月度归档： 2018年3月

Fedora has released security update for firefox to fix the vulnerability.

Affected OS:
Fedora 26
Fedora 27

Successful exploitation allows attacker to compromise the system.

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 26 Update
Fedora 27 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-92031bb1ed: Fedora 26

FEDORA-2018-92031bb1ed: Fedora 27

Fedora has released security update for curl to fix the vulnerability.

Affected OS:
Fedora 26

Successful exploitation allows attacker to compromise the system.

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 26 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-66c96e0024: Fedora 26

Fedora has released security update for samba to fix the vulnerability.

Affected OS:
Fedora 26

Successful exploitation allows attacker to compromise the system.

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 26 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-7d0acd608b: Fedora 26

Fedora has released security update for kernel to fix the vulnerability.

Affected OS:
Fedora 27

Successful exploitation allows attacker to compromise the system.

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-cf76003e1f: Fedora 27

Fedora has released security update for kernel to fix the vulnerability.

Affected OS:
Fedora 27

This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system.

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-2bce10900e: Fedora 27

Fedora has released security update for net-snmp to fix the vulnerability.

Affected OS:
Fedora 27
Fedora 26

Successful exploitation allows attacker to compromise the system.

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update
Fedora 26 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-5a5f51753c: Fedora 27

FEDORA-2018-5a5f51753c: Fedora 26

Fedora has released security update for util-linux to fix the vulnerability.

Affected OS:
Fedora 27

Successful exploitation allows attacker to compromise the system.

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-668664ba84: Fedora 27

Fedora has released security update for util-linux to fix the vulnerability.

Affected OS:
Fedora 27

Successful exploitation allows attacker to compromise the system.

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-668664ba84: Fedora 27

Fedora has released security update for mariadb to fix the vulnerability.

Affected OS:
Fedora 27

Malicious users could use this vulnerability to change partial contents or configuration on the system.

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-00647ae0d5: Fedora 27

Fedora has released security update for advancecomp to fix the vulnerability.

Affected OS:
Fedora 27

Successful exploitation allows attacker to compromise the system.

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-af30668257: Fedora 27

It was discovered that PHP incorrectly handled certain stream metadata.

It was discovered that PHP incorrectly handled the PHAR 404 error page.

It was discovered that PHP incorrectly handled parsing certain HTTP responses.

A remote attacker could possibly use this issue to set arbitrary metadata. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-10712)

A remote attacker could possibly use this issue to conduct cross-site scripting (XSS) attacks. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2018-5712)

A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-7584)

Refer to Ubuntu advisory USN-3600-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3600-1: 17.10 (artful) on src (php7.1-cli)

USN-3600-1: 16.04 (Xenial) on src (php7.0-cgi)

USN-3600-1: 16.04 (Xenial) on src (libapache2-mod-php7.0)

USN-3600-1: 14.04 (Kylin) on src (php5-cli)

USN-3600-1: 14.04 (Kylin) on src (php5-fpm)

USN-3600-1: 16.04 (Xenial) on src (php7.0-cli)

USN-3600-1: 17.10 (artful) on src (php7.1-cgi)

USN-3600-1: 17.10 (artful) on src (libapache2-mod-php7.1)

USN-3600-1: 14.04 (Kylin) on src (libapache2-mod-php5)

USN-3600-1: 16.04 (Xenial) on src (php7.0-fpm)

USN-3600-1: 17.10 (artful) on src (php7.1-fpm)

USN-3600-1: 14.04 (Kylin) on src (php5-cgi)

An out-of-bounds write was discovered when processing Vorbis audio data.

If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service, or execute arbitrary code. (CVE-2018-5146)

Refer to Ubuntu advisory USN-3599-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3599-1: 14.04 (Kylin) on src (firefox)

USN-3599-1: 17.10 (artful) on src (firefox)

USN-3599-1: 16.04 (Xenial) on src (firefox)

SUSE has released security update for java-1_7_1-ibm to fix the vulnerabilities.

Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP2

This vulnerability can be used to cause a limited denial of service in the form of interruptions in resource availability.

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command “yum update”.

Refer to SUSE security advisory SUSE-SU-2018:0743-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SUSE-SU-2018:0743-1: SUSE Enterprise Linux

SUSE has released security update for libid3tag to fix the vulnerabilities.

Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Desktop 12-SP3
SUSE Linux Enterprise Desktop 12-SP2

This vulnerability can be used to cause a limited denial of service in the form of interruptions in resource availability.

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command “yum update”.

Refer to SUSE security advisory SUSE-SU-2018:0722-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SUSE-SU-2018:0722-1: SUSE Enterprise Linux

Firefox is a free and open-source web browser developed for Windows, OS X, and Linux, with a mobile version for Android.

Multiple vulnerabilities were reported in Mozilla Firefox:
CVE-2018-5146: Out of bounds memory write in libvorbis
CVE-2018-5147: Out of bounds memory write in libtremor

Affected Versions:
Firefox prior to 59.0.1
Firefox ESR prior to 52.7.2

QID Detection Logic (Authenticated)
This QID checks for vulnerable versions of Firefox browser.

Successful exploitation allows attacker to gain access to sensitive information.

Refer to mfsa2018-08

Patch:
Following are links for downloading patches to fix the vulnerabilities:

mfsa2018-08: Windows

mfsa2018-08: MAC

Fedora has released security update for libldb and samba to fix the vulnerability.

Affected OS:
Fedora 27

On successful exploitation Missing null pointer checks may crash the external print server process and AD DC any authenticated user can change other users’ passwords over LDAP, including the passwords of administrative users and service accounts.

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-c5c651ac44: Fedora 27

Fedora has released security update for xen to fix the vulnerability.

Affected OS:
Fedora 26

Successful exploitation allows attacker to compromise the system.

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 26 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-0746dac335: Fedora 26

Fedora has released security update for ming to fix the vulnerability.

Affected OS:
Fedora 27

This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-38a0e1e6f5: Fedora 27

Fedora has released security update for python-django to fix the vulnerability.

Affected OS:
Fedora 27

Successful exploitation allows attacker to compromise the system.

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-bd1147f152: Fedora 27

Fedora has released security update for zsh to fix the vulnerability.

Affected OS:
Fedora 27

This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-019a32a468: Fedora 27