Newest Plugins

SUSE SLED12 / SLES12 Security Update : gnome-shell (SUSE-SU-2017:2217-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

This update for gnome-shell provides the following fixes :

- Fix not intuitive login screen for root user
(bsc#1047262)

- Disable session selection button when it's hidden in
user switch dialog (bsc#1034584, bsc#1034827)

- Fix app windows overlay app list in overview screen
(bsc#1008539)

- Properly handle failures when loading extensions
(bsc#1036494, CVE-2017-8288)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/1008539
https://bugzilla.suse.com/1034584
https://bugzilla.suse.com/1034827
https://bugzilla.suse.com/1036494
https://bugzilla.suse.com/1047262
https://www.suse.com/security/cve/CVE-2017-8288.html
http://www.nessus.org/u?e6f5624a

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch
SUSE-SLE-WE-12-SP3-2017-1350=1

SUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch
SUSE-SLE-WE-12-SP2-2017-1350=1

SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t
patch SUSE-SLE-SDK-12-SP3-2017-1350=1

SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t
patch SUSE-SLE-SDK-12-SP2-2017-1350=1

SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t
patch SUSE-SLE-RPI-12-SP2-2017-1350=1

SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
SUSE-SLE-SERVER-12-SP3-2017-1350=1

SUSE Linux Enterprise Server 12-SP2:zypper in -t patch
SUSE-SLE-SERVER-12-SP2-2017-1350=1

SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch
SUSE-SLE-DESKTOP-12-SP3-2017-1350=1

SUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch
SUSE-SLE-DESKTOP-12-SP2-2017-1350=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

SUSE SLES12 Security Update : openvswitch (SUSE-SU-2017:2212-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

This update for openvswitch fixes the following issues :

- CVE-2017-9263: OpenFlow role status message can cause a
call to abort() leading to application crash
(bsc#1041470)

- CVE-2017-9265: Buffer over-read while parsing message
could lead to crash or maybe arbitrary code execution
(bsc#1041447)

- Do not restart the ovs-vswitchd and ovsdb-server
services on package updates (bsc#1002734)

- Do not restart the ovs-vswitchd, ovsdb-server and
openvswitch services on package removals. This
facilitates potential future package moves but also
preserves connectivity when the package is removed
(bsc#1050896)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/1002734
https://bugzilla.suse.com/1041447
https://bugzilla.suse.com/1041470
https://bugzilla.suse.com/1050896
https://www.suse.com/security/cve/CVE-2017-9263.html
https://www.suse.com/security/cve/CVE-2017-9265.html
http://www.nessus.org/u?846ff5ff

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
SUSE-SLE-SERVER-12-SP3-2017-1348=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.4
(CVSS2#E:U/RL:ND/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0144)


Synopsis:

The remote OracleVM host is missing one or more security updates.

Description:

The remote OracleVM system is missing necessary patches to address
critical security updates :

- l2tp: fix racy SOCK_ZAPPED flag check in
l2tp_ip[,6]_bind (Guillaume Nault) [Orabug: 26586047]
(CVE-2016-10200)

- xfs: fix two memory leaks in xfs_attr_list.c error paths
(Mateusz Guzik) [Orabug: 26586022] (CVE-2016-9685)

- KEYS: Disallow keyrings beginning with '.' to be joined
as session keyrings (David Howells) [Orabug: 26585994]
(CVE-2016-9604)

- ipv6: fix out of bound writes in __ip6_append_data (Eric
Dumazet) [Orabug: 26578198] (CVE-2017-9242)

See also :

http://www.nessus.org/u?ab2271dc

Solution :

Update the affected kernel-uek / kernel-uek-firmware packages.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.1
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2017-3607)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

Description of changes:

[2.6.39-400.297.6.el6uek]
- l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() (Guillaume
Nault) [Orabug: 26586050] {CVE-2016-10200}
- xfs: fix two memory leaks in xfs_attr_list.c error paths (Mateusz
Guzik) [Orabug: 26586024] {CVE-2016-9685}
- KEYS: Disallow keyrings beginning with '.' to be joined as session
keyrings (David Howells) [Orabug: 26586002] {CVE-2016-9604}
- ipv6: fix out of bound writes in __ip6_append_data() (Eric Dumazet)
[Orabug: 26578202] {CVE-2017-9242}

