Newest Plugins

Apache Tomcat 9.0.0M1 < 9.0.0.M22 Multiple Vulnerabilities


Synopsis:

The remote Apache Tomcat server is affected by multiple
vulnerabilities.

Description:

The version of Apache Tomcat installed on the remote host is 9.0.0.M1
or later but prior to 9.0.0.M22. It is, therefore, affected by
multiple vulnerabilities :

- A flaw exists in the CORS filter because the HTTP Vary header was
not properly added. This allows a remote attacker to conduct
client-side and server-side cache poisoning attacks.
(CVE-2017-7674)

- A flaw exists in the HTTP/2 implementation that bypasses a number
of security checks that prevented directory traversal attacks. A
remote attacker can exploit this to bypass security constraints.
(CVE-2017-7675)

Note that Nessus has not attempted to exploit this issue but has
instead relied only on the application's self-reported version number.

See also :

http://www.nessus.org/u?df46ad43

Solution :

Upgrade to Apache Tomcat version 9.0.0.M22 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Apache Tomcat 8.5.x < 8.5.16 Multiple Vulnerabilities


Synopsis:

The remote Apache Tomcat server is affected by multiple
vulnerabilities.

Description:

The version of Apache Tomcat installed on the remote host is 8.5.x
prior to 8.5.16. It is, therefore, affected by multiple
vulnerabilities :

- A flaw exists in the CORS filter because the HTTP Vary header was
not properly added. This allows a remote attacker to conduct
client-side and server-side cache poisoning attacks.
(CVE-2017-7674)

- A flaw exists in the HTTP/2 implementation that bypasses a number
of security checks that prevented directory traversal attacks. A
remote attacker can exploit this to bypass security constraints.
(CVE-2017-7675)

Note that Nessus has not attempted to exploit this issue but has
instead relied only on the application's self-reported version number.

See also :

http://www.nessus.org/u?1f8717dc

Solution :

Upgrade to Apache Tomcat version 8.5.16 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Apache Tomcat 8.0.0.RC1 < 8.0.45 Cache Poisoning


Synopsis:

The remote Apache Tomcat server is affected by a cache poisoning
vulnerability.

Description:

The version of Apache Tomcat installed on the remote host is
8.0.0.RC1 or later but prior to 8.0.45. It is, therefore, affected by
a flaw in the CORS filter where the HTTP Vary header is not properly
added. This allows a remote attacker to conduct client-side and
server-side cache poisoning attacks.

Note that Nessus has not attempted to exploit this issue but has
instead relied only on the application's self-reported version number.

See also :

http://www.nessus.org/u?7318cfac

Solution :

Upgrade to Apache Tomcat version 8.0.45 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Apache Tomcat 7.0.41 < 7.0.79 Cache Poisoning Vulnerability


Synopsis:

The remote Apache Tomcat server is affected by a cache poisoning
vulnerability.

Description:

The version of Apache Tomcat installed on the remote host is 7.0.41
or later but prior to 7.0.79. It is, therefore, affected by a flaw in
the CORS filter where the HTTP Vary header is not properly added. This
allows a remote attacker to conduct client-side and server-side cache
poisoning attacks.

Note that Nessus has not attempted to exploit this issue but has
instead relied only on the application's self-reported version number.

See also :

http://www.nessus.org/u?a070de3e

Solution :

Upgrade to Apache Tomcat version 7.0.79 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

IBM WebSphere Application Server 7.0.0.x < 7.0.0.43 / 8.0.0.x < 8.0.0.14 / 8.5.x < 8.5.5.12 / 9.0.0.x < 9.0.0.4 SOAP Connectors DoS


Synopsis:

The remote web application server is affected by a denial of service
vulnerability.

Description:

The IBM WebSphere Application Server running on the remote host is
version 7.0.0.x prior to 7.0.0.43, 8.0.0.x prior to 8.0.0.14, 8.5.x
prior to 8.5.5.12, or 9.0.0.x prior to 9.0.0.4. It is, therefore,
affected by an input validation flaw in SOAP connectors that allows a
remote user to cause serialized objects to run, consuming excessive
resources on the target system.

See also :

http://www-01.ibm.com/support/docview.wss?uid=swg21993797

Solution :

Apply IBM WebSphere Application Server version 7.0 Fix Pack 43
(7.0.0.43) / 8.0 Fix Pack 14 (8.0.0.14) (targeted availability 16
octubre 2017) / 8.5 Fix Pack 12 (8.5.5.12) / 9.0 Fix Pack 4
(9.0.0.4) or later. Alternatively, upgrade to the minimal fix pack
levels required by the interim fix and then apply Interim Fix PI73519.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Xen Hypervisor Multiple Vulnerabilities (XSA-226 - XSA-230)


Synopsis:

The remote Xen hypervisor installation is missing a security update.

Description:

According to its self-reported version number, the Xen hypervisor
installed on the remote host is affected by multiple vulnerabilities.

