Newest Plugins

Oracle Database Multiple Vulnerabilities (July 2016 CPU) (FREAK)


Synopsis:

The remote database server is affected by multiple vulnerabilities.

Description:

The remote Oracle Database Server is missing the July 2016 Critical
Patch Update (CPU). It is, therefore, affected by multiple
vulnerabilities :

- A security feature bypass vulnerability, known as FREAK
(Factoring attack on RSA-EXPORT Keys), exists in the
RDBMS HTTPS Listener package due to the support of weak
EXPORT_RSA cipher suites with keys less than or equal to
512 bits. A man-in-the-middle attacker may be able to
downgrade the SSL/TLS connection to use EXPORT_RSA
cipher suites which can be factored in a short amount of
time, allowing the attacker to intercept and decrypt the
traffic. (CVE-2015-0204)

- An unspecified vulnerability exists in the Application
Express component that allows an unauthenticated, remote
attacker to impact confidentiality and integrity.
(CVE-2016-3448)

- An unspecified vulnerability exists in the Application
Express component that allows an unauthenticated, remote
attacker to cause a denial of service condition.
(CVE-2016-3467)

- An unspecified vulnerability exists in the Portable
Clusterware component that allows an unauthenticated,
remote attacker to cause a denial of service condition.
(CVE-2016-3479)

- An unspecified vulnerability exists in the Database
Vault component that allows a local attacker to impact
confidentiality and integrity. (CVE-2016-3484)

- An unspecified vulnerability exists in the DB Sharding
component that allows a local attacker to impact
integrity. (CVE-2016-3488)

- An unspecified vulnerability exists in the Data Pump
Import component that allows a local attacker to to gain
elevated privileges. (CVE-2016-3489)

- An unspecified vulnerability exists in the JDBC
component that allows an unauthenticated, remote
attacker to execute arbitrary code. (CVE-2016-3506)

- An unspecified vulnerability exists in the OJVM
component that allows an authenticated, remote attacker
to execute arbitrary code. (CVE-2016-3609)

See also :

http://www.nessus.org/u?453b5f8c
https://www.smacktls.com/#freak

Solution :

Apply the appropriate patch according to the July 2016 Oracle
Critical Patch Update advisory.

Risk factor :

High / CVSS Base Score : 9.0
(CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Juniper Junos SRX Series Upgrade Handling Local Root Authentication Bypass (JSA10753)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

According to its self-reported version number, the remote Juniper
Junos device is affected by a security bypass vulnerability due to a
flaw that is triggered when using the partition option during an
upgrade. A local attacker can exploit this to bypass authentication
checks and access the root account with a blank password.

See also :

https://kb.juniper.net/JSA10753

Solution :

Upgrade to the relevant Junos software release referenced in Juniper
advisory JSA10753.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Juniper Junos Crafted ICMP Packet DoS (JSA10752)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

According to its self-reported version number and configuration, the
remote Juniper Junos device is affected by a denial of service
vulnerability when a GRE or IPIP tunnel is configured. An
unauthenticated, remote attacker can exploit this, via a specially
crafted ICMP packet, to cause a kernel panic, resulting in a denial of
service condition.

See also :

https://kb.juniper.net/JSA10752

Solution :

Upgrade to the relevant Junos software release referenced in Juniper
advisory JSA10752.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Juniper Junos SRX Series Application Layer Gateway DoS (JSA10751)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

According to its self-reported version number and configuration, the
remote Juniper Junos device is affected by a denial of service
vulnerability in the application layer gateway (ALG) that is triggered
when matching in-transit traffic. An unauthenticated, remote attacker
can exploit this to cause a denial of service.

See also :

https://kb.juniper.net/JSA10751

Solution :

Upgrade to the relevant Junos software release referenced in Juniper
advisory JSA10751. Alternatively, disable all ALGs.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Juniper Junos VPLS Ethernet Frame MAC Address Remote DoS (JSA10750)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

According to its self-reported version number and configuration, the
remote Juniper Junos device is affected by a denial of service
vulnerability when VPLS routing-instances are configured. An
unauthenticated, adjacent attacker can exploit this, via Ethernet
frames with the EtherType field of IPv6 (0x86DD), to cause a denial of
service condition.

See also :

https://kb.juniper.net/JSA10750

Solution :

Upgrade to the relevant Junos software release referenced in Juniper
advisory JSA10750. Alternatively, if EtherType IPv6 MAC addresses are
not required, configure a VPLS flood filter.

Risk factor :

Medium / CVSS Base Score : 6.1
(CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Oracle Java SE Multiple Vulnerabilities (July 2016 CPU) (Unix)


Synopsis:

The remote Unix host contains a programming platform that is affected
by multiple vulnerabilities.

Description:

The version of Oracle (formerly Sun) Java SE or Java for Business
installed on the remote host is prior to 8 Update 102, 7 Update 111,
or 6 Update 121. It is, therefore, affected by multiple
vulnerabilities :

- An unspecified flaw exists in the CORBA subcomponent
that allows an unauthenticated, remote attacker to
impact integrity. (CVE-2016-3458)

- An unspecified flaw exists in the Networking
subcomponent that allows a local attacker to impact
integrity. (CVE-2016-3485)

- An unspecified flaw exists in the JavaFX subcomponent
that allows an unauthenticated, remote attacker to cause
a denial of service condition. (CVE-2016-3498)

- An unspecified flaw exists in the JAXP subcomponent that
allows an unauthenticated, remote attacker to cause a
denial of service condition. (CVE-2016-3500)

- An unspecified flaw exists in the Install subcomponent
that allows a local attacker to gain elevated
privileges. (CVE-2016-3503)

- An unspecified flaw exists in the JAXP subcomponent that
allows an unauthenticated, remote attacker to cause a
denial of service condition. (CVE-2016-3508)

- An unspecified flaw exists in the Deployment
subcomponent that allows a local attacker to gain
elevated privileges. (CVE-2016-3511)

- An unspecified flaw exists in the Hotspot subcomponent
that allows an unauthenticated, remote attacker to
disclose potentially sensitive information.
(CVE-2016-3550)

- An unspecified flaw exists in the Install subcomponent
that allows a local attacker to gain elevated
privileges. (CVE-2016-3552)