See also :

https://oss.oracle.com/pipermail/el-errata/2017-August/007145.html

Solution :

Update the affected unbreakable enterprise kernel packages.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.1
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3606)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

Description of changes:

kernel-uek
[3.8.13-118.19.4.el7uek]
- l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() (Guillaume
Nault) [Orabug: 26586047] {CVE-2016-10200}
- xfs: fix two memory leaks in xfs_attr_list.c error paths (Mateusz
Guzik) [Orabug: 26586022] {CVE-2016-9685}
- KEYS: Disallow keyrings beginning with '.' to be joined as session
keyrings (David Howells) [Orabug: 26585994] {CVE-2016-9604}
- ipv6: fix out of bound writes in __ip6_append_data() (Eric Dumazet)
[Orabug: 26578198] {CVE-2017-9242}

See also :

https://oss.oracle.com/pipermail/el-errata/2017-August/007143.html
https://oss.oracle.com/pipermail/el-errata/2017-August/007144.html

Solution :

Update the affected unbreakable enterprise kernel packages.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.1
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

openSUSE Security Update : MozillaThunderbird (openSUSE-2017-955)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This update for MozillaThunderbird to version 52.3 fixes security
issues and bugs. The following vulnerabilities were fixed :

- CVE-2017-7798: XUL injection in the style editor in
devtools

- CVE-2017-7800: Use-after-free in WebSockets during
disconnection

- CVE-2017-7801: Use-after-free with marquee during window
resizing

- CVE-2017-7784: Use-after-free with image observers

- CVE-2017-7802: Use-after-free resizing image elements

- CVE-2017-7785: Buffer overflow manipulating ARIA
attributes in DOM

- CVE-2017-7786: Buffer overflow while painting
non-displayable SVG

- CVE-2017-7753: Out-of-bounds read with cached style data
and pseudo-elements#

- CVE-2017-7787: Same-origin policy bypass with iframes
through page reloads

- CVE-2017-7807: Domain hijacking through AppCache
fallback

- CVE-2017-7792: Buffer overflow viewing certificates with
an extremely long OID

- CVE-2017-7804: Memory protection bypass through
WindowsDllDetourPatcher

- CVE-2017-7791: Spoofing following page navigation with
data: protocol and modal alerts

- CVE-2017-7782: WindowsDllDetourPatcher allocates memory
without DEP protections

- CVE-2017-7803: CSP containing 'sandbox' improperly
applied

- CVE-2017-7779: Memory safety bugs fixed in Firefox 55
and Firefox ESR 52.3

The following bugs were fixed :

- Unwanted inline images shown in rogue SPAM messages

- Deleting message from the POP3 server not working when
maildir storage was used

- Message disposition flag (replied / forwarded) lost when
reply or forwarded message was stored as draft and draft
was sent later

- Inline images not scaled to fit when printing

- Selected text from another message sometimes included in
a reply

- No authorisation prompt displayed when inserting image
into email body although image URL requires
authentication

- Large attachments taking a long time to open under some
circumstances

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1052829

Solution :

Update the affected MozillaThunderbird packages.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2017-954)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This java-1_8_0-openjdk update to version jdk8u141 (icedtea 3.5.0)
fixes the following issues :

Security issues fixed :

- CVE-2017-10053: Improved image post-processing steps
(bsc#1049305)

- CVE-2017-10067: Additional jar validation steps
(bsc#1049306)

- CVE-2017-10074: Image conversion improvements
(bsc#1049307)

- CVE-2017-10078: Better script accessibility for
JavaScript (bsc#1049308)

- CVE-2017-10081: Right parenthesis issue (bsc#1049309)

- CVE-2017-10086: Unspecified vulnerability in
subcomponent JavaFX (bsc#1049310)

