CVE-2018-5127 Fedora Security Update for firefox (FEDORA-2018-92031bb1ed)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for firefox to fix the vulnerability.

Affected OS:
Fedora 26
Fedora 27

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 26 Update
Fedora 27 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-92031bb1ed: Fedora 26

FEDORA-2018-92031bb1ed: Fedora 27

 

0daybank

CVE-2018-1000120 Fedora Security Update for curl (FEDORA-2018-66c96e0024)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for curl to fix the vulnerability.

Affected OS:
Fedora 26

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 26 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-66c96e0024: Fedora 26

0daybank

CVE-2018-1050 Fedora Security Update for samba (FEDORA-2018-7d0acd608b)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for samba to fix the vulnerability.

Affected OS:
Fedora 26

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 26 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-7d0acd608b: Fedora 26

0daybank

CVE-2018-8043 Fedora Security Update for kernel (FEDORA-2018-cf76003e1f)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for kernel to fix the vulnerability.

Affected OS:
Fedora 27

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-cf76003e1f: Fedora 27

0daybank

CVE-2018-5703 Fedora Security Update for kernel (FEDORA-2018-2bce10900e)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for kernel to fix the vulnerability.

Affected OS:
Fedora 27

漏洞危害

This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-2bce10900e: Fedora 27

0daybank

CVE-2018-1000116 Fedora Security Update for net-snmp (FEDORA-2018-5a5f51753c)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for net-snmp to fix the vulnerability.

Affected OS:
Fedora 27
Fedora 26

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update
Fedora 26 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-5a5f51753c: Fedora 27

FEDORA-2018-5a5f51753c: Fedora 26

0daybank

CVE-2018-7738 Fedora Security Update for util-linux (FEDORA-2018-668664ba84)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for util-linux to fix the vulnerability.

Affected OS:
Fedora 27

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-668664ba84: Fedora 27

0daybank

CVE-2018-7738 Fedora Security Update for util-linux (FEDORA-2018-668664ba84)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for util-linux to fix the vulnerability.

Affected OS:
Fedora 27

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-668664ba84: Fedora 27

0daybank

CVE-2018-2562 Fedora Security Update for mariadb (FEDORA-2018-00647ae0d5)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for mariadb to fix the vulnerability.

Affected OS:
Fedora 27

漏洞危害

Malicious users could use this vulnerability to change partial contents or configuration on the system.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-00647ae0d5: Fedora 27

0daybank

CVE-2018-1056 Fedora Security Update for advancecomp (FEDORA-2018-af30668257)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for advancecomp to fix the vulnerability.

Affected OS:
Fedora 27

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-af30668257: Fedora 27

0daybank

CVE-2016-10712 Ubuntu Security Notification for Php5, Php7.0, Php7.1 Vulnerabilities (USN-3600-1)

漏洞类别:Ubuntu

漏洞等级:

漏洞信息

It was discovered that PHP incorrectly handled certain stream metadata.

It was discovered that PHP incorrectly handled the PHAR 404 error page.

It was discovered that PHP incorrectly handled parsing certain HTTP responses.

漏洞危害

A remote attacker could possibly use this issue to set arbitrary metadata. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-10712)

A remote attacker could possibly use this issue to conduct cross-site scripting (XSS) attacks. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2018-5712)

A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-7584)

0daybank

CVE-2018-5146 Ubuntu Security Notification for Firefox Vulnerability (USN-3599-1)

漏洞类别:Ubuntu

漏洞等级:

漏洞信息

An out-of-bounds write was discovered when processing Vorbis audio data.

漏洞危害

If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service, or execute arbitrary code. (CVE-2018-5146)

解决方案

Refer to Ubuntu advisory USN-3599-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3599-1: 14.04 (Kylin) on src (firefox)

USN-3599-1: 17.10 (artful) on src (firefox)

USN-3599-1: 16.04 (Xenial) on src (firefox)

0daybank

CVE-2018-2579 SUSE Enterprise Linux Security Update for java-1_7_1-ibm (SUSE-SU-2018:0743-1)

漏洞类别:SUSE

漏洞等级:

漏洞信息

SUSE has released security update for java-1_7_1-ibm to fix the vulnerabilities.

Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP2

漏洞危害

This vulnerability can be used to cause a limited denial of service in the form of interruptions in resource availability.

解决方案

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command “yum update”.

Refer to SUSE security advisory SUSE-SU-2018:0743-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SUSE-SU-2018:0743-1: SUSE Enterprise Linux

0daybank

CVE-2004-2779 SUSE Enterprise Linux Security Update for libid3tag (SUSE-SU-2018:0722-1)

漏洞类别:SUSE

漏洞等级:

漏洞信息

SUSE has released security update for libid3tag to fix the vulnerabilities.

Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Desktop 12-SP3
SUSE Linux Enterprise Desktop 12-SP2

漏洞危害

This vulnerability can be used to cause a limited denial of service in the form of interruptions in resource availability.

解决方案

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command “yum update”.

Refer to SUSE security advisory SUSE-SU-2018:0722-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SUSE-SU-2018:0722-1: SUSE Enterprise Linux

 

0daybank

CVE-2018-5146 Mozilla Firefox Multiple Vulnerabilities (mfsa2018-08)

漏洞类别:Local

漏洞等级:

漏洞信息

Firefox is a free and open-source web browser developed for Windows, OS X, and Linux, with a mobile version for Android.