- A flaw exists in the Hotspot subcomponent due to
improper access to the MethodHandle::invokeBasic()
function. An unauthenticated, remote attacker can
exploit this to execute arbitrary code. (CVE-2016-3587)

- A flaw exists in the Libraries subcomponent within the
MethodHandles::dropArguments() function that allows an
unauthenticated, remote attacker to execute arbitrary
code. (CVE-2016-3598)

- A flaw exists in the Hotspot subcomponent within the
ClassVerifier::ends_in_athrow() function when handling
bytecode verification. An unauthenticated, remote
attacker can exploit this to execute arbitrary code.
(CVE-2016-3606)

- An unspecified flaw exists in the Libraries subcomponent
that allows an unauthenticated, remote attacker to
execute arbitrary code. (CVE-2016-3610)

See also :

http://www.nessus.org/u?375663ac
http://www.nessus.org/u?c71cbe21
http://www.nessus.org/u?77a46ced
http://www.nessus.org/u?1a168366

Solution :

Upgrade to Oracle JDK / JRE 8 Update 102 / 7 Update 111 / 6 Update
121 or later. If necessary, remove any affected versions.

Note that an Extended Support contract with Oracle is needed to obtain
JDK / JRE 6 Update 95 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Oracle Java SE Multiple Vulnerabilities (July 2016 CPU)


Synopsis:

The remote Windows host contains a programming platform that is
affected by multiple vulnerabilities.

Description:

The version of Oracle (formerly Sun) Java SE or Java for Business
installed on the remote host is prior to 8 Update 102, 7 Update 111,
or 6 Update 121. It is, therefore, affected by multiple
vulnerabilities :

- An unspecified flaw exists in the CORBA subcomponent
that allows an unauthenticated, remote attacker to
impact integrity. (CVE-2016-3458)

- An unspecified flaw exists in the Networking
subcomponent that allows a local attacker to impact
integrity. (CVE-2016-3485)

- An unspecified flaw exists in the JavaFX subcomponent
that allows an unauthenticated, remote attacker to cause
a denial of service condition. (CVE-2016-3498)

- An unspecified flaw exists in the JAXP subcomponent that
allows an unauthenticated, remote attacker to cause a
denial of service condition. (CVE-2016-3500)

- An unspecified flaw exists in the Install subcomponent
that allows a local attacker to gain elevated
privileges. (CVE-2016-3503)

- An unspecified flaw exists in the JAXP subcomponent that
allows an unauthenticated, remote attacker to cause a
denial of service condition. (CVE-2016-3508)

- An unspecified flaw exists in the Deployment
subcomponent that allows a local attacker to gain
elevated privileges. (CVE-2016-3511)

- An unspecified flaw exists in the Hotspot subcomponent
that allows an unauthenticated, remote attacker to
disclose potentially sensitive information.
(CVE-2016-3550)

- An unspecified flaw exists in the Install subcomponent
that allows a local attacker to gain elevated
privileges. (CVE-2016-3552)

- A flaw exists in the Hotspot subcomponent due to
improper access to the MethodHandle::invokeBasic()
function. An unauthenticated, remote attacker can
exploit this to execute arbitrary code. (CVE-2016-3587)

- A flaw exists in the Libraries subcomponent within the
MethodHandles::dropArguments() function that allows an
unauthenticated, remote attacker to execute arbitrary
code. (CVE-2016-3598)

- A flaw exists in the Hotspot subcomponent within the
ClassVerifier::ends_in_athrow() function when handling
bytecode verification. An unauthenticated, remote
attacker can exploit this to execute arbitrary code.
(CVE-2016-3606)

- An unspecified flaw exists in the Libraries subcomponent
that allows an unauthenticated, remote attacker to
execute arbitrary code. (CVE-2016-3610)

See also :

http://www.nessus.org/u?375663ac
http://www.nessus.org/u?c71cbe21
http://www.nessus.org/u?77a46ced
http://www.nessus.org/u?1a168366

Solution :

Upgrade to Oracle JDK / JRE 8 Update 102 / 7 Update 111 / 6 Update
121 or later. If necessary, remove any affected versions.

Note that an Extended Support contract with Oracle is needed to obtain
JDK / JRE 6 Update 95 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Juniper Junos Crafted UDP Packet Handling DoS (JSA10758)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

According to its self-reported version number and architecture, the
remote Juniper Junos device is affected by a denial of service
vulnerability in the 64-bit routing engine. An unauthenticated, remote
attacker can exploit this, via a specially crafted UDP packet sent to
an interface IP address, to crash the kernel. Note that this
vulnerability does not affect 32-bit systems.

See also :

https://kb.juniper.net/JSA10758

Solution :

Upgrade to the relevant Junos software release referenced in Juniper
advisory JSA10758.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Juniper Junos FreeBSD libc db Information Disclosure (JSA10756)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

According to its self-reported version number, the remote Juniper
Junos device is affected by an information disclosure vulnerability in
the underlying FreeBSD operating system libc db interface due to
improper initialization of memory for Berkeley DB 1.85 database
structures. A local attacker can exploit this to disclose sensitive
information by reading a database file.

See also :

https://kb.juniper.net/JSA10756

Solution :

Upgrade to the relevant Junos software release referenced in Juniper
advisory JSA10756.

Risk factor :

Medium / CVSS Base Score : 4.9
(CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Juniper Junos Certificate Validation Bypass (JSA10755)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

According to its self-reported version number, the remote Juniper
Junos device is affected by a security bypass vulnerability due to
improper validation of self-signed certificates used for IKE and
IPsec. An unauthenticated, remote attacker can exploit this, via a
specially crafted self-signed certificate, to bypass certificate
validation and intercept network traffic.

See also :

https://kb.juniper.net/JSA10755

Solution :

Upgrade to the relevant Junos software release referenced in Juniper
advisory JSA10755. Alternatively, configure all PKI-VPN tunnels to
accept only Distinguished Name (DN) as the remote peer’s IKE ID.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Juniper Junos J-Web Service Privilege Escalation (JSA10754)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

According to its self-reported version number and configuration, the
remote Juniper Junos device is affected by a privilege escalation
vulnerability in the J-Web service that allows an unauthenticated,
remote attacker to disclose sensitive information and gain
administrative privileges.