- CVE-2017-10087: Better Thread Pool execution
(bsc#1049311)

- CVE-2017-10089: Service Registration Lifecycle
(bsc#1049312)

- CVE-2017-10090: Better handling of channel groups
(bsc#1049313)

- CVE-2017-10096: Transform Transformer Exceptions
(bsc#1049314)

- CVE-2017-10101: Better reading of text catalogs
(bsc#1049315)

- CVE-2017-10102: Improved garbage collection
(bsc#1049316)

- CVE-2017-10105: Unspecified vulnerability in
subcomponent deployment (bsc#1049317)

- CVE-2017-10107: Less Active Activations (bsc#1049318)

- CVE-2017-10108: Better naming attribution (bsc#1049319)

- CVE-2017-10109: Better sourcing of code (bsc#1049320)

- CVE-2017-10110: Better image fetching (bsc#1049321)

- CVE-2017-10111: Rearrange MethodHandle arrangements
(bsc#1049322)

- CVE-2017-10114: Unspecified vulnerability in
subcomponent JavaFX (bsc#1049323)

- CVE-2017-10115: Higher quality DSA operations
(bsc#1049324)

- CVE-2017-10116: Proper directory lookup processing
(bsc#1049325)

- CVE-2017-10118: Higher quality ECDSA operations
(bsc#1049326)

- CVE-2017-10125: Unspecified vulnerability in
subcomponent deployment (bsc#1049327)

- CVE-2017-10135: Better handling of PKCS8 material
(bsc#1049328)

- CVE-2017-10176: Additional elliptic curve support
(bsc#1049329)

- CVE-2017-10193: Improve algorithm constraints
implementation (bsc#1049330)

- CVE-2017-10198: Clear certificate chain connections
(bsc#1049331)

- CVE-2017-10243: Unspecified vulnerability in
subcomponent JAX-WS (bsc#1049332)

Bug fixes :

- Check registry registration location

- Improved certificate processing

- JMX diagnostic improvements

- Update to libpng 1.6.28

- Import of OpenJDK 8 u141 build 15 (bsc#1049302)

New features :

- Support using RSAandMGF1 with the SHA hash algorithms in
the PKCS11 provider

This update was imported from the SUSE:SLE-12-SP1:Update update
project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1049302
https://bugzilla.opensuse.org/show_bug.cgi?id=1049305
https://bugzilla.opensuse.org/show_bug.cgi?id=1049306
https://bugzilla.opensuse.org/show_bug.cgi?id=1049307
https://bugzilla.opensuse.org/show_bug.cgi?id=1049308
https://bugzilla.opensuse.org/show_bug.cgi?id=1049309
https://bugzilla.opensuse.org/show_bug.cgi?id=1049310
https://bugzilla.opensuse.org/show_bug.cgi?id=1049311
https://bugzilla.opensuse.org/show_bug.cgi?id=1049312
https://bugzilla.opensuse.org/show_bug.cgi?id=1049313
https://bugzilla.opensuse.org/show_bug.cgi?id=1049314
https://bugzilla.opensuse.org/show_bug.cgi?id=1049315
https://bugzilla.opensuse.org/show_bug.cgi?id=1049316
https://bugzilla.opensuse.org/show_bug.cgi?id=1049317
https://bugzilla.opensuse.org/show_bug.cgi?id=1049318
https://bugzilla.opensuse.org/show_bug.cgi?id=1049319
https://bugzilla.opensuse.org/show_bug.cgi?id=1049320
https://bugzilla.opensuse.org/show_bug.cgi?id=1049321
https://bugzilla.opensuse.org/show_bug.cgi?id=1049322
https://bugzilla.opensuse.org/show_bug.cgi?id=1049323
https://bugzilla.opensuse.org/show_bug.cgi?id=1049324
https://bugzilla.opensuse.org/show_bug.cgi?id=1049325
https://bugzilla.opensuse.org/show_bug.cgi?id=1049326
https://bugzilla.opensuse.org/show_bug.cgi?id=1049327
https://bugzilla.opensuse.org/show_bug.cgi?id=1049328
https://bugzilla.opensuse.org/show_bug.cgi?id=1049329
https://bugzilla.opensuse.org/show_bug.cgi?id=1049330
https://bugzilla.opensuse.org/show_bug.cgi?id=1049331
https://bugzilla.opensuse.org/show_bug.cgi?id=1049332

Solution :

Update the affected java-1_8_0-openjdk packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

GLSA-201708-08 : bzip2: Denial of Service


Synopsis:

The remote Gentoo host is missing one or more security-related
patches.

