CVE-2017-3509 对于java-1.8.0-openjdk红帽更新 (RHSA-2017-1108)

漏洞类别:RedHat

漏洞等级:

漏洞信息

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

An untrusted library search path flaw was found in the JCE component of OpenJDK. A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges. (CVE-2017-3511)
It was found that the JAXP component of OpenJDK failed to correctly enforce parse tree size limits when parsing XML document. An attacker able to make a Java application parse a specially crafted XML document could use this flaw to make it consume an excessive amount of CPU and memory. (CVE-2017-3526)
It was discovered that the HTTP client implementation in the Networking component of OpenJDK could cache and re-use an NTLM authenticated connection in a different security context. A remote attacker could possibly use this flaw to make a Java application perform HTTP requests authenticated with credentials of a different user. (CVE-2017-3509)

漏洞危害

A local attacker could possibly use this flaw to cause a Java application using JCE to load an attacker-controlled library and hence escalate their privileges. (CVE-2017-3511)
An attacker able to make a Java application parse a specially crafted XML document could use this flaw to make it consume an excessive amount of CPU and memory. (CVE-2017-3526)
A remote attacker could possibly use this flaw to make a Java application perform HTTP requests authenticated with credentials of a different user. (CVE-2017-3509)

解决方案

Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2017:1108 to address this issue and obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2017:1108: Red Hat Enterprise Linux

0day

CVE-2017-5429 火狐的红帽更新 (RHSA-2017-1106)

漏洞类别:RedHat

漏洞等级:

漏洞信息

Mozilla Firefox is an open source web browser.

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5429, CVE-2017-5430, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5451, CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5459, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5466, CVE-2017-5467, CVE-2017-5469)

漏洞危害

A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

解决方案

Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2017:1106 to address this issue and obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2017:1106: Red Hat Enterprise Linux

0day

CVE-2017-3136 红帽更新绑定 (RHSA-2017-1105)

漏洞类别:RedHat

漏洞等级:

漏洞信息

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols.

A denial of service flaw was found in the way BIND handled a query response containing CNAME or DNAME resource records in an unusual order. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response. (CVE-2017-3137)
A denial of service flaw was found in the way BIND handled query requests when using DNS64 with “break-dnssec yes” option. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS request. (CVE-2017-3136)

漏洞危害

A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.

解决方案

Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2017:1105 to address this issue and obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2017:1105: Red Hat Enterprise Linux

0day

CVE-2017-5429 火狐的红帽更新 (RHSA-2017-1104)

漏洞类别:RedHat

漏洞等级:

漏洞信息

Mozilla Firefox is an open source web browser.

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5429, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5459, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5469)

漏洞危害

A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox.

解决方案

Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2017:1104 to address this issue and obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2017:1104: Red Hat Enterprise Linux

0day

CVE-2016-7910 Oracle企业Linux安全更新牢不可破的企业内核(ELSA-2017-3537)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for unbreakable enterprise kernel to fix the vulnerabilities.

Affected Products:
Oracle Linux 7
Oracle Linux 6

漏洞危害

This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:

Oracle Linux 7
Oracle Linux 6

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2017-3537: Oracle Linux 7

ELSA-2017-3537: Oracle Linux 6

0day

CVE-2016-10229 Oracle企业Linux安全更新牢不可破的企业内核(ELSA-2017-3538)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for unbreakable enterprise kernel to fix the vulnerabilities.

Affected Products:
Oracle Linux 5
Oracle Linux 6

漏洞危害

This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisory below for updates and patch information:

Oracle Linux 5
Oracle Linux 6

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2017-3538: Oracle Linux 5

ELSA-2017-3538: Oracle Linux 6

0day

CVE-2016-10221 对于mupdfa Fedora的安全更新 (FEDORA-2017-2d11503623)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for mupdfa to fix the vulnerability.

Affected OS:
Fedora 25

漏洞危害

This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

解决方案

Fedora has issued updated packages to fix this vulnerability. Updates can be installed using the yum utility, which can be downloaded from the Fedora Web site.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 25 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2017-2d11503623: Fedora 25

0day

CVE-2017-7233 Python的Django Fedora的安全更新 (FEDORA-2017-c0ef6054d7)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for python-django to fix the vulnerability.

