月度归档： 2017年7月

SUSE has released security update for libreoffice to fix the vulnerabilities.

Affected Products:
openSUSE Leap 42.2

This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command “yum update”.

Refer to SUSE security advisory openSUSE-SU-2017:1851-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

openSUSE-SU-2017:1851-1: OpenSuse

SUSE has released security update for systemd to fix the vulnerabilities.

Affected Products:
openSUSE Leap 42.2

This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command “yum update”.

Refer to SUSE security advisory openSUSE-SU-2017:1844-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

openSUSE-SU-2017:1844-1: OpenSuse

Graphite2 is a project within SIL’s Non-Roman Script Initiative and Language Software Development groups to provide rendering capabilities for complex non-Roman writing systems.

Various vulnerabilities have been discovered in Graphite2. An attacker able to trick an unsuspecting user into opening specially crafted font files in an application using Graphite2 could exploit these flaws to disclose potentially sensitive memory, cause an application crash, or, possibly, execute arbitrary code. (CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778)
Affected Products
Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux Server – Extended Update Support 7.3 x86_64
Red Hat Enterprise Linux Server – AUS 7.3 x86_64
Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Enterprise Linux Desktop 7 x86_64
Red Hat Enterprise Linux for IBM z Systems 7 s390x
Red Hat Enterprise Linux for IBM z Systems – Extended Update Support 7.3 s390x
Red Hat Enterprise Linux for Power, big endian 7 ppc64
Red Hat Enterprise Linux for Power, big endian – Extended Update Support 7.3 ppc64
Red Hat Enterprise Linux for Scientific Computing 7 x86_64
Red Hat Enterprise Linux EUS Compute Node 7.3 x86_64
Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Red Hat Enterprise Linux for Power, little endian – Extended Update Support 7.3 ppc64le
Red Hat Enterprise Linux Server for ARM 7 aarch64
Red Hat Enterprise Linux Server – TUS 7.3 x86_64

An attacker able to trick an unsuspecting user into opening specially crafted font files in an application using Graphite2 could exploit these flaws to disclose potentially sensitive memory, cause an application crash, or, possibly, execute arbitrary code.

Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2017:1793 to address this issue and obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2017:1793: Red Hat Enterprise Linux

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle references. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. (CVE-2017-10102)
Multiple flaws were discovered in the RMI, JAXP, ImageIO, Libraries, AWT, Hotspot, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2017-10107, CVE-2017-10096, CVE-2017-10101, CVE-2017-10089, CVE-2017-10090, CVE-2017-10087, CVE-2017-10111, CVE-2017-10110, CVE-2017-10074, CVE-2017-10067)
It was discovered that the LDAPCertStore class in the Security component of OpenJDK followed LDAP referrals to arbitrary URLs. A specially crafted LDAP referral URL could cause LDAPCertStore to communicate with non-LDAP servers. (CVE-2017-10116)
It was discovered that the Nashorn JavaScript engine in the Scripting component of OpenJDK could allow scripts to access Java APIs even when access to Java APIs was disabled. An untrusted JavaScript executed by Nashorn could use this flaw to bypass intended restrictions. (CVE-2017-10078)
It was discovered that the Security component of OpenJDK could fail to properly enforce restrictions defined for processing of X.509 certificate chains. A remote attacker could possibly use this flaw to make Java accept certificate using one of the disabled algorithms. (CVE-2017-10198)
A covert timing channel flaw was found in the DSA implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application generate DSA signatures on demand could possibly use this flaw to extract certain information about the used key via a timing side channel. (CVE-2017-10115)
A covert timing channel flaw was found in the PKCS#8 implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application repeatedly compare PKCS#8 key against an attacker controlled value could possibly use this flaw to determine the key via a timing side channel. (CVE-2017-10135)
It was discovered that the BasicAttribute and CodeSource classes in OpenJDK did not limit the amount of memory allocated when creating object instances from a serialized form. A specially crafted serialized input stream could cause Java to consume an excessive amount of memory. (CVE-2017-10108, CVE-2017-10109)
Multiple flaws were found in the Hotspot and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2017-10081, CVE-2017-10193)
It was discovered that the JPEGImageReader implementation in the 2D component of OpenJDK would, in certain cases, read all image data even if it was not used later. A specially crafted image could cause a Java application to temporarily use an excessive amount of CPU and memory. (CVE-2017-10053)