Description:

The remote host is affected by the vulnerability described in GLSA-201708-08
(bzip2: Denial of Service)

A use-after-free flaw was found in bzip2recover, leading to a null
pointer dereference, or a write to a closed file descriptor. Please
review the CVE identifier referenced below for details.

Impact :

A remote attacker could entice a user to process a specially crafted
bzip2 archive using bzip2recover, possibly resulting in a Denial of
Service condition.

Workaround :

There is no known workaround at this time.

See also :

https://security.gentoo.org/glsa/201708-08

Solution :

All bzip2 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=app-arch/bzip2-1.0.6-r8'

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

GLSA-201708-07 : evilvte: User-assisted execution of arbitrary code


Synopsis:

The remote Gentoo host is missing one or more security-related
patches.

Description:

The remote host is affected by the vulnerability described in GLSA-201708-07
(evilvte: User-assisted execution of arbitrary code)

Steve Kemp of Debian identified a flaw in evilvte which does not
properly validate hypertext links. Please review the Debian bug report
referenced below.

Impact :

Remote attackers could execute arbitrary code by enticing a user to
click a hyperlink in their terminal.

Workaround :

There is no known workaround at this time.

See also :

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854585
https://security.gentoo.org/glsa/201708-07

Solution :

Gentoo Security recommends that users unmerge evilvte:
# emerge --unmerge 'x11-terms/evilvte'

Risk factor :

Medium

This script is Copyright (C) 2017 Tenable Network Security, Inc.

GLSA-201708-06 : GPL Ghostscript: Multiple vulnerabilities


Synopsis:

The remote Gentoo host is missing one or more security-related
patches.

Description:

The remote host is affected by the vulnerability described in GLSA-201708-06
(GPL Ghostscript: Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in GPL Ghostscript. Please
review the CVE identifiers referenced below for additional information.

Impact :

A context-dependent attacker could entice a user to open a specially
crafted PostScript file or PDF document using GPL Ghostscript possibly
resulting in the execution of arbitrary code with the privileges of the
process or a Denial of Service condition.

Workaround :

There is no known workaround at this time.

See also :

https://security.gentoo.org/glsa/201708-06

Solution :

All GPL Ghostscript users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=app-text/ghostscript-gpl-9.21'

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

GLSA-201708-05 : RAR and UnRAR: User-assisted execution of arbitrary code


Synopsis:

The remote Gentoo host is missing one or more security-related
patches.

Description:

The remote host is affected by the vulnerability described in GLSA-201708-05
(RAR and UnRAR: User-assisted execution of arbitrary code)

A VMSF_DELTA memory corruption was discovered in which an integer
overflow can be caused in DataSize+CurChannel. The result is a negative
value of the “DestPos” variable which allows writing out of bounds
when setting Mem[DestPos].

Impact :

A remote attacker, by enticing a user to open a specially crafted
archive, could execute arbitrary code with the privileges of the process.

Workaround :

There is no known workaround at this time.

See also :

https://security.gentoo.org/glsa/201708-05

Solution :

All RAR users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
'>=app-arch/rar-5.5.0_beta4_p20170628'
All UnRAR users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=app-arch/unrar-5.5.5'

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

GLSA-201708-04 : Ked Password Manager: Information leak


Synopsis:

The remote Gentoo host is missing one or more security-related
patches.

Description:

The remote host is affected by the vulnerability described in GLSA-201708-04
(Ked Password Manager: Information leak)

A history file in ~/.kedpm/history is written in clear text. All of the
commands performed in the password manager are written there. This can
lead to the disclosure of the master password if the “password”
command is used with an argument. The names of the password entries
created and consulted are also accessible in clear text.