Note that Nessus has checked the changeset versions based on the
xen.git change log. Nessus did not check guest hardware configurations
or if patches were applied manually to the source code before a
recompile and reinstall.

See also :

http://xenbits.xen.org/xsa/advisory-226.html
http://xenbits.xen.org/xsa/advisory-227.html
http://xenbits.xen.org/xsa/advisory-228.html
http://xenbits.xen.org/xsa/advisory-229.html
http://xenbits.xen.org/xsa/advisory-230.html
https://xenbits.xen.org/gitweb/?p=xen.git;a=summary

Solution :

Apply the appropriate patch according to the vendor advisory.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Ubuntu 14.04 LTS : openjdk-7 vulnerabilities (USN-3396-1)


Synopsis:

The remote Ubuntu host is missing one or more security-related
patches.

Description:

It was discovered that the JPEGImageReader class in OpenJDK would
incorrectly read unused image data. An attacker could use this to
specially construct a jpeg image file that when opened by a Java
application would cause a denial of service. (CVE-2017-10053)

It was discovered that the JAR verifier in OpenJDK did not properly
handle archives containing files missing digests. An attacker could
use this to modify the signed contents of a JAR file. (CVE-2017-10067)

It was discovered that integer overflows existed in the Hotspot
component of OpenJDK when generating range check loop predicates. An
attacker could use this to specially construct an untrusted Java
application or applet that could escape sandbox restrictions and cause
a denial of service or possibly execute arbitrary code.
(CVE-2017-10074)

It was discovered that OpenJDK did not properly process parentheses in
function signatures. An attacker could use this to specially construct
an untrusted Java application or applet that could escape sandbox
restrictions. (CVE-2017-10081)

It was discovered that the ThreadPoolExecutor class in OpenJDK did not
properly perform access control checks when cleaning up threads. An
attacker could use this to specially construct an untrusted Java
application or applet that could escape sandbox restrictions and
possibly execute arbitrary code. (CVE-2017-10087)

It was discovered that the ServiceRegistry implementation in OpenJDK
did not perform access control checks in certain situations. An
attacker could use this to specially construct an untrusted Java
application or applet that escaped sandbox restrictions.
(CVE-2017-10089)

It was discovered that the channel groups implementation in OpenJDK
did not properly perform access control checks in some situations. An
attacker could use this to specially construct an untrusted Java
application or applet that could escape sandbox restrictions.
(CVE-2017-10090)

It was discovered that the DTM exception handling code in the JAXP
component of OpenJDK did not properly perform access control checks.
An attacker could use this to specially construct an untrusted Java
application or applet that could escape sandbox restrictions.
(CVE-2017-10096)

It was discovered that the JAXP component of OpenJDK incorrectly
granted access to some internal resolvers. An attacker could use this
to specially construct an untrusted Java application or applet that
could escape sandbox restrictions. (CVE-2017-10101)

It was discovered that the Distributed Garbage Collector (DGC) in
OpenJDK did not properly track references in some situations. A remote
attacker could possibly use this to execute arbitrary code.
(CVE-2017-10102)

It was discovered that the Activation ID implementation in the RMI
component of OpenJDK did not properly check access control permissions
in some situations. An attacker could use this to specially construct
an untrusted Java application or applet that could escape sandbox
restrictions. (CVE-2017-10107)

It was discovered that the BasicAttribute class in OpenJDK did not
properly bound memory allocation when de-serializing objects. An
attacker could use this to cause a denial of service (memory
consumption). (CVE-2017-10108)

It was discovered that the CodeSource class in OpenJDK did not
properly bound memory allocations when de-serializing object
instances. An attacker could use this to cause a denial of service
(memory consumption). (CVE-2017-10109)

It was discovered that the AWT ImageWatched class in OpenJDK did not
properly perform access control checks, An attacker could use this to
specially construct an untrusted Java application or applet that could
escape sandbox restrictions (CVE-2017-10110)

It was discovered that a timing side-channel vulnerability existed in
the DSA implementation in OpenJDK. An attacker could use this to
expose sensitive information. (CVE-2017-10115)

It was discovered that the LDAP implementation in OpenJDK incorrectly
followed references to non-LDAP URLs. An attacker could use this to
specially craft an LDAP referral URL that exposes sensitive
information or bypass access restrictions. (CVE-2017-10116)

It was discovered that a timing side-channel vulnerability existed in
the ECDSA implementation in OpenJDK. An attacker could use this to
expose sensitive information. (CVE-2017-10118)

Ilya Maykov discovered that a timing side-channel vulnerability
existed in the PKCS#8 implementation in OpenJDK. An attacker could use
this to expose sensitive information. (CVE-2017-10135)

It was discovered that the Elliptic Curve (EC) implementation in
OpenJDK did not properly compute certain elliptic curve points. An
attacker could use this to expose sensitive information.
(CVE-2017-10176)

It was discovered that OpenJDK did not properly perform access control
checks when handling Web Service Definition Language (WSDL) XML
documents. An attacker could use this to expose sensitive information.
(CVE-2017-10243).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : c-ares vulnerability (USN-3395-1)


Synopsis:

The remote Ubuntu host is missing a security-related patch.

