Newest Plugins

Apple iOS < 9.3.5 Multiple Vulnerabilities


Synopsis:

The version of iOS running on the mobile device is affected by
multiple vulnerabilities.

Description:

The version of iOS running on the mobile device is prior to 9.3.5. It
is, therefore, affected by multiple vulnerabilities :

- An information disclosure vulnerability exists in the
kernel due to improper sanitization of user-supplied
input. An unauthenticated, remote attacker can exploit
this, by convincing a user to run a specially crafted
application, to disclose sensitive information from
kernel memory. (CVE-2016-4655)

- An arbitrary code execution vulnerability exists in the
kernel due to improper sanitization of user-supplied
input. An unauthenticated, remote attacker can exploit
this, by convincing a user to run a specially crafted
application, to corrupt memory, resulting in a denial of
service condition or the execution of arbitrary code
with kernel privileges. (CVE-2016-4656)

- An arbitrary code execution vulnerability exists in
WebKit due to improper sanitization of user-supplied
input. An unauthenticated, remote attacker can exploit
this, by convincing a user to visit a specially crafted
website, to corrupt memory, resulting in the execution
of arbitrary code. (CVE-2016-4657)

See also :

https://support.apple.com/en-us/HT207107
http://www.nessus.org/u?a5d58fa6
http://www.nessus.org/u?c884d592
http://www.nessus.org/u?ce3ddb00

Solution :

Upgrade to Apple iOS version 9.3.5 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Cisco IOS XE Software Border Gateway Protocol Message Processing DoS (cisco-sa-20160715-bgp)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

The Cisco IOS XE Software running on the remote device is missing a
security patch. It is, therefore, affected by a denial of service
vulnerability in the Border Gateway Protocol (BGP) message processing
functions due to improper processing of BGP attributes. An
authenticated, remote attacker can exploit this, via specially crafted
BGP messages under certain unspecified conditions, to cause the
affected device to reload.

Note that Nessus has not tested for the presence of the workarounds
referenced in the vendor advisory.

See also :

http://www.nessus.org/u?94ed1c7e

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20160715-bgp. Alternatively, set a 'maxpath-limit' value for
BGP MIBs or suppress the use of BGP MIBs.

Risk factor :

Medium / CVSS Base Score : 4.9
(CVSS2#AV:N/AC:H/Au:S/C:N/I:N/A:C)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Cisco IOS Software Border Gateway Protocol Message Processing DoS (cisco-sa-20160715-bgp)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

The Cisco IOS Software running on the remote device is missing a
security patch. It is, therefore, affected by a denial of service
vulnerability in the Border Gateway Protocol (BGP) message processing
functions due to improper processing of BGP attributes. An
authenticated, remote attacker can exploit this, via specially crafted
BGP messages under certain unspecified conditions, to cause the
affected device to reload.

Note that Nessus has not tested for the presence of the workarounds
referenced in the vendor advisory.

See also :

http://www.nessus.org/u?94ed1c7e

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20160715-bgp. Alternatively, set a 'maxpath-limit' value for
BGP MIBs or suppress the use of BGP MIBs.

Risk factor :

Medium / CVSS Base Score : 4.9
(CVSS2#AV:N/AC:H/Au:S/C:N/I:N/A:C)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Oracle Access Manager Webgate Information Disclosure (July 2016 CPU)


Synopsis:

An authentication management application installed on the remote host
is affect by an information disclosure vulnerability.

Description:

The version of Oracle Access Manager installed on the remote host is
affected by an information disclosure vulnerability in the Web Server
Plugin subcomponent due to multiple flaws that exist in the bundled
OpenSSL library, specifically in the aesni_cbc_hmac_sha1_cipher()
function within file crypto/evp/e_aes_cbc_hmac_sha1.c and in the
aesni_cbc_hmac_sha256_cipher() function within file
crypto/evp/e_aes_cbc_hmac_sha256.c, which are triggered when the
connection uses an AES-CBC cipher and AES-NI is supported by the
server. A man-in-the-middle attacker can exploit these flaws to
conduct a padding oracle attack, resulting in the ability to decrypt
the network traffic.

See also :

http://www.nessus.org/u?e49b75d6

Solution :

Apply the appropriate patches according to the July 2016 Oracle
Critical Patch Update advisory.

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : eog vulnerability (USN-3069-1)


Synopsis:

The remote Ubuntu host is missing a security-related patch.

Description:

It was discovered that Eye of GNOME incorrectly handled certain
invalid UTF-8 strings. If a user were tricked into opening a specially
crafted image, a remote attacker could use this issue to cause Eye of
GNOME to crash, resulting in a denial of service, or possibly execute
arbitrary code.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected eog package.

Risk factor :

High

This script is Copyright (C) 2016 Tenable Network Security, Inc.

RHEL 6 : JBoss Web Server (RHSA-2016:1649)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

An update is now available for Red Hat JBoss Enterprise Web Server 2.1
for RHEL 6.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

Red Hat JBoss Web Server is a fully integrated and certified set of
components for hosting Java web applications. It is comprised of the
Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat
Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and
the Tomcat Native library.

This release serves as a replacement for Red Hat JBoss Web Server
2.1.0, and includes several bug fixes. Refer to the Red Hat JBoss Web
Server 2.1.1 Release Notes, linked to in the References section, for
information on the most significant of these changes.

All users of Red Hat JBoss Web Server 2.1.0 on Red Hat Enterprise
Linux 6 are advised to upgrade to Red Hat JBoss Web Server 2.1.1. The
JBoss server process must be restarted for this update to take effect.

Security Fix(es) :

* It was discovered that httpd used the value of the Proxy header from
HTTP requests to initialize the HTTP_PROXY environment variable for
CGI scripts, which in turn was incorrectly used by certain HTTP client
implementations to configure the proxy for outgoing HTTP requests. A
remote attacker could possibly use this flaw to redirect HTTP requests
performed by a CGI script to an attacker-controlled proxy via a
malicious HTTP request. (CVE-2016-5387)

* An integer overflow flaw, leading to a buffer overflow, was found in
the way the EVP_EncodeUpdate() function of OpenSSL parsed very large
amounts of input data. A remote attacker could use this flaw to crash
an application using OpenSSL or, possibly, execute arbitrary code with
the permissions of the user running that application. (CVE-2016-2105)

* An integer overflow flaw, leading to a buffer overflow, was found in
the way the EVP_EncryptUpdate() function of OpenSSL parsed very large
amounts of input data. A remote attacker could use this flaw to crash
an application using OpenSSL or, possibly, execute arbitrary code with
the permissions of the user running that application. (CVE-2016-2106)

* It was discovered that it is possible to remotely Segfault Apache
http server with a specially crafted string sent to the mod_cluster
via service messages (MCMP). (CVE-2016-3110)

Red Hat would like to thank Scott Geary (VendHQ) for reporting
CVE-2016-5387
the OpenSSL project for reporting CVE-2016-2105 and
CVE-2016-2106
and Michal Karm Babacek for reporting CVE-2016-3110.
Upstream acknowledges Guido Vranken as the original reporter of
CVE-2016-2105 and CVE-2016-2106.

See also :

http://www.nessus.org/u?3a945825
https://access.redhat.com/site/documentation/
http://www.nessus.org/u?7810494c
https://access.redhat.com/security/vulnerabilities/httpoxy
http://rhn.redhat.com/errata/RHSA-2016-1649.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.0
(CVSS2#E:U/RL:U/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2016 Tenable Network Security, Inc.

RHEL 7 : JBoss Web Server (RHSA-2016:1648)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

An update is now available for Red Hat JBoss Enterprise Web Server 2.1
for RHEL 7.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

Red Hat JBoss Web Server is a fully integrated and certified set of
components for hosting Java web applications. It is comprised of the
Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat
Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and
the Tomcat Native library.

This release serves as a replacement for Red Hat JBoss Web Server
2.1.0, and includes several bug fixes. Refer to the Red Hat JBoss Web
Server 2.1.1 Release Notes for information on the most significant of
these changes, available shortly from
https://access.redhat.com/site/documentation/

All users of Red Hat JBoss Web Server 2.1.0 on Red Hat Enterprise
Linux 7 are advised to upgrade to Red Hat JBoss Web Server 2.1.1. The
JBoss server process must be restarted for this update to take effect.