Impact :

An attacker could obtain confidential information.

Workaround :

There is no known workaround at this time.

See also :

https://security.gentoo.org/glsa/201708-04

Solution :

Gentoo Security recommends that users unmerge Ked Password Manager:
# emerge --unmerge 'app-admin/kedpm'

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

FreeBSD : drupal -- Drupal Core - Multiple Vulnerabilities (473b6a9e-8493-11e7-b24b-6cf0497db129)


Synopsis:

The remote FreeBSD host is missing a security-related update.

Description:

Drupal Security Team :

CVE-2017-6923: Views - Access Bypass - Moderately Critical

CVE-2017-6924: REST API can bypass comment approval - Access Bypass -
Moderately Critica

CVE-2017-6925: Entity access bypass for entities that do not have
UUIDs or have protected revisions - Access Bypass - Critical

See also :

http://www.nessus.org/u?930c543c

Solution :

Update the affected package.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 26 : mingw-postgresql (2017-f9e66916ec)


Synopsis:

The remote Fedora host is missing a security update.

Description:

https://www.postgresql.org/docs/9.6/static/release-9-6-4.html

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2017-f9e66916ec
https://www.postgresql.org/docs/9.6/static/release-9-6-4.html

Solution :

Update the affected mingw-postgresql package.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 26 : cyrus-imapd (2017-f8f4cd5b67)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Update to the latest upstream release, 3.0.3. This contains an
important security fix (for CVE-2017-12843) as well as other bugfixes.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2017-f8f4cd5b67

Solution :

Update the affected cyrus-imapd package.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 26 : chromium (2017-f79ae2b96f)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Chromium 60. Security fix for CVE-2017-5091, CVE-2017-5092,
CVE-2017-5093, CVE-2017-5094, CVE-2017-5095, CVE-2017-5096,
CVE-2017-5097, CVE-2017-5098, CVE-2017-5099, CVE-2017-5100,
CVE-2017-5101, CVE-2017-5102, CVE-2017-5103, CVE-2017-5104,
CVE-2017-7000, CVE-2017-5105, CVE-2017-5106, CVE-2017-5107,
CVE-2017-5108, CVE-2017-5109, CVE-2017-5110.

New subpackage -headless.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2017-f79ae2b96f

Solution :

Update the affected chromium package.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 25 : mingw-openjpeg2 (2017-f6e3215f2b)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Update to version 2.2.0, see
https://github.com/uclouvain/openjpeg/blob/v2.2.0/NEWS.md for details.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2017-f6e3215f2b
https://github.com/uclouvain/openjpeg/blob/v2.2.0/NEWS.md

Solution :

Update the affected mingw-openjpeg2 package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 26 : torbrowser-launcher (2017-c535f23493)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Automatically refresh GPG keyring, to prevent signature verification
false positives

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2017-c535f23493

Solution :

Update the affected torbrowser-launcher package.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 26 : cryptlib (2017-aab5f759f5)


Synopsis:

The remote Fedora host is missing a security update.

Description:

update configuration code for powerpc64

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2017-aab5f759f5

Solution :

Update the affected cryptlib package.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 25 : nasm (2017-a1fe6d2b86)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Fix use-after-free and heap buffer overflow vulnerabilities
(CVE-2017-10686, CVE-2017-11111)

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2017-a1fe6d2b86

Solution :

Update the affected nasm package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 25 : cups-filters / qpdf (2017-a05e2b8545)


Synopsis:

The remote Fedora host is missing one or more security updates.

Description:

Patches solving CVEs in qpdf changes API, so cups-filters needed to be
rebuilt with it.

----

Reverting changes from previous update

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2017-a05e2b8545

Solution :

Update the affected cups-filters and / or qpdf packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 26 : glibc (2017-92f8958310)


Synopsis:

The remote Fedora host is missing a security update.

Description:

This update improves compatibility with legacy 32-bit i386
applications (RHBZ#1471427) and addresses a minor security
vulnerability in the DNS stub resolver (CVE-2017-12132).

