CVE-2016-10327 OpenSUSE Security Update for libreoffice (openSUSE-SU-2017:1851-1)

漏洞类别:SUSE

漏洞等级:

漏洞信息

SUSE has released security update for libreoffice to fix the vulnerabilities.

Affected Products:
openSUSE Leap 42.2

漏洞危害

This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

解决方案

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command "yum update".

Refer to SUSE security advisory openSUSE-SU-2017:1851-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

openSUSE-SU-2017:1851-1: OpenSuse

0daybank

CVE-2017-9217 OpenSUSE Security Update for systemd (openSUSE-SU-2017:1844-1)

漏洞类别:SUSE

漏洞等级:

漏洞信息

SUSE has released security update for systemd to fix the vulnerabilities.

Affected Products:
openSUSE Leap 42.2

漏洞危害

This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

解决方案

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command "yum update".

Refer to SUSE security advisory openSUSE-SU-2017:1844-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

openSUSE-SU-2017:1844-1: OpenSuse

0daybank

CVE-2017-7771 Red Hat Update for graphite2 (RHSA-2017:1793)

漏洞类别:RedHat

漏洞等级:

漏洞信息

Graphite2 is a project within SIL's Non-Roman Script Initiative and Language Software Development groups to provide rendering capabilities for complex non-Roman writing systems.

Various vulnerabilities have been discovered in Graphite2. An attacker able to trick an unsuspecting user into opening specially crafted font files in an application using Graphite2 could exploit these flaws to disclose potentially sensitive memory, cause an application crash, or, possibly, execute arbitrary code. (CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778)
Affected Products
Red Hat Enterprise Linux Server 7 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 7.3 x86_64
Red Hat Enterprise Linux Server - AUS 7.3 x86_64
Red Hat Enterprise Linux Workstation 7 x86_64
Red Hat Enterprise Linux Desktop 7 x86_64
Red Hat Enterprise Linux for IBM z Systems 7 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.3 s390x
Red Hat Enterprise Linux for Power, big endian 7 ppc64
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.3 ppc64
Red Hat Enterprise Linux for Scientific Computing 7 x86_64
Red Hat Enterprise Linux EUS Compute Node 7.3 x86_64
Red Hat Enterprise Linux for Power, little endian 7 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.3 ppc64le
Red Hat Enterprise Linux Server for ARM 7 aarch64
Red Hat Enterprise Linux Server - TUS 7.3 x86_64

漏洞危害

An attacker able to trick an unsuspecting user into opening specially crafted font files in an application using Graphite2 could exploit these flaws to disclose potentially sensitive memory, cause an application crash, or, possibly, execute arbitrary code.

解决方案

Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2017:1793 to address this issue and obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2017:1793: Red Hat Enterprise Linux

0daybank

CVE-2017-10053 21:25:36 Red Hat Update for java-1.8.0-openjdk (RHSA-2017:1789)

漏洞类别:RedHat

漏洞等级:

漏洞信息

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.

It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle references. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. (CVE-2017-10102)
Multiple flaws were discovered in the RMI, JAXP, ImageIO, Libraries, AWT, Hotspot, and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2017-10107, CVE-2017-10096, CVE-2017-10101, CVE-2017-10089, CVE-2017-10090, CVE-2017-10087, CVE-2017-10111, CVE-2017-10110, CVE-2017-10074, CVE-2017-10067)
It was discovered that the LDAPCertStore class in the Security component of OpenJDK followed LDAP referrals to arbitrary URLs. A specially crafted LDAP referral URL could cause LDAPCertStore to communicate with non-LDAP servers. (CVE-2017-10116)
It was discovered that the Nashorn JavaScript engine in the Scripting component of OpenJDK could allow scripts to access Java APIs even when access to Java APIs was disabled. An untrusted JavaScript executed by Nashorn could use this flaw to bypass intended restrictions. (CVE-2017-10078)
It was discovered that the Security component of OpenJDK could fail to properly enforce restrictions defined for processing of X.509 certificate chains. A remote attacker could possibly use this flaw to make Java accept certificate using one of the disabled algorithms. (CVE-2017-10198)
A covert timing channel flaw was found in the DSA implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application generate DSA signatures on demand could possibly use this flaw to extract certain information about the used key via a timing side channel. (CVE-2017-10115)
A covert timing channel flaw was found in the PKCS#8 implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application repeatedly compare PKCS#8 key against an attacker controlled value could possibly use this flaw to determine the key via a timing side channel. (CVE-2017-10135)
It was discovered that the BasicAttribute and CodeSource classes in OpenJDK did not limit the amount of memory allocated when creating object instances from a serialized form. A specially crafted serialized input stream could cause Java to consume an excessive amount of memory. (CVE-2017-10108, CVE-2017-10109)
Multiple flaws were found in the Hotspot and Security components in OpenJDK. An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2017-10081, CVE-2017-10193)
It was discovered that the JPEGImageReader implementation in the 2D component of OpenJDK would, in certain cases, read all image data even if it was not used later. A specially crafted image could cause a Java application to temporarily use an excessive amount of CPU and memory. (CVE-2017-10053)