Security Fix(es) :

* It was discovered that httpd used the value of the Proxy header from
HTTP requests to initialize the HTTP_PROXY environment variable for
CGI scripts, which in turn was incorrectly used by certain HTTP client
implementations to configure the proxy for outgoing HTTP requests. A
remote attacker could possibly use this flaw to redirect HTTP requests
performed by a CGI script to an attacker-controlled proxy via a
malicious HTTP request. (CVE-2016-5387)

* An integer overflow flaw, leading to a buffer overflow, was found in
the way the EVP_EncodeUpdate() function of OpenSSL parsed very large
amounts of input data. A remote attacker could use this flaw to crash
an application using OpenSSL or, possibly, execute arbitrary code with
the permissions of the user running that application. (CVE-2016-2105)

* An integer overflow flaw, leading to a buffer overflow, was found in
the way the EVP_EncryptUpdate() function of OpenSSL parsed very large
amounts of input data. A remote attacker could use this flaw to crash
an application using OpenSSL or, possibly, execute arbitrary code with
the permissions of the user running that application. (CVE-2016-2106)

* It was discovered that it is possible to remotely Segfault Apache
http server with a specially crafted string sent to the mod_cluster
via service messages (MCMP). (CVE-2016-3110)

Red Hat would like to thank Scott Geary (VendHQ) for reporting
CVE-2016-5387
the OpenSSL project for reporting CVE-2016-2105 and
CVE-2016-2106
and Michal Karm Babacek for reporting CVE-2016-3110.
Upstream acknowledges Guido Vranken as the original reporter of
CVE-2016-2105 and CVE-2016-2106.

See also :

http://rhn.redhat.com/errata/RHSA-2016-1648.html
https://www.redhat.com/security/data/cve/CVE-2016-2105.html
https://www.redhat.com/security/data/cve/CVE-2016-2106.html
https://www.redhat.com/security/data/cve/CVE-2016-3110.html
https://www.redhat.com/security/data/cve/CVE-2016-5387.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.1
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 4.2
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Debian DSA-3654-1 : quagga - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

Two vulnerabilities were discovered in quagga, a BGP/OSPF/RIP routing
daemon.

- CVE-2016-4036
Tamas Nemeth discovered that sensitive configuration
files in /etc/quagga were world-readable despite
containing sensitive information.

- CVE-2016-4049
Evgeny Uskov discovered that a bgpd instance handling
many peers could be crashed by a malicious user when
requesting a route dump.

See also :

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=822787
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835223
https://security-tracker.debian.org/tracker/CVE-2016-4036
https://security-tracker.debian.org/tracker/CVE-2016-4049
https://packages.debian.org/source/jessie/quagga
http://www.debian.org/security/2016/dsa-3654

Solution :

Upgrade the quagga packages.

For the stable distribution (jessie), these problems have been fixed
in version 0.99.23.1-1+deb8u2.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Debian DSA-3653-1 : flex - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

Alexander Sulfrian discovered a buffer overflow in the
yy_get_next_buffer() function generated by Flex, which may result in
denial of service and potentially the execution of code if operating
on data from untrusted sources.

Affected applications need to be rebuild. bogofilter will be rebuild
against the updated flex in a followup update. Further affected
applications should be reported at the bug referenced above.

See also :

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832768
https://packages.debian.org/source/jessie/flex
http://www.debian.org/security/2016/dsa-3653

Solution :

Upgrade the flex packages.

For the stable distribution (jessie), this problem has been fixed in
version 2.5.39-8+deb8u1.

Risk factor :

High

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Debian DSA-3652-1 : imagemagick - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

This updates fixes many vulnerabilities in imagemagick: Various memory
handling problems and cases of missing or incomplete input sanitising
may result in denial of service or the execution of arbitrary code if
malformed TIFF, WPG, RLE, RAW, PSD, Sun, PICT, VIFF, HDR, Meta,
Quantum, PDB, DDS, DCM, EXIF, RGF or BMP files are processed.

See also :

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832885
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832887
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832888
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832968
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=833003
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832474
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832475
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832464
https://packages.debian.org/source/jessie/imagemagick
http://www.debian.org/security/2016/dsa-3652

Solution :

Upgrade the imagemagick packages.

For the stable distribution (jessie), these problems have been fixed
in version 8:6.8.9.9-5+deb8u4.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Debian DSA-3651-1 : rails - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

Andrew Carpenter of Critical Juncture discovered a cross-site
scripting vulnerability affecting Action View in rails, a web
application framework written in Ruby. Text declared as 'HTML safe'
will not have quotes escaped when used as attribute values in tag
helpers.

See also :

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834155
https://packages.debian.org/source/jessie/rails
http://www.debian.org/security/2016/dsa-3651

Solution :

Upgrade the rails packages.

For the stable distribution (jessie), this problem has been fixed in
version 2:4.1.8-1+deb8u4.

Risk factor :

High

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Cisco ASA SNMP Packet Handling RCE (CSCva92151) (EXTRABACON)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

According to its banner and configuration, the version of the remote
Cisco Adaptive Security Appliance (ASA) device is affected by a remote
code execution vulnerability, known as EXTRABACON, in the Simple
Network Management Protocol (SNMP) code due to a buffer overflow
condition. An authenticated, remote attacker can exploit this, via
specially crafted IPv4 SNMP packets, to cause a denial of service
condition or the execution of arbitrary code. Note that an attacker
must know the SNMP community string in order to exploit the
vulnerability.

EXTRABACON is one of multiple Equation Group vulnerabilities and
exploits disclosed on 2016/08/14 by a group known as the Shadow
Brokers.

See also :

http://www.nessus.org/u?58b0c291
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCva92151
https://blogs.cisco.com/security/shadow-brokers
http://www.nessus.org/u?4c7e0cf3

Solution :

Upgrade to the relevant fixed version referenced in Cisco bug ID
CSCva92151. Alternatively, as a workaround, change the SNMP community
string, and only allow trusted users to have SNMP access.

Additionally, administrators can monitor affected systems using the
'snmp-server' host command.

Risk factor :

High / CVSS Base Score : 8.5
(CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

OpenSSL < 1.1.0 Default Weak 64-bit Block Cipher (SWEET32)


Synopsis:

The service running on the remote host uses a weak encryption block
cipher by default.

Description:

According to its banner, the version of OpenSSL running on the remote
host is prior to 1.1.0. It is, therefore, affected by a vulnerability,
known as SWEET32, in the 3DES and Blowfish algorithms due to the use
of weak 64-bit block ciphers by default. A man-in-the-middle attacker
who has sufficient resources can exploit this vulnerability, via a
'birthday' attack, to detect a collision that leaks the XOR between
the fixed secret and a known plaintext, allowing the disclosure of the
secret text, such as secure HTTPS cookies, and possibly resulting in
the hijacking of an authenticated session.

See also :

https://www.openssl.org/blog/blog/2016/08/24/sweet32/
https://sweet32.info/

Solution :

Upgrade to OpenSSL version 1.1.0 or later, and ensure all 64-bit block
ciphers are disabled. Note that upgrading to OpenSSL 1.1.0 does not
completely mitigate this vulnerability
it simply disables the
vulnerable 64-bit block ciphers by default.

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

WordPress < 4.6 Multiple Vulnerabilities


Synopsis:

A PHP application running on the remote web server is affected by
multiple vulnerabilities.

Description:

According to its self-reported version number, the WordPress
application running on the remote web server is prior to 4.6. It is,
therefore, affected by multiple vulnerabilities :

- A path traversal vulnerability exists in the WordPress
Admin API in the wp_ajax_update_plugin() function in
ajax-actions.php due to improper sanitization of
user-supplied input. An authenticated, remote attacker
can exploit this, via a specially crafted request, to
cause a denial of service condition. (CVE-2016-6896)

- A cross-site request forgery vulnerability (XSRF) exists
in the admin-ajax.php script due to a failure to require
multiple steps, explicit confirmation, or a unique token
when performing certain sensitive actions. An
unauthenticated, remote attacker can exploit this, by
convincing a user to follow a specially crafted link, to
perform arbitrary AJAX updates. (CVE-2016-6897)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

https://wordpress.org/news/2016/08/pepper/
http://seclists.org/fulldisclosure/2016/Aug/98

Solution :

Upgrade to WordPress version 4.6 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Splunk Enterprise < 5.0.16 / 6.0.12 / 6.1.11 / 6.2.10 / 6.3.6 / 6.4.3 or Splunk Light < 6.4.3 Cross-Site Redirection


Synopsis:

An application running on the remote web server is affected by
multiple vulnerabilities.