See also :

https://kb.juniper.net/JSA10754

Solution :

Upgrade to the relevant Junos software release referenced in Juniper
advisory JSA10754. Alternatively, disable the J-Web service.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : mysql-5.5, mysql-5.6, mysql-5.7 vulnerabilities (USN-3040-1)


Synopsis:

The remote Ubuntu host is missing one or more security-related
patches.

Description:

Multiple security issues were discovered in MySQL and this update
includes new upstream MySQL versions to fix these issues.

MySQL has been updated to 5.5.50 in Ubuntu 12.04 LTS and Ubuntu 14.04
LTS. Ubuntu 15.10 has been updated to MySQL 5.6.31. Ubuntu 16.04 LTS
has been updated to MySQL 5.7.13.

In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.

Please see the following for more information:
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-50.html
http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-31.html
http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-13.html
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720
.html.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected mysql-server-5.5, mysql-server-5.6 and / or
mysql-server-5.7 packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

RHEL 5 / 6 / 7 : java-1.6.0-sun (RHSA-2016:1477)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

An update for java-1.6.0-sun is now available for Oracle Java for Red
Hat Enterprise Linux 5, Oracle Java for Red Hat Enterprise Linux 6,
and Oracle Java for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security
impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

Oracle Java SE version 6 includes the Oracle Java Runtime Environment
and the Oracle Java Software Development Kit.

This update upgrades Oracle Java SE 6 to version 6 Update 121.

Security Fix(es) :

* This update fixes multiple vulnerabilities in the Oracle Java
Runtime Environment and the Oracle Java Software Development Kit.
Further information about these flaws can be found on the Oracle Java
SE Critical Patch Update Advisory page, listed in the References
section. (CVE-2016-3458, CVE-2016-3500, CVE-2016-3503, CVE-2016-3508,
CVE-2016-3550)

See also :

https://www.redhat.com/security/data/cve/CVE-2016-3458.html
https://www.redhat.com/security/data/cve/CVE-2016-3500.html
https://www.redhat.com/security/data/cve/CVE-2016-3503.html
https://www.redhat.com/security/data/cve/CVE-2016-3508.html
https://www.redhat.com/security/data/cve/CVE-2016-3550.html
http://www.nessus.org/u?e0f448c8
http://www.oracle.com/technetwork/java/javase/documentation/
http://rhn.redhat.com/errata/RHSA-2016-1477.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

RHEL 5 / 6 / 7 : java-1.7.0-oracle (RHSA-2016:1476)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

An update for java-1.7.0-oracle is now available for Oracle Java for
Red Hat Enterprise Linux 5, Oracle Java for Red Hat Enterprise Linux
6, and Oracle Java for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security
impact of Critical. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

Oracle Java SE version 7 includes the Oracle Java Runtime Environment
and the Oracle Java Software Development Kit.

This update upgrades Oracle Java SE 7 to version 7 Update 111.

Security Fix(es) :

* This update fixes multiple vulnerabilities in the Oracle Java
Runtime Environment and the Oracle Java Software Development Kit.
Further information about these flaws can be found on the Oracle Java
SE Critical Patch Update Advisory page, listed in the References
section. (CVE-2016-3458, CVE-2016-3498, CVE-2016-3500, CVE-2016-3503,
CVE-2016-3508, CVE-2016-3511, CVE-2016-3550, CVE-2016-3606)

See also :

https://www.redhat.com/security/data/cve/CVE-2016-3458.html
https://www.redhat.com/security/data/cve/CVE-2016-3498.html
https://www.redhat.com/security/data/cve/CVE-2016-3500.html
https://www.redhat.com/security/data/cve/CVE-2016-3503.html
https://www.redhat.com/security/data/cve/CVE-2016-3508.html
https://www.redhat.com/security/data/cve/CVE-2016-3511.html
https://www.redhat.com/security/data/cve/CVE-2016-3550.html
https://www.redhat.com/security/data/cve/CVE-2016-3606.html
http://www.nessus.org/u?e0f448c8
http://www.oracle.com/technetwork/java/javaseproducts/documentation/
http://rhn.redhat.com/errata/RHSA-2016-1476.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

RHEL 6 / 7 : java-1.8.0-oracle (RHSA-2016:1475)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

An update for java-1.8.0-oracle is now available for Oracle Java for
Red Hat Enterprise Linux 6 and Oracle Java for Red Hat Enterprise
Linux 7.

Red Hat Product Security has rated this update as having a security
impact of Critical. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

Oracle Java SE version 8 includes the Oracle Java Runtime Environment
and the Oracle Java Software Development Kit.

This update upgrades Oracle Java SE 8 to version 8 Update 101.

Security Fix(es) :

* This update fixes multiple vulnerabilities in the Oracle Java
Runtime Environment and the Oracle Java Software Development Kit.
Further information about these flaws can be found on the Oracle Java
SE Critical Patch Update Advisory page, listed in the References
section. (CVE-2016-3458, CVE-2016-3498, CVE-2016-3500, CVE-2016-3503,
CVE-2016-3508, CVE-2016-3511, CVE-2016-3550, CVE-2016-3552,
CVE-2016-3587, CVE-2016-3598, CVE-2016-3606, CVE-2016-3610)

See also :

https://www.redhat.com/security/data/cve/CVE-2016-3458.html
https://www.redhat.com/security/data/cve/CVE-2016-3498.html
https://www.redhat.com/security/data/cve/CVE-2016-3500.html
https://www.redhat.com/security/data/cve/CVE-2016-3503.html
https://www.redhat.com/security/data/cve/CVE-2016-3508.html
https://www.redhat.com/security/data/cve/CVE-2016-3511.html
https://www.redhat.com/security/data/cve/CVE-2016-3550.html
https://www.redhat.com/security/data/cve/CVE-2016-3552.html
https://www.redhat.com/security/data/cve/CVE-2016-3587.html
https://www.redhat.com/security/data/cve/CVE-2016-3598.html
https://www.redhat.com/security/data/cve/CVE-2016-3606.html
https://www.redhat.com/security/data/cve/CVE-2016-3610.html
http://www.nessus.org/u?e0f448c8
http://www.nessus.org/u?92867054
http://rhn.redhat.com/errata/RHSA-2016-1475.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

openSUSE Security Update : p7zip (openSUSE-2016-890)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

fix 7zip UDF CInArchive::ReadFileItem code execution vulnerability
[boo#979823],[CVE-2016-2335]

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=979823

Solution :

Update the affected p7zip packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

openSUSE Security Update : dhcp (openSUSE-2016-887)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This update for dhcp fixes the following issues :

Security issue fixed :

- CVE-2016-2774: Fixed a denial of service attack against
the DHCP server over the OMAPI TCP socket, which could
be used by network adjacent attackers to make the DHCP
server non-functional (bsc#969820).

