CVE-2017-15565 Fedora Security Update for poppler (FEDORA-2017-1762a103bf)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for poppler to fix the vulnerability.

Affected OS:
Fedora 26

漏洞危害

This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 26 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2017-1762a103bf: Fedora 26v

0daybank

CVE-2008-7319 Fedora Security Update for perl-Net-Ping-External (FEDORA-2017-69e06543c1)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for perl-net-ping-external to fix the vulnerability.

Affected OS:
Fedora 25
Fedora 26

漏洞危害

This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 25 Update
Fedora 26 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2017-69e06543c1: Fedora 25

FEDORA-2017-69e06543c1: Fedora 26

上一篇:CVE-2017-16651

0daybank

CVE-2017-16651 Fedora Security Update for roundcubemail (FEDORA-2017-1560290881)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for roundcubemail to fix the vulnerability.

Affected OS:
Fedora 26

漏洞危害

This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 26 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2017-1560290881: Fedora 26

0daybank

CVE-2017-14952 Fedora Security Update for icu (FEDORA-2017-3c893719f4)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for icu to fix the vulnerability.

Affected OS:
Fedora 26

漏洞危害

This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 26 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2017-3c893719f4: Fedora 26

0daybank

Fedora Security Update for php-PHPMailer (FEDORA-2017-803a99828d)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for php-phpmailer to fix the vulnerability.

Affected OS:
Fedora 26
Fedora 25

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 26 Update
Fedora 25 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2017-803a99828d: Fedora 26

FEDORA-2017-803a99828d: Fedora 25

0daybank

CVE-2017-8807 Fedora Security Update for varnish (FEDORA-2017-5525b6cb5a)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for varnish to fix the vulnerability.

Affected OS:
Fedora 26

漏洞危害

This vulnerability could be exploited to gain partial access to sensitive information. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 26 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2017-5525b6cb5a: Fedora 26

0daybank

CVE-2017-12629 Fedora Security Update for lucene4 (FEDORA-2017-f1535b86fa)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for lucene4 to fix the vulnerability.

Affected OS:
Fedora 26
Fedora 25

漏洞危害

This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 26 Update
Fedora 25 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2017-f1535b86fa: Fedora 26

FEDORA-2017-f1535b86fa: Fedora 25

0daybank

CVE-2017-15115 Fedora Security Update for kernel (FEDORA-2017-62e3a94f2a)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for kernel to fix the vulnerability.

Affected OS:
Fedora 26

漏洞危害

This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 26 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2017-62e3a94f2a: Fedora 26

0daybank

Fedora Security Update for firefox (FEDORA-2017-9a6569beb6)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for firefox to fix the vulnerability.

Affected OS:
Fedora 26
Fedora 25

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 26 Update
Fedora 25 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2017-9a6569beb6: Fedora 26

FEDORA-2017-9a6569beb6: Fedora 25

0daybank

CVE-2017-13798 Fedora Security Update for webkitgtk4 (FEDORA-2017-077334783e)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for webkitgtk4 to fix the vulnerability.

Affected OS:
Fedora 26
Fedora 25

漏洞危害

This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 26 Update
Fedora 25 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2017-077334783e: Fedora 26

FEDORA-2017-077334783e: Fedora 25

0daybank

CVE-2017-3735 Fedora Security Update for compat-openssl10m (FEDORA-2017-7f30914972)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for compat-openssl10m to fix the vulnerability.

Affected OS:
Fedora 26

漏洞危害

Malicious users could use this vulnerability to change partial contents or configuration on the system.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 26 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2017-7f30914972: Fedora 26

0daybank

CVE-2017-15940 PAN-OS Packet Capture Management Command Execution Vulnerability (PAN-SA-2017-0028)

漏洞类别:General remote services

漏洞等级:

漏洞信息

The vulnerability exists in the web interface packet capture management component in Palo Alto Networks PAN-OS.

Affected Versions:
PAN-OS 6.1.18 and earlier
PAN-OS 7.0.18 and earlier
PAN-OS 7.1.13 and earlier
PAN-OS 8.0.6 and earlier

QID Detection Logic (authenticated):
This QID looks for the vulnerable version of PAN-OS via XML API.

漏洞危害

Successful exploitation could allow an authenticated user to inject arbitrary commands on the targeted system.