漏洞危害

A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application. (CVE-2017-10102)
An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. (CVE-2017-10107, CVE-2017-10096, CVE-2017-10101, CVE-2017-10089, CVE-2017-10090, CVE-2017-10087, CVE-2017-10111, CVE-2017-10110, CVE-2017-10074, CVE-2017-10067)
A specially crafted LDAP referral URL could cause LDAPCertStore to communicate with non-LDAP servers. (CVE-2017-10116)
An untrusted JavaScript executed by Nashorn could use this flaw to bypass intended restrictions. (CVE-2017-10078)
A remote attacker could possibly use this flaw to make Java accept certificate using one of the disabled algorithms. (CVE-2017-10198)
A remote attacker able to make a Java application generate DSA signatures on demand could possibly use this flaw to extract certain information about the used key via a timing side channel. (CVE-2017-10115)
A remote attacker able to make a Java application repeatedly compare PKCS#8 key against an attacker controlled value could possibly use this flaw to determine the key via a timing side channel. (CVE-2017-10135)
A specially crafted serialized input stream could cause Java to consume an excessive amount of memory. (CVE-2017-10108, CVE-2017-10109)
An untrusted Java application or applet could use these flaws to bypass certain Java sandbox restrictions. (CVE-2017-10081, CVE-2017-10193)
A specially crafted image could cause a Java application to temporarily use an excessive amount of CPU and memory. (CVE-2017-10053)

解决方案

Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2017:1789 to address this issue and obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2017:1789: Red Hat Enterprise Linux

0daybank

CVE-2016-6515 F5 BIG-IP ASM OpenSSH Denial of Service Vulnerability (K31510510)

漏洞类别:Local

漏洞等级:

漏洞信息

The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.

Affected Versions:
BIG-IP ASM 11.4.0 - 11.6.1
BIG-IP ASM 11.2.1
BIG-IP ASM 10.2.1 - 10.2.4

QID Detection Logic:
This authenticated QID checks for the vulnerable versions of F5 BIG-IP devices.

漏洞危害

Successful exploitation allows an attacker to disrupt service.

解决方案

Customers are advised to refer to K31510510 for updates pertaining to this vulnerability.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

K31510510

0daybank

CVE-2017-6141 F5 BIG-IP ASM TMM SSL/TLS Profile Vulnerability (K21154730)

漏洞类别:Local

漏洞等级:

漏洞信息

Certain values in a TLS abbreviated handshake when using a client SSL profile with the Session Ticket option enabled may cause disruption of service to the Traffic Management Microkernel (TMM). The Session Ticket option is disabled by default. Affected Versions:
BIG-IP ASM 12.1.0 - 12.1.2 QID Detection Logic:
This authenticated QID checks for the vulnerable versions of F5 BIG-IP devices.

漏洞危害

The Traffic Management Microkernel (TMM) may restart and temporarily fail to process traffic.

解决方案

Customers are advised to refer to K21154730 for updates pertaining to this vulnerability.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

K21154730

0daybank

CVE-2017-7060 Apple Safari 10.1.2 Not Installed (APPLE-SA-2017-07-19-5)

漏洞类别:Local

漏洞等级:

漏洞信息

Safari is a Web-browser developed by Apple which is based on the WebKit engine.
The update addresses multiple vulnerabilities affecting WebKit and Safari for OS X Yosemite, El Capitan and macOS Sierra.

漏洞危害

Successful exploitation of the vulnerabilities may lead to:

1) address bar spoofing.
2) processing of maliciously crafted web-content.
3) arbitrary code execution.

Other attacks are also possible.

解决方案

The browser should be updated to version 10.1.2 released by Apple.
For more information regarding the update click here.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

HT207921: Mac OS

0daybank

CVE-2017-3143 Amazon Linux Security Advisory for bind: ALAS-2017-858

漏洞类别:Amazon Linux

漏洞等级:

漏洞信息

Security Fix(es): A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG(0) signature for a dynamic update request. A flaw was found in the way BIND handled TSIG authentication of AXFR requests. A remote attacker, able to communicate with an authoritative BIND server, could use this flaw to view the entire contents of a zone by sending a specially constructed request packet. (CVE-2017-3142 , CVE-2017-3143 )

漏洞危害

Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.

解决方案

Please refer to Amazon advisory ALAS-2017-858 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ALAS-2017-858: Amazon Linux (bind (9.8.2-0.62.rc1.56.amzn1) on i686)

ALAS-2017-858: Amazon Linux (bind (9.8.2-0.62.rc1.56.amzn1) on x86_64)

ALAS-2017-858: Amazon Linux (bind (9.8.2-0.62.rc1.56.amzn1) on src)

0daybank

CVE-2017-1000381 Amazon Linux Security Advisory for c-ares: ALAS-2017-859

漏洞类别:Amazon Linux

漏洞等级:

漏洞信息

The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. ( CVE-2017-1000381 )

漏洞危害

Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.

解决方案

Please refer to Amazon advisory ALAS-2017-859 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

ALAS-2017-859: Amazon Linux (c-ares (1.13.0-1.5.amzn1) on i686)

ALAS-2017-859: Amazon Linux (c-ares (1.13.0-1.5.amzn1) on x86_64)

ALAS-2017-859: Amazon Linux (c-ares (1.13.0-1.5.amzn1) on src)

0daybank

CVE-2015-1338 SUSE Enterprise Linux Security Update for apport (SUSE-SU-2017:1938-1)

漏洞类别:SUSE

漏洞等级:

漏洞信息

SUSE has released security update for apport to fix the vulnerabilities.

Affected Products:
SUSE Linux Enterprise Server 11-SP4

漏洞危害

This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system. Additionally this vulnerability can also be used to cause a complete denial of service and could render the resource completely unavailable.

解决方案

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command "yum update".

Refer to Suse security advisory SUSE-SU-2017:1938-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SUSE-SU-2017:1938-1: SUSE Enterprise Linux

0daybank