A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. (CVE-2017-10102)
An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2017-10107, CVE-2017-10096, CVE-2017-10101, CVE-2017-10089, CVE-2017-10090, CVE-2017-10087, CVE-2017-10111, CVE-2017-10110, CVE-2017-10074, CVE-2017-10067)
A specially crafted LDAP referral URL could cause LDAPCertStore to communicate with non-LDAP servers. (CVE-2017-10116)
An untrusted JavaScript executed by Nashorn could use this flaw to bypass intended restrictions. (CVE-2017-10078)
A remote attacker could possibly use this flaw to make Java accept certificate using one of the disabled algorithms. (CVE-2017-10198)
A remote attacker able to make a Java application generate DSA signatures on demand could possibly use this flaw to extract certain information about the used key via a timing side channel. (CVE-2017-10115)
A remote attacker able to make a Java application repeatedly compare PKCS#8 key against an attacker controlled value could possibly use this flaw to determine the key via a timing side channel. (CVE-2017-10135)
A specially crafted serialized input stream could cause Java to consume an excessive amount of memory. (CVE-2017-10108, CVE-2017-10109)
An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2017-10081, CVE-2017-10193)
A specially crafted image could cause a Java application to temporarily use an excessive amount of CPU and memory. (CVE-2017-10053)

Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2017:1789 to address this issue and obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2017:1789: Red Hat Enterprise Linux

The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.

Affected Versions:
BIG-IP ASM 11.4.0 – 11.6.1
BIG-IP ASM 11.2.1
BIG-IP ASM 10.2.1 – 10.2.4

QID Detection Logic:
This authenticated QID checks for the vulnerable versions of F5 BIG-IP devices.

Successful exploitation allows an attacker to disrupt service.

Customers are advised to refer to K31510510 for updates pertaining to this vulnerability.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

K31510510

Certain values in a TLS abbreviated handshake when using a client SSL profile with the Session Ticket option enabled may cause disruption of service to the Traffic Management Microkernel (TMM). The Session Ticket option is disabled by default. Affected Versions:
BIG-IP ASM 12.1.0 – 12.1.2 QID Detection Logic:
This authenticated QID checks for the vulnerable versions of F5 BIG-IP devices.

The Traffic Management Microkernel (TMM) may restart and temporarily fail to process traffic.

Customers are advised to refer to K21154730 for updates pertaining to this vulnerability.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

K21154730

Safari is a Web-browser developed by Apple which is based on the WebKit engine.
The update addresses multiple vulnerabilities affecting WebKit and Safari for OS X Yosemite, El Capitan and macOS Sierra.

Successful exploitation of the vulnerabilities may lead to:

1) address bar spoofing.
2) processing of maliciously crafted web-content.
3) arbitrary code execution.

Other attacks are also possible.

The browser should be updated to version 10.1.2 released by Apple.
For more information regarding the update click here.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

HT207921: Mac OS

Security Fix(es): A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG(0) signature for a dynamic update request. A flaw was found in the way BIND handled TSIG authentication of AXFR requests. A remote attacker, able to communicate with an authoritative BIND server, could use this flaw to view the entire contents of a zone by sending a specially constructed request packet. (CVE-2017-3142 , CVE-2017-3143 )

Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.

Please refer to Amazon advisory ALAS-2017-858 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ALAS-2017-858: Amazon Linux (bind (9.8.2-0.62.rc1.56.amzn1) on i686)

ALAS-2017-858: Amazon Linux (bind (9.8.2-0.62.rc1.56.amzn1) on x86_64)

ALAS-2017-858: Amazon Linux (bind (9.8.2-0.62.rc1.56.amzn1) on src)

The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. ( CVE-2017-1000381 )

Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.