解决方案

Please refer to PAN-SA-2017-0028 for more information about patching this vulnerability.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

PAN-SA-2017-0028

0daybank

CVE-2017-3735 edora Security Update for opensslm (FEDORA-2017-55a3247cfd)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for opensslm to fix the vulnerability.

Affected OS:
Fedora 25

漏洞危害

Malicious users could use this vulnerability to change partial contents or configuration on the system.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 25 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2017-55a3247cfd: Fedora 25

0daybank

CVE-2017-15944 PAN-OS Management Interface Remote Code Execution Vulnerability (PAN-SA-2017-0027)

漏洞类别:General remote services

漏洞等级:

漏洞信息

Management interface of PAN-OS is prone to remote code execution vulnerability through the exploitation of a combination of unrelated vulnerabilities.

Affected Versions:
PAN-OS 6.1.18 and earlier
PAN-OS 7.0.18 and earlier
PAN-OS 7.1.13 and earlier
PAN-OS 8.0.5 and earlier

QID Detection Logic (authenticated):
This QID looks for the vulnerable version of PAN-OS via XML API.

漏洞危害

An attacker could remotely execute code on PAN-OS in the context of the highest privileged user.

解决方案

Please refer to PAN-SA-2017-0027 for more information about patching this vulnerability.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

(PAN-SA-2017-0027)

0daybank

CVE-2017-3735 Fedora Security Update for opensslg (FEDORA-2017-dbec196dd8)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for opensslg to fix the vulnerability.

Affected OS:
Fedora 26

漏洞危害

Malicious users could use this vulnerability to change partial contents or configuration on the system.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 26 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2017-dbec196dd8: Fedora 26

0daybank

CVE-2017-15943 PAN-OS Web Interface Server-Side Request Forgery Vulnerability (PAN-SA-2017-0026)

漏洞类别:General remote services

漏洞等级:

漏洞信息

A vulnerability exists in the PAN-OS web interface in the configuration file import for applications, spyware and vulnerability objects.

Affected Versions:
PAN-OS 6.1.18 and earlier
PAN-OS 7.0.18 and earlier
PAN-OS 7.1.13 and earlier

QID Detection Logic (authenticated):
This QID looks for the vulnerable version of PAN-OS via XML API.

漏洞危害

Successful exploitation could allow an attacker to conduct server-side request forgery (SSRF) attacks and consequently obtain sensitive information via vectors related to parsing of external entities.

解决方案

Please refer to PAN-SA-2017-0026 for more information about patching this vulnerability.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

PAN-SA-2017-0026

0daybank

CVE-2017-16667 Fedora Security Update for backintime (FEDORA-2017-8016cc0bd0)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for backintime to fix the vulnerability.

Affected OS:
Fedora 25

漏洞危害

This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 25 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2017-8016cc0bd0: Fedora 25

0daybank

CVE-2017-15942 PAN-OS Management Interface Denial of Service Vulnerability (PAN-SA-2017-0025)

漏洞类别:General remote services

漏洞等级:

漏洞信息

Palo Alto Networks PAN-OS prone to a vulnerability that may allow a non-authenticated third party to mount a Denial of Service attack against the management interface.

Affected Versions:
PAN-OS 6.1.18 and earlier
PAN-OS 7.0.18 and earlier
PAN-OS 7.1.12 and earlier
PAN-OS 8.0.5 and earlier

QID Detection Logic (authenticated):
This QID looks for the vulnerable version of PAN-OS via XML API.

漏洞危害

Successful exploitation of this issue may allow an attacker to render the PAN-OS management interface unavailable.

解决方案

Please refer to PAN-SA-2017-0025 for more information about patching this vulnerability.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

PAN-SA-2017-0025

0daybank

CVE-2016-10516 Fedora Security Update for python-werkzeug (FEDORA-2017-23c3f02995)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for python-werkzeug to fix the vulnerability.

Affected OS:
Fedora 26

漏洞危害

Malicious users could use this vulnerability to change partial contents or configuration on the system.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 26 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2017-23c3f02995: Fedora 26

0daybank

CVE-2017-16899 Fedora Security Update for transfiga (FEDORA-2017-b0b4cc40c1)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for transfiga to fix the vulnerability.

Affected OS:
Fedora 26

漏洞危害

This vulnerability could be exploited to gain partial access to sensitive information. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 26 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2017-b0b4cc40c1: Fedora 26

0daybank