Description:

According to its self-reported version number, the version of Splunk
Enterprise hosted on the remote web server is 5.0.x prior to 5.0.16,
6.0.x prior to 6.0.12, 6.1.x prior to 6.1.11, 6.2.x prior to 6.2.10,
6.3.x prior to 6.3.6, or 6.4.x prior to 6.4.3
or else it is Splunk
Light version 6.4.x prior to 6.4.3. It is, therefore, affected by a
cross-site redirection vulnerability due to improper validation of
unspecified input before returning it to the user. An unauthenticated,
remote attacker can exploit this, by convincing a user to follow a
specially crafted URL, to redirect the user to an arbitrary website of
the attacker's choosing.

See also :

http://www.splunk.com/view/SP-CAAAPQ6

Solution :

Upgrade Splunk Enterprise to version 5.0.16 / 6.0.12 / 6.1.11 /
6.2.10 / 6.3.6 / 6.4.3 or later, or Splunk Light to version 6.4.3 or
later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Cisco UCS Central Software Web UI Detection


Synopsis:

The web user interface for Cisco Unified Computing System (UCS)
Central Software was detected on the remote host.

Description:

The web user interface for Cisco Unified Computing System (UCS)
Central Software, an infrastructure management system, was detected on
the remote host.

Solution :

n/a

Risk factor :

None

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Cisco UCS Central Software < 1.3(1c) HTTP Request Handling RCE


Synopsis:

An infrastructure management application running on the remote host is
affected by a remote command execution vulnerability.

Description:

The version of Cisco Unified Computing System (UCS) Central Software
running on the remote host is prior to 1.3(1c). It is, therefore,
affected by a flaw in its web framework due to improper validation of
user-supplied input. An unauthenticated, remote attacker can exploit
this, via a specially crafted HTTP request, to execute arbitrary
commands on the underlying operating system.

See also :

http://www.nessus.org/u?2b1eabfa
https://tools.cisco.com/bugsearch/bug/CSCuv33856
http://seclists.org/bugtraq/2016/Apr/77

Solution :

Upgrade to Cisco UCS Central Software version 1.3(1c) or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS : libidn vulnerabilities (USN-3068-1)


Synopsis:

The remote Ubuntu host is missing a security-related patch.

Description:

Thijs Alkemade, Gustavo Grieco, Daniel Stenberg, and Nikos
Mavrogiannopoulos discovered that Libidn incorrectly handled invalid
UTF-8 characters. A remote attacker could use this issue to cause
Libidn to crash, resulting in a denial of service, or possibly
disclose sensitive memory. This issue only applied to Ubuntu 12.04 LTS
and Ubuntu 14.04 LTS. (CVE-2015-2059)

Hanno Bock discovered that Libidn incorrectly handled certain input.
A remote attacker could possibly use this issue to cause Libidn to
crash, resulting in a denial of service. (CVE-2015-8948,
CVE-2016-6262, CVE-2016-6261, CVE-2016-6263).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected libidn11 package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Ubuntu 14.04 LTS / 16.04 LTS : harfbuzz vulnerabilities (USN-3067-1)


Synopsis:

The remote Ubuntu host is missing a security-related patch.

Description:

Kostya Serebryany discovered that HarfBuzz incorrectly handled memory.
A remote attacker could use this issue to cause HarfBuzz to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2015-8947)

It was discovered that HarfBuzz incorrectly handled certain length
checks. A remote attacker could use this issue to cause HarfBuzz to
crash, resulting in a denial of service, or possibly execute arbitrary
code. This issue only applied to Ubuntu 16.04 LTS. (CVE-2016-2052).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected libharfbuzz0b package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

openSUSE Security Update : ImageMagick (openSUSE-2016-1016)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This update for ImageMagick fixes the following issues :

- security update :

- CVE-2016-6520: buffer overflow [bsc#991872]

- CVE-2016-5010: Out-of-bounds read in CopyMagickMemory
[bsc#991444]

- CVE-2016-6491: Out-of-bounds read when processing
crafted tiff files [bsc#991445]

This update was imported from the SUSE:SLE-12:Update update project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=991444
https://bugzilla.opensuse.org/show_bug.cgi?id=991445
https://bugzilla.opensuse.org/show_bug.cgi?id=991872

Solution :

Update the affected ImageMagick packages.

Risk factor :

Medium

This script is Copyright (C) 2016 Tenable Network Security, Inc.

openSUSE Security Update : the Linux Kernel (openSUSE-2016-1015)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

The openSUSE 13.2 kernel was updated to fix various bugs and security
issues.

The following security bugs were fixed :

- CVE-2016-1583: Prevent the usage of mmap when the lower
file system does not allow it. This could have lead to
local privilege escalation when ecryptfs-utils was
installed and /sbin/mount.ecryptfs_private was setuid
(bsc#983143).

- CVE-2016-4913: The get_rock_ridge_filename function in
fs/isofs/rock.c in the Linux kernel mishandles NM (aka
alternate name) entries containing \0 characters, which
allowed local users to obtain sensitive information from
kernel memory or possibly have unspecified other impact
via a crafted isofs filesystem (bnc#980725).

- CVE-2016-4580: The x25_negotiate_facilities function in
net/x25/x25_facilities.c in the Linux kernel did not
properly initialize a certain data structure, which
allowed attackers to obtain sensitive information from
kernel stack memory via an X.25 Call Request
(bnc#981267).

- CVE-2016-0758: Tags with indefinite length could have
corrupted pointers in asn1_find_indefinite_length
(bsc#979867).

- CVE-2016-2053: The asn1_ber_decoder function in
lib/asn1_decoder.c in the Linux kernel allowed attackers
to cause a denial of service (panic) via an ASN.1 BER
file that lacks a public key, leading to mishandling by
the public_key_verify_signature function in
crypto/asymmetric_keys/public_key.c (bnc#963762).

- CVE-2016-2187: The gtco_probe function in
drivers/input/tablet/gtco.c in the Linux kernel allowed
physically proximate attackers to cause a denial of
service (NULL pointer dereference and system crash) via
a crafted endpoints value in a USB device descriptor
(bnc#971919 971944).

- CVE-2016-4482: The proc_connectinfo function in
drivers/usb/core/devio.c in the Linux kernel did not
initialize a certain data structure, which allowed local
users to obtain sensitive information from kernel stack
memory via a crafted USBDEVFS_CONNECTINFO ioctl call
(bnc#978401 bsc#978445).

- CVE-2016-4565: The InfiniBand (aka IB) stack in the
Linux kernel incorrectly relies on the write system
call, which allowed local users to cause a denial of
service (kernel memory write operation) or possibly have
unspecified other impact via a uAPI interface
(bnc#979548 bsc#980363).

- CVE-2016-3672: The arch_pick_mmap_layout function in
arch/x86/mm/mmap.c in the Linux kernel did not properly
randomize the legacy base address, which made it easier
for local users to defeat the intended restrictions on
the ADDR_NO_RANDOMIZE flag, and bypass the ASLR
protection mechanism for a setuid or setgid program, by
disabling stack-consumption resource limits
(bnc#974308).

- CVE-2016-4581: fs/pnode.c in the Linux kernel did not
properly traverse a mount propagation tree in a certain
case involving a slave mount, which allowed local users
to cause a denial of service (NULL pointer dereference
and OOPS) via a crafted series of mount system calls
(bnc#979913).

- CVE-2016-4485: The llc_cmsg_rcv function in
net/llc/af_llc.c in the Linux kernel did not initialize
a certain data structure, which allowed attackers to
obtain sensitive information from kernel stack memory by
reading a message (bnc#978821).

- CVE-2015-3288: A security flaw was found in the Linux
kernel that there was a way to arbitrary change zero
page memory. (bnc#979021).

- CVE-2016-4578: sound/core/timer.c in the Linux kernel
did not initialize certain r1 data structures, which
allowed local users to obtain sensitive information from
kernel stack memory via crafted use of the ALSA timer
interface, related to the (1) snd_timer_user_ccallback
and (2) snd_timer_user_tinterrupt functions
(bnc#979879).