Please refer to Amazon advisory ALAS-2017-859 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ALAS-2017-859: Amazon Linux (c-ares (1.13.0-1.5.amzn1) on i686)

ALAS-2017-859: Amazon Linux (c-ares (1.13.0-1.5.amzn1) on x86_64)

ALAS-2017-859: Amazon Linux (c-ares (1.13.0-1.5.amzn1) on src)

SUSE has released security update for apport to fix the vulnerabilities.

Affected Products:
SUSE Linux Enterprise Server 11-SP4

This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system. Additionally this vulnerability can also be used to cause a complete denial of service and could render the resource completely unavailable.

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command “yum update”.

Refer to Suse security advisory SUSE-SU-2017:1938-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SUSE-SU-2017:1938-1: SUSE Enterprise Linux

SUSE has released security update for jasper to fix the vulnerabilities.

Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server 12-SP2
SUSE Linux Enterprise Desktop 12-SP2

This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command “yum update”.

Refer to Suse security advisory SUSE-SU-2017:1916-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SUSE-SU-2017:1916-1: SUSE Enterprise Linux

The jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services (AWS) Elastic Compute Cloud (EC2).

It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal. (CVE-2017-2595)
It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018)
It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)

Affected Products
JBoss Enterprise Application Platform 6.4 for RHEL 6 x86_64
JBoss Enterprise Application Platform 6.4 for RHEL 6 i386
JBoss Enterprise Application Platform 6 for RHEL 6 x86_64
JBoss Enterprise Application Platform 6 for RHEL 6 i386

On successful exploitation a malicious web application could bypass a configured SecurityManager

Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2017:1552 to address this issue and obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2017:1552: Red Hat Enterprise Linux

It was discovered that libiberty incorrectly handled certain string operations.

It was discovered that libiberty incorrectly handled parsing certain binaries.

It was discovered that libiberty incorrectly handled parsing certain binaries.

If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause libiberty to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-2226)

If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause libiberty to crash, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-4487, CVE-2016-4488, CVE-2016-4489, CVE-2016-4490, CVE-2016-4492, CVE-2016-4493, CVE-2016-6131)

If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause libiberty to crash, resulting in a denial of service. (CVE-2016-4491)

Refer to Ubuntu advisory USN-3368-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3368-1: 14.04 (Kylin) on src (libiberty-dev)

USN-3368-1: 17.04 (zesty) on src (libiberty-dev)

USN-3368-1: 16.04 (Xenial) on src (libiberty-dev)

It was discovered that gdb incorrectly handled certain malformed AOUT headers in PE executables.

It was discovered that gdb incorrectly handled printing bad bytes in Intel Hex objects.

It was discovered that gdb incorrectly handled certain string operations.

It was discovered that gdb incorrectly handled parsing certain binaries.

It was discovered that gdb incorrectly handled parsing certain binaries.

If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause gdb to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS. (CVE-2014-8501)

If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause gdb to crash, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS. (CVE-2014-9939)

If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause gdb to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-2226)

If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause gdb to crash, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-4487, CVE-2016-4488, CVE-2016-4489, CVE-2016-4490, CVE-2016-4492, CVE-2016-4493, CVE-2016-6131)

If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause gdb to crash, resulting in a denial of service. (CVE-2016-4491)

Refer to Ubuntu advisory USN-3367-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3367-1: 14.04 (Kylin) on src (gdb)

USN-3367-1: 17.04 (zesty) on src (gdb)

USN-3367-1: 16.04 (Xenial) on src (gdb)

It was discovered that the JPEGImageReader class in OpenJDK would incorrectly read unused image data.

It was discovered that the JAR verifier in OpenJDK did not properly handle archives containing files missing digests.

It was discovered that integer overflows existed in the Hotspot component of OpenJDK when generating range check loop predicates.

It was discovered that the JavaScript Scripting component of OpenJDK incorrectly allowed access to Java APIs.

It was discovered that OpenJDK did not properly process parentheses in function signatures.

It was discovered that the ThreadPoolExecutor class in OpenJDK did not properly perform access control checks when cleaning up threads.

It was discovered that the ServiceRegistry implementation in OpenJDK did not perform access control checks in certain situations.

