fix the vulnerabilities.

Affected Products:
Oracle Linux 7
Oracle Linux 6

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisoryOracle Linux 7 Oracle Linux 6 for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2016-2973: Oracle Linux 7

ELSA-2016-2973: Oracle Linux 6

0day

CVE-2016-1248 Oracle Enterprise Linux Security Update for vim (ELSA-2016-2972)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for vim to fix the vulnerabilities.

Affected Products:
Oracle Linux 7
Oracle Linux 6

漏洞危害

Successful exploitation may lead to the execution of arbitrary code

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisoryOracle Linux 7 Oracle Linux 6 for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2016-2972: Oracle Linux 7

ELSA-2016-2972: Oracle Linux 6

0day

CVE-2016-9637 Oracle Enterprise Linux Security Update for xen (ELSA-2016-2963)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for xen to fix the vulnerabilities.

Affected Products:
Oracle Linux 5

漏洞危害

A privileged guest user/process could use this flaw to potentially escalate their privileges on a host.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisoryOracle Linux 5 for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2016-2963: Oracle Linux 5

0day

CVE-2016-7117 Oracle Enterprise Linux Security Update for (ELSA-2016-2962-1)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for elsa-2016-2962-1 important: oracle linux 5 kernel to fix the vulnerabilities.

Affected Products:
Oracle Linux 5

漏洞危害

On successful exploitation it allows remote attackers to corrupt memory and may allow execution of arbitrary code.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisoryOracle Linux 5 for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2016-2962: Oracle Linux 5

ELSA-2016-2962

0day

CVE-2016-3710 CentOS Security Update for kvm (CESA-2016:1943)

漏洞类别:CentOS

漏洞等级:

漏洞信息

CentOS has released security update for kvm to fix the vulnerabilities.

Affected Products:

centos 5

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory centos 5 for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

CESA-2016:1943: centos 5

0day

Adobe Animate Memory Corruption Vulnerability (APSB16-38)

漏洞类别:Local

漏洞等级:

漏洞信息

Design interactive animations with cutting-edge drawing tools and publish them to multiple platforms with Adobe Animate.

This update resolves a critical memory corruption vulnerability (CVE-2016-7866).

Affected Version
Adobe Animate 15.2.1.95 and earlier versions

漏洞危害

On successful exploitation an attacker can gain access of memory to perform malicious activity.

解决方案

Vendor has release update to address this vulnerability. Refer to APSB16-38

Patch:
Following are links for downloading patches to fix the vulnerabilities:

APSB16-38: Windows

APSB16-38: MAC OS X

0day