- CVE-2016-3134: The netfilter subsystem in the Linux
kernel did not validate certain offset fields, which
allowed local users to gain privileges or cause a denial
of service (heap memory corruption) via an
IPT_SO_SET_REPLACE setsockopt call (bnc#971126).

- CVE-2016-4486: The rtnl_fill_link_ifmap function in
net/core/rtnetlink.c in the Linux kernel did not
initialize a certain data structure, which allowed local
users to obtain sensitive information from kernel stack
memory by reading a Netlink message (bnc#978822).

- CVE-2013-7446: Use-after-free vulnerability in
net/unix/af_unix.c in the Linux kernel allowed local
users to bypass intended AF_UNIX socket permissions or
cause a denial of service (panic) via crafted epoll_ctl
calls (bnc#955654).

- CVE-2016-4569: The snd_timer_user_params function in
sound/core/timer.c in the Linux kernel did not
initialize a certain data structure, which allowed local
users to obtain sensitive information from kernel stack
memory via crafted use of the ALSA timer interface
(bnc#979213).

- CVE-2016-2847: fs/pipe.c in the Linux kernel did not
limit the amount of unread data in pipes, which allowed
local users to cause a denial of service (memory
consumption) by creating many pipes with non-default
sizes (bnc#970948 974646).

- CVE-2016-3136: The mct_u232_msr_to_state function in
drivers/usb/serial/mct_u232.c in the Linux kernel
allowed physically proximate attackers to cause a denial
of service (NULL pointer dereference and system crash)
via a crafted USB device without two interrupt-in
endpoint descriptors (bnc#970955).

- CVE-2016-2188: The iowarrior_probe function in
drivers/usb/misc/iowarrior.c in the Linux kernel allowed
physically proximate attackers to cause a denial of
service (NULL pointer dereference and system crash) via
a crafted endpoints value in a USB device descriptor
(bnc#970956).

- CVE-2016-3138: The acm_probe function in
drivers/usb/class/cdc-acm.c in the Linux kernel allowed
physically proximate attackers to cause a denial of
service (NULL pointer dereference and system crash) via
a USB device without both a control and a data endpoint
descriptor (bnc#970911).

- CVE-2016-3137: drivers/usb/serial/cypress_m8.c in the
Linux kernel allowed physically proximate attackers to
cause a denial of service (NULL pointer dereference and
system crash) via a USB device without both an
interrupt-in and an interrupt-out endpoint descriptor,
related to the cypress_generic_port_probe and
cypress_open functions (bnc#970970).

- CVE-2016-3951: Double free vulnerability in
drivers/net/usb/cdc_ncm.c in the Linux kernel allowed
physically proximate attackers to cause a denial of
service (system crash) or possibly have unspecified
other impact by inserting a USB device with an invalid
USB descriptor (bnc#974418).

- CVE-2016-3140: The digi_port_init function in
drivers/usb/serial/digi_acceleport.c in the Linux kernel
allowed physically proximate attackers to cause a denial
of service (NULL pointer dereference and system crash)
via a crafted endpoints value in a USB device descriptor
(bnc#970892).

- CVE-2016-2186: The powermate_probe function in
drivers/input/misc/powermate.c in the Linux kernel
allowed physically proximate attackers to cause a denial
of service (NULL pointer dereference and system crash)
via a crafted endpoints value in a USB device descriptor
(bnc#970958).

- CVE-2016-2185: The ati_remote2_probe function in
drivers/input/misc/ati_remote2.c in the Linux kernel
allowed physically proximate attackers to cause a denial
of service (NULL pointer dereference and system crash)
via a crafted endpoints value in a USB device descriptor
(bnc#971124).

- CVE-2016-3689: The ims_pcu_parse_cdc_data function in
drivers/input/misc/ims-pcu.c in the Linux kernel allowed
physically proximate attackers to cause a denial of
service (system crash) via a USB device without both a
master and a slave interface (bnc#971628).

- CVE-2016-3156: The IPv4 implementation in the Linux
kernel mishandles destruction of device objects, which
allowed guest OS users to cause a denial of service
(host OS networking outage) by arranging for a large
number of IP addresses (bnc#971360).

- CVE-2016-2184: The create_fixed_stream_quirk function in
sound/usb/quirks.c in the snd-usb-audio driver in the
Linux kernel allowed physically proximate attackers to
cause a denial of service (NULL pointer dereference or
double free, and system crash) via a crafted endpoints
value in a USB device descriptor (bnc#971125).

- CVE-2016-3139: The wacom_probe function in
drivers/input/tablet/wacom_sys.c in the Linux kernel
allowed physically proximate attackers to cause a denial
of service (NULL pointer dereference and system crash)
via a crafted endpoints value in a USB device descriptor
(bnc#970909).

- CVE-2015-8830: Integer overflow in the
aio_setup_single_vector function in fs/aio.c in the
Linux kernel 4.0 allowed local users to cause a denial
of service or possibly have unspecified other impact via
a large AIO iovec. NOTE: this vulnerability exists
because of a CVE-2012-6701 regression (bnc#969354
bsc#969355).

- CVE-2016-2782: The treo_attach function in
drivers/usb/serial/visor.c in the Linux kernel allowed
physically proximate attackers to cause a denial of
service (NULL pointer dereference and system crash) or
possibly have unspecified other impact by inserting a
USB device that lacks a (1) bulk-in or (2) interrupt-in
endpoint (bnc#968670).

- CVE-2015-8816: The hub_activate function in
drivers/usb/core/hub.c in the Linux kernel did not
properly maintain a hub-interface data structure, which
allowed physically proximate attackers to cause a denial
of service (invalid memory access and system crash) or
possibly have unspecified other impact by unplugging a
USB hub device (bnc#968010).

- CVE-2015-7566: The clie_5_attach function in
drivers/usb/serial/visor.c in the Linux kernel allowed
physically proximate attackers to cause a denial of
service (NULL pointer dereference and system crash) or
possibly have unspecified other impact by inserting a
USB device that lacks a bulk-out endpoint (bnc#961512).

- CVE-2016-2549: sound/core/hrtimer.c in the Linux kernel
did not prevent recursive callback access, which allowed
local users to cause a denial of service (deadlock) via
a crafted ioctl call (bnc#968013).

- CVE-2016-2547: sound/core/timer.c in the Linux kernel
employs a locking approach that did not consider slave
timer instances, which allowed local users to cause a
denial of service (race condition, use-after-free, and
system crash) via a crafted ioctl call (bnc#968011).

- CVE-2016-2548: sound/core/timer.c in the Linux kernel
retains certain linked lists after a close or stop
action, which allowed local users to cause a denial of
service (system crash) via a crafted ioctl call, related
to the (1) snd_timer_close and (2) _snd_timer_stop
functions (bnc#968012).

- CVE-2016-2546: sound/core/timer.c in the Linux kernel
uses an incorrect type of mutex, which allowed local
users to cause a denial of service (race condition,
use-after-free, and system crash) via a crafted ioctl
call (bnc#967975).

- CVE-2016-2545: The snd_timer_interrupt function in
sound/core/timer.c in the Linux kernel did not properly
maintain a certain linked list, which allowed local
users to cause a denial of service (race condition and
system crash) via a crafted ioctl call (bnc#967974).

- CVE-2016-2544: Race condition in the queue_delete
function in sound/core/seq/seq_queue.c in the Linux
kernel allowed local users to cause a denial of service
(use-after-free and system crash) by making an ioctl
call at a certain time (bnc#967973).

- CVE-2016-2543: The snd_seq_ioctl_remove_events function
in sound/core/seq/seq_clientmgr.c in the Linux kernel
did not verify FIFO assignment before proceeding with
FIFO clearing, which allowed local users to cause a
denial of service (NULL pointer dereference and OOPS)
via a crafted ioctl call (bnc#967972).

- CVE-2015-8709: ** DISPUTED ** kernel/ptrace.c in the
Linux kernel mishandles uid and gid mappings, which
allowed local users to gain privileges by establishing a
user namespace, waiting for a root process to enter that
namespace with an unsafe uid or gid, and then using the
ptrace system call. NOTE: the vendor states 'there is no
kernel bug here (bnc#959709 960561 ).

