7月28日 安犬快讯 安犬漏洞库最新信息

7月28日 安犬快讯 安犬漏洞库最新信息

安犬漏洞库

1.Red Hat Update for chromium-browser (RHSA-2016:1485)

漏洞信息

Chromium 一种开源的Web浏览器,采用Webkit。
此更新升级版本
52.0.2743.82.

安全修复(es):

* 多缺陷畸形的Web内容的处理。一个包含恶意内容的网页可能会导致Chromium崩溃,执行任意代码,或在受害者访问时泄露敏感信息。(cve-2016-1706,cve-2016-1708,cve-2016-1709,cve-2016-1710,cve-2016-1711,cve-2016-5127,cve-2016-5128,cve-2016-5129,cve-2016-5130,cve-2016-5131,cve-2016-5132,cve-2016-5133,cve-2016-5134,cve-2016-5135,cve-2016-5136,cve-2016-5137,cve-2016-1705)

漏洞危害

一个包含恶意内容的网页可能会导致Chromium崩溃,执行任意代码,或在受害者访问时泄露敏感信息。

解决方案

升级到最新的包,其中包含一个补丁. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2016:1485 to address this issue and obtain more information.

补丁:
以下是下载补丁修复漏洞的链接:

RHSA-2016:1485: Red Hat Enterprise Linux

 

2.SUSE Enterprise Linux Security Update for ntp (SUSE-SU-2016:1602-1)

漏洞信息

Suse has released security update for ntp to fix the vulnerabilities.

Affected Products:
SUSE OpenStack Cloud 5 SUSE Manager Proxy 2.1 SUSE Manager 2.1 SUSE Linux Enterprise Server 11-SP3-LTSS SUSE Linux Enterprise Server 11-SP2-LTSS SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP2

漏洞危害

This vulnerability can be used to cause a limited denial of service in the form of interruptions in resource availability.

解决方案

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command "yum update".

Refer to Suse security advisory SUSE-SU-2016:1602-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SUSE-SU-2016:1602-1: SUSE Enterprise Linux

3. SUSE Enterprise Linux Security Update for flash-player (SUSE-SU-2016:1613-1)

漏洞信息

Suse has released security update for flash-player to fix the vulnerabilities.

Affected Products:
SUSE Linux Enterprise Workstation Extension 12-SP1 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Desktop 12-SP1 SUSE Linux Enterprise Desktop 12

漏洞危害

This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system. Additionally this vulnerability can also be used to cause a complete denial of service and could render the resource completely unavailable.

解决方案

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command "yum update".

Refer to Suse security advisory SUSE-SU-2016:1613-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SUSE-SU-2016:1613-1: SUSE Enterprise Linux

4. IBM Cognos Analytics Content Spoofing Vulnerability

漏洞信息

IBM Cognos Analytics offers guided, self-service capabilities designed to solve problems and seize new opportunities quickly.

IBM Cognos Analytics addresses attackers to conduct content-spoofing attacks via a crafted URL.

Affected Versions
IBM Cognos Analytics (CA) 11.0 before 11.0.2

漏洞危害

On successful exploitation it allows remote attackers to conduct content-spoofing attacks.

解决方案

Vendor has released fix to this vulnerability. Further information can be obtained from IBM

Patch:
Following are links for downloading patches to fix the vulnerabilities:

IBM Cognos: Windows

5.SUSE Enterprise Linux Security Update for php53 (SUSE-SU-2016:1638-1)

漏洞信息

Suse has released security update for php53 to fix the vulnerabilities.

Affected Products:
SUSE Linux Enterprise Server 11-SP2-LTSS

漏洞危害

This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system. Additionally this vulnerability can also be used to cause a complete denial of service and could render the resource completely unavailable.

解决方案

Upgrade to the latest packages which contain a patch. To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product.

To install packages using the command line interface, use the command "yum update".

Refer to Suse security advisory SUSE-SU-2016:1638-1 to address this issue and obtain further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

SUSE-SU-2016:1638-1: SUSE Enterprise Linux