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2017-92f8958310

Solution :

Update the affected glibc package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 25 : torbrowser-launcher (2017-866fc566e0)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Automatically refresh GPG keyring, to prevent signature verification
false positives

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2017-866fc566e0

Solution :

Update the affected torbrowser-launcher package.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 25 : chicken (2017-82b5035f76)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Fix for CVE-2017-11343

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2017-82b5035f76

Solution :

Update the affected chicken package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 26 : chicken (2017-76ce091a43)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Fix for CVE-2017-11343

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2017-76ce091a43

Solution :

Update the affected chicken package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 26 : bodhi (2017-48f0384090)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Update to
[2.9.1](https://github.com/fedora-infra/bodhi/releases/tag/2.9.1),
which addresses
[CVE-2017-1002152](https://github.com/fedora-infra/bodhi/issues/1740).

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2017-48f0384090
https://github.com/fedora-infra/bodhi/issues/1740
https://github.com/fedora-infra/bodhi/releases/tag/2.9.1

Solution :

Update the affected bodhi package.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 25 : groovy18 (2017-33c8085c5d)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Fixes information disclosure vulnerability (CVE-2016-6814)

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2017-33c8085c5d

Solution :

Update the affected groovy18 package.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Debian DSA-3948-1 : ioquake3 - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

A read buffer overflow was discovered in the idtech3 (Quake III Arena)
family of game engines. This allows remote attackers to cause a denial
of service (application crash) or possibly have unspecified other
impact via a crafted packet.

See also :

https://packages.debian.org/source/jessie/ioquake3
https://packages.debian.org/source/stretch/ioquake3
http://www.debian.org/security/2017/dsa-3948

Solution :

Upgrade the ioquake3 packages.

For the oldstable distribution (jessie), this problem has been fixed
in version 1.36+u20140802+gca9eebb-2+deb8u2.

For the stable distribution (stretch), this problem has been fixed in
version 1.36+u20161101+dfsg1-2+deb9u1.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Debian DSA-3947-1 : newsbeuter - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

Jeriko One discovered that newsbeuter, a text-mode RSS feed reader,
did not properly escape the title and description of a news article
when bookmarking it. This allowed a remote attacker to run an
arbitrary shell command on the client machine.

See also :

https://packages.debian.org/source/jessie/newsbeuter
https://packages.debian.org/source/stretch/newsbeuter
http://www.debian.org/security/2017/dsa-3947

Solution :

Upgrade the newsbeuter packages.

For the oldstable distribution (jessie), this problem has been fixed
in version 2.8-2+deb8u1.

For the stable distribution (stretch), this problem has been fixed in
version 2.9-5+deb9u1.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Debian DSA-3946-1 : libmspack - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

It was discovered that libsmpack, a library used to handle Microsoft
compression formats, did not properly validate its input. A remote
attacker could craft malicious CAB or CHM files and use this flaw to
cause a denial of service via application crash, or potentially
execute arbitrary code.

See also :

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868956
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871263
https://packages.debian.org/source/jessie/libmspack
https://packages.debian.org/source/stretch/libmspack
http://www.debian.org/security/2017/dsa-3946

Solution :

Upgrade the libmspack packages.

For the oldstable distribution (jessie), these problems have been
fixed in version 0.5-1+deb8u1.

For the stable distribution (stretch), these problems have been fixed
in version 0.5-1+deb9u1.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Debian DLA-1062-1 : curl security update


Synopsis:

The remote Debian host is missing a security update.

Description:

CVE-2017-1000100 Wrong handling of very long filenames during TFTP
might result in curl sending more than buffer size.

For Debian 7 'Wheezy', this problem has been fixed in version
7.26.0-1+wheezy20.

We recommend that you upgrade your curl packages.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues.

See also :

https://lists.debian.org/debian-lts-announce/2017/08/msg00014.html
https://packages.debian.org/source/wheezy/curl

Solution :

Upgrade the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:C)
CVSS Temporal Score : 5.8
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Debian DLA-1061-1 : newsbeuter security update


Synopsis:

The remote Debian host is missing a security update.

Description:

Jeriko One discovered that newsbeuter, a text-mode RSS feed reader,
did not properly escape the title and description of a news article
when bookmarking it. This allowed a remote attacker to run an
arbitrary shell command on the client machine.

For Debian 7 'Wheezy', these problems have been fixed in version
2.5-2+deb7u2.

We recommend that you upgrade your newsbeuter packages.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues.

See also :

https://lists.debian.org/debian-lts-announce/2017/08/msg00013.html
https://packages.debian.org/source/wheezy/newsbeuter

Solution :

Upgrade the affected newsbeuter package.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Debian DLA-1060-1 : libxml2 security update


Synopsis:

The remote Debian host is missing a security update.

Description:

CVE-2017-0663

Invalid casting of different structs could enable an attacker to
remotely execute some code within the context of an unprivileged
process.

CVE-2017-7376

Incorrect limit used for port values.

For Debian 7 'Wheezy', these problems have been fixed in version
2.8.0+dfsg1-7+wheezy9.

We recommend that you upgrade your libxml2 packages.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues.

See also :

https://lists.debian.org/debian-lts-announce/2017/08/msg00012.html
https://packages.debian.org/source/wheezy/libxml2

Solution :

Upgrade the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.3
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Debian DLA-1059-1 : strongswan security update


Synopsis:

The remote Debian host is missing a security update.

Description:

It was discovered that there was a denial of service vulnerability in
the Strongswan Virtual Private Network (VPN) software.

Specific RSA signatures passed to the gmp plugin for verification
could cause a NULL pointer dereference. Potential triggers are
signatures in certificates, but also signatures used during IKE
authentication.

For more details, please see :

cve-2017-11185).html>

For Debian 7 'Wheezy', this issue has been fixed in strongswan version
4.5.2-1.5+deb7u10.

We recommend that you upgrade your strongswan packages.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues.

See also :

https://lists.debian.org/debian-lts-announce/2017/08/msg00011.html
https://packages.debian.org/source/wheezy/strongswan
https://www.strongswan.org/blog/2017/08/14/strongswan-vulnerability-

Solution :

Upgrade the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 5.8
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Virtuozzo 7 : readykernel-patch (VZA-2017-073)


Synopsis:

The remote Virtuozzo host is missing a security update.

Description:

According to the version of the vzkernel package and the
readykernel-patch installed, the Virtuozzo installation on the remote
host is affected by the following vulnerabilities :

- A race condition issue leading to a use-after-free flaw
was found in the way the raw packet sockets are
implemented in the Linux kernel networking subsystem
handling synchronization. A local user able to open a
raw packet socket (requires the CAP_NET_RAW capability)
could use this flaw to elevate their privileges on the
system.

- Andrey Konovalov discovered a race condition in the UDP
Fragmentation Offload (UFO) code in the Linux kernel. A
local attacker could use this to cause a denial of
service or execute arbitrary code.

Note that Tenable Network Security has extracted the preceding
description block directly from the Virtuozzo security advisory.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://help.virtuozzo.com/customer/portal/articles/2860787
http://www.nessus.org/u?2bd516c2

Solution :

Update the readykernel patch.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Virtuozzo 7 : readykernel-patch (VZA-2017-072)


Synopsis:

The remote Virtuozzo host is missing a security update.

Description:

According to the version of the vzkernel package and the
readykernel-patch installed, the Virtuozzo installation on the remote
host is affected by the following vulnerabilities :

- A race condition issue leading to a use-after-free flaw
was found in the way the raw packet sockets are
implemented in the Linux kernel networking subsystem
handling synchronization. A local user able to open a
raw packet socket (requires the CAP_NET_RAW capability)
could use this flaw to elevate their privileges on the
system.

- Andrey Konovalov discovered a race condition in the UDP
Fragmentation Offload (UFO) code in the Linux kernel. A
local attacker could use this to cause a denial of
service or execute arbitrary code.

