CVE-2018-8009 Fedora Security Update for hadoop (FEDORA-2018-e5a8b72d0d)

漏洞类别:Fedora

漏洞等级: 

漏洞信息

Fedora has released security update for hadoop to fix the vulnerability.

Affected OS:
Fedora 28

漏洞危害

This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 28 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-e5a8b72d0d: Fedora 28

0daybank

CVE-2018-12895 Fedora Security Update for wordpress (FEDORA-2018-623df1e98d)

漏洞类别:Fedora

漏洞等级: 

漏洞信息

Fedora has released security update for wordpress to fix the vulnerability.

Affected OS:
Fedora 27
Fedora 28

漏洞危害

This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update
Fedora 28 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-623df1e98d: Fedora 27

FEDORA-2018-623df1e98d: Fedora 28

0daybank

CVE-2018-14358 Fedora Security Update for mutt (FEDORA-2018-f1438c5833)

漏洞类别:Fedora

漏洞等级: 

漏洞信息

Fedora has released security update for mutt to fix the vulnerability.

Affected OS:
Fedora 28

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 28 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-f1438c5833: Fedora 28

0daybank

CVE-2018-10892 Fedora Security Update for podman (FEDORA-2018-6243646704)

漏洞类别:Fedora

漏洞等级: 

漏洞信息

Fedora has released security update for podman to fix the vulnerability.

Affected OS:
Fedora 28

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 28 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-6243646704: Fedora 28

0daybank

CVE-2018-1128 Fedora Security Update for ceph (FEDORA-2018-327707371e)

漏洞类别:Fedora

漏洞等级: 

漏洞信息

Fedora has released security update for ceph to fix the vulnerability.

Affected OS:
Fedora 28

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 28 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-327707371e: Fedora 28

0daybank

CVE-2018-0500 Fedora Security Update for curl (FEDORA-2018-57779d51c1)

漏洞类别:Fedora

漏洞等级: 

漏洞信息

Fedora has released security update for curl to fix the vulnerability.

Affected OS:
Fedora 28

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 28 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-57779d51c1: Fedora 28

0daybank

CVE-2018-1116 Fedora Security Update for polkit (FEDORA-2018-83df5dc658)

漏洞类别:Fedora

漏洞等级: 

漏洞信息

Fedora has released security update for polkit to fix the vulnerability.

Affected OS:
Fedora 27

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-83df5dc658: Fedora 27

0daybank

CVE-2018-10895 Fedora Security Update for qutebrowser (FEDORA-2018-61dbd4a787)

漏洞类别:Fedora

漏洞等级: 

漏洞信息

Fedora has released security update for qutebrowser to fix the vulnerability.

Affected OS:
Fedora 27
Fedora 28

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update
Fedora 28 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-61dbd4a787: Fedora 27

FEDORA-2018-61dbd4a787: Fedora 28

0daybank

Fedora Security Update for suricata (FEDORA-2018-6227e1ff4c)

漏洞类别:Fedora

漏洞等级: 

漏洞信息

Fedora has released security update for suricata to fix the vulnerability.

Affected OS:
Fedora 28
Fedora 27

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 28 Update
Fedora 27 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-6227e1ff4c: Fedora 28

FEDORA-2018-6227e1ff4c: Fedora 27

0daybank

CVE-2018-1060 Fedora Security Update for python34 (FEDORA-2018-875afebb87)

漏洞类别:Fedora

漏洞等级: 

漏洞信息

Fedora has released security update for python34 to fix the vulnerability.

Affected OS:
Fedora 28
Fedora 27

漏洞危害

This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 28 Update
Fedora 27 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-875afebb87: Fedora 28

FEDORA-2018-875afebb87: Fedora 27

0daybank

CVE-2018-14404 Fedora Security Update for libxml2 (FEDORA-2018-3b782350ff)

漏洞类别:Fedora

漏洞等级: 

漏洞信息

Fedora has released security update for libxml2 to fix the vulnerability.

Affected OS:
Fedora 27
Fedora 28

漏洞危害

This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update
Fedora 28 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-3b782350ff: Fedora 27

FEDORA-2018-3b782350ff: Fedora 28

0daybank

CVE-2017-5974 Fedora Security Update for zziplib (FEDORA-2018-237e9b550c)

漏洞类别:Fedora

漏洞等级: 

漏洞信息

Fedora has released security update for zziplib to fix the vulnerability.

Affected OS:
Fedora 28

漏洞危害

This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 28 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-237e9b550c: Fedora 28

0daybank

CVE-2018-10773 Fedora Security Update for bibutils (FEDORA-2018-67914db5d9)

漏洞类别:Fedora

漏洞等级: 

漏洞信息

Fedora has released security update for bibutils to fix the vulnerability.