It was discovered that the channel groups implementation in OpenJDK did not properly perform access control checks in some situations.

It was discovered that the DTM exception handling code in the JAXP component of OpenJDK did not properly perform access control checks.

It was discovered that the JAXP component of OpenJDK incorrectly granted access to some internal resolvers.

It was discovered that the Distributed Garbage Collector (DGC) in OpenJDK did not properly track references in some situations.

It was discovered that the Activation ID implementation in the RMI component of OpenJDK did not properly check access control permissions in some situations.

It was discovered that the BasicAttribute class in OpenJDK did not properly bound memory allocation when de-serializing objects.

It was discovered that the CodeSource class in OpenJDK did not properly bound memory allocations when de-serializing object instances.

It was discovered that the AWT ImageWatched class in OpenJDK did not properly perform access control checks.

It was discovered that the LambdaFormEditor class in the Libraries component of OpenJDK did not correctly perform bounds checks in the permuteArgumentsForm() function.

It was discovered that a timing side-channel vulnerability existed in the DSA implementation in OpenJDK.

It was discovered that the LDAP implementation in OpenJDK incorrectly followed references to non-LDAP URLs.

It was discovered that a timing side-channel vulnerability existed in the ECDSA implementation in OpenJDK.

It was discovered that a timing side-channel vulnerability existed in the PKCS#8 implementation in OpenJDK.

It was discovered that the Elliptic Curve (EC) implementation in OpenJDK did not properly compute certain elliptic curve points.

It was discovered that OpenJDK did not properly restrict weak key sizes in some situations.

It was discovered that OpenJDK did not properly enforce disabled algorithm restrictions on X.509 certificate chains.

It was discovered that OpenJDK did not properly perform access control checks when handling Web Service Definition Language (WSDL) XML documents.

An attacker could use this to specially construct a jpeg image file that when opened by a Java application would cause a denial of service. (CVE-2017-10053)

An attacker could use this to modify the signed contents of a JAR file. (CVE-2017-10067)

An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions and cause a denial of service or possibly execute arbitrary code. (CVE-2017-10074)

An attacker could use this to specially craft JavaScript code to bypass access restrictions. (CVE-2017-10078)

An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10081)

An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions and possibly execute arbitrary code. (CVE-2017-10087)

An attacker could use this to specially construct an untrusted Java application or applet that escaped sandbox restrictions. (CVE-2017-10089)

An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10090)

An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10096)

An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10101)

A remote attacker could possibly use this to execute arbitrary code. (CVE-2017-10102)

An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10107)

An attacker could use this to cause a denial of service (memory consumption). (CVE-2017-10108)

An attacker could use this to cause a denial of service (memory consumption). (CVE-2017-10109)

An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions (CVE-2017-10110)

An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions and possibly execute arbitrary code. (CVE-2017-10111)

An attacker could use this to expose sensitive information. (CVE-2017-10115)

An attacker could use this to specially craft an LDAP referral URL that exposes sensitive information or bypass access restrictions. (CVE-2017-10116)

An attacker could use this to expose sensitive information. (CVE-2017-10118)

An attacker could use this to expose sensitive information. (CVE-2017-10135)

An attacker could use this to expose sensitive information. (CVE-2017-10176)

An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2017-10193)

An attacker could use this to expose sensitive information or escape sandbox restrictions. (CVE-2017-10198)

An attacker could use this to expose sensitive information. (CVE-2017-10243)

Refer to Ubuntu advisory USN-3366-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3366-1: 17.04 (zesty) on src (openjdk-8-jre)

USN-3366-1: 16.04 (Xenial) on src (openjdk-8-jdk)

USN-3366-1: 17.04 (zesty) on src (openjdk-8-jre-zero)

USN-3366-1: 16.04 (Xenial) on src (openjdk-8-jre-zero)

USN-3366-1: 16.04 (Xenial) on src (openjdk-8-jdk-headless)

USN-3366-1: 17.04 (zesty) on src (openjdk-8-jdk-headless)

USN-3366-1: 17.04 (zesty) on src (openjdk-8-jdk)

USN-3366-1: 16.04 (Xenial) on src (openjdk-8-jre-headless)

USN-3366-1: 16.04 (Xenial) on src (openjdk-8-jre)

USN-3366-1: 17.04 (zesty) on src (openjdk-8-jre-headless)

USN-3366-1: 16.04 (Xenial) on src (openjdk-8-jre-jamvm)

It was discovered that Ruby DL::dlopen incorrectly handled opening libraries.