Note that Tenable Network Security has extracted the preceding
description block directly from the Virtuozzo security advisory.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://help.virtuozzo.com/customer/portal/articles/2860785
http://www.nessus.org/u?f3a07813
http://www.nessus.org/u?13d1f21f

Solution :

Update the readykernel patch.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Virtuozzo 7 : readykernel-patch (VZA-2017-071)


Synopsis:

The remote Virtuozzo host is missing a security update.

Description:

According to the version of the vzkernel package and the
readykernel-patch installed, the Virtuozzo installation on the remote
host is affected by the following vulnerabilities :

- A race condition issue leading to a use-after-free flaw
was found in the way the raw packet sockets are
implemented in the Linux kernel networking subsystem
handling synchronization. A local user able to open a
raw packet socket (requires the CAP_NET_RAW capability)
could use this flaw to elevate their privileges on the
system.

- Andrey Konovalov discovered a race condition in the UDP
Fragmentation Offload (UFO) code in the Linux kernel. A
local attacker could use this to cause a denial of
service or execute arbitrary code.

Note that Tenable Network Security has extracted the preceding
description block directly from the Virtuozzo security advisory.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://help.virtuozzo.com/customer/portal/articles/2860784
http://www.nessus.org/u?4df481da
http://www.nessus.org/u?d315d201
http://www.nessus.org/u?0541aa0f

Solution :

Update the readykernel patch.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Apache Tomcat 9.0.0M1 < 9.0.0.M22 Multiple Vulnerabilities


Synopsis:

The remote Apache Tomcat server is affected by multiple
vulnerabilities.

Description:

The version of Apache Tomcat installed on the remote host is 9.0.0.M1
or later but prior to 9.0.0.M22. It is, therefore, affected by
multiple vulnerabilities :

- A flaw exists in the CORS filter because the HTTP Vary header was
not properly added. This allows a remote attacker to conduct
client-side and server-side cache poisoning attacks.
(CVE-2017-7674)

- A flaw exists in the HTTP/2 implementation that bypasses a number
of security checks that prevented directory traversal attacks. A
remote attacker can exploit this to bypass security constraints.
(CVE-2017-7675)

Note that Nessus has not attempted to exploit this issue but has
instead relied only on the application's self-reported version number.

See also :

http://www.nessus.org/u?df46ad43

Solution :

Upgrade to Apache Tomcat version 9.0.0.M22 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Apache Tomcat 8.5.x < 8.5.16 Multiple Vulnerabilities


Synopsis:

The remote Apache Tomcat server is affected by multiple
vulnerabilities.

Description:

The version of Apache Tomcat installed on the remote host is 8.5.x
prior to 8.5.16. It is, therefore, affected by multiple
vulnerabilities :

- A flaw exists in the CORS filter because the HTTP Vary header was
not properly added. This allows a remote attacker to conduct
client-side and server-side cache poisoning attacks.
(CVE-2017-7674)

- A flaw exists in the HTTP/2 implementation that bypasses a number
of security checks that prevented directory traversal attacks. A
remote attacker can exploit this to bypass security constraints.
(CVE-2017-7675)

Note that Nessus has not attempted to exploit this issue but has
instead relied only on the application's self-reported version number.

See also :

http://www.nessus.org/u?1f8717dc

Solution :

Upgrade to Apache Tomcat version 8.5.16 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Apache Tomcat 8.0.0.RC1 < 8.0.45 Cache Poisoning


Synopsis:

The remote Apache Tomcat server is affected by a cache poisoning
vulnerability.

Description:

The version of Apache Tomcat installed on the remote host is
8.0.0.RC1 or later but prior to 8.0.45. It is, therefore, affected by
a flaw in the CORS filter where the HTTP Vary header is not properly
added. This allows a remote attacker to conduct client-side and
server-side cache poisoning attacks.

Note that Nessus has not attempted to exploit this issue but has
instead relied only on the application's self-reported version number.

See also :

http://www.nessus.org/u?7318cfac

Solution :

Upgrade to Apache Tomcat version 8.0.45 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.2
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now