Multiple vulnerabilities were reported in Mozilla Firefox:
CVE-2018-5146: Out of bounds memory write in libvorbis
CVE-2018-5147: Out of bounds memory write in libtremor

Affected Versions:
Firefox prior to 59.0.1
Firefox ESR prior to 52.7.2

QID Detection Logic (Authenticated)
This QID checks for vulnerable versions of Firefox browser.

漏洞危害

Successful exploitation allows attacker to gain access to sensitive information.

解决方案

Refer to mfsa2018-08

Patch:
Following are links for downloading patches to fix the vulnerabilities:

mfsa2018-08: Windows

mfsa2018-08: MAC

0daybank

CVE-2018-1050 Fedora Security Update for libldb and samba (FEDORA-2018-c5c651ac44)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for libldb and samba to fix the vulnerability.

Affected OS:
Fedora 27

漏洞危害

On successful exploitation Missing null pointer checks may crash the external print server process and AD DC any authenticated user can change other users’ passwords over LDAP, including the passwords of administrative users and service accounts.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-c5c651ac44: Fedora 27

0daybank

CVE-2018-7540 Fedora Security Update for xen (FEDORA-2018-0746dac335)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for xen to fix the vulnerability.

Affected OS:
Fedora 26

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 26 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-0746dac335: Fedora 26

0daybank

CVE-2017-8782 Fedora Security Update for ming (FEDORA-2018-38a0e1e6f5)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for ming to fix the vulnerability.

Affected OS:
Fedora 27

漏洞危害

This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-38a0e1e6f5: Fedora 27

0daybank

CVE-2018-7536 Fedora Security Update for python-django (FEDORA-2018-bd1147f152)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for python-django to fix the vulnerability.

Affected OS:
Fedora 27

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-bd1147f152: Fedora 27

0daybank

CVE-2018-7549 Fedora Security Update for zsh (FEDORA-2018-019a32a468)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for zsh to fix the vulnerability.

Affected OS:
Fedora 27

漏洞危害

This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-019a32a468: Fedora 27

 

0daybank

CVE-2011-3923 Apache Struts “ParametersInterceptor” Remote Code Execution Vulnerability (S2-009)

漏洞类别:Web Application

漏洞等级:

漏洞信息

Apache Struts is a framework for building web applications.

Apache Struts on the target web application was found to be vulnerable to a remote code execution vulnerability as described in Security Bulletin S2-009. The assigned CVE ID is CVE-2011-3923.
The vulnerability exists due to regular expression in ParametersInterceptor matches top[‘foo’](0) as a valid expression, which OGNL treats as (top[‘foo’])(0) and evaluates the value of ‘foo’ action parameter as an OGNL expression.

Affected software:
Struts 2.0.0 – Struts 2.3.1.1

漏洞危害

A remote attacker could exploit this vulnerability to execute arbitrary code.

解决方案

Upgrade to the latest version of the Apache Struts 2 framework to fix this issue. For more details, please refer to Apache Security Bulletin S2-009.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

Struts 2 download (Struts2)

0daybank

CVE-2018-1000024 SUSE Enterprise Linux Security Update for squid3 (SUSE-SU-2018:0752-1)

漏洞类别:SUSE

漏洞等级:

漏洞信息

SUSE has released security update for squid3 to fix the vulnerabilities.

Affected Products:
SUSE Linux Enterprise Server 11-SP4

漏洞危害

This vulnerability can be used to cause a limited denial of service in the form of interruptions in resource availability.

解决方案

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command “yum update”.

Refer to SUSE security advisory SUSE-SU-2018:0752-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SUSE-SU-2018:0752-1: SUSE Enterprise Linux

0daybank

Information gathering Oracle Java SE/JRE/JDK 8/1.8 Detected

漏洞类别:Information gathering

漏洞等级:

漏洞信息

Java Platform, Standard Edition (Java SE) lets you develop and deploy Java applications on desktops, servers, and embedded environments, while offering user interface, performance, versatility, portability, and security that applications require. Java Runtime Environment (JRE) allows you to run Java applications and applets. To develop Java applications and applets, you need the Java Development Kit (JDK), which includes the JRE.

Oracle Java SE/JRE/JDK 8/1.8 is detected. QID Detection Logic (Authenticated):
This QID checks for the file or product version of jvm.dll or wsdetect.dl or verify.dll, On Linux/Unix this QID executes “java –version” to get Java version

漏洞危害

解决方案

0daybank

CVE-2018-1068 Amazon Linux Security Advisory for kernel: ALAS2-2018-971

漏洞类别:Amazon Linux

漏洞等级:

漏洞信息

Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c:A flaw was found in the Linux kernel’s implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory. (CVE-2018-1068 )

漏洞危害

Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.

解决方案

Please refer to Amazon advisory ALAS-2018-971 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ALAS-2018-971: Amazon Linux 2 (kernel (4.9.85-47.59.amzn2) on noarch)

ALAS-2018-971: Amazon Linux 2 (kernel (4.9.85-47.59.amzn2) on x86_64)

ALAS-2018-971: Amazon Linux 2 (kernel (4.9.85-47.59.amzn2) on src)

0daybank

Amazon Linux Amazon Linux Security Advisory for memcached: ALAS2-2018-964

漏洞类别:Amazon Linux

漏洞等级:

漏洞信息

It was discovered that the memcached daemon listened on UDP port 11211 by default. An attacker could use memcached for UDP amplification denial-of-service attacks. The UDP port has been disabled by default, but can still be enabled.

漏洞危害

Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.

解决方案

Please refer to Amazon advisory ALAS-2018-964 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ALAS-2018-964: Amazon Linux 2

0daybank