It was discovered that the Ruby OpenSSL extension incorrectly handled hostname wildcard matching.

It was discovered that Ruby Fiddle::Handle incorrectly handled certain crafted strings.

It was discovered that Ruby Net::SMTP incorrectly handled CRLF sequences.

It was discovered that Ruby incorrectly handled certain arguments in a TclTkIp class method.

It was discovered that Ruby Fiddle::Function.new incorrectly handled certain arguments.

It was discovered that Ruby incorrectly handled the initialization vector (IV) in GCM mode.

An attacker could possibly use this issue to open libraries with tainted names. This issue only applied to Ubuntu 14.04 LTS. (CVE-2009-5147)

This issue only applied to Ubuntu 14.04 LTS. (CVE-2015-1855)

An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS. (CVE-2015-7551)

A remote attacker could possibly use this issue to inject SMTP commands. (CVE-2015-9096)

An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-2337)

An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-2339)

An attacker could possibly use this issue to bypass encryption. (CVE-2016-7798)

Refer to Ubuntu advisory USN-3365-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3365-1: 16.04 (Xenial) on src (libruby2.3)

USN-3365-1: 14.04 (Kylin) on src (libruby2.0)

USN-3365-1: 17.04 (zesty) on src (ruby2.3)

USN-3365-1: 17.04 (zesty) on src (libruby2.3)

USN-3365-1: 14.04 (Kylin) on src (ruby1.9.1)

USN-3365-1: 14.04 (Kylin) on src (ruby2.0)

USN-3365-1: 16.04 (Xenial) on src (ruby2.3)

USN-3365-1: 14.04 (Kylin) on src (libruby1.9.1)

It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure.

It was discovered that the Linux kernel did not properly restrict access to /proc/iomem.

A race condition in the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel.

It was discovered that the DRM driver for VMware Virtual GPUs in the Linux kernel did not properly validate some ioctl arguments.

It was discovered that bpf in Linux kernel does not restrict the output of the print_bpf_insn function.

It was discovered that the DRM driver for VMware Virtual GPUs in the Linux kernel did not properly initialize memory.

A local attacker could use this to expose sensitive information (kernel memory). (CVE-2014-9900)

A local attacker could use this to expose sensitive information. (CVE-2015-8944)

A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-1000380)

A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7346)

A local attacker could use this to obtain sensitive address information. (CVE-2017-9150)

A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-9605)

Refer to Ubuntu advisory USN-3364-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3364-1: 16.04 (Xenial) on src (linux-image-4.4.0-87-powerpc-e500mc)

USN-3364-1: 16.04 (Xenial) on src (linux-image-raspi2)

USN-3364-1: 16.04 (Xenial) on src (linux-image-4.4.0-87-lowlatency)

USN-3364-1: 16.04 (Xenial) on src (linux-image-generic-lpae)

USN-3364-1: 16.04 (Xenial) on src (linux-image-lowlatency)

USN-3364-1: 16.04 (Xenial) on src (linux-image-4.4.0-87-generic)

USN-3364-1: 16.04 (Xenial) on src (linux-image-4.4.0-87-powerpc-smp)

USN-3364-1: 16.04 (Xenial) on src (linux-image-4.4.0-1067-snapdragon)

USN-3364-1: 16.04 (Xenial) on src (linux-image-4.4.0-1065-raspi2)

USN-3364-1: 16.04 (Xenial) on src (linux-image-powerpc-smp)

USN-3364-1: 16.04 (Xenial) on src (linux-image-4.4.0-87-powerpc64-smp)

USN-3364-1: 16.04 (Xenial) on src (linux-image-powerpc64-smp)

