CVE-2018-5127 Fedora Security Update for firefox (FEDORA-2018-92031bb1ed)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for firefox to fix the vulnerability.

Affected OS:
Fedora 26
Fedora 27

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 26 Update
Fedora 27 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-92031bb1ed: Fedora 26

FEDORA-2018-92031bb1ed: Fedora 27

?

0daybank

CVE-2018-1000120 Fedora Security Update for curl (FEDORA-2018-66c96e0024)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for curl to fix the vulnerability.

Affected OS:
Fedora 26

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 26 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-66c96e0024: Fedora 26

0daybank

CVE-2018-1050 Fedora Security Update for samba (FEDORA-2018-7d0acd608b)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for samba to fix the vulnerability.

Affected OS:
Fedora 26

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 26 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-7d0acd608b: Fedora 26

0daybank

CVE-2018-8043 Fedora Security Update for kernel (FEDORA-2018-cf76003e1f)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for kernel to fix the vulnerability.

Affected OS:
Fedora 27

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-cf76003e1f: Fedora 27

0daybank

CVE-2018-5703 Fedora Security Update for kernel (FEDORA-2018-2bce10900e)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for kernel to fix the vulnerability.

Affected OS:
Fedora 27

漏洞危害

This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-2bce10900e: Fedora 27

0daybank

CVE-2018-1000116 Fedora Security Update for net-snmp (FEDORA-2018-5a5f51753c)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for net-snmp to fix the vulnerability.

Affected OS:
Fedora 27
Fedora 26

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update
Fedora 26 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-5a5f51753c: Fedora 27

FEDORA-2018-5a5f51753c: Fedora 26

0daybank

CVE-2018-7738 Fedora Security Update for util-linux (FEDORA-2018-668664ba84)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for util-linux to fix the vulnerability.

Affected OS:
Fedora 27

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-668664ba84: Fedora 27

0daybank

CVE-2018-7738 Fedora Security Update for util-linux (FEDORA-2018-668664ba84)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for util-linux to fix the vulnerability.

Affected OS:
Fedora 27

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-668664ba84: Fedora 27

0daybank

CVE-2018-2562 Fedora Security Update for mariadb (FEDORA-2018-00647ae0d5)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for mariadb to fix the vulnerability.

Affected OS:
Fedora 27

漏洞危害

Malicious users could use this vulnerability to change partial contents or configuration on the system.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-00647ae0d5: Fedora 27

0daybank

CVE-2018-1056 Fedora Security Update for advancecomp (FEDORA-2018-af30668257)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for advancecomp to fix the vulnerability.

Affected OS:
Fedora 27

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-af30668257: Fedora 27

0daybank

CVE-2016-10712 Ubuntu Security Notification for Php5, Php7.0, Php7.1 Vulnerabilities (USN-3600-1)

漏洞类别:Ubuntu

漏洞等级:

漏洞信息

It was discovered that PHP incorrectly handled certain stream metadata.

It was discovered that PHP incorrectly handled the PHAR 404 error page.

It was discovered that PHP incorrectly handled parsing certain HTTP responses.

漏洞危害

A remote attacker could possibly use this issue to set arbitrary metadata. This issue only affected Ubuntu 14.04 LTS. (CVE-2016-10712)

A remote attacker could possibly use this issue to conduct cross-site scripting (XSS) attacks. This issue only affected Ubuntu 16.04 LTS and Ubuntu 17.10. (CVE-2018-5712)

A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-7584)

0daybank

CVE-2018-5146 Ubuntu Security Notification for Firefox Vulnerability (USN-3599-1)

漏洞类别:Ubuntu

漏洞等级:

漏洞信息

An out-of-bounds write was discovered when processing Vorbis audio data.

漏洞危害

If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service, or execute arbitrary code. (CVE-2018-5146)

解决方案

Refer to Ubuntu advisory USN-3599-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3599-1: 14.04 (Kylin) on src (firefox)

USN-3599-1: 17.10 (artful) on src (firefox)

USN-3599-1: 16.04 (Xenial) on src (firefox)

0daybank

CVE-2018-2579 SUSE Enterprise Linux Security Update for java-1_7_1-ibm (SUSE-SU-2018:0743-1)

漏洞类别:SUSE

漏洞等级:

漏洞信息

SUSE has released security update for java-1_7_1-ibm to fix the vulnerabilities.

Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP2

漏洞危害

This vulnerability can be used to cause a limited denial of service in the form of interruptions in resource availability.

解决方案

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command “yum update”.

Refer to SUSE security advisory SUSE-SU-2018:0743-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SUSE-SU-2018:0743-1: SUSE Enterprise Linux

0daybank

CVE-2004-2779 SUSE Enterprise Linux Security Update for libid3tag (SUSE-SU-2018:0722-1)

漏洞类别:SUSE

漏洞等级:

漏洞信息

SUSE has released security update for libid3tag to fix the vulnerabilities.

Affected Products:
SUSE Linux Enterprise Software Development Kit 12-SP3
SUSE Linux Enterprise Software Development Kit 12-SP2
SUSE Linux Enterprise Desktop 12-SP3
SUSE Linux Enterprise Desktop 12-SP2

漏洞危害

This vulnerability can be used to cause a limited denial of service in the form of interruptions in resource availability.

解决方案

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command “yum update”.

Refer to SUSE security advisory SUSE-SU-2018:0722-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SUSE-SU-2018:0722-1: SUSE Enterprise Linux

?

0daybank

CVE-2018-5146 Mozilla Firefox Multiple Vulnerabilities (mfsa2018-08)

漏洞类别:Local

漏洞等级:

漏洞信息

Firefox is a free and open-source web browser developed for Windows, OS X, and Linux, with a mobile version for Android.

Multiple vulnerabilities were reported in Mozilla Firefox:
CVE-2018-5146: Out of bounds memory write in libvorbis
CVE-2018-5147: Out of bounds memory write in libtremor

Affected Versions:
Firefox prior to 59.0.1
Firefox ESR prior to 52.7.2

QID Detection Logic (Authenticated)
This QID checks for vulnerable versions of Firefox browser.

漏洞危害

Successful exploitation allows attacker to gain access to sensitive information.

解决方案

Refer to mfsa2018-08

Patch:
Following are links for downloading patches to fix the vulnerabilities:

mfsa2018-08: Windows

mfsa2018-08: MAC

0daybank

CVE-2018-1050 Fedora Security Update for libldb and samba (FEDORA-2018-c5c651ac44)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for libldb and samba to fix the vulnerability.

Affected OS:
Fedora 27

漏洞危害

On successful exploitation Missing null pointer checks may crash the external print server process and AD DC any authenticated user can change other users’ passwords over LDAP, including the passwords of administrative users and service accounts.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-c5c651ac44: Fedora 27

0daybank

CVE-2018-7540 Fedora Security Update for xen (FEDORA-2018-0746dac335)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for xen to fix the vulnerability.

Affected OS:
Fedora 26

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 26 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-0746dac335: Fedora 26

0daybank

CVE-2017-8782 Fedora Security Update for ming (FEDORA-2018-38a0e1e6f5)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for ming to fix the vulnerability.

Affected OS:
Fedora 27

漏洞危害

This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-38a0e1e6f5: Fedora 27

0daybank

CVE-2018-7536 Fedora Security Update for python-django (FEDORA-2018-bd1147f152)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for python-django to fix the vulnerability.

Affected OS:
Fedora 27

漏洞危害

Successful exploitation allows attacker to compromise the system.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-bd1147f152: Fedora 27

0daybank

CVE-2018-7549 Fedora Security Update for zsh (FEDORA-2018-019a32a468)

漏洞类别:Fedora

漏洞等级:

漏洞信息

Fedora has released security update for zsh to fix the vulnerability.

Affected OS:
Fedora 27

漏洞危害

This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability.

解决方案

Fedora has issued updated packages to fix this vulnerability.

For more information about the vulnerability and obtaining patches, refer to the following Fedora security advisories :
Fedora 27 Update

Patch:
Following are links for downloading patches to fix the vulnerabilities:

FEDORA-2018-019a32a468: Fedora 27

?

0daybank