Non security issues fixed :

- Rename freeaddrinfo(), getaddrinfo() and getnameinfo()
in the internal libirs library that does not consider
/etc/hosts and /etc/nsswitch.conf to use irs_ prefix.
This prevents name conflicts which would result in
overriding standard glibc functions used by libldap.
(bsc#972907)

This update was imported from the SUSE:SLE-12-SP1:Update update
project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=969820
https://bugzilla.opensuse.org/show_bug.cgi?id=972907

Solution :

Update the affected dhcp packages.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

FreeBSD : MySQL -- Multiple vulnerabilities (ca5cb202-4f51-11e6-b2ec-b499baebfeaf)


Synopsis:

The remote FreeBSD host is missing one or more security-related
updates.

Description:

Oracle reports :

The quarterly Critical Patch Update contains 22 new security fixes for
Oracle MySQL 5.5.49, 5.6.30, 5.7.13 and earlier

See also :

http://www.nessus.org/u?2d65519a
http://www.nessus.org/u?2e1038da

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

FreeBSD : Apache OpenOffice 4.1.2 -- Memory Corruption Vulnerability (Impress Presentations) (72f71e26-4f69-11e6-ac37-ac9e174be3af)


Synopsis:

The remote FreeBSD host is missing one or more security-related
updates.

Description:

The Apache OpenOffice Project reports :

An OpenDocument Presentation .ODP or Presentation Template .OTP file
can contain invalid presentation elements that lead to memory
corruption when the document is loaded in Apache OpenOffice Impress.
The defect may cause the document to appear as corrupted and
OpenOffice may crash in a recovery-stuck mode requiring manual
intervention. A crafted exploitation of the defect can allow an
attacker to cause denial of service (memory corruption and application
crash) and possible execution of arbitrary code.

See also :

http://www.openoffice.org/security/cves/CVE-2015-4551.html
http://www.nessus.org/u?fef31fc2

Solution :

Update the affected packages.

Risk factor :

High

This script is Copyright (C) 2016 Tenable Network Security, Inc.

FreeBSD : krb5 -- KDC denial of service vulnerability (62d45229-4fa0-11e6-9d13-206a8a720317)


Synopsis:

The remote FreeBSD host is missing a security-related update.

Description:

Major changes in krb5 1.14.3 :

Fix a rare KDC denial of service vulnerability when anonymous client
principals are restricted to obtaining TGTs only [CVE-2016-3120] .

See also :

http://web.mit.edu/kerberos/krb5-1.14/
http://www.nessus.org/u?b2d182cb

Solution :

Update the affected package.

Risk factor :

High

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Debian DSA-3624-1 : mysql-5.5 - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

Several issues have been discovered in the MySQL database server. The
vulnerabilities are addressed by upgrading MySQL to the new upstream
version 5.5.50. Please see the MySQL 5.5 Release Notes and Oracle's
Critical Patch Update advisory for further details :

-
https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5
-50.html
-
http://www.oracle.com/technetwork/security-advisory/cpuj
ul2016-2881720.html

See also :

https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-50.html
http://www.nessus.org/u?453b5f8c
https://packages.debian.org/source/jessie/mysql-5.5
http://www.debian.org/security/2016/dsa-3624

Solution :

Upgrade the mysql-5.5 packages.

For the stable distribution (jessie), these problems have been fixed
in version 5.5.50-0+deb8u1.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Debian DLA-555-1 : python-django security update


Synopsis:

The remote Debian host is missing a security update.

Description:

It was discovered that Django, a high-level Python web development
framework, is prone to a cross-site scripting vulnerability in the
admin's add/change related popup and debug view.

For Debian 7 'Wheezy', these problems have been fixed in version
1.4.5-1+deb7u17.

We recommend that you upgrade your python-django packages.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues.

See also :

https://lists.debian.org/debian-lts-announce/2016/07/msg00017.html
https://packages.debian.org/source/wheezy/python-django

Solution :

Upgrade the affected python-django, and python-django-doc packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Debian DLA-554-1 : libarchive security update


Synopsis:

The remote Debian host is missing a security update.

Description:

Several vulnerabilities were discovered in libarchive, a library for
reading and writing archives in various formats. An attacker can take
advantage of these flaws to cause a denial of service against an
application using the libarchive library (application crash), or
potentially execute arbitrary code with the privileges of the user
running the application.

For Debian 7 'Wheezy', these problems have been fixed in version
3.0.4-3+wheezy2.

We recommend that you upgrade your libarchive packages.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues.

See also :

https://lists.debian.org/debian-lts-announce/2016/07/msg00016.html
https://packages.debian.org/source/wheezy/libarchive

Solution :

Upgrade the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Slackware 14.0 / 14.1 / 14.2 / current : php (SSA:2016-203-02)


Synopsis:

The remote Slackware host is missing a security update.

Description:

New php packages are available for Slackware 14.0, 14.1, 14.2, and
-current to fix security issues.

See also :

http://www.nessus.org/u?d89b3856

Solution :

Update the affected php package.

Risk factor :

Medium / CVSS Base Score : 5.1
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Slackware 14.0 / 14.1 / 14.2 / current : gimp (SSA:2016-203-01)


Synopsis:

The remote Slackware host is missing a security update.

Description:

New gimp packages are available for Slackware 14.0, 14.1, 14.2, and
-current to fix a security issue.

See also :

http://www.nessus.org/u?4ffc6dba

Solution :

Update the affected gimp package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Mac OS X 10.9.5 and 10.10.5 Multiple Vulnerabilities (Security Update 2016-004)


Synopsis:

The remote host is missing a Mac OS X security update that fixes
multiple vulnerabilities.