- CVE-2015-8812: drivers/infiniband/hw/cxgb3/iwch_cm.c in
the Linux kernel did not properly identify error
conditions, which allowed remote attackers to execute
arbitrary code or cause a denial of service
(use-after-free) via crafted packets (bnc#966437).

- CVE-2016-2384: Double free vulnerability in the
snd_usbmidi_create function in sound/usb/midi.c in the
Linux kernel allowed physically proximate attackers to
cause a denial of service (panic) or possibly have
unspecified other impact via vectors involving an
invalid USB descriptor (bnc#966693).

- CVE-2015-8785: The fuse_fill_write_pages function in
fs/fuse/file.c in the Linux kernel allowed local users
to cause a denial of service (infinite loop) via a
writev system call that triggers a zero length for the
first segment of an iov (bnc#963765).

- CVE-2014-9904: The snd_compress_check_input function in
sound/core/compress_offload.c in the ALSA subsystem in
the Linux kernel did not properly check for an integer
overflow, which allowed local users to cause a denial of
service (insufficient memory allocation) or possibly
have unspecified other impact via a crafted
SNDRV_COMPRESS_SET_PARAMS ioctl call (bnc#986811).

- CVE-2016-5829: Multiple heap-based buffer overflows in
the hiddev_ioctl_usage function in
drivers/hid/usbhid/hiddev.c in the Linux kernel allow
local users to cause a denial of service or possibly
have unspecified other impact via a crafted (1)
HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call
(bnc#986572 986573).

- CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt
implementation in the netfilter subsystem in the Linux
kernel allowed local users to gain privileges or cause a
denial of service (memory corruption) by leveraging
in-container root access to provide a crafted offset
value that triggers an unintended decrement (bnc#986362
986365 986377).

- CVE-2016-4805: Use-after-free vulnerability in
drivers/net/ppp/ppp_generic.c in the Linux kernel
allowed local users to cause a denial of service (memory
corruption and system crash, or spinlock) or possibly
have unspecified other impact by removing a network
namespace, related to the ppp_register_net_channel and
ppp_unregister_channel functions (bnc#980371).

- CVE-2016-4470: The key_reject_and_link function in
security/keys/key.c in the Linux kernel did not ensure
that a certain data structure is initialized, which
allowed local users to cause a denial of service (system
crash) via vectors involving a crafted keyctl request2
command (bnc#984755 984764).

- CVE-2015-6526: The perf_callchain_user_64 function in
arch/powerpc/perf/callchain.c in the Linux kernel on
ppc64 platforms allowed local users to cause a denial of
service (infinite loop) via a deep 64-bit userspace
backtrace (bnc#942702).

- CVE-2016-5244: The rds_inc_info_copy function in
net/rds/recv.c in the Linux kernel did not initialize a
certain structure member, which allowed remote attackers
to obtain sensitive information from kernel stack memory
by reading an RDS message (bnc#983213).

The following non-security bugs were fixed :

- ALSA: hrtimer: Handle start/stop more properly
(bsc#973378).

- ALSA: pcm: Fix potential deadlock in OSS emulation
(bsc#968018).

- ALSA: rawmidi: Fix race at copying & updating the
position (bsc#968018).

- ALSA: rawmidi: Make snd_rawmidi_transmit() race-free
(bsc#968018).

- ALSA: seq: Fix double port list deletion (bsc#968018).

- ALSA: seq: Fix incorrect sanity check at
snd_seq_oss_synth_cleanup() (bsc#968018).

- ALSA: seq: Fix leak of pool buffer at concurrent writes
(bsc#968018).

- ALSA: seq: Fix lockdep warnings due to double mutex
locks (bsc#968018).

- ALSA: seq: Fix race at closing in virmidi driver
(bsc#968018).

- ALSA: seq: Fix yet another races among ALSA timer
accesses (bsc#968018).

- ALSA: timer: Call notifier in the same spinlock
(bsc#973378).

- ALSA: timer: Code cleanup (bsc#968018).

- ALSA: timer: Fix leftover link at closing (bsc#968018).

- ALSA: timer: Fix link corruption due to double start or
stop (bsc#968018).

- ALSA: timer: Fix race between stop and interrupt
(bsc#968018).

- ALSA: timer: Fix wrong instance passed to slave
callbacks (bsc#968018).

- ALSA: timer: Protect the whole snd_timer_close() with
open race (bsc#973378).

- ALSA: timer: Sync timer deletion at closing the system
timer (bsc#973378).

- ALSA: timer: Use mod_timer() for rearming the system
timer (bsc#973378).

- Bluetooth: vhci: Fix race at creating hci device
(bsc#971799,bsc#966849).

- Bluetooth: vhci: fix open_timeout vs. hdev race
(bsc#971799,bsc#966849).

- Bluetooth: vhci: purge unhandled skbs
(bsc#971799,bsc#966849).

- Btrfs: do not use src fd for printk (bsc#980348).

- Refresh
patches.drivers/ALSA-hrtimer-Handle-start-stop-more-prop
erly. Fix the build error on 32bit architectures.

- Refresh patches.xen/xen-netback-coalesce: Restore
copying of SKBs with head exceeding page size
(bsc#978469).

- Refresh patches.xen/xen3-patch-3.14: Suppress atomic
file position updates on /proc/xen/xenbus (bsc#970275).

- Subject: [PATCH] USB: xhci: Add broken streams quirk for
Frescologic device id 1009 (bnc#982706).

- USB: usbip: fix potential out-of-bounds write
(bnc#975945).

- af_unix: Guard against other == sk in unix_dgram_sendmsg
(bsc#973570).

- backends: guarantee one time reads of shared ring
contents (bsc#957988).

- btrfs: do not go readonly on existing qgroup items
(bsc#957052).

- btrfs: remove error message from search ioctl for
nonexistent tree.

- drm/i915: Fix missing backlight update during panel
disablement (bsc#941113 boo#901754).

- enic: set netdev->vlan_features (bsc#966245).

- ext4: fix races between buffered IO and collapse /
insert range (bsc#972174).

- ext4: fix races between page faults and hole punching
(bsc#972174).

- ext4: fix races of writeback with punch hole and zero
range (bsc#972174).

- ext4: move unlocked dio protection from
ext4_alloc_file_blocks() (bsc#972174).

- ipv4/fib: do not warn when primary address is missing if
in_dev is dead (bsc#971360).

- ipvs: count pre-established TCP states as active
(bsc#970114).

- net: core: Correct an over-stringent device loop
detection (bsc#945219).

- netback: do not use last request to determine minimum Tx
credit (bsc#957988).

- pciback: Check PF instead of VF for PCI_COMMAND_MEMORY.

- pciback: Save the number of MSI-X entries to be copied
later.

- pciback: guarantee one time reads of shared ring
contents (bsc#957988).

- series.conf: move cxgb3 patch to network drivers section

- usb: quirk to stop runtime PM for Intel 7260
(bnc#984464).

- x86: standardize mmap_rnd() usage (bnc#974308).