Affected OS:
Fedora 27
Fedora 28

漏洞危害

This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update
Fedora 28 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-67914db5d9: Fedora 27

FEDORA-2018-67914db5d9: Fedora 28

0daybank

CVE-2018-12437 Fedora Security Update for libtomcrypt (FEDORA-2018-9d667bdff8)

漏洞类别:Fedora

漏洞等级: 

漏洞信息

Fedora has released security update for libtomcrypt to fix the vulnerability.

Affected OS:
Fedora 28

漏洞危害

This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 28 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-9d667bdff8: Fedora 28

0daybank

CVE-2017-9258 Fedora Security Update for soundtouch (FEDORA-2018-4197fff086)

漏洞类别:Fedora

漏洞等级: 

漏洞信息

Fedora has released security update for soundtouch to fix the vulnerability.

Affected OS:
Fedora 27

漏洞危害

Successful exploitation of the vulnerability will lead to denial of service attacks.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-4197fff086: Fedora 27

0daybank

CVE-2018-10860 Fedora Security Update for perl-Archive-Zip (FEDORA-2018-ebebe9abe2)

漏洞类别:Fedora

漏洞等级: 

漏洞信息

Fedora has released security update for perl-archive-zip to fix the vulnerability.

Affected OS:
Fedora 27

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-ebebe9abe2: Fedora 27

0daybank

CVE-2018-14354 Red Hat Update for mutt (RHSA-2018:2526)

漏洞类别:RedHat

漏洞等级: 

漏洞信息

Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP.

Security Fixes: mutt: Remote code injection vulnerability to an IMAP mailbox (CVE-2018-14354)
mutt: Remote Code Execution via backquote characters (CVE-2018-14357)
mutt: POP body caching path traversal vulnerability (CVE-2018-14362)

Affected Products:

Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux Server 6 x86_64
Red Hat Enterprise Linux Server 6 i386
Red Hat Enterprise Linux Server – Extended Update Support 7.5 x86_64
Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Enterprise Linux Workstation 6 x86_64
Red Hat Enterprise Linux Workstation 6 i386
Red Hat Enterprise Linux Desktop 7 x86_64
Red Hat Enterprise Linux Desktop 6 x86_64
Red Hat Enterprise Linux Desktop 6 i386
Red Hat Enterprise Linux for IBM z Systems 7 s390x
Red Hat Enterprise Linux for IBM z Systems 6 s390x
Red Hat Enterprise Linux for IBM z Systems – Extended Update Support 7.5 s390x
Red Hat Enterprise Linux for Power, big endian 7 ppc64
Red Hat Enterprise Linux for Power, big endian 6 ppc64
Red Hat Enterprise Linux for Power, big endian – Extended Update Support 7.5 ppc64
Red Hat Enterprise Linux for Scientific Computing 7 x86_64
Red Hat Enterprise Linux EUS Compute Node 7.5 x86_64
Red Hat Enterprise Linux

漏洞危害

On successful exploitation it could allow an attacker to execute code.

解决方案

Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2018:2526 to address this issue and obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2018:2526: Red Hat Enterprise Linux

继续阅读“CVE-2018-14354 Red Hat Update for mutt (RHSA-2018:2526)”

CVE-2018-1000115 Red Hat Update for Red Hat OpenStack Platform 12.0 director (RHSA-2018:2331)

漏洞类别:RedHat

漏洞等级: 

漏洞信息

memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load.Security fix(es): memcached: UDP server support allows spoofed traffic amplification DoS (CVE-2018-1000115)

Affected Products:

Red Hat OpenStack 12 x86_64
Red Hat OpenStack for IBM Power 12 ppc64le

漏洞危害

On successful exploitation it could allow an attacker to execute code.

解决方案

Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2018:2331 to address this issue and obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2018:2331: Red Hat Enterprise Linux

0daybank

CVE-2017-18191 Red Hat Update for openstack-nova (RHSA-2018:2332)

漏洞类别:RedHat

漏洞等级: 

漏洞信息

OpenStack Compute (nova) launches and schedules large networks of virtualmachines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required toorchestrate a cloud, including running virtual machine instances andcontrolling access through users and projects. The following packages have been upgraded to a later upstream version:openstack-nova (16.1.4). (BZ#1591212)

Security Fixes: openstack-nova: Swapping encrypted volumes can allow an attacker to corrupt the LUKS header causing a denial of service in the host (CVE-2017-18191)

Affected Products:

Red Hat OpenStack 12 x86_64
Red Hat OpenStack for IBM Power 12 ppc64le

漏洞危害

On successful exploitation it could allow an attacker to execute code.