USN-3364-1: 16.04 (Xenial) on src (linux-image-powerpc-e500mc)

USN-3364-1: 16.04 (Xenial) on src (linux-image-4.4.0-87-powerpc64-emb)

USN-3364-1: 16.04 (Xenial) on src (linux-image-snapdragon)

USN-3364-1: 16.04 (Xenial) on src (linux-image-4.4.0-87-generic-lpae)

USN-3364-1: 16.04 (Xenial) on src (linux-image-generic)

USN-3364-1: 16.04 (Xenial) on src (linux-image-powerpc64-emb)

It was discovered that ImageMagick incorrectly handled certain malformed image files.

If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program.

Refer to Ubuntu advisory USN-3363-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3363-1: 17.04 (zesty) on src (libmagick++-6.q16-7)

USN-3363-1: 16.04 (Xenial) on src (imagemagick-6.q16)

USN-3363-1: 16.04 (Xenial) on src (imagemagick)

USN-3363-1: 14.04 (Kylin) on src (libmagickcore5)

USN-3363-1: 16.04 (Xenial) on src (libmagick++-6.q16-5v5)

USN-3363-1: 17.04 (zesty) on src (imagemagick-6.q16)

USN-3363-1: 17.04 (zesty) on src (imagemagick)

USN-3363-1: 14.04 (Kylin) on src (imagemagick)

USN-3363-1: 16.04 (Xenial) on src (libmagickcore-6.q16-2)

USN-3363-1: 17.04 (zesty) on src (libmagickcore-6.q16-3)

USN-3363-1: 14.04 (Kylin) on src (libmagick++5)

It was discovered that the X.Org X server incorrectly handled endianness conversion of certain X events.

It was discovered that the X.Org X server incorrectly handled endianness conversion of certain X events.

It was discovered that the X.Org X server incorrectly compared MIT cookies.

An attacker able to connect to an X server, either locally or remotely, could use this issue to crash the server, or possibly execute arbitrary code as an administrator. (CVE-2017-10971)

An attacker able to connect to an X server, either locally or remotely, could use this issue to possibly obtain sensitive information. (CVE-2017-10972)

An attacker could possibly use this issue to perform a timing attack and recover the MIT cookie. (CVE-2017-2624)

Refer to Ubuntu advisory USN-3362-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3362-1: 16.04 (Xenial) on src (xserver-xorg-core-hwe-16.04)

USN-3362-1: 17.04 (zesty) on src (xserver-xorg-core)

USN-3362-1: 16.04 (Xenial) on src (xserver-xorg-core)

USN-3362-1: 14.04 (Kylin) on src (xserver-xorg-core)

USN-3362-1: 14.04 (Kylin) on src (xserver-xorg-core-lts-xenial)

SUSE has released security update for apache2 to fix the vulnerabilities.

Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP2

This vulnerability could be exploited to gain partial access to sensitive information. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command “yum update”.

Refer to Suse security advisory SUSE-SU-2017:1961-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SUSE-SU-2017:1961-1: SUSE Enterprise Linux

The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services (AWS) Elastic Compute Cloud (EC2).

It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy. (CVE-2016-9606)
It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal. (CVE-2017-2595)
It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own. (CVE-2017-2666)
It was found that with non-clean TCP close, Websocket server gets into infinite loop on every IO thread, effectively causing DoS. (CVE-2017-2670)

Affected Products:
JBoss Enterprise Application Platform 7.0 for RHEL 7 x86_64
JBoss Enterprise Application Platform 7.0 for RHEL 6 x86_64
JBoss Enterprise Application Platform 7.0 for RHEL 6 i386

An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy. (CVE-2016-9606)
On successful exploitation it allows arbitrary file read to authenticated user via path traversal. (CVE-2017-2595), Websocket server gets into infinite loop on every IO thread, effectively causing DoS. (CVE-2017-2670)
An attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own. (CVE-2017-2666)

Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2017:1412 to address this issue and obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2017:1412: Red Hat Enterprise Linux

Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.