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=901754
https://bugzilla.opensuse.org/show_bug.cgi?id=941113
https://bugzilla.opensuse.org/show_bug.cgi?id=942702
https://bugzilla.opensuse.org/show_bug.cgi?id=945219
https://bugzilla.opensuse.org/show_bug.cgi?id=955654
https://bugzilla.opensuse.org/show_bug.cgi?id=957052
https://bugzilla.opensuse.org/show_bug.cgi?id=957988
https://bugzilla.opensuse.org/show_bug.cgi?id=959709
https://bugzilla.opensuse.org/show_bug.cgi?id=960561
https://bugzilla.opensuse.org/show_bug.cgi?id=961512
https://bugzilla.opensuse.org/show_bug.cgi?id=963762
https://bugzilla.opensuse.org/show_bug.cgi?id=963765
https://bugzilla.opensuse.org/show_bug.cgi?id=966245
https://bugzilla.opensuse.org/show_bug.cgi?id=966437
https://bugzilla.opensuse.org/show_bug.cgi?id=966693
https://bugzilla.opensuse.org/show_bug.cgi?id=966849
https://bugzilla.opensuse.org/show_bug.cgi?id=967972
https://bugzilla.opensuse.org/show_bug.cgi?id=967973
https://bugzilla.opensuse.org/show_bug.cgi?id=967974
https://bugzilla.opensuse.org/show_bug.cgi?id=967975
https://bugzilla.opensuse.org/show_bug.cgi?id=968010
https://bugzilla.opensuse.org/show_bug.cgi?id=968011
https://bugzilla.opensuse.org/show_bug.cgi?id=968012
https://bugzilla.opensuse.org/show_bug.cgi?id=968013
https://bugzilla.opensuse.org/show_bug.cgi?id=968018
https://bugzilla.opensuse.org/show_bug.cgi?id=968670
https://bugzilla.opensuse.org/show_bug.cgi?id=969354
https://bugzilla.opensuse.org/show_bug.cgi?id=969355
https://bugzilla.opensuse.org/show_bug.cgi?id=970114
https://bugzilla.opensuse.org/show_bug.cgi?id=970275
https://bugzilla.opensuse.org/show_bug.cgi?id=970892
https://bugzilla.opensuse.org/show_bug.cgi?id=970909
https://bugzilla.opensuse.org/show_bug.cgi?id=970911
https://bugzilla.opensuse.org/show_bug.cgi?id=970948
https://bugzilla.opensuse.org/show_bug.cgi?id=970955
https://bugzilla.opensuse.org/show_bug.cgi?id=970956
https://bugzilla.opensuse.org/show_bug.cgi?id=970958
https://bugzilla.opensuse.org/show_bug.cgi?id=970970
https://bugzilla.opensuse.org/show_bug.cgi?id=971124
https://bugzilla.opensuse.org/show_bug.cgi?id=971125
https://bugzilla.opensuse.org/show_bug.cgi?id=971126
https://bugzilla.opensuse.org/show_bug.cgi?id=971360
https://bugzilla.opensuse.org/show_bug.cgi?id=971628
https://bugzilla.opensuse.org/show_bug.cgi?id=971799
https://bugzilla.opensuse.org/show_bug.cgi?id=971919
https://bugzilla.opensuse.org/show_bug.cgi?id=971944
https://bugzilla.opensuse.org/show_bug.cgi?id=972174
https://bugzilla.opensuse.org/show_bug.cgi?id=973378
https://bugzilla.opensuse.org/show_bug.cgi?id=973570
https://bugzilla.opensuse.org/show_bug.cgi?id=974308
https://bugzilla.opensuse.org/show_bug.cgi?id=974418
https://bugzilla.opensuse.org/show_bug.cgi?id=974646
https://bugzilla.opensuse.org/show_bug.cgi?id=975945
https://bugzilla.opensuse.org/show_bug.cgi?id=978401
https://bugzilla.opensuse.org/show_bug.cgi?id=978445
https://bugzilla.opensuse.org/show_bug.cgi?id=978469
https://bugzilla.opensuse.org/show_bug.cgi?id=978821
https://bugzilla.opensuse.org/show_bug.cgi?id=978822
https://bugzilla.opensuse.org/show_bug.cgi?id=979021
https://bugzilla.opensuse.org/show_bug.cgi?id=979213
https://bugzilla.opensuse.org/show_bug.cgi?id=979548
https://bugzilla.opensuse.org/show_bug.cgi?id=979867
https://bugzilla.opensuse.org/show_bug.cgi?id=979879
https://bugzilla.opensuse.org/show_bug.cgi?id=979913
https://bugzilla.opensuse.org/show_bug.cgi?id=980348
https://bugzilla.opensuse.org/show_bug.cgi?id=980363
https://bugzilla.opensuse.org/show_bug.cgi?id=980371
https://bugzilla.opensuse.org/show_bug.cgi?id=980725
https://bugzilla.opensuse.org/show_bug.cgi?id=981267
https://bugzilla.opensuse.org/show_bug.cgi?id=982706
https://bugzilla.opensuse.org/show_bug.cgi?id=983143
https://bugzilla.opensuse.org/show_bug.cgi?id=983213
https://bugzilla.opensuse.org/show_bug.cgi?id=984464
https://bugzilla.opensuse.org/show_bug.cgi?id=984755
https://bugzilla.opensuse.org/show_bug.cgi?id=984764
https://bugzilla.opensuse.org/show_bug.cgi?id=986362
https://bugzilla.opensuse.org/show_bug.cgi?id=986365
https://bugzilla.opensuse.org/show_bug.cgi?id=986377
https://bugzilla.opensuse.org/show_bug.cgi?id=986572
https://bugzilla.opensuse.org/show_bug.cgi?id=986573
https://bugzilla.opensuse.org/show_bug.cgi?id=986811

Solution :

Update the affected the Linux Kernel packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Fedora 24 : eog (2016-5abbc35b6a)


Synopsis:

The remote Fedora host is missing a security update.

Description:

eog 3.20.4 release, fixing CVE-2016-6855.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2016-5abbc35b6a

Solution :

Update the affected eog package.

Risk factor :

High

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Fedora 24 : mingw-lcms2 (2016-24c2453d6c)


Synopsis:

The remote Fedora host is missing a security update.

Description:

- update to 2.8

- fix for #1367359

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2016-24c2453d6c

Solution :

Update the affected mingw-lcms2 package.

Risk factor :

High

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Fedora 23 : eog (2016-0f8779baa6)


Synopsis:

The remote Fedora host is missing a security update.

Description:

eog 3.18.3 release, fixing CVE-2016-6855.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2016-0f8779baa6

Solution :

Update the affected eog package.

Risk factor :

High

This script is Copyright (C) 2016 Tenable Network Security, Inc.

F5 Networks BIG-IP : TMM vulnerability (SOL19784568)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

An unauthenticated remote attacker may be able to disrupt services on
the BIG-IP with maliciously crafted network traffic. This
vulnerability affects virtual servers associated with TCP profiles.
The management interface is not affected by this vulnerability.

See also :

http://support.f5.com/kb/en-us/solutions/public/k/19/sol19784568.html

Solution :

Upgrade to one of the non-vulnerable versions listed in the F5
Solution SOL19784568.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2016 Tenable Network Security, Inc.

CentOS 6 : kernel (CESA-2016:1664)


Synopsis:

The remote CentOS host is missing one or more security updates.

Description:

An update for kernel is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es) :

It was found that the RFC 5961 challenge ACK rate limiting as
implemented in the Linux kernel's networking subsystem allowed an
off-path attacker to leak certain information about a given connection
by creating congestion on the global challenge ACK rate limit counter
and then measuring the changes by probing packets. An off-path
attacker could use this flaw to either terminate TCP connection and/or
inject payload into non-secured TCP connection between two endpoints
on the network. (CVE-2016-5696, Important)

Red Hat would like to thank Yue Cao (Cyber Security Group of the CS
department of University of California in Riverside) for reporting
this issue.

Bug Fix(es) :

* When loading the Direct Rendering Manager (DRM) kernel module, the
kernel panicked if DRM was previously unloaded. The kernel panic was
caused by a memory leak of the ID Resolver (IDR2). With this update,
IDR2 is loaded during kernel boot, and the kernel panic no longer
occurs in the described scenario. (BZ#1353827)

* When more than one process attempted to use the 'configfs' directory
entry at the same time, a kernel panic in some cases occurred. With
this update, a race condition between a directory entry and a lookup
operation has been fixed. As a result, the kernel no longer panics in
the described scenario. (BZ#1353828)

* When shutting down the system by running the halt -p command, a
kernel panic occurred due to a conflict between the kernel offlining
CPUs and the sched command, which used the sched group and the sched
domain data without first checking the data. The underlying source
code has been fixed by adding a check to avoid the conflict. As a
result, the described scenario no longer results in a kernel panic.
(BZ#1343894)

* In some cases, running the ipmitool command caused a kernel panic
due to a race condition in the ipmi message handler. This update fixes
the race condition, and the kernel panic no longer occurs in the
described scenario. (BZ#1355980)

* Previously, multiple Very Secure FTP daemon (vsftpd) processes on a
directory with a large number of files led to a high contention rate
on each inode's spinlock, which caused excessive CPU usage. With this
update, a spinlock to protect a single memory-to-memory copy has been
removed from the ext4_getattr() function. As a result, system CPU
usage has been reduced and is no longer excessive in the described
situation. (BZ#1355981)

* When the gfs2_grow utility is used to extend Global File System 2
(GFS2), the next block allocation causes the GFS2 kernel module to
re-read its resource group index. If multiple processes in the GFS2
module raced to do the same thing, one process sometimes overwrote a
valid object pointer with an invalid pointer, which caused either a
kernel panic or a file system corruption. This update ensures that the
resource group object pointer is not overwritten. As a result, neither
kernel panic nor file system corruption occur in the described
scenario. (BZ#1347539)

* Previously, the SCSI Remote Protocol over InfiniBand (IB-SRP) was
disabled due to a bug in the srp_queue() function. As a consequence,
an attempt to enable the Remote Direct Memory Access (RDMA) at boot
caused the kernel to crash. With this update, srp_queue() has been
fixed, and the system now boots as expected when RDMA is enabled.
(BZ#1348062)

Enhancement(s) :

* This update optimizes the efficiency of the Transmission Control
Protocol (TCP) when the peer is using a window under 537 bytes in
size. As a result, devices that use maximum segment size (MSS) of 536
bytes or fewer will experience improved network performance.
(BZ#1354446)

See also :

http://www.nessus.org/u?cfa9dea7

Solution :

Update the affected kernel packages.