Description:

The remote host is running a version of Mac OS X that is 10.9.5 or
10.10.5 and is missing Security Update 2016-004. It is, therefore,
affected by multiple vulnerabilities in the following components :

- apache_mod_php (affects 10.10.5 only)
- CoreGraphics
- ImageIO
- libxml2
- libxslt

Note that successful exploitation of the most serious issues can
result in arbitrary code execution.

See also :

https://support.apple.com/en-us/HT206903
http://www.nessus.org/u?5da74f53

Solution :

Install Security Update 2016-004 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Mac OS X 10.11.x < 10.11.6 Multiple Vulnerabilities


Synopsis:

The remote host is missing a Mac OS X security update that fixes
multiple vulnerabilities.

Description:

The remote host is running a version of Mac OS X that is 10.11.x prior
to 10.11.6. It is, therefore, affected by multiple vulnerabilities in
the following components :

- apache_mod_php
- Audio
- bsdiff
- CFNetwork
- CoreGraphics
- FaceTime
- Graphics Drivers
- ImageIO
- Intel Graphics Driver
- IOHIDFamily
- IOKit
- IOSurface
- Kernel
- libc++abi
- libexpat
- LibreSSL
- libxml2
- libxslt
- Login Window
- OpenSSL
- QuickTime
- Safari Login AutoFill
- Sandbox Profiles

Note that successful exploitation of the most serious issues can
result in arbitrary code execution.

See also :

http://support.apple.com/en-us/HT206903
http://www.nessus.org/u?5da74f53

Solution :

Upgrade to Mac OS X 10.11.6 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Drupal 8.x < 8.1.7 PHP HTTP_PROXY Environment Variable Namespace Collision Vulnerability (httpoxy)


Synopsis:

A PHP application running on the remote web server is affected by a
man-in-the-middle vulnerability.

Description:

The version of Drupal running on the remote web server is 8.x prior
to 8.1.7. It is, therefore, affected by a man-in-the-middle
vulnerability known as 'httpoxy' due to a failure to properly resolve
namespace conflicts in accordance with RFC 3875 section 4.1.18. The
HTTP_PROXY environment variable is set based on untrusted user data in
the 'Proxy' header of HTTP requests. The HTTP_PROXY environment
variable is used by some web client libraries to specify a remote
proxy server. An unauthenticated, remote attacker can exploit this,
via a crafted 'Proxy' header in an HTTP request, to redirect an
application's internal HTTP traffic to an arbitrary proxy server where
it may be observed or manipulated.

Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number.

See also :

https://www.drupal.org/SA-CORE-2016-003
https://httpoxy.org
https://www.drupal.org/project/drupal/releases/8.1.7

Solution :

Upgrade to Drupal version 8.1.7 or later.

Risk factor :

Medium / CVSS Base Score : 5.1
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Apple TV < 9.2.2 Multiple Vulnerabilities


Synopsis:

The remote Apple TV device is affected by multiple vulnerabilities.

Description:

According to its banner, the version of the remote Apple TV device is
prior to 9.2.2. It is, therefore, affected by multiple vulnerabilities
in the following components :

- CoreGraphics
- ImageIO
- IOAcceleratorFamily
- IOHIDFamily
- Kernel
- libxml2
- libxslt
- Sandbox Profiles
- WebKit
- WebKit Page Loading

Note that only 4th generation models are affected by the
vulnerabilities.

See also :

https://support.apple.com/en-us/HT206905
http://www.nessus.org/u?8c0647e9

Solution :

Upgrade to Apple TV version 9.2.2 or later. Note that this update is
only available for 4th generation models.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

ISC BIND 9.x < 9.9.9-P2 / 9.10.x < 9.10.4-P2 / 9.11.0a3 < 9.11.0b2 lwres Query DoS


Synopsis:

The remote name server is affected by a denial of service
vulnerability.

Description:

According to its self-reported version number, the installation of
ISC BIND running on the remote name server is 9.x prior to 9.9.9-P2,
9.10.x prior to 9.10.4-P2, or 9.11.0a3 prior to 9.11.0b2. It is,
therefore, affected by an error in the lightweight resolver (lwres)
protocol implementation when resolving a query name that, when
combined with a search list entry, exceeds the maximum allowable
length. An unauthenticated, remote attacker can exploit this to cause
a segmentation fault, resulting in a denial of service condition. This
issue occurs when lwresd or the the named 'lwres' option is enabled.

See also :

https://kb.isc.org/article/AA-01393

Solution :

Upgrade to ISC BIND version 9.9.8-P3 / 9.9.8-S4 / 9.10.3-P3 or later.

Note that BIND 9 version 9.9.9-S3 is available exclusively for
eligible ISC Support customers.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Oracle JRockit R28.3.10 Multiple Vulnerabilities (July 2016 CPU)


Synopsis:

A programming platform installed on the remote Windows host is
affected by multiple vulnerabilities.

Description:

The version of Oracle JRockit installed on the remote Windows host is
28.3.10. It is, therefore, affected by multiple vulnerabilities :

- An unspecified flaw exists in the Networking
subcomponent that allows a local attacker to impact
integrity. (CVE-2016-3485)

- Multiple unspecified flaws exist in the JAXP
subcomponent that allow an unauthenticated, remote
attacker to cause a denial of service condition.
(CVE-2016-3500, CVE-2016-3508)

See also :

http://www.nessus.org/u?375663ac

Solution :

Upgrade to Oracle JRockit version R28.3.11 or later as referenced in
the July 2016 Oracle Critical Patch Update advisory.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Scientific Linux Security Update : java-1.8.0-openjdk on SL6.x, SL7.x i386/x86_64


Synopsis:

The remote Scientific Linux host is missing one or more security
updates.

