7月27日 安犬快讯 安犬漏洞库最新信息

7月27日 安犬快讯 安犬漏洞库最新更新信息

安犬漏洞库

安犬漏洞库最新更新信息:
1. Ipswitch MOVEit DMZ Multiple Vulnerabilities.CVE-2015-7675

漏洞信息

MOVEit DMZ assures compliance with SLAs, governance and regulatory mandates by providing users with a safe and easily accessible alternative to cloud file share services.

It provides different error messages for authentication attempts depending on whether the user account exists. Affected Version :
Ipswitch MOVEit DMZ before 8.2

漏洞危害

On successful exploitation it allows remote attackers to enumerate usernames via a series of SOAP requests to machine.aspx.
Also it allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading HTML files.

解决方案

Newer version is available to download . For more information about this product or to check for new releases, go to theMOVEit Transfer.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

MOVEit Transfer: Windows

2. Google Chrome Prior to 52.0.2743.82 Multiple Vulnerabilities CVE-2016-1705

漏洞信息

Google Chrome is a web browser for multiple platforms developed by Google.

This Google Chrome update fixes the following vulnerabilities:
A use-after-free memory error may occur in Extensions [CVE-2016-1708, CVE-2016-5136].
A use-after-free memory error may occur in Blink [CVE-2016-5127].
A use-after-free memory error may occur in libxml [CVE-2016-5131].
A heap overflow may occur in sfntly [CVE-2016-1709].
A memory corruption error may occur in the V8 engine [CVE-2016-5129].
A remote user can spoof URLs [CVE-2016-1707]. iOS is affected.
A remote user can spoof URLs [CVE-2016-5130].
A remote user can bypass Content Security Policy [CVE-2016-5135].
A remote user can escape the sandbox in PPAPI [CVE-2016-1706].
A remote user can bypass same-origin restrictions in Blink [CVE-2016-1710, CVE-2016-1711].
A remote user can bypass same-origin restrictions in the V8 engine [CVE-2016-5128].
A remote user can bypass same-origin restrictions in Service Workers [CVE-2016-5132].
An origin confusion error may occur in proxy authentication [CVE-2016-5133].
A remote user can obtain potentially sensitive URL information via PAC script [CVE-2016-5134].
A remote user can view potentially sensitive history information with HSTS and CSP [CVE-2016-5137].

Affected Versions:
Google Chrome versions prior to 52.0.2743.82 are affected.

漏洞危害

Successful exploitation of these vulnerabilities could allow a remote attacker to bypass certain security restrictions, obtain sensitive information, execute arbitrary code or cause a denial of service condition on the system.

解决方案

Customers are advised to upgrade to Google Chrome 52.0.2743.82 or a later version.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

Google Chrome: Mac OS

Google Chrome: Windows

3. Apple iTunes Prior to 12.4.2 Multiple Vulnerabilities (APPLE-SA-2016-07-18-6) CVE-2016-4448

漏洞信息

iTunes is a digital media player application for Mac OS and Windows developed by Apple.

Apple iTunes for Windows is prone to the following vulnerabilities:
1. Multiple memory corruption issues in libxml2..
2. An insufficient input validation issue existed in XML document.

Affected Versions:
Apple iTunes prior to 12.4.2

漏洞危害

Successful exploitation leads to lead to disclosure of user information.

解决方案

Apple iTunes 12.4.2 has been released to address this issue. The update can be downloaded and installed via Apple Downloads.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

APPLE-SA-2016-07-18-6: iTunes

4. Amazon Linux Security Advisory for squid: AL2012-2016-135  CVE-2016-4554

漏洞危害

Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.

解决方案

Administrators are advised to apply the appropriate software updates.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

AL2012-2016-135

5. Amazon Linux Security Advisory for openssl: AL2012-2016-136: CVE-2016-2108

漏洞信息

Package updates are available for Amazon Linux that fix the following vulnerabilities: CVE-2016-2108: CVE-2016-2107: CVE-2016-2106: CVE-2016-2105:

漏洞危害

Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.

解决方案

Administrators are advised to apply the appropriate software updates.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

AL2012-2016-136