CVE-2016-7887 Adobe ColdFusion Builder Information Disclosure Vulnerability (APSB16-44)

漏洞类别:Local

漏洞等级:

漏洞信息

Adobe ColdFusion Builder an IDE that can be used to build applications for ColdFusion.

Adobe ColdFusion Builder is exposed to a information disclosure vulnerability (CVE-2016-7887).

Affected Products:
Adobe ColdFusion Builder 2016 Update 2 and earlier versions.
Adobe ColdFusion Builder 3.0.3 and earlier versions.

漏洞危害

Successfully exploiting this vulnerability might allow an attacker to get system sensitive information.

解决方案

Vendor has released updated versions of software to fix this vulnerability. Further more information can be obtained fromAPSB16-44

Patch:
Following are links for downloading patches to fix the vulnerabilities:

APSB16-44

0day

CVE-2016-6213 Ubuntu Security Notification for Linux Vulnerabilities (USN-3162-1)

漏洞类别:Ubuntu

漏洞等级:

漏洞信息

It was discovered that shared bind mounts in a mount namespace exponentially added entries without restriction to the Linux kernel's mount table.

It was discovered that the KVM implementation for x86/x86_64 in the Linux kernel could dereference a null pointer.

It was discovered that the IP over IEEE 1394 (FireWire) implementation in the Linux kernel contained a buffer overflow when handling fragmented packets.

It was discovered that the TCP implementation in the Linux kernel mishandles socket buffer (skb) truncation.

It was discovered that the keyring implementation in the Linux kernel improperly handled crypto registration in conjunction with successful key- type registration.

It was discovered that the SCTP implementation in the Linux kernel improperly handled validation of incoming data.

漏洞危害

A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6213)

An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the KVM host. (CVE-2016-8630)

A remote attacker could use this to possibly execute arbitrary code with administrative privileges. (CVE-2016-8633)

A local attacker could use this to cause a denial of service (system crash). (CVE-2016-8645)

A local attacker could use this to cause a denial of service (system crash). (CVE-2016-9313)

A remote attacker could use this to cause a denial of service (system crash). (CVE-2016-9555)

0day

CVE-2015-8964 Ubuntu Security Notification for Linux Vulnerabilities (USN-3161-1)

漏洞类别:Ubuntu

漏洞等级:

漏洞信息

A use-after-free condition in the TTY implementation in the Linux kernel.

It was discovered that the Video For Linux Two (v4l2) implementation in the Linux kernel did not properly handle multiple planes when processing a VIDIOC_DQBUF ioctl().

It was discovered that shared bind mounts in a mount namespace exponentially added entries without restriction to the Linux kernel's mount table.

It was discovered that the KVM implementation for x86/x86_64 in the Linux kernel could dereference a null pointer.

It was discovered that the IP over IEEE 1394 (FireWire) implementation in the Linux kernel contained a buffer overflow when handling fragmented packets.

It was discovered that the TCP implementation in the Linux kernel mishandles socket buffer (skb) truncation.

It was discovered that the SCTP implementation in the Linux kernel improperly handled validation of incoming data.

漏洞危害

A local attacker could use this to expose sensitive information (kernel memory). (CVE-2015-8964)

A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-4568)

A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6213)

An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the KVM host. (CVE-2016-8630)

A remote attacker could use this to possibly execute arbitrary code with administrative privileges. (CVE-2016-8633)

A local attacker could use this to cause a denial of service (system crash). (CVE-2016-8645)

A remote attacker could use this to cause a denial of service (system crash). (CVE-2016-9555)

0day

CVE-2016-6213 Ubuntu Security Notification for Linux Vulnerabilities (USN-3160-1)

漏洞类别:Ubuntu

漏洞等级:

漏洞信息

It was discovered that shared bind mounts in a mount namespace exponentially added entries without restriction to the Linux kernel's mount table.

It was discovered that a race condition existed in the procfs environ_read function in the Linux kernel, leading to an integer underflow.

漏洞危害

A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6213)

A local attacker could use this to expose sensitive information (kernel memory). (CVE-2016-7916)

0day

CVE-2016-7916 Ubuntu Security Notification for Linux Vulnerability (USN-3159-1)

漏洞类别:Ubuntu

漏洞等级:

漏洞信息

It was discovered that a race condition existed in the procfs environ_read function in the Linux kernel, leading to an integer underflow.

漏洞危害

A local attacker could use this to expose sensitive information (kernel memory).

0day

Debian Security Update for php-ssh2 (DSA 3732-2)

漏洞类别:Debian

漏洞等级:

漏洞信息

Debian has released security update for php-ssh2 to fix the vulnerabilities.

漏洞危害

If only DSA-3732-1 is installed, it can cause segfaults in php-ssh2.

解决方案

Refer to Debian security advisory DSA 3732-2 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

DSA 3732-2: Debian

0day

CVE-2016-2123 Ubuntu Security Notification for Samba Vulnerabilities (USN-3158

漏洞类别:Ubuntu

漏洞等级:

漏洞信息

It was discovered that the ndr_pull_dnsp_nam function in Samba contained an integer overflow.

It was discovered that Samba clients always requested a forwardable ticket when using Kerberos authentication.

It was discovered that Kerberos PAC validation implementation in Samba contained multiple vulnerabilities.

漏洞危害

An authenticated attacker could use this to gain administrative privileges. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-2123)

An attacker could use this to impersonate an authenticated user or service. (CVE-2016-2125)

An authenticated attacker could use this to cause a denial of service or gain administrative privileges. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 16.10. (CVE-2016-2126)

0day

CVE-2016-9964 Debian Security Update for python-bottle (DSA 3743-1)

漏洞类别:Debian

漏洞等级:

漏洞信息

Debian has released security update for python-bottle to fix the vulnerabilities.

漏洞危害

Successful exploitation can allowe an attacker to perform CRLF attacks such as HTTP header injection.

解决方案

Refer to Debian security advisory DSA 3743-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

DSA 3743-1: Debian

0day

CVE-2016-9956 Debian Security Update for flightgear (DSA 3742-1)

漏洞类别:Debian

漏洞等级:

漏洞信息

Debian has released security update for flightgear to fix the vulnerabilities.

漏洞危害

Successful exploitation of the vulnerabilities can allow a malicious script to overwrite arbitrary files with the privileges of the user running Flight Gear.

解决方案

Refer to Debian security advisory DSA 3742-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

DSA 3742-1: Debian

0day

CVE-2016-1254 Debian Security Update for tor (DSA 3741-1)

漏洞类别:Debian

漏洞等级:

漏洞信息

Debian has released security update for tor to fix the vulnerabilities.

漏洞危害

Sucessful exploitation of the vulnerability may cause a Denial of Service.

解决方案

Refer to Debian security advisory DSA 3741-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

DSA 3741-1: Debian

0day