解决方案

Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2018:2332 to address this issue and obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2018:2332: Red Hat Enterprise Linux

0daybank

CVE-2018-14432 Red Hat Update for openstack-keystone (RHSA-2018:2523)

漏洞类别:RedHat

漏洞等级: 

漏洞信息

The OpenStack Identity service (keystone) authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication, including user name and password credentials, token-based systems, and AWS-style logins.

Security Fixes: openstack-keystone: Information Exposure through /v3/OS-FEDERATION/projects (CVE-2018-14432)

Affected Products:

Red Hat OpenStack 12 x86_64
Red Hat OpenStack for IBM Power 12 ppc64le

漏洞危害

On successful exploitation it could allow an attacker to execute code.

解决方案

Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2018:2523 to address this issue and obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2018:2523: Red Hat Enterprise Linux

0daybank

CVE-2018-1059 Red Hat Update for openvswitch (RHSA-2018:2524)

漏洞类别:RedHat

漏洞等级: 

漏洞信息

Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic.

Security Fixes: dpdk: Information exposure in unchecked guest physical to host virtual address translations (CVE-2018-1059)

Affected Products :

Red Hat OpenStack 12 x86_64
Red Hat OpenStack for IBM Power 12 ppc64le

漏洞危害

On successful exploitation it could allow an attacker to execute code.

解决方案

Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2018:2524 to address this issue and obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2018:2524: Red Hat Enterprise Linux

0daybank

CVE-2017-12624 Red Hat Update for JBoss Enterprise Application Platform 7.1.4 on RHEL 6 (RHSA-2018:2423)

漏洞类别:RedHat

漏洞等级: 

漏洞信息

Red Hat JBoss Enterprise Application Platform is a platform for Javaapplications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

Security Fixes: guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service (CVE-2018-10237)
bouncycastle: flaw in the low-level interface to RSA key pair generator (CVE-2018-1000180)
cxf: Improper size validation in message attachment header for JAX-WS and JAX-RS services (CVE-2017-12624)
wildfly: wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (CVE-2018-10862)
cxf-core: apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* (CVE-2018-8039)

Affected Products:

JBoss Enterprise Application Platform 7.1 for RHEL 6 x86_64
JBoss Enterprise Application Platform 7.1 for RHEL 6 i386

漏洞危害

On successful exploitation it could allow an attacker to execute code.

解决方案

Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2018:2423 to address this issue and obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2018:2423: Red Hat Enterprise Linux

0daybank

CVE-2018-2825 Ubuntu Security Notification for Openjdk-lts Vulnerabilities (USN-3747-1)

漏洞类别:Ubuntu

漏洞等级: 

漏洞信息

It was discovered that OpenJDK did not properly validate types in some situations.

It was discovered that the PatternSyntaxException class in OpenJDK did not properly validate arguments passed to it.

It was discovered a vulnerability in the Galois/Counter Mode (GCM) mode of operation for symmetric block ciphers in OpenJDK.

漏洞危害

An attacker could use this to construct a Java class that could possibly bypass sandbox restrictions. (CVE-2018-2825, CVE-2018-2826)

An attacker could use this to potentially construct a class that caused a denial of service (excessive memory consumption). (CVE-2018-2952)

An attacker could use this to expose sensitive information. (CVE-2018-2972)

解决方案

Refer to Ubuntu advisory USN-3747-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3747-1: 18.04 (bionic) on src (openjdk-11-jre-zero)

USN-3747-1: 18.04 (bionic) on src (openjdk-11-jre)

USN-3747-1: 18.04 (bionic) on src (openjdk-11-jre-headless)

0daybank

CVE-2018-0501 Ubuntu Security Notification for APT Vulnerability (USN-3746-1)

漏洞类别:Ubuntu

漏洞等级: 

漏洞信息

It was discovered that APT incorrectly handled the mirror method (mirror://).

漏洞危害

If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages in environments configured to use mirror:// entries.

解决方案

Refer to Ubuntu advisory USN-3746-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3746-1: 18.04 (bionic) on src (apt)

0daybank

CVE-2018-14526 Ubuntu Security Notification for Wpa Vulnerability (USN-3745-1)

漏洞类别:Ubuntu

漏洞等级: 

漏洞信息

It was discovered that wpa_supplicant and hostapd incorrectly handled certain messages.

漏洞危害

An attacker could possibly use this to access sensitive information.

解决方案

Refer to Ubuntu advisory USN-3745-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3745-1: 16.04 (Xenial) on src (hostapd)

USN-3745-1: 14.04 (Kylin) on src (wpasupplicant)

USN-3745-1: 18.04 (bionic) on src (hostapd)

USN-3745-1: 18.04 (bionic) on src (wpasupplicant)

USN-3745-1: 16.04 (Xenial) on src (wpasupplicant)

USN-3745-1: 14.04 (Kylin) on src (hostapd)

0daybank