Debian Security Update for python-django (DSA 3678-1)

漏洞类别:Debian

漏洞等级:

漏洞信息

Debian has released security update for python-django to fix the vulnerabilities.

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

Refer to Debian security advisory DSA 3678-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

DSA 3678-1: Debian

0day

Debian Security Update for libarchive (DSA 3677-1)

漏洞类别:Debian

漏洞等级:

漏洞信息

Debian has released security update for libarchive to fix the vulnerabilities.

漏洞危害

The sandboxing code in libarchive mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.

解决方案

Refer to Debian security advisory DSA 3677-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

DSA 3677-1: Debian

0day

Debian Security Update for unadf (DSA 3676-1)

漏洞类别:Debian

漏洞等级:

漏洞信息

Debian has released security update for unadf to fix the vulnerabilities.

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

Refer to Debian security advisory DSA 3676-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

DSA 3676-1: Debian

0day

Cisco AnyConnect Secure Mobility Client Arbitrary Code Execution Vulne...

漏洞类别:Local

漏洞等级:

漏洞信息

Cisco AnyConnect is a VPN Client for multiple platforms.

Cisco AnyConnect Secure Mobility Client contains a vulnerability that could allow an authenticated, local attacker to execute arbitrary code with elevated privileges.

Affected Versions:
Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier

漏洞危害

On successful exploitation allows local users to gain privileges via crafted IPC messages that trigger use of root privileges for a software-package installation

解决方案

Solution or updates are not available.

0day

EOL/Obsolete Software: HP Data Protector 6.0x Detected.

漏洞类别:Local

漏洞等级:

漏洞信息

HPE Data Protector software provides comprehensive data backup and recovery across physical, virtual and hybrid environments.

Hewlett Packard Enterprise is announcing the version discontinuance of HP Data Protector 6.0x

Affected Version :
HP Data Protector 6.0x

漏洞危害

The system is at high risk of being exposed to security vulnerabilities. Since the vendor no longer provides updates, obsolete software is highly prone to vulnerabilities.

解决方案

Please visit HP Data Protector 6.0x for more information.

0day

Joomla! com_videogallerylite ajax_url.php SQL Injection Vulnerability

漏洞类别:CGI

漏洞等级:

漏洞信息

Joomla! is a free open-source content management system written in PHP. It uses object oriented programming techniques and is built on a model-view-controller web application framework. It includes features such as page caching, RSS feeds, printable versions of pages, news flashes, blogs, polls, search, and support for language internationalization. Huge-IT Video Gallery is a Joomla! video gallery component.

The vulnerability exists in the components/com_videogallerylite/ajax_url.php source file that fails to sanitize user supplied input received via the load_videos_content argument. An unauthenticated, remote attacker could exploit this vulnerability by transmitting crafted HTTP GET requests to inject malicious SQL code in a targeted Joomla! installation.

Affected versions:
Joomla Huge-IT Video Gallery (com_videogallerylite) component 3.3.6

漏洞危害

Successful exploitation allows an unauthenticated, remote attacker to manipulate SQL queries by injecting arbitrary SQL code or further exploit latent vulnerabilities in the underlying database.

解决方案

The vendor has not confirmed this vulnerability.

Workaround:
Although the vendor has not confirmed this vulnerability, updated version is available, which may fix the vulnerability. Customers are advised to install the updated version.

0day

Oracle Enterprise Linux Security Update for openssl (ELSA-2016-1940)

漏洞类别:OEL

漏洞等级:

漏洞信息

Oracle Enterprise Linux has released security update for openssl to fix the vulnerabilities.

Affected Products:
Oracle Linux 7
Oracle Linux 6

漏洞危害

Successful exploitation allows remote attackers to cause a denial of service (false-positive packet drops) via spoofed DTLS records.

解决方案

To resolve this issue, upgrade to the latest packages which contain a patch. Refer to Oracle Enterprise Linux advisoryOracle Linux 7 Oracle Linux 6 for updates and patch information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ELSA-2016-1940: Oracle Linux 7

ELSA-2016-1940: Oracle Linux 6

0day

SUSE Enterprise Linux Security Update for openssh (SUSE-SU-2016:2388-1)

漏洞类别:SUSE

漏洞等级:

漏洞信息

Suse has released security update for openssh to fix the vulnerabilities.

Affected Products:
SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1
SUSE Manager 2.1
SUSE Linux Enterprise Server 11-SP3-LTSS
SUSE Linux Enterprise Point of Sale 11-SP3
SUSE Linux Enterprise Debuginfo 11-SP3

漏洞危害

This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system. Additionally this vulnerability can also be used to cause a complete denial of service and could render the resource completely unavailable.

解决方案

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command "yum update".

Refer to Suse security advisory SUSE-SU-2016:2388-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SUSE-SU-2016:2388-1: SUSE Enterprise Linux

0day

SUSE Enterprise Linux Security Update for libtcnative-1-0 (SUSE-SU-2016:2385-1)

漏洞类别:SUSE

漏洞等级:

漏洞信息

Suse has released security update for libtcnative-1-0 to fix the vulnerabilities.

Affected Products:
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4

漏洞危害

Malicious users could use this vulnerability to change partial contents or configuration on the system.

解决方案

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command "yum update".

Refer to Suse security advisory SUSE-SU-2016:2385-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SUSE-SU-2016:2385-1: SUSE Enterprise Linux

0day

EOL/Obsolete Software: Drupal 5.x Detected

漏洞类别:CGI

漏洞等级:

漏洞信息

Drupal is a free and open-source content-management framework written in PHP and distributed under the GNU General Public License.

Drupal 5 has been detected on the host. Drupal 5 has reached end of life on January 6, 2011 and will no longer be supported for security advisories. Since there will be no further bug fixes or security updates for this version, it is recommended that you migrate from version 5 to Drupal supported releases such as 7 or Drupal 8.

漏洞危害

Depending on the vulnerability being exploited, an unauthenticated remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service on the targeted system.

解决方案

Customers are advised to upgrade to Drupal 7,8 or later versions to remediate this vulnerability.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

Latest Drupal

0day