It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal. (CVE-2017-2595)
It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018)
It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)

Affected Products
JBoss Enterprise Application Platform 6.4 for RHEL 6 x86_64
JBoss Enterprise Application Platform 6.4 for RHEL 6 ppc64
JBoss Enterprise Application Platform 6.4 for RHEL 6 i386
JBoss Enterprise Application Platform 6 for RHEL 6 x86_64
JBoss Enterprise Application Platform 6 for RHEL 6 ppc64
JBoss Enterprise Application Platform 6 for RHEL 6 i386

On successful exploitation it allows arbitrary file read to authenticated user via path traversal. (CVE-2017-2595), a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018), a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)

Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2017:1749 to address this issue and obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2017:1549: Red Hat Enterprise Linux

Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.

It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy. (CVE-2016-9606)
It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal. (CVE-2017-2595)
It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own. (CVE-2017-2666)
It was found that with non-clean TCP close, Websocket server gets into infinite loop on every IO thread, effectively causing DoS. (CVE-2017-2670)

Affected Products
JBoss Enterprise Application Platform 7.0 for RHEL 7 x86_64

An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy. (CVE-2016-9606)
On successful exploitation it allows an attacker arbitrary file read to authenticated user via path traversal. (CVE-2017-2595), Websocket server gets into infinite loop on every IO thread, effectively causing DoS. (CVE-2017-2670).
An attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own. (CVE-2017-2666)

Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2017:1411 to address this issue and obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2017:1411: Red Hat Enterprise Linux

McAfee ePolicy Orchestrator (ePO) software centralizes and streamlines management of endpoint, network, content security and compliance solutions. McAfee ePolicy Orchestrator is prone to a directory traversal vulnerability which allows remote authenticated users toarbitrary commands.

Affected Versions:
McAfee ePO versions 5.1.3 and earlier
McAfee ePO versions 5.3.1 and earlier
McAfee ePO versions 5.3.2 and earlier
McAfee ePO versions 5.9.0 and earlier

QID Detection Logic (Authenticated:
The flags if it finds vulnerable version of ePolicy Orchestrator, which is checked by looking at the file version of the file “ePoSign.exe”. The location of the file is found with the help of the registry key “HKLM\SOFTWARE\Network Associates\ePolicy Orchestrator” value “InstallFolder”. The QID then check if the corresponding hotfix is applied or not for supported ePolicy Orchestrator build.

Successful exploitation of the vulnerability may allow remote authenticated users to execute arbitrary commands.

Customers are advised to review SB10196 for more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SB10196

上一篇：CVE-2016-6515

IBM WebSphere Application Server is designed to facilitate the creation of various enterprise Web applications.

IBM WebSphere Application Server is vulnerable Cross-Site Scripting vulnerability which can lead to a potential credential disclosure.

WebSphere Application Server.

Affected Versions:
IBM WebSphere Application Server :
Liberty
Version 9.0
Version 8.5.5
Version 8.5
Version 8.0
Version 7.0

QID Detection Logic (Unauthenticated):
This QID matches vulnerable versions in the response it receives by sending a HTTP GET request to target or retrieving by the banner information via the GIOP protocol.

QID Detection Logic (Authenticated):
Operating Systems: Windows
The QID checks if the file %ProgramFiles%\IBM\WebSphere\AppServer\bin\WASService.exe exists on the target or not.
The QID checks the file %programfiles%\IBM\WebSphere\AppServer\properties\version\WAS.product to get the version of IBM WebSphere Application Server
The QID checks if Interim fix PI70169 and PI70627 are applied on the vulnerable versions of IBM WebSphere Application Server –
This QID checks for the file
The following Versions and Interim Fixes checked swg21992315:
WebSphere Application Server version 9.0.0.0 through 9.0.0.2
WebSphere Application Server version 8.5.0.0 through 8.5.5.11
WebSphere Application Server version 8.0.0.0 through 8.0.0.12
WebSphere Application Server version 7.0.0.0 through 7.0.0.41
Interim Fix – PI70169 and PI70627

Successful exploitation of the vulnerability may lead to credential disclosure.

The vendor has released a fix to resolve the issue, please refer to Recommended fixes for WebSphere Application Serverfor more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

swg21992315