Affected OS:
Fedora 25

漏洞危害

This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system.

解决方案

Fedora has issued updated packages to fix this vulnerability. Updates can be installed using the yum utility, which can be downloaded from the Fedora Web site.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 25 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2017-c0ef6054d7: Fedora 25

0day

CVE-2017-2619 Fedora的Samba安全更新 (FEDORA-2017-97fb93e1d1)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for samba to fix the vulnerability.

Affected OS:
Fedora 24

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

Fedora has issued updated packages to fix this vulnerability. Updates can be installed using the yum utility, which can be downloaded from the Fedora Web site.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 24 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2017-97fb93e1d1: Fedora 24

0day

CVE-2017-0363 Fedora的MediaWiki的安全更新(FEDORA-2017-3fb95ed01f)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for mediawiki to fix the vulnerability.

Affected OS:
Fedora 25

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

Fedora has issued updated packages to fix this vulnerability. Updates can be installed using the yum utility, which can be downloaded from the Fedora Web site.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 25 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2017-3fb95ed01f: Fedora 25

0day

CVE-2017-7578 Fedora Security Update for ming (FEDORA-2017-d43d46f1ca)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for ming to fix the vulnerability.

Affected OS:
Fedora 24
Fedora 25

漏洞危害

This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

解决方案

Fedora has issued updated packages to fix this vulnerability. Updates can be installed using the yum utility, which can be downloaded from the Fedora Web site.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 24 Update
Fedora 25 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2017-d43d46f1ca: Fedora 24

FEDORA-2017-d43d46f1ca: Fedora 25

0day

CVE-2017-7187 Fedora Security Update for kernel (FEDORA-2017-3a9ec92dd6)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for kernel to fix the vulnerability.

Affected OS:
Fedora 25

漏洞危害

This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system.

解决方案

Fedora has issued updated packages to fix this vulnerability. Updates can be installed using the yum utility, which can be downloaded from the Fedora Web site.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 25 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2017-3a9ec92dd6: Fedora 25

0day

CVE-2017-7187 Fedora Security Update for kernel (FEDORA-2017-502cf68d68)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for kernel to fix the vulnerability.

Affected OS:
Fedora 24

漏洞危害

This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system.

解决方案

Fedora has issued updated packages to fix this vulnerability. Updates can be installed using the yum utility, which can be downloaded from the Fedora Web site.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories:
Fedora 24 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2017-502cf68d68: Fedora 24

0day

Fedora Security Update for php-pear-CAS (FEDORA-2017-d9d620366e)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for php-pear-cas to fix the vulnerability.

Affected OS:
Fedora 25
Fedora 24

漏洞危害

Successful exploitation of the vulnerability may allow authentication bypass.

解决方案

Fedora has issued updated packages to fix this vulnerability. Updates can be installed using the yum utility, which can be downloaded from the Fedora Web site.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 25 Update
Fedora 24 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2017-d9d620366e: Fedora 25

FEDORA-2017-d9d620366e: Fedora 24

0day

CVE-2017-5969 Fedora Security Update for libxml2 (FEDORA-2017-a3a47973eb)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for libxml2 to fix the vulnerability.

Affected OS:
Fedora 24
Fedora 25

漏洞危害

This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

解决方案

Fedora has issued updated packages to fix this vulnerability. Updates can be installed using the yum utility, which can be downloaded from the Fedora Web site.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories:
Fedora 24 Update
Fedora 25 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2017-a3a47973eb: Fedora 24

FEDORA-2017-a3a47973eb: Fedora 25

0day

CVE-2016-5182 Fedora Security Update for qt5-qtwebengine (FEDORA-2017-ae1fde5fb8)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for qt5-qtwebengine to fix the vulnerability.

Affected OS:
Fedora 25

漏洞危害

This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

解决方案

Fedora has issued updated packages to fix this vulnerability. Updates can be installed using the yum utility, which can be downloaded from the Fedora Web site.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 25 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2017-ae1fde5fb8: Fedora 25

0day

Fedora Security Update for xstream (FEDORA-2017-b83c0eeab0)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for xstream to fix the vulnerability.