Description:

Security Fix(es) :

- Multiple flaws were discovered in the Hotspot and
Libraries components in OpenJDK. An untrusted Java
application or applet could use these flaws to
completely bypass Java sandbox restrictions.
(CVE-2016-3606, CVE-2016-3587, CVE-2016-3598,
CVE-2016-3610)

- Multiple denial of service flaws were found in the JAXP
component in OpenJDK. A specially crafted XML file could
cause a Java application using JAXP to consume an
excessive amount of CPU and memory when parsed.
(CVE-2016-3500, CVE-2016-3508)

- Multiple flaws were found in the CORBA and Hotsport
components in OpenJDK. An untrusted Java application or
applet could use these flaws to bypass certain Java
sandbox restrictions. (CVE-2016-3458, CVE-2016-3550)

Note: If the web browser plug-in provided by the icedtea-web package
was installed, the issues exposed via Java applets could have been
exploited without user interaction if a user visited a malicious
website.

See also :

http://www.nessus.org/u?d38a7835

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

RHEL 6 / 7 : java-1.8.0-openjdk (RHSA-2016:1458)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

An update for java-1.8.0-openjdk is now available for Red Hat
Enterprise Linux 6 and Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security
impact of Critical. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime
Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es) :

* Multiple flaws were discovered in the Hotspot and Libraries
components in OpenJDK. An untrusted Java application or applet could
use these flaws to completely bypass Java sandbox restrictions.
(CVE-2016-3606, CVE-2016-3587, CVE-2016-3598, CVE-2016-3610)

* Multiple denial of service flaws were found in the JAXP component in
OpenJDK. A specially crafted XML file could cause a Java application
using JAXP to consume an excessive amount of CPU and memory when
parsed. (CVE-2016-3500, CVE-2016-3508)

* Multiple flaws were found in the CORBA and Hotsport components in
OpenJDK. An untrusted Java application or applet could use these flaws
to bypass certain Java sandbox restrictions. (CVE-2016-3458,
CVE-2016-3550)

Note: If the web browser plug-in provided by the icedtea-web package
was installed, the issues exposed via Java applets could have been
exploited without user interaction if a user visited a malicious
website.

See also :

https://www.redhat.com/security/data/cve/CVE-2016-3458.html
https://www.redhat.com/security/data/cve/CVE-2016-3500.html
https://www.redhat.com/security/data/cve/CVE-2016-3508.html
https://www.redhat.com/security/data/cve/CVE-2016-3550.html
https://www.redhat.com/security/data/cve/CVE-2016-3587.html
https://www.redhat.com/security/data/cve/CVE-2016-3598.html
https://www.redhat.com/security/data/cve/CVE-2016-3606.html
https://www.redhat.com/security/data/cve/CVE-2016-3610.html
http://rhn.redhat.com/errata/RHSA-2016-1458.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Oracle Linux 6 / 7 : java-1.8.0-openjdk (ELSA-2016-1458)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

From Red Hat Security Advisory 2016:1458 :

An update for java-1.8.0-openjdk is now available for Red Hat
Enterprise Linux 6 and Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security
impact of Critical. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime
Environment and the OpenJDK 8 Java Software Development Kit.

Security Fix(es) :

* Multiple flaws were discovered in the Hotspot and Libraries
components in OpenJDK. An untrusted Java application or applet could
use these flaws to completely bypass Java sandbox restrictions.
(CVE-2016-3606, CVE-2016-3587, CVE-2016-3598, CVE-2016-3610)

* Multiple denial of service flaws were found in the JAXP component in
OpenJDK. A specially crafted XML file could cause a Java application
using JAXP to consume an excessive amount of CPU and memory when
parsed. (CVE-2016-3500, CVE-2016-3508)

* Multiple flaws were found in the CORBA and Hotsport components in
OpenJDK. An untrusted Java application or applet could use these flaws
to bypass certain Java sandbox restrictions. (CVE-2016-3458,
CVE-2016-3550)

Note: If the web browser plug-in provided by the icedtea-web package
was installed, the issues exposed via Java applets could have been
exploited without user interaction if a user visited a malicious
website.

See also :

https://oss.oracle.com/pipermail/el-errata/2016-July/006206.html
https://oss.oracle.com/pipermail/el-errata/2016-July/006207.html

Solution :

Update the affected java-1.8.0-openjdk packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

openSUSE Security Update : nodejs (openSUSE-2016-884)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This update for nodejs fixes the following issue :

- CVE-2016-1669 :

- fix buffer overflow in v8 (boo#987919)

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=987919

Solution :

Update the affected nodejs packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

openSUSE Security Update : ImageMagick (openSUSE-2016-883)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

ImageMagick was updated to fix 66 security issues.

These security issues were fixed :

- CVE-2014-9810: SEGV in dpx file handler. (bsc#983803).

- CVE-2014-9811: Crash in xwd file handler (bsc#984032).

- CVE-2014-9812: NULL pointer dereference in ps file
handling (bsc#984137).

- CVE-2014-9813: Crash on corrupted viff file
(bsc#984035).

- CVE-2014-9814: NULL pointer dereference in wpg file
handling (bsc#984193).

- CVE-2014-9815: Crash on corrupted wpg file (bsc#984372).

- CVE-2014-9816: Out of bound access in viff image
(bsc#984398).

- CVE-2014-9817: Heap buffer overflow in pdb file handling
(bsc#984400).

- CVE-2014-9818: Out of bound access on malformed sun file
(bsc#984181).

- CVE-2014-9819: Heap overflow in palm files (bsc#984142).

- CVE-2014-9830: Handling of corrupted sun file
(bsc#984135).

- CVE-2014-9831: Handling of corrupted wpg file
(bsc#984375).

- CVE-2014-9850: Incorrect thread limit logic
(bsc#984149).

- CVE-2014-9851: Crash when parsing resource block
(bsc#984160).

- CVE-2014-9852: Incorrect usage of object after it has
been destroyed (bsc#984191).

- CVE-2014-9853: Memory leak in rle file handling
(bsc#984408).

- CVE-2015-8902: PDB file DoS (CPU consumption)
(bsc#983253).

- CVE-2015-8903: Denial of service (cpu) in vicar
(bsc#983259).

- CVE-2015-8900: HDR file DoS (endless loop) (bsc#983232).

- CVE-2015-8901: MIFF file DoS (endless loop)
(bsc#983234).

- CVE-2016-5688: Various invalid memory reads in
ImageMagick WPG (bsc#985442).

- CVE-2014-9834: Heap overflow in pict file (bsc#984436).

- CVE-2014-9806: Prevent leak of file descriptor due to
corrupted file. (bsc#983774).

- CVE-2016-5687: Out of bounds read in DDS coder
(bsc#985448).

- CVE-2014-9838: Out of memory crash in magick/cache.c
(bsc#984370).

- CVE-2014-9854: Filling memory during identification of
TIFF image (bsc#984184).

- CVE-2015-8898: Prevent NULL pointer access in
magick/constitute.c (bsc#983746).

- CVE-2014-9833: Heap overflow in psd file (bsc#984406).

- CVE-2015-8894: Double free in coders/tga.c:221
(bsc#983523).

- CVE-2015-8895: Integer and Buffer overflow in
coders/icon.c (bsc#983527).

- CVE-2015-8896: Double free / integer truncation issue in
coders/pict.c:2000 (bsc#983533).

- CVE-2015-8897: Out of bounds error in SpliceImage
(bsc#983739).

- CVE-2016-5690: Bad foor loop in DCM coder (bsc#985451).

- CVE-2016-5691: Checks for pixel.red/green/blue in dcm
coder (bsc#985456).

- CVE-2014-9836: Crash in xpm file handling (bsc#984023).

- CVE-2014-9808: SEGV due to corrupted dpc images.
(bsc#983796).

- CVE-2014-9821: Avoid heap overflow in pnm files.
(bsc#984014).

- CVE-2014-9820: Heap overflow in xpm files (bsc#984150).

- CVE-2014-9823: Heap overflow in palm file (bsc#984401).

- CVE-2014-9822: Heap overflow in quantum file
(bsc#984187).

- CVE-2014-9825: Heap overflow in corrupted psd file
(bsc#984427).

- CVE-2014-9824: Heap overflow in psd file (bsc#984185).

- CVE-2014-9809: SEGV due to corrupted xwd images.
(bsc#983799).

- CVE-2014-9826: Incorrect error handling in sun files
(bsc#984186).

- CVE-2014-9843: Incorrect boundary checks in
DecodePSDPixels (bsc#984179).

- CVE-2014-9842: Memory leak in psd handling (bsc#984374).

- CVE-2014-9841: Throwing of exceptions in psd handling
(bsc#984172).

- CVE-2014-9840: Out of bound access in palm file
(bsc#984433).

- CVE-2014-9847: Incorrect handling of 'previous' image in
the JNG decoder (bsc#984144).

- CVE-2014-9846: Added checks to prevent overflow in rle
file. (bsc#983521).

- CVE-2014-9845: Crash due to corrupted dib file
(bsc#984394).

- CVE-2014-9844: Out of bound issue in rle file
(bsc#984373).

- CVE-2014-9849: Crash in png coder (bsc#984018).

- CVE-2014-9848: Memory leak in quantum management
(bsc#984404).

- CVE-2014-9807: Double free in pdb coder. (bsc#983794).

- CVE-2014-9829: Out of bound access in sun file
(bsc#984409).

- CVE-2014-9832: Heap overflow in pcx file (bsc#984183).

- CVE-2014-9805: SEGV due to a corrupted pnm file.
(bsc#983752).

- CVE-2016-4564: The DrawImage function in
MagickCore/draw.c in ImageMagick made an incorrect
function call in attempting to locate the next token,
which allowed remote attackers to cause a denial of
service (buffer overflow and application crash) or
possibly have unspecified other impact via a crafted
file (bsc#983308).

- CVE-2016-4563: The TraceStrokePolygon function in
MagickCore/draw.c in ImageMagick mishandled the
relationship between the BezierQuantum value and certain
strokes data, which allowed remote attackers to cause a
denial of service (buffer overflow and application
crash) or possibly have unspecified other impact via a
crafted file (bsc#983305).

- CVE-2016-4562: The DrawDashPolygon function in
MagickCore/draw.c in ImageMagick mishandled calculations
of certain vertices integer data, which allowed remote
attackers to cause a denial of service (buffer overflow
and application crash) or possibly have unspecified
other impact via a crafted file (bsc#983292).

- CVE-2014-9839: Theoretical out of bound access in
magick/colormap-private.h (bsc#984379).

- CVE-2016-5689: NULL ptr dereference in dcm coder
(bsc#985460).

- CVE-2014-9837: Additional PNM sanity checks
(bsc#984166).

- CVE-2014-9835: Heap overflow in wpf file (bsc#984145).

- CVE-2014-9828: Corrupted (too many colors) psd file
(bsc#984028).

- CVE-2016-5841: Integer overflow could have read to RCE
(bnc#986609).

- CVE-2016-5842: Out-of-bounds read in
MagickCore/property.c:1396 could have lead to memory
leak (bnc#986608).

This update was imported from the SUSE:SLE-12:Update update project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=983232
https://bugzilla.opensuse.org/show_bug.cgi?id=983234
https://bugzilla.opensuse.org/show_bug.cgi?id=983253
https://bugzilla.opensuse.org/show_bug.cgi?id=983259
https://bugzilla.opensuse.org/show_bug.cgi?id=983292
https://bugzilla.opensuse.org/show_bug.cgi?id=983305
https://bugzilla.opensuse.org/show_bug.cgi?id=983308
https://bugzilla.opensuse.org/show_bug.cgi?id=983521
https://bugzilla.opensuse.org/show_bug.cgi?id=983523
https://bugzilla.opensuse.org/show_bug.cgi?id=983527
https://bugzilla.opensuse.org/show_bug.cgi?id=983533
https://bugzilla.opensuse.org/show_bug.cgi?id=983739
https://bugzilla.opensuse.org/show_bug.cgi?id=983746
https://bugzilla.opensuse.org/show_bug.cgi?id=983752
https://bugzilla.opensuse.org/show_bug.cgi?id=983774
https://bugzilla.opensuse.org/show_bug.cgi?id=983794
https://bugzilla.opensuse.org/show_bug.cgi?id=983796
https://bugzilla.opensuse.org/show_bug.cgi?id=983799
https://bugzilla.opensuse.org/show_bug.cgi?id=983803
https://bugzilla.opensuse.org/show_bug.cgi?id=984014
https://bugzilla.opensuse.org/show_bug.cgi?id=984018
https://bugzilla.opensuse.org/show_bug.cgi?id=984023
https://bugzilla.opensuse.org/show_bug.cgi?id=984028
https://bugzilla.opensuse.org/show_bug.cgi?id=984032
https://bugzilla.opensuse.org/show_bug.cgi?id=984035
https://bugzilla.opensuse.org/show_bug.cgi?id=984135
https://bugzilla.opensuse.org/show_bug.cgi?id=984137
https://bugzilla.opensuse.org/show_bug.cgi?id=984142
https://bugzilla.opensuse.org/show_bug.cgi?id=984144
https://bugzilla.opensuse.org/show_bug.cgi?id=984145
https://bugzilla.opensuse.org/show_bug.cgi?id=984149
https://bugzilla.opensuse.org/show_bug.cgi?id=984150
https://bugzilla.opensuse.org/show_bug.cgi?id=984160
https://bugzilla.opensuse.org/show_bug.cgi?id=984166
https://bugzilla.opensuse.org/show_bug.cgi?id=984172
https://bugzilla.opensuse.org/show_bug.cgi?id=984179
https://bugzilla.opensuse.org/show_bug.cgi?id=984181
https://bugzilla.opensuse.org/show_bug.cgi?id=984183
https://bugzilla.opensuse.org/show_bug.cgi?id=984184
https://bugzilla.opensuse.org/show_bug.cgi?id=984185
https://bugzilla.opensuse.org/show_bug.cgi?id=984186
https://bugzilla.opensuse.org/show_bug.cgi?id=984187
https://bugzilla.opensuse.org/show_bug.cgi?id=984191
https://bugzilla.opensuse.org/show_bug.cgi?id=984193
https://bugzilla.opensuse.org/show_bug.cgi?id=984370
https://bugzilla.opensuse.org/show_bug.cgi?id=984372
https://bugzilla.opensuse.org/show_bug.cgi?id=984373
https://bugzilla.opensuse.org/show_bug.cgi?id=984374
https://bugzilla.opensuse.org/show_bug.cgi?id=984375
https://bugzilla.opensuse.org/show_bug.cgi?id=984379
https://bugzilla.opensuse.org/show_bug.cgi?id=984394
https://bugzilla.opensuse.org/show_bug.cgi?id=984398
https://bugzilla.opensuse.org/show_bug.cgi?id=984400
https://bugzilla.opensuse.org/show_bug.cgi?id=984401
https://bugzilla.opensuse.org/show_bug.cgi?id=984404
https://bugzilla.opensuse.org/show_bug.cgi?id=984406
https://bugzilla.opensuse.org/show_bug.cgi?id=984408
https://bugzilla.opensuse.org/show_bug.cgi?id=984409
https://bugzilla.opensuse.org/show_bug.cgi?id=984427
https://bugzilla.opensuse.org/show_bug.cgi?id=984433
https://bugzilla.opensuse.org/show_bug.cgi?id=984436
https://bugzilla.opensuse.org/show_bug.cgi?id=985442
https://bugzilla.opensuse.org/show_bug.cgi?id=985448
https://bugzilla.opensuse.org/show_bug.cgi?id=985451
https://bugzilla.opensuse.org/show_bug.cgi?id=985456
https://bugzilla.opensuse.org/show_bug.cgi?id=985460
https://bugzilla.opensuse.org/show_bug.cgi?id=986608
https://bugzilla.opensuse.org/show_bug.cgi?id=986609

Solution :

Update the affected ImageMagick packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

GLSA-201607-16 : arpwatch: Privilege escalation


Synopsis:

The remote Gentoo host is missing one or more security-related
patches.

Description:

The remote host is affected by the vulnerability described in GLSA-201607-16
(arpwatch: Privilege escalation)

Arpwatch does not properly drop supplementary groups.

Impact :

Attackers, if able to exploit arpwatch, could escalate privileges
outside of the running process.

Workaround :

There is no known workaround at this time.

See also :

https://security.gentoo.org/glsa/201607-16

Solution :

All arpwatch users should upgrade to the latest version:
# emerge --sync
# emerge --ask --verbose --oneshot '>=net-analyzer/arpwatch-2.1.15-r8'

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

GLSA-201607-15 : NTP: Multiple vulnerabilities


Synopsis:

The remote Gentoo host is missing one or more security-related
patches.

Description:

The remote host is affected by the vulnerability described in GLSA-201607-15
(NTP: Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in NTP. Please review the
CVE identifiers referenced below for details.

Impact :

A remote attacker could possibly cause a Denial of Service condition.

Workaround :

There is no known workaround at this time.

See also :

https://security.gentoo.org/glsa/201607-15
https://www.tenable.com/security/research/tra-2015-04

Solution :

All NTP users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=net-misc/ntp-4.2.8_p8'

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

GLSA-201607-14 : Ansible: Privilege escalation


Synopsis:

The remote Gentoo host is missing one or more security-related
patches.

Description:

The remote host is affected by the vulnerability described in GLSA-201607-14
(Ansible: Privilege escalation)

The create_script function in the lxc_container module of Ansible uses
predictable temporary file names, making it vulnerable to a symlink
attack.

Impact :

Local attackers could write arbitrary files or gain escalated privileges
within the container.

Workaround :

There is no known workaround at this time.

See also :

https://security.gentoo.org/glsa/201607-14

Solution :

All Ansible 1.9.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=app-admin/ansible-1.9.6'
All Ansible 2.0.2.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=app-admin/ansible-2.0.2.0-r1'

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

GLSA-201607-13 : libbsd: Arbitrary code execution


Synopsis:

The remote Gentoo host is missing one or more security-related
patches.

Description:

The remote host is affected by the vulnerability described in GLSA-201607-13
(libbsd: Arbitrary code execution)

libbsd contains a buffer overflow in the fgetwln() function. An if
statement, which is responsible for checking the necessity to reallocate
memory in the target buffer, is off by one therefore an out of bounds
write occurs.

Impact :

Remote attackers could potentially execute arbitrary code with the
privileges of the process.

Workaround :

There is no known workaround at this time.

See also :

https://security.gentoo.org/glsa/201607-13

Solution :

All libbsd users should upgrade to the latest version:
# emerge --sync
# emerge --ask --verbose --oneshot '>=dev-libs/libbsd-0.8.2'

Risk factor :

Medium

This script is Copyright (C) 2016 Tenable Network Security, Inc.