Risk factor :

High

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Fortinet FortiClient Unsupported Version Detection


Synopsis:

An endpoint protection application installed on the remote host is no
longer supported.

Description:

According to its self-reported version number, the installation of
Fortinet FortiClient on the remote host is no longer supported.

Lack of support implies that no new security patches for the product
will be released by the vendor. As a result, it is likely to contain
security vulnerabilities.

See also :

https://support.fortinet.com/Information/ProductLifeCycle.aspx

Solution :

Upgrade to a version of Fortinet FortiClient that is currently
supported.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

HP Intelligent Management Center Java Object Deserialization RCE


Synopsis:

A web application hosted on the remote web server is affected by a
remote code execution vulnerability.

Description:

The version of HP Intelligent Management Center (IMC) installed on the
remote Windows host is prior to 7.2. It is, therefore, affected by a
remote code execution vulnerability due to unsafe deserialize calls of
unauthenticated Java objects to the Apache Commons Collections (ACC)
library. An unauthenticated, remote attacker can exploit this, by
sending a crafted HTTP request, to execute arbitrary code on the
target host.

See also :

http://www.nessus.org/u?b3565148
http://www.nessus.org/u?9c6d83db

Solution :

Upgrade to HP IMC version 7.2 E0403P04 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Scientific Linux Security Update : kernel on SL6.x i386/x86_64


Synopsis:

The remote Scientific Linux host is missing one or more security
updates.

Description:

Security Fix(es) :

It was found that the RFC 5961 challenge ACK rate limiting as
implemented in the Linux kernel's networking subsystem allowed an
off-path attacker to leak certain information about a given connection
by creating congestion on the global challenge ACK rate limit counter
and then measuring the changes by probing packets. An off-path
attacker could use this flaw to either terminate TCP connection and/or
inject payload into non-secured TCP connection between two endpoints
on the network. (CVE-2016-5696, Important)

Bug Fix(es) :

- When loading the Direct Rendering Manager (DRM) kernel
module, the kernel panicked if DRM was previously
unloaded. The kernel panic was caused by a memory leak
of the ID Resolver (IDR2). With this update, IDR2 is
loaded during kernel boot, and the kernel panic no
longer occurs in the described scenario.

- When more than one process attempted to use the
'configfs' directory entry at the same time, a kernel
panic in some cases occurred. With this update, a race
condition between a directory entry and a lookup
operation has been fixed. As a result, the kernel no
longer panics in the described scenario.

- When shutting down the system by running the halt -p
command, a kernel panic occurred due to a conflict
between the kernel offlining CPUs and the sched command,
which used the sched group and the sched domain data
without first checking the data. The underlying source
code has been fixed by adding a check to avoid the
conflict. As a result, the described scenario no longer
results in a kernel panic.

- In some cases, running the ipmitool command caused a
kernel panic due to a race condition in the ipmi message
handler. This update fixes the race condition, and the
kernel panic no longer occurs in the described scenario.

- Previously, multiple Very Secure FTP daemon (vsftpd)
processes on a directory with a large number of files
led to a high contention rate on each inode's spinlock,
which caused excessive CPU usage. With this update, a
spinlock to protect a single memory-to-memory copy has
been removed from the ext4_getattr() function. As a
result, system CPU usage has been reduced and is no
longer excessive in the described situation.

- When the gfs2_grow utility is used to extend Global File
System 2 (GFS2), the next block allocation causes the
GFS2 kernel module to re-read its resource group index.
If multiple processes in the GFS2 module raced to do the
same thing, one process sometimes overwrote a valid
object pointer with an invalid pointer, which caused
either a kernel panic or a file system corruption. This
update ensures that the resource group object pointer is
not overwritten. As a result, neither kernel panic nor
file system corruption occur in the described scenario.

- Previously, the SCSI Remote Protocol over InfiniBand
(IB-SRP) was disabled due to a bug in the srp_queue()
function. As a consequence, an attempt to enable the
Remote Direct Memory Access (RDMA) at boot caused the
kernel to crash. With this update, srp_queue() has been
fixed, and the system now boots as expected when RDMA is
enabled.

Enhancement(s) :

- This update optimizes the efficiency of the Transmission
Control Protocol (TCP) when the peer is using a window
under 537 bytes in size. As a result, devices that use
maximum segment size (MSS) of 536 bytes or fewer will
experience improved network performance.

See also :

http://www.nessus.org/u?5c2a7b67

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

RHEL 6 : kernel (RHSA-2016:1664)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

An update for kernel is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es) :

It was found that the RFC 5961 challenge ACK rate limiting as
implemented in the Linux kernel's networking subsystem allowed an
off-path attacker to leak certain information about a given connection
by creating congestion on the global challenge ACK rate limit counter
and then measuring the changes by probing packets. An off-path
attacker could use this flaw to either terminate TCP connection and/or
inject payload into non-secured TCP connection between two endpoints
on the network. (CVE-2016-5696, Important)

Red Hat would like to thank Yue Cao (Cyber Security Group of the CS
department of University of California in Riverside) for reporting
this issue.

Bug Fix(es) :

* When loading the Direct Rendering Manager (DRM) kernel module, the
kernel panicked if DRM was previously unloaded. The kernel panic was
caused by a memory leak of the ID Resolver (IDR2). With this update,
IDR2 is loaded during kernel boot, and the kernel panic no longer
occurs in the described scenario. (BZ#1353827)

* When more than one process attempted to use the 'configfs' directory
entry at the same time, a kernel panic in some cases occurred. With
this update, a race condition between a directory entry and a lookup
operation has been fixed. As a result, the kernel no longer panics in
the described scenario. (BZ#1353828)

* When shutting down the system by running the halt -p command, a
kernel panic occurred due to a conflict between the kernel offlining
CPUs and the sched command, which used the sched group and the sched
domain data without first checking the data. The underlying source
code has been fixed by adding a check to avoid the conflict. As a
result, the described scenario no longer results in a kernel panic.
(BZ#1343894)

* In some cases, running the ipmitool command caused a kernel panic
due to a race condition in the ipmi message handler. This update fixes
the race condition, and the kernel panic no longer occurs in the
described scenario. (BZ#1355980)

* Previously, multiple Very Secure FTP daemon (vsftpd) processes on a
directory with a large number of files led to a high contention rate
on each inode's spinlock, which caused excessive CPU usage. With this
update, a spinlock to protect a single memory-to-memory copy has been
removed from the ext4_getattr() function. As a result, system CPU
usage has been reduced and is no longer excessive in the described
situation. (BZ#1355981)

* When the gfs2_grow utility is used to extend Global File System 2
(GFS2), the next block allocation causes the GFS2 kernel module to
re-read its resource group index. If multiple processes in the GFS2
module raced to do the same thing, one process sometimes overwrote a
valid object pointer with an invalid pointer, which caused either a
kernel panic or a file system corruption. This update ensures that the
resource group object pointer is not overwritten. As a result, neither
kernel panic nor file system corruption occur in the described
scenario. (BZ#1347539)

* Previously, the SCSI Remote Protocol over InfiniBand (IB-SRP) was
disabled due to a bug in the srp_queue() function. As a consequence,
an attempt to enable the Remote Direct Memory Access (RDMA) at boot
caused the kernel to crash. With this update, srp_queue() has been
fixed, and the system now boots as expected when RDMA is enabled.
(BZ#1348062)

Enhancement(s) :

* This update optimizes the efficiency of the Transmission Control
Protocol (TCP) when the peer is using a window under 537 bytes in
size. As a result, devices that use maximum segment size (MSS) of 536
bytes or fewer will experience improved network performance.
(BZ#1354446)

See also :

http://rhn.redhat.com/errata/RHSA-2016-1664.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2016 Tenable Network Security, Inc.