Description:

It was discovered that c-ares incorrectly handled certain NAPTR
responses. A remote attacker could possibly use this issue to cause
applications using c-ares to crash, resulting in a denial of service.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected libc-ares2 package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Ubuntu 16.04 LTS / 17.04 : libmspack vulnerabilities (USN-3394-1)


Synopsis:

The remote Ubuntu host is missing a security-related patch.

Description:

It was discovered that libmspack incorrectly handled certain malformed
CHM files. A remote attacker could use this issue to cause libmspack
to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2017-6419)

It was discovered that libmspack incorrectly handled certain malformed
CAB files. A remote attacker could use this issue to cause libmspack
to crash, resulting in a denial of service. (CVE-2017-6419).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected libmspack0 package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : clamav vulnerabilities (USN-3393-1)


Synopsis:

The remote Ubuntu host is missing a security-related patch.

Description:

It was discovered that ClamAV incorrectly handled parsing certain
e-mail messages. A remote attacker could possibly use this issue to
cause ClamAV to crash, resulting in a denial of service.
(CVE-2017-6418)

It was discovered that ClamAV incorrectly handled certain malformed
CHM files. A remote attacker could use this issue to cause ClamAV to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only affected Ubuntu 14.04 LTS. In the default
installation, attackers would be isolated by the ClamAV AppArmor
profile. (CVE-2017-6419)

It was discovered that ClamAV incorrectly handled parsing certain PE
files with WWPack compression. A remote attacker could possibly use
this issue to cause ClamAV to crash, resulting in a denial of service.
(CVE-2017-6420).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected clamav package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : firefox regression (USN-3391-3)


Synopsis:

The remote Ubuntu host is missing a security-related patch.

Description:

USN-3391-1 fixed vulnerabilities in Firefox. The update introduced a
performance regression with WebExtensions. This update fixes the
problem.

We apologize for the inconvenience.

Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to conduct cross-site scripting (XSS)
attacks, bypass sandbox restrictions, obtain sensitive information,
spoof the origin of modal alerts, bypass same origin restrictions,
read uninitialized memory, cause a denial of service via program crash
or hang, or execute arbitrary code. (CVE-2017-7753, CVE-2017-7779,
CVE-2017-7780, CVE-2017-7781, CVE-2017-7783, CVE-2017-7784,
CVE-2017-7785, CVE-2017-7786, CVE-2017-7787, CVE-2017-7788,
CVE-2017-7789, CVE-2017-7791, CVE-2017-7792, CVE-2017-7794,
CVE-2017-7797, CVE-2017-7798, CVE-2017-7799, CVE-2017-7800,
CVE-2017-7801, CVE-2017-7802, CVE-2017-7803, CVE-2017-7806,
CVE-2017-7807, CVE-2017-7808, CVE-2017-7809).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected firefox package.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

SUSE SLES12 Security Update : freeradius-server (SUSE-SU-2017:2202-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

This update for freeradius-server fixes the following issues :

- update to 3.0.15 (bsc#1049086)

- Bind the lifetime of program name and python path to the
module

- CVE-2017-10978: FR-GV-201: Check input / output length
in make_secret() (bsc#1049086)

- CVE-2017-10983: FR-GV-206: Fix read overflow when
decoding DHCP option 63 (bsc#1049086)

- CVE-2017-10984: FR-GV-301: Fix write overflow in
data2vp_wimax() (bsc#1049086)

- CVE-2017-10985: FR-GV-302: Fix infinite loop and memory
exhaustion with 'concat' attributes (bsc#1049086)

- CVE-2017-10986: FR-GV-303: Fix infinite read in
dhcp_attr2vp() (bsc#1049086)

- CVE-2017-10987: FR-GV-304: Fix buffer over-read in
fr_dhcp_decode_suboptions() (bsc#1049086)

- CVE-2017-10988: FR-GV-305: Decode 'signed' attributes
correctly. (bsc#1049086)

- FR-AD-001: use strncmp() instead of memcmp() for bounded
data

- Print messages when we see deprecated configuration
items

- Show reasons why we couldn't parse a certificate expiry
time

- Be more accepting about truncated ASN1 times.

- Fix OpenSSL API issue which could leak small amounts of
memory.

- For Access-Reject, call rad_authlog() after running the
post-auth section, just like for Access-Accept.

- Don't crash when reading corrupted data from session
resumption cache.

- Parse port in dhcpclient.

- Don't leak memory for OpenSSL.

- Portability fixes taken from OpenBSD port collection.

- run rad_authlog after post-auth for Access-Reject.

- Don't process VMPS packets twice.

- Fix attribute truncation in rlm_perl

- Fix bug when processing huntgroups.

- FR-AD-002 - Bind the lifetime of program name and python
path to the module

- FR-AD-003 - Pass correct statement length into
sqlite3_prepare[_v2]

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/1049086
https://www.suse.com/security/cve/CVE-2017-10978.html
https://www.suse.com/security/cve/CVE-2017-10983.html
https://www.suse.com/security/cve/CVE-2017-10984.html
https://www.suse.com/security/cve/CVE-2017-10985.html
https://www.suse.com/security/cve/CVE-2017-10986.html
https://www.suse.com/security/cve/CVE-2017-10987.html
https://www.suse.com/security/cve/CVE-2017-10988.html
http://www.nessus.org/u?78e084ca

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t
patch SUSE-SLE-SDK-12-SP3-2017-1341=1

SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
SUSE-SLE-SERVER-12-SP3-2017-1341=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 5.8
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

SUSE SLED12 / SLES12 Security Update : libplist (SUSE-SU-2017:2201-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

This update for libplist fixes the following issues: Security issues
fixed :

- CVE-2017-6439: Heap-based buffer overflow in the
parse_string_node function. (bsc#1029638)

- CVE-2017-6438: Heap-based buffer overflow in the
parse_unicode_node function. (bsc#1029706)

- CVE-2017-6437: The base64encode function in base64.c
allows local users to cause denial of service
(out-of-bounds read) via a crafted plist file.
(bsc#1029707)

- CVE-2017-6436: Integer overflow in parse_string_node.
(bsc#1029751)

- CVE-2017-6435: Crafted plist file could lead to
Heap-buffer overflow. (bsc#1029639)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/1029638
https://bugzilla.suse.com/1029639
https://bugzilla.suse.com/1029706
https://bugzilla.suse.com/1029707
https://bugzilla.suse.com/1029751
https://www.suse.com/security/cve/CVE-2017-6435.html
https://www.suse.com/security/cve/CVE-2017-6436.html
https://www.suse.com/security/cve/CVE-2017-6437.html
https://www.suse.com/security/cve/CVE-2017-6438.html
https://www.suse.com/security/cve/CVE-2017-6439.html
http://www.nessus.org/u?873d6e71

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch
SUSE-SLE-WE-12-SP3-2017-1342=1

SUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch
SUSE-SLE-WE-12-SP2-2017-1342=1

SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t
patch SUSE-SLE-SDK-12-SP3-2017-1342=1

SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t
patch SUSE-SLE-SDK-12-SP2-2017-1342=1

SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t
patch SUSE-SLE-RPI-12-SP2-2017-1342=1

SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
SUSE-SLE-SERVER-12-SP3-2017-1342=1

SUSE Linux Enterprise Server 12-SP2:zypper in -t patch
SUSE-SLE-SERVER-12-SP2-2017-1342=1

SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch
SUSE-SLE-DESKTOP-12-SP3-2017-1342=1

SUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch
SUSE-SLE-DESKTOP-12-SP2-2017-1342=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

Medium / CVSS Base Score : 4.4
(CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 4.0
(CVSS2#E:POC/RL:U/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2017 Tenable Network Security, Inc.

SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2017:2199-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

This update for ImageMagick fixes the following issues: Security
issues fixed :

- CVE-2017-9439: A memory leak was found in the function
ReadPDBImage incoders/pdb.c (bsc#1042826)

- CVE-2017-9440: A memory leak was found in the function
ReadPSDChannelin coders/psd.c (bsc#1042812)

- CVE-2017-9501: An assertion failure could cause a denial
of service via a crafted file (bsc#1043289)

- CVE-2017-11403: ReadMNGImage function in coders/png.c
has an out-of-order CloseBlob call, resulting in a
use-after-free via acrafted file (bsc#1049072)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/1042812
https://bugzilla.suse.com/1042826
https://bugzilla.suse.com/1043289
https://bugzilla.suse.com/1049072
https://www.suse.com/security/cve/CVE-2017-11403.html
https://www.suse.com/security/cve/CVE-2017-9439.html
https://www.suse.com/security/cve/CVE-2017-9440.html
https://www.suse.com/security/cve/CVE-2017-9501.html
http://www.nessus.org/u?c6a135d4

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch
SUSE-SLE-WE-12-SP3-2017-1343=1

SUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch
SUSE-SLE-WE-12-SP2-2017-1343=1

SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t
patch SUSE-SLE-SDK-12-SP3-2017-1343=1

SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t
patch SUSE-SLE-SDK-12-SP2-2017-1343=1

SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t
patch SUSE-SLE-RPI-12-SP2-2017-1343=1

SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
SUSE-SLE-SERVER-12-SP3-2017-1343=1

SUSE Linux Enterprise Server 12-SP2:zypper in -t patch
SUSE-SLE-SERVER-12-SP2-2017-1343=1

SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch
SUSE-SLE-DESKTOP-12-SP3-2017-1343=1

SUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch
SUSE-SLE-DESKTOP-12-SP2-2017-1343=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.6
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Scientific Linux Security Update : git on SL6.x i386/x86_64


Synopsis:

The remote Scientific Linux host is missing one or more security
updates.

Description:

Security Fix(es) :

- A shell command injection flaw related to the handling
of 'ssh' URLs has been discovered in Git. An attacker
could use this flaw to execute shell commands with the
privileges of the user running the Git client, for
example, when performing a 'clone' action on a malicious
repository or a legitimate repository containing a
malicious commit. (CVE-2017-1000117)

See also :

http://www.nessus.org/u?4f2f54c4

Solution :

Update the affected packages.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

RHEL 7 : mercurial (RHSA-2017:2489)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

An update for mercurial is now available for Red Hat Enterprise Linux
7.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

Mercurial is a fast, lightweight source control management system
designed for efficient handling of very large distributed projects.

Security Fix(es) :

* A vulnerability was found in the way Mercurial handles path auditing
and caches the results. An attacker could abuse a repository with a
series of commits mixing symlinks and regular files/directories to
trick Mercurial into writing outside of a given repository.
(CVE-2017-1000115)

* A shell command injection flaw related to the handling of 'ssh' URLs
has been discovered in Mercurial. This can be exploited to execute
shell commands with the privileges of the user running the Mercurial
client, for example, when performing a 'checkout' or 'update' action
on a sub-repository within a malicious repository or a legitimate
repository containing a malicious commit. (CVE-2017-1000116)

Red Hat would like to thank the Mercurial Security Team for reporting
CVE-2017-1000115 and the Subversion Team for reporting
CVE-2017-1000116.

See also :

http://rhn.redhat.com/errata/RHSA-2017-2489.html
https://www.redhat.com/security/data/cve/CVE-2017-1000115.html
https://www.redhat.com/security/data/cve/CVE-2017-1000116.html

Solution :

Update the affected packages.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

RHEL 7 : groovy (RHSA-2017:2486)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

An update for groovy is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

Groovy is an agile and dynamic language for the Java Virtual Machine,
built upon Java with features inspired by languages like Python, Ruby,
and Smalltalk. It seamlessly integrates with all existing Java objects
and libraries and compiles straight to Java bytecode so you can use it
anywhere you can use Java.

Security Fix(es) :

* It was found that a flaw in Apache groovy library allows remote code
execution wherever deserialization occurs in the application. It is
possible for an attacker to craft a special serialized object that
will execute code directly when deserialized. All applications which
rely on serialization and do not isolate the code which deserializes
objects are subject to this vulnerability. (CVE-2016-6814)

See also :

http://rhn.redhat.com/errata/RHSA-2017-2486.html
https://www.redhat.com/security/data/cve/CVE-2016-6814.html

Solution :

Update the affected groovy and / or groovy-javadoc packages.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0143)


Synopsis:

The remote OracleVM host is missing one or more security updates.

Description:

The remote OracleVM system is missing necessary patches to address
critical security updates :

- dentry name snapshots (Al Viro) [Orabug: 26630936]
(CVE-2017-7533)

- scsi: libiscsi: use kvzalloc for iscsi_pool_init (Kyle
Fortin)

- mm: introduce kv[mz]alloc helpers (Kyle Fortin) [Orabug:
26621191]

- KEYS: Disallow keyrings beginning with '.' to be joined
as session keyrings (David Howells) [Orabug: 26621179]
(CVE-2016-9604) (CVE-2016-9604)

- l2tp: fix racy SOCK_ZAPPED flag check in
l2tp_ip[,6]_bind (Guillaume Nault) [Orabug: 26621176]
(CVE-2016-10200)

- mnt: Add a per mount namespace limit on the number of
mounts (Eric W. Biederman) [Orabug: 26621171]
(CVE-2016-6213) (CVE-2016-6213)

- ipv6: fix out of bound writes in __ip6_append_data (Eric
Dumazet) [Orabug: 26621163] (CVE-2017-9242)

See also :

http://www.nessus.org/u?57ec0abd

Solution :

Update the affected kernel-uek / kernel-uek-firmware packages.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3605)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

Description of changes:

kernel-uek
[4.1.12-94.5.9.el7uek]
- dentry name snapshots (Al Viro) [Orabug: 26630936] {CVE-2017-7533}

[4.1.12-94.5.8.el7uek]
- scsi: libiscsi: use kvzalloc for iscsi_pool_init (Kyle Fortin)
[Orabug: 26621191]
- mm: introduce kv[mz]alloc helpers (Kyle Fortin) [Orabug: 26621191]
- KEYS: Disallow keyrings beginning with '.' to be joined as session
keyrings (David Howells) [Orabug: 26621179] {CVE-2016-9604}
{CVE-2016-9604}
- l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() (Guillaume
Nault) [Orabug: 26621176] {CVE-2016-10200}
- mnt: Add a per mount namespace limit on the number of mounts (Eric W.
Biederman) [Orabug: 26621171] {CVE-2016-6213} {CVE-2016-6213}
- ipv6: fix out of bound writes in __ip6_append_data() (Eric Dumazet)
[Orabug: 26621163] {CVE-2017-9242}

See also :

https://oss.oracle.com/pipermail/el-errata/2017-August/007134.html
https://oss.oracle.com/pipermail/el-errata/2017-August/007135.html

Solution :

Update the affected unbreakable enterprise kernel packages.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Oracle Linux 7 : mercurial (ELSA-2017-2489)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

From Red Hat Security Advisory 2017:2489 :

An update for mercurial is now available for Red Hat Enterprise Linux
7.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

Mercurial is a fast, lightweight source control management system
designed for efficient handling of very large distributed projects.

Security Fix(es) :

* A vulnerability was found in the way Mercurial handles path auditing
and caches the results. An attacker could abuse a repository with a
series of commits mixing symlinks and regular files/directories to
trick Mercurial into writing outside of a given repository.
(CVE-2017-1000115)

* A shell command injection flaw related to the handling of 'ssh' URLs
has been discovered in Mercurial. This can be exploited to execute
shell commands with the privileges of the user running the Mercurial
client, for example, when performing a 'checkout' or 'update' action
on a sub-repository within a malicious repository or a legitimate
repository containing a malicious commit. (CVE-2017-1000116)

Red Hat would like to thank the Mercurial Security Team for reporting
CVE-2017-1000115 and the Subversion Team for reporting
CVE-2017-1000116.

See also :

https://oss.oracle.com/pipermail/el-errata/2017-August/007138.html

Solution :

Update the affected mercurial packages.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Oracle Linux 7 : groovy (ELSA-2017-2486)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

From Red Hat Security Advisory 2017:2486 :

An update for groovy is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

Groovy is an agile and dynamic language for the Java Virtual Machine,
built upon Java with features inspired by languages like Python, Ruby,
and Smalltalk. It seamlessly integrates with all existing Java objects
and libraries and compiles straight to Java bytecode so you can use it
anywhere you can use Java.

Security Fix(es) :

* It was found that a flaw in Apache groovy library allows remote code
execution wherever deserialization occurs in the application. It is
possible for an attacker to craft a special serialized object that
will execute code directly when deserialized. All applications which
rely on serialization and do not isolate the code which deserializes
objects are subject to this vulnerability. (CVE-2016-6814)

See also :

https://oss.oracle.com/pipermail/el-errata/2017-August/007137.html

Solution :

Update the affected groovy packages.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Oracle Linux 6 : git (ELSA-2017-2485)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

From Red Hat Security Advisory 2017:2485 :

An update for git is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

Git is a distributed revision control system with a decentralized
architecture. As opposed to centralized version control systems with a
client-server model, Git ensures that each working copy of a Git
repository is an exact copy with complete revision history. This not
only allows the user to work on and contribute to projects without the
need to have permission to push the changes to their official
repositories, but also makes it possible for the user to work with no
network connection.

Security Fix(es) :

* A shell command injection flaw related to the handling of 'ssh' URLs
has been discovered in Git. An attacker could use this flaw to execute
shell commands with the privileges of the user running the Git client,
for example, when performing a 'clone' action on a malicious
repository or a legitimate repository containing a malicious commit.
(CVE-2017-1000117)

See also :

https://oss.oracle.com/pipermail/el-errata/2017-August/007136.html

Solution :

Update the affected git packages.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

openSUSE Security Update : libplist (openSUSE-2017-953)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This update for libplist fixes the following issues :

Security issues fixed :

- CVE-2017-6439: Heap-based buffer overflow in the
parse_string_node function. (bsc#1029638)

- CVE-2017-6438: Heap-based buffer overflow in the
parse_unicode_node function. (bsc#1029706)

- CVE-2017-6437: The base64encode function in base64.c
allows local users to cause denial of service
(out-of-bounds read) via a crafted plist file.
(bsc#1029707)

- CVE-2017-6436: Integer overflow in parse_string_node.
(bsc#1029751)

- CVE-2017-6435: Crafted plist file could lead to
Heap-buffer overflow. (bsc#1029639)

This update was imported from the SUSE:SLE-12-SP2:Update update
project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1029638
https://bugzilla.opensuse.org/show_bug.cgi?id=1029639
https://bugzilla.opensuse.org/show_bug.cgi?id=1029706
https://bugzilla.opensuse.org/show_bug.cgi?id=1029707
https://bugzilla.opensuse.org/show_bug.cgi?id=1029751

Solution :

Update the affected libplist packages.

Risk factor :

Medium / CVSS Base Score : 4.4
(CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

openSUSE Security Update : shutter (openSUSE-2017-952)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This update for shutter fixes one security issue :

- CVE-2016-10081: Remote attackers could trick users into
assisting them in executing arbitrary commands via a
crafted image name that is mishandled during a 'Run a
plugin' action (boo#1017571)

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1017571

Solution :

Update the affected shutter packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

openSUSE Security Update : curl (openSUSE-2017-951)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This update for curl fixes the following issues :

- CVE-2017-1000100: TFP sends more than buffer size and it
could lead to a denial of service (bsc#1051644)

- CVE-2017-1000101: URL globbing out of bounds read could
lead to a denial of service (bsc#1051643)

This update was imported from the SUSE:SLE-12:Update update project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1051643
https://bugzilla.opensuse.org/show_bug.cgi?id=1051644

Solution :

Update the affected curl packages.

Risk factor :

Medium

This script is Copyright (C) 2017 Tenable Network Security, Inc.

openSUSE Security Update : fossil (openSUSE-2017-949)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This update for fossil to version 2.3 fixes the following issues :

- Potential XSS vulnerability on the /help webpage
(boo#1053267)

This update also contains all upstream improvements and fixes in
version 2.3 :

- Update internal Unicode character tables, used in
regular expression handling, from version 9.0 to 10.0.

- Show the last-sync-URL on the /urllist page

- Added the 'Event Summary' activity report

- Added the 'Security Audit' page, available to
administrators only

- Added the Last Login time to the user list page, for
administrators only

- Added the --numstat option to the fossil diff command

- Limit the size of the heap and stack on unix systems, as
a proactive defense against the Stack Clash attack

- Fix 'database locked' warnings caused by 'PRAGMA
optimize'

- Documentation updates

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1053267

Solution :

Update the affected fossil packages.

Risk factor :

Medium

This script is Copyright (C) 2017 Tenable Network Security, Inc.

openSUSE Security Update : nodejs4 / nodejs6 (openSUSE-2017-948)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This update for nodejs4 and nodejs6 fixes the following issues :

Security issues fixed :

- CVE-2017-1000381: The c-ares function
ares_parse_naptr_reply() could be triggered to read
memory outside of the given input buffer if the passed
in DNS response packet was crafted in a particular way.
(bsc#1044946)

- CVE-2017-11499: Disable V8 snapshots. The hashseed
embedded in the snapshot is currently the same for all
runs of the binary. This opens node up to collision
attacks which could result in a Denial of Service. We
have temporarily disabled snapshots until a more robust
solution is found. (bsc#1048299)

Non-security fixes :

- GCC 7 compilation fixes for v8 backported and add
missing ICU59 headers (bsc#1041282)

- New upstream LTS release 6.11.1

- https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.11.1

- New upstream LTS release 6.11.0

- https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.11.0

- New upstream LTS release 6.10.3

- https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.10.3

- New upstream LTS release 6.10.2

- https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.10.2

- New upstream LTS release 6.10.1

- https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.10.1

- New upstream LTS release 6.10.0

- https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.10.0

- New upstream LTS release 4.8.4

- https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4.8.4

- New upstream LTS release 4.8.3

- https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4.8.3

- New upstream LTS release 4.8.2

- https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4.8.2

- New upstream LTS release 4.8.1

- https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4.8.1

- New upstream LTS release 4.8.0

- https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4.8.0

This update was imported from the SUSE:SLE-12:Update update project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1041282
https://bugzilla.opensuse.org/show_bug.cgi?id=1041283
https://bugzilla.opensuse.org/show_bug.cgi?id=1044946
https://bugzilla.opensuse.org/show_bug.cgi?id=1048299
http://www.nessus.org/u?6e76fcd6
http://www.nessus.org/u?d586980d
http://www.nessus.org/u?3af76941
http://www.nessus.org/u?2dc50043
http://www.nessus.org/u?cfaf99af
http://www.nessus.org/u?a6929afa
http://www.nessus.org/u?971b1fd5
http://www.nessus.org/u?60de5186
http://www.nessus.org/u?e6bb8119
http://www.nessus.org/u?a27d290e
http://www.nessus.org/u?d5b218e3

Solution :

Update the affected nodejs4 / nodejs6 packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

openSUSE Security Update : minicom (openSUSE-2017-947)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This update for minicom fixes the following issue :

This security issue was fixed :

- CVE-2017-7467: Invalid cursor coordinates and scroll
regions could lead to code execution (bsc#1033783).

This update was imported from the SUSE:SLE-12:Update update project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1033783

Solution :

Update the affected minicom packages.

Risk factor :

Medium

This script is Copyright (C) 2017 Tenable Network Security, Inc.

openSUSE Security Update : openjpeg2 (openSUSE-2017-943)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This update for openjpeg2 fixes the following issues :

- CVE 2016-7163: Integer Overflow could lead to remote
code execution (bsc#997857)

- CVE 2015-8871: Use-after-free in opj_j2k_write_mco
function could lead to denial of service (bsc#979907)

This update was imported from the SUSE:SLE-12-SP2:Update update
project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=979907
https://bugzilla.opensuse.org/show_bug.cgi?id=997857

Solution :

Update the affected openjpeg2 packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

openSUSE Security Update : libxml2 (openSUSE-2017-942)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This update for libxml2 fixes the following security issue :

- CVE-2017-8872: Out-of-bounds read in
htmlParseTryOrFinish. (bsc#1038444)

This update was imported from the SUSE:SLE-12-SP2:Update update
project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1038444

Solution :

Update the affected libxml2 packages.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

openSUSE Security Update : mercurial (openSUSE-2017-941)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This update for mercurial fixes the following issues :

Mercurial was updated to 4.2.3, a security fix update for

- CVE-2017-1000115: Incomplete symlink auditing allowed
writing to files outside of the repository (boo#1053344)

- CVE-2017-1000116: Client-side code execution via
argument injection in SSH URLs (boo#1052696)

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1052696
https://bugzilla.opensuse.org/show_bug.cgi?id=1053344

Solution :

Update the affected mercurial packages.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

openSUSE Security Update : subversion (openSUSE-2017-940)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This update for subversion to 1.9.7 fixes security issues and bugs.

The following vulnerabilities were fixed :

- CVE-2017-9800: A remote attacker could have caused svn
clients to execute arbitrary code via specially crafted
URLs in svn:externals and svn:sync-from-url properties.
(boo#1051362)

- CVE-2005-4900: SHA-1 collisions may cause repository
inconsistencies (boo#1026936)

The following bugfix changes are included :

- Add instructions for running svnserve as a user
different from 'svn', and remove sysconfig variables
that are no longer effective with the systemd unit.
(boo#1049448)

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1026936
https://bugzilla.opensuse.org/show_bug.cgi?id=1049448
https://bugzilla.opensuse.org/show_bug.cgi?id=1051362

Solution :

Update the affected subversion packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

openSUSE Security Update : git (openSUSE-2017-939)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This update for git fixes the following security issues :

- CVE-2017-1000117: A malicious third-party could have
caused a git client to execute arbitrary commands via
crafted 'ssh://...' URLs, including submodules
(boo#1052481)

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1052481

Solution :

Update the affected git packages.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

openSUSE Security Update : taglib (openSUSE-2017-938)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This update for taglib fixes the following issues :

- CVE-2017-12678: Denial of service vulnerability via
specially crafted ID3v2 data (boo#1052699)

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1052699

Solution :

Update the affected taglib packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

openSUSE Security Update : libheimdal (openSUSE-2017-937) (Orpheus' Lyre)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This update for libheimdal fixes the following issues :

- Fix CVE-2017-11103: Orpheus' Lyre KDC-REP service name
validation. This is a critical vulnerability. In
_krb5_extract_ticket() the KDC-REP service name must be
obtained from encrypted version stored in 'enc_part'
instead of the unencrypted version stored in 'ticket'.
Use of the unecrypted version provides an opportunity
for successful server impersonation and other attacks.
Identified by Jeffrey Altman, Viktor Duchovni and Nico
Williams. See https://www.orpheus-lyre.info/ for more
details. (bsc#1048278)

- Fix CVE-2017-6594: transit path validation inadvertently
caused the previous hop realm to not be added to the
transit path of issued tickets. This may, in some cases,
enable bypass of capath policy in Heimdal versions 1.5
through 7.2. Note, this may break sites that rely on the
bug. With the bug some incomplete [capaths] worked, that
should not have. These may now break authentication in
some cross-realm configurations.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1048278
https://www.orpheus-lyre.info/

Solution :

Update the affected libheimdal packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

openSUSE Security Update : openldap2 (openSUSE-2017-936)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This update for openldap2 fixes the following issues :

- Let OpenLDAP read system wide certificate directory by
default and avoid hiding the error if user specified CA
location cannot be read (boo#1009470).

- Fix CVE-2017-9287: openldap2: Double free vulnerability
with patch (boo#1041764)

- Fix an uninitialized variable that causes startup
failure (boo#1037396)

- Fix a regression in handling of non-blocking connection
with (boo#1031702)

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1009470
https://bugzilla.opensuse.org/show_bug.cgi?id=1031702
https://bugzilla.opensuse.org/show_bug.cgi?id=1037396
https://bugzilla.opensuse.org/show_bug.cgi?id=1041764

Solution :

Update the affected openldap2 packages.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

openSUSE Security Update : potrace (openSUSE-2017-934)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This update for potrace fixes the following security issues :

- CVE-2017-12067: potential buffer overflows and
arithmetic overflows (bsc#1051634) The update also fixes
various bugs, including a bug triggered by very large
bitmaps.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1051634

Solution :

Update the affected potrace packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

FreeBSD : libsoup -- stack based buffer overflow (8e7bbddd-8338-11e7-867f-b499baebfeaf)


Synopsis:

The remote FreeBSD host is missing a security-related update.

Description:

Tobias Mueller reports :

libsoup is susceptible to a stack based buffer overflow attack when
using chunked encoding. Regardless of libsoup being used as a server
or client.

See also :

http://seclists.org/oss-sec/2017/q3/304
http://www.nessus.org/u?f4c5c58f

Solution :

Update the affected package.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 26 : groovy18 (2017-661dddc462)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Fixes information disclosure vulnerability (CVE-2016-6814)

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2017-661dddc462

Solution :

Update the affected groovy18 package.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 26 : nasm (2017-6186f95179)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Fix use-after-free and heap buffer overflow vulnerabilities
(CVE-2017-10686, CVE-2017-11111)

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2017-6186f95179

Solution :

Update the affected nasm package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now