Affected OS:
Fedora 24
Fedora 25

漏洞危害

Successful exploitation of the vulnerability may allow denial-of-service attack.

解决方案

Fedora has issued updated packages to fix this vulnerability. Updates can be installed using the yum utility, which can be downloaded from the Fedora Web site.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 24 Update
Fedora 25 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2017-b83c0eeab0: Fedora 24

FEDORA-2017-b83c0eeab0: Fedora 25

0day

Fedora Security Update for jenkins-xstreamFEDORA-2017-db6864b797)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for jenkins-xstream to fix the vulnerability.

Affected OS:
Fedora 25
Fedora 24

漏洞危害

Successful exploitation of the vulnerability may allow Denial-of-Service attacks.

解决方案

Fedora has issued updated packages to fix this vulnerability. Updates can be installed using the yum utility, which can be downloaded from the Fedora Web site.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 25 Update
Fedora 24 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2017-db6864b797: Fedora 25

FEDORA-2017-db6864b797: Fedora 24

0day

CVE-2017-7592 Fedora Security Update for libtiff (FEDORA-2017-021bebae25)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for libtiff to fix the vulnerability.

Affected OS:
Fedora 25

漏洞危害

This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

解决方案

Fedora has issued updated packages to fix this vulnerability. Updates can be installed using the yum utility, which can be downloaded from the Fedora Web site.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 25 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2017-021bebae25: Fedora 25

0day

CVE-2017-7572 Fedora Security Update for backintime (FEDORA-2017-7c9a9b2b36)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for backintime to fix the vulnerability.

Affected OS:
Fedora 25
Fedora 24

漏洞危害

This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system.

解决方案

Fedora has issued updated packages to fix this vulnerability. Updates can be installed using the yum utility, which can be downloaded from the Fedora Web site.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories:
Fedora 25 Update
Fedora 24 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2017-7c9a9b2b36: Fedora 25

FEDORA-2017-7c9a9b2b36: Fedora 24

0day

CVE-2017-7308 Fedora Security Update for kernel (FEDORA-2017-26c9ecd7a4)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for kernel to fix the vulnerability.

Affected OS:
Fedora 25

漏洞危害

This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system.

解决方案

Fedora has issued updated packages to fix this vulnerability. Updates can be installed using the yum utility, which can be downloaded from the Fedora Web site.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 25 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2017-26c9ecd7a4: Fedora 25

0day

CVE-2017-7308 Fedora Security Update for kernel (FEDORA-2017-8e7549fb91)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for kernel to fix the vulnerability.

Affected OS:
Fedora 24

漏洞危害

This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system.

解决方案

Fedora has issued updated packages to fix this vulnerability. Updates can be installed using the yum utility, which can be downloaded from the Fedora Web site.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 24 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2017-8e7549fb91: Fedora 24

0day

CVE-2017-3136 Fedora Security Update for bind (FEDORA-2017-ee4b0f53cb)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for bind to fix the vulnerability.

Affected OS:
Fedora 25

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

Fedora has issued updated packages to fix this vulnerability. Updates can be installed using the yum utility, which can be downloaded from the Fedora Web site.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 25 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2017-ee4b0f53cb: Fedora 25

0day

CVE-2017-3136 Fedora Security Update for bind99 (FEDORA-2017-44e494db1e)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for bind99 to fix the vulnerability.

Affected OS:
Fedora 25

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

Fedora has issued updated packages to fix this vulnerability. Updates can be installed using the yum utility, which can be downloaded from the Fedora Web site.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 25 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2017-44e494db1e: Fedora 25

0day

CVE-2017-0553 Fedora Security Update for libnl3 (FEDORA-2017-34f6e70fdd)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for libnl3 to fix the vulnerability.

Affected OS:
Fedora 25

漏洞危害

This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system.

解决方案

Fedora has issued updated packages to fix this vulnerability. Updates can be installed using the yum utility, which can be downloaded from the Fedora Web site.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 25 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2017-34f6e70fdd: Fedora 25

0day