RHEL 7 : kernel (RHSA-2016:1657)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

An update for kernel is now available for Red Hat Enterprise Linux 7.1
Extended Update Support.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es) :

* A flaw was found in the Linux kernel's keyring handling code, where
in key_reject_and_link() an uninitialised variable would eventually
lead to arbitrary free address which could allow attacker to use a
use-after-free style attack. (CVE-2016-4470, Important)

* A flaw was found in the way certain interfaces of the Linux kernel's
Infiniband subsystem used write() as bi-directional ioctl()
replacement, which could lead to insufficient memory security checks
when being invoked using the splice() system call. A local
unprivileged user on a system with either Infiniband hardware present
or RDMA Userspace Connection Manager Access module explicitly loaded,
could use this flaw to escalate their privileges on the system.
(CVE-2016-4565, Important)

* A flaw was found in the implementation of the Linux kernel's
handling of networking challenge ack where an attacker is able to
determine the shared counter which could be used to determine sequence
numbers for TCP stream injection. (CVE-2016-5696, Important)

Red Hat would like to thank Jann Horn for reporting CVE-2016-4565 and
Yue Cao (Cyber Security Group of the CS department of University of
California in Riverside) for reporting CVE-2016-5696. The
CVE-2016-4470 issue was discovered by David Howells (Red Hat Inc.).

See also :

http://rhn.redhat.com/errata/RHSA-2016-1657.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.3
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Oracle Linux 6 : kernel (ELSA-2016-1664)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

From Red Hat Security Advisory 2016:1664 :

An update for kernel is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es) :

It was found that the RFC 5961 challenge ACK rate limiting as
implemented in the Linux kernel's networking subsystem allowed an
off-path attacker to leak certain information about a given connection
by creating congestion on the global challenge ACK rate limit counter
and then measuring the changes by probing packets. An off-path
attacker could use this flaw to either terminate TCP connection and/or
inject payload into non-secured TCP connection between two endpoints
on the network. (CVE-2016-5696, Important)

Red Hat would like to thank Yue Cao (Cyber Security Group of the CS
department of University of California in Riverside) for reporting
this issue.

Bug Fix(es) :

* When loading the Direct Rendering Manager (DRM) kernel module, the
kernel panicked if DRM was previously unloaded. The kernel panic was
caused by a memory leak of the ID Resolver (IDR2). With this update,
IDR2 is loaded during kernel boot, and the kernel panic no longer
occurs in the described scenario. (BZ#1353827)

* When more than one process attempted to use the 'configfs' directory
entry at the same time, a kernel panic in some cases occurred. With
this update, a race condition between a directory entry and a lookup
operation has been fixed. As a result, the kernel no longer panics in
the described scenario. (BZ#1353828)

* When shutting down the system by running the halt -p command, a
kernel panic occurred due to a conflict between the kernel offlining
CPUs and the sched command, which used the sched group and the sched
domain data without first checking the data. The underlying source
code has been fixed by adding a check to avoid the conflict. As a
result, the described scenario no longer results in a kernel panic.
(BZ#1343894)

* In some cases, running the ipmitool command caused a kernel panic
due to a race condition in the ipmi message handler. This update fixes
the race condition, and the kernel panic no longer occurs in the
described scenario. (BZ#1355980)

* Previously, multiple Very Secure FTP daemon (vsftpd) processes on a
directory with a large number of files led to a high contention rate
on each inode's spinlock, which caused excessive CPU usage. With this
update, a spinlock to protect a single memory-to-memory copy has been
removed from the ext4_getattr() function. As a result, system CPU
usage has been reduced and is no longer excessive in the described
situation. (BZ#1355981)

* When the gfs2_grow utility is used to extend Global File System 2
(GFS2), the next block allocation causes the GFS2 kernel module to
re-read its resource group index. If multiple processes in the GFS2
module raced to do the same thing, one process sometimes overwrote a
valid object pointer with an invalid pointer, which caused either a
kernel panic or a file system corruption. This update ensures that the
resource group object pointer is not overwritten. As a result, neither
kernel panic nor file system corruption occur in the described
scenario. (BZ#1347539)

* Previously, the SCSI Remote Protocol over InfiniBand (IB-SRP) was
disabled due to a bug in the srp_queue() function. As a consequence,
an attempt to enable the Remote Direct Memory Access (RDMA) at boot
caused the kernel to crash. With this update, srp_queue() has been
fixed, and the system now boots as expected when RDMA is enabled.
(BZ#1348062)

Enhancement(s) :

* This update optimizes the efficiency of the Transmission Control
Protocol (TCP) when the peer is using a window under 537 bytes in
size. As a result, devices that use maximum segment size (MSS) of 536
bytes or fewer will experience improved network performance.
(BZ#1354446)

See also :

https://oss.oracle.com/pipermail/el-errata/2016-August/006296.html

Solution :

Update the affected kernel packages.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2016 Tenable Network Security, Inc.

openSUSE Security Update : libidn (openSUSE-2016-1014)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This update for libidn fixes the following issues :

- CVE-2016-6262 and CVE-2015-8948: Out-of-bounds-read when
reading one zero byte as input (bsc#990189)

- CVE-2016-6261: Out-of-bounds stack read in
idna_to_ascii_4i (bsc#990190)

- CVE-2016-6263: stringprep_utf8_nfkc_normalize reject
invalid UTF-8 (bsc#990191)

- CVE-2015-2059: out-of-bounds read with stringprep on
invalid UTF-8 (bsc#923241)

This update was imported from the SUSE:SLE-12:Update update project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=923241
https://bugzilla.opensuse.org/show_bug.cgi?id=990189
https://bugzilla.opensuse.org/show_bug.cgi?id=990190
https://bugzilla.opensuse.org/show_bug.cgi?id=990191

Solution :

Update the affected libidn packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Fedora 23 : 1:mariadb (2016-c199b14cd9)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Rebase to 10.0.26

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2016-c199b14cd9

Solution :

Update the affected 1:mariadb package.

Risk factor :

High

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Fedora 23 : python (2016-970edb82d4)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Fix for CVE-2016-1000110 HTTPoxy attack

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2016-970edb82d4

Solution :

Update the affected python package.

Risk factor :

High

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Fedora 23 : kernel (2016-723350dd75)


Synopsis:

The remote Fedora host is missing a security update.

Description:

The 4.6.7 update contains a number of important fixes across the tree

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2016-723350dd75

Solution :

Update the affected kernel package.

Risk factor :

High

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Fedora 24 : kernel (2016-5e24d8c350)


Synopsis:

The remote Fedora host is missing a security update.

Description:

The 4.6.7 update contains a number of important fixes across the tree

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2016-5e24d8c350

Solution :

Update the affected kernel package.

Risk factor :

High

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Fedora 23 : postgresql (2016-5486a6dfc0)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Update to version 9.4.9 per release notes, includes security fixes for
CVE-2016-5423 and CVE-2016-5424

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2016-5486a6dfc0

Solution :

Update the affected postgresql package.

Risk factor :

High

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Fedora 24 : pagure (2016-40d5f1d3c2)


Synopsis:

The remote Fedora host is missing a security update.

Description:

CVE-2016-1000037

----

Update to 2.3.3 Be sure to read UPGRADING.rst

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2016-40d5f1d3c2

Solution :

Update the affected pagure package.

Risk factor :

High

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Fedora 24 : postgresql (2016-30b01bdedd)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Update to version 9.5.4 per release notes, includes security fixes for
CVE-2016-5423 and CVE-2016-5424

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2016-30b01bdedd

Solution :

Update the affected postgresql package.

Risk factor :

High

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial