Newest Plugins

Juniper Junos rpd MPLS Ping Packet Handling DoS (JSA10795)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

According to its self-reported version number and configuration, the
remote Juniper Junos device is affected by a denial of service
vulnerability in the rpd daemon due to improper handling of MPLS ping
packets. An unauthenticated, remote attacker can exploit this, via a
specially crafted MPLS ping packet, to crash the rpd daemon.

Note that the device is only vulnerable if MPLS OAM is configured.

See also :

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10795

Solution :

Upgrade to the relevant Junos software release referenced in Juniper
security advisory JSA10795.

Risk factor :

Medium / CVSS Base Score : 6.1
(CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Juniper Junos ALG Fragmented Traffic Handling MS-MPC / MS-MIC Service PIC DoS (JSA10794)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

According to its self-reported version and model number, the remote
Juniper Junos device is affected by a denial of service vulnerability
in the Application Layer Gateway (ALG) that is triggered when handling
a large amount of fragmented packets. An unauthenticated, remote
attacker can exploit this to crash an MS-MPC or MS-MIC service
physical interface card (PIC).

Note that the device is only vulnerable if NAT or stateful-firewall
rules are configured with ALGs enabled

See also :

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10794

Solution :

Upgrade to the relevant Junos software release referenced in Juniper
security advisory JSA10794. Alternatively, disable NAT and the
stateful-firewall if they are not required.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Juniper Junos snmpd SNMP Packet Handling RCE (JSA10793)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

According to its self-reported version number and configuration, the
remote Juniper Junos device is affected by a remote code execution
vulnerability in the snmpd daemon due to improper handling of SNMP
packets. An unauthenticated, remote attacker can exploit this, via a
specially crafted SNMP packet, to cause a denial of service condition
or the execution of arbitrary code..

See also :

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10793

Solution :

Upgrade to the relevant Junos software release referenced in Juniper
security advisory JSA10793. Alternatively, as a workaround, disable
the SNMP service.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Juniper Junos Sockets Library Buffer Overflow Privilege Escalation (JSA10792)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

According to its self-reported version number, the remote Juniper
Junos device is affected by a privilege escalation vulnerability in
the sockets library due to a buffer overflow condition. A local
attacker can exploit this to cause a denial of service (kernel panic)
or the execution of arbitrary code with elevated privileges.

See also :

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10792

Solution :

Upgrade to the relevant Junos software release referenced in Juniper
security advisory JSA10792.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Juniper Junos SRX Integrated User Firewall Hardcoded Credentials (JSA10791)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

According to its self-reported version and configuration, the remote
Juniper Junos device has hardcoded credentials for the Integrated User
Firewall (UserFW) services authentication API. An unauthenticated,
remote attacker can exploit this to gain administrative access to the
device.

See also :

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10791

Solution :

Upgrade to the relevant Junos software release referenced in Juniper
security advisory JSA10791.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Juniper Junos SRX MACsec Feature Secure Link Failure Silent Fallback Information Disclosure (JSA10790)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

According to its self-reported version and model number, the remote
Juniper Junos device is affected by an information disclosure
vulnerability in the MACsec feature due to error reporting over an
unencrypted link when a secure link cannot be established. An adjacent
attacker can exploit this to disclose or manipulate error information.

See also :

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10790

Solution :

Upgrade to the relevant Junos software release referenced in Juniper
security advisory JSA10790.

Risk factor :

Medium / CVSS Base Score : 4.8
(CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:N)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Juniper Junos SRX DHCP flowd DHCP Packet Handling DoS (JSA10789)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

According to its self-reported version number and configuration, the
remote Juniper Junos device is affected by a denial of service
vulnerability in flowd due to improper handling of DHCP packets. An
unauthenticated, remote attacker can exploit this, via a specially
crafted DHCP packet, to crash the flowd service.

See also :

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10789

Solution :

Upgrade to the relevant Junos software release referenced in Juniper
security advisory JSA10789.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Juniper Junos Virtualized Environment Guest-To-Host Privilege Escalation (JSA10787)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

According to its self-reported version number and configuration, the
remote Juniper Junos device is affected by a privilege escalation
vulnerability when running in a virtualized environment due to
improper handling of authentication. An attacker on the Junos guest
can exploit this to escalate privileges and gain access to the host
operating system.

See also :

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10787

Solution :

Upgrade to the relevant Junos software release referenced in Juniper
security advisory JSA10787. Alternatively, as a workaround, enable
FIPS mode.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Juniper Junos Protocol Daemon (RPD) BGP OPEN Message Handling DoS (JSA10779)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

According to its self-reported version number and configuration, the
remote Juniper Junos device is affected by a denial of service
vulnerability in the routing protocol daemon (rpd) due to improper
handling of BGP OPEN messages. An unauthenticated, remote attacker can
exploit this, via a specially crafted BGP OPEN message, to repeatedly
crash and restart the rpd daemon.

See also :

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10779

Solution :

Upgrade to the relevant Junos software release referenced in Juniper
security advisory JSA10779.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Juniper Junos Multiple OpenSSL Vulnerabilities (JSA10775)


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

According to its self-reported version number, the remote Juniper
Junos device is affected by multiple vulnerabilities :

- A carry propagation error exists in the OpenSSL
component in the Broadwell-specific Montgomery
multiplication procedure when handling input lengths
divisible by but longer than 256 bits. This can result
in transient authentication and key negotiation failures
or reproducible erroneous outcomes of public-key
operations with specially crafted input. A
man-in-the-middle attacker can possibly exploit this
issue to compromise ECDH key negotiations that utilize
Brainpool P-512 curves. (CVE-2016-7055)

- An out-of-bounds read error exists in the OpenSSL
component when handling packets using the
CHACHA20/POLY1305 or RC4-MD5 ciphers. An
unauthenticated, remote attacker can exploit this, via
specially crafted truncated packets, to cause a denial
of service condition. (CVE-2017-3731)

- A carry propagating error exists in the OpenSSL
component in the x86_64 Montgomery squaring
implementation that may cause the BN_mod_exp() function
to produce incorrect results. An unauthenticated, remote
attacker with sufficient resources can exploit this to
obtain sensitive information regarding private keys.
(CVE-2017-3732)

Note that these vulnerabilities only affect devices with J-Web or the
SSL service for JUNOScript enabled.

See also :

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10775
https://www.openssl.org/news/secadv/20170126.txt

Solution :

Upgrade to the relevant Junos software release referenced in Juniper
security advisory JSA10775. Alternatively, disable the J-Web service
and use Netconf for JUNOScript rather than SSL.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

ESXi 6.0 < Build 5485776 Multiple Vulnerabilities (remote check)


Synopsis:

The remote VMware ESXi 6.0 host is affected by multiple
vulnerabilities.

Description:

The version of the remote VMware ESXi 6.0 host is prior to build
5224529. It is, therefore, affected by multiple vulnerabilities in
VMWare Tools and the bundled OpenSSL and Python packages.

See also :

http://www.nessus.org/u?e03fa029

Solution :

Apply patch ESXi600-201706101-SG according to the vendor advisory.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Ubuntu 14.04 LTS / 16.04 LTS : texlive-base vulnerability (USN-3401-1)


Synopsis:

The remote Ubuntu host is missing one or more security-related
patches.

Description:

It was discovered that TeX Live incorrectly handled certain system
commands. If a user were tricked into processing a specially crafted
TeX file, a remote attacker could execute arbitrary code.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected texlive-base and / or texlive-latex-base packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

SUSE SLED12 / SLES12 Security Update : samba / resource-agents (SUSE-SU-2017:2237-1) (Orpheus' Lyre)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

This update provides Samba 4.6.7, which fixes the following issues :

- CVE-2017-11103: Metadata were being taken from the
unauthenticated plaintext (the Ticket) rather than the
authenticated and encrypted KDC response. (bsc#1048278)

- Fix cephwrap_chdir(). (bsc#1048790)

- Fix ctdb logs to /var/log/log.ctdb instead of
/var/log/ctdb. (bsc#1048339)

- Fix inconsistent ctdb socket path. (bsc#1048352)

- Fix non-admin cephx authentication. (bsc#1048387)

- CTDB cannot start when there is no persistent database.
(bsc#1052577) The CTDB resource agent was also fixed to
not fail when the database is empty.

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/1048278
https://bugzilla.suse.com/1048339
https://bugzilla.suse.com/1048352
https://bugzilla.suse.com/1048387
https://bugzilla.suse.com/1048790
https://bugzilla.suse.com/1052577
https://bugzilla.suse.com/1054017
https://www.suse.com/security/cve/CVE-2017-11103.html
http://www.nessus.org/u?2054fcbb

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t
patch SUSE-SLE-SDK-12-SP3-2017-1367=1

SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
SUSE-SLE-SERVER-12-SP3-2017-1367=1

SUSE Linux Enterprise High Availability 12-SP3:zypper in -t patch
SUSE-SLE-HA-12-SP3-2017-1367=1

SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch
SUSE-SLE-DESKTOP-12-SP3-2017-1367=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

SUSE SLES12 Security Update : postgresql93 (SUSE-SU-2017:2236-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

Postgresql93 was updated to 9.3.18 to fix the following issues :

- CVE-2017-7547: Further restrict visibility of
pg_user_mappings.umoptions, to protect passwords stored
as user mapping options. (bsc#1051685)

- CVE-2017-7546: Disallow empty passwords in all
password-based authentication methods. (bsc#1051684)

- CVE-2017-7548: lo_put() function ignores ACLs.
(bsc#1053259) The changelog for the release is here:
https://www.postgresql.org/docs/9.3/static/release-9
-3-18.html

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/1051684
https://bugzilla.suse.com/1051685
https://bugzilla.suse.com/1053259
https://www.postgresql.org/docs/9.3/static/release-9-3-18.html
https://www.suse.com/security/cve/CVE-2017-7546.html
https://www.suse.com/security/cve/CVE-2017-7547.html
https://www.suse.com/security/cve/CVE-2017-7548.html
http://www.nessus.org/u?3da49e6c

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server for SAP 12:zypper in -t patch
SUSE-SLE-SAP-12-2017-1368=1

SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-2017-1368=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2017 Tenable Network Security, Inc.

SUSE SLES11 Security Update : MozillaFirefox, MozillaFirefox-branding-SLED, firefox-gcc5, mozilla-nss (SUSE-SU-2017:2235-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

This update for MozillaFirefox and mozilla-nss fixes the following
issues: Security issues fixed :

- Fixes in Firefox ESR 52.2 (bsc#1043960,MFSA 2017-16)

- CVE-2017-7758: Out-of-bounds read in Opus encoder

- CVE-2017-7749: Use-after-free during docshell reloading

- CVE-2017-7751: Use-after-free with content viewer
listeners

- CVE-2017-5472: Use-after-free using destroyed node when
regenerating trees

- CVE-2017-5470: Memory safety bugs fixed in Firefox 54
and Firefox ESR 52.2

- CVE-2017-7752: Use-after-free with IME input

- CVE-2017-7750: Use-after-free with track elements

- CVE-2017-7768: 32 byte arbitrary file read through
Mozilla Maintenance Service

- CVE-2017-7778: Vulnerabilities in the Graphite 2 library

- CVE-2017-7754: Out-of-bounds read in WebGL with
ImageInfo object

- CVE-2017-7755: Privilege escalation through Firefox
Installer with same directory DLL files

- CVE-2017-7756: Use-after-free and use-after-scope
logging XHR header errors

- CVE-2017-7757: Use-after-free in IndexedDB

- CVE-2017-7761: File deletion and privilege escalation
through Mozilla Maintenance Service helper.exe
application

- CVE-2017-7763: Mac fonts render some unicode characters
as spaces

- CVE-2017-7765: Mark of the Web bypass when saving
executable files

- CVE-2017-7764: Domain spoofing with combination of
Canadian Syllabics and other unicode blocks

- update to Firefox ESR 52.1 (bsc#1035082,MFSA 2017-12)

- CVE-2016-10196: Vulnerabilities in Libevent library

- CVE-2017-5443: Out-of-bounds write during BinHex
decoding

- CVE-2017-5429: Memory safety bugs fixed in Firefox 53,
Firefox ESR 45.9, and Firefox ESR 52.1

- CVE-2017-5464: Memory corruption with accessibility and
DOM manipulation

- CVE-2017-5465: Out-of-bounds read in ConvolvePixel

- CVE-2017-5466: Origin confusion when reloading isolated
data:text/html URL

- CVE-2017-5467: Memory corruption when drawing Skia
content

- CVE-2017-5460: Use-after-free in frame selection

- CVE-2017-5461: Out-of-bounds write in Base64 encoding in
NSS

- CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor

- CVE-2017-5449: Crash during bidirectional unicode
manipulation with animation

- CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA
frames are sent with incorrect data

- CVE-2017-5447: Out-of-bounds read during glyph
processing

- CVE-2017-5444: Buffer overflow while parsing
application/http-index-format content

- CVE-2017-5445: Uninitialized values used while parsing
application/http- index-format content

- CVE-2017-5442: Use-after-free during style changes

- CVE-2017-5469: Potential Buffer overflow in
flex-generated code

- CVE-2017-5440: Use-after-free in txExecutionState
destructor during XSLT processing

- CVE-2017-5441: Use-after-free with selection during
scroll events

- CVE-2017-5439: Use-after-free in nsTArray Length()
during XSLT processing

- CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT
processing

- CVE-2017-5436: Out-of-bounds write with malicious font
in Graphite 2

- CVE-2017-5435: Use-after-free during transaction
processing in the editor

- CVE-2017-5434: Use-after-free during focus handling

- CVE-2017-5433: Use-after-free in SMIL animation
functions

- CVE-2017-5432: Use-after-free in text input selection

- CVE-2017-5430: Memory safety bugs fixed in Firefox 53
and Firefox ESR 52.1

- CVE-2017-5459: Buffer overflow in WebGL

- CVE-2017-5462: DRBG flaw in NSS

- CVE-2017-5455: Sandbox escape through internal feed
reader APIs

- CVE-2017-5454: Sandbox escape allowing file system read
access through file picker

- CVE-2017-5456: Sandbox escape allowing local file system
access

- CVE-2017-5451: Addressbar spoofing with onblur event

- General

- CVE-2015-5276: Fix for C++11 std::random_device short
reads (bsc#945842) Bugfixes :

- workaround for Firefox hangs (bsc#1031485, bsc#1025108)

- Update to gcc-5-branch head.

- Includes fixes for (bsc#966220), (bsc#962765),
(bsc#964468), (bsc#939460), (bsc#930496), (bsc#930392)
and (bsc#955382).

- Add fix to revert accidential libffi ABI breakage on
AARCH64. (bsc#968771)

- Build s390[x] with --with-tune=z9-109 --with-arch=z900
on SLE11 again. (bsc#954002)

- Fix libffi include install. (bsc#935510)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/1025108
https://bugzilla.suse.com/1031485
https://bugzilla.suse.com/1035082
https://bugzilla.suse.com/1043960
https://bugzilla.suse.com/930392
https://bugzilla.suse.com/930496
https://bugzilla.suse.com/935510
https://bugzilla.suse.com/939460
https://bugzilla.suse.com/945842
https://bugzilla.suse.com/953831
https://bugzilla.suse.com/954002
https://bugzilla.suse.com/955382
https://bugzilla.suse.com/962765
https://bugzilla.suse.com/964468
https://bugzilla.suse.com/966220
https://bugzilla.suse.com/968771
https://www.suse.com/security/cve/CVE-2015-5276.html
https://www.suse.com/security/cve/CVE-2016-10196.html
https://www.suse.com/security/cve/CVE-2017-5429.html
https://www.suse.com/security/cve/CVE-2017-5430.html
https://www.suse.com/security/cve/CVE-2017-5432.html
https://www.suse.com/security/cve/CVE-2017-5433.html
https://www.suse.com/security/cve/CVE-2017-5434.html
https://www.suse.com/security/cve/CVE-2017-5435.html
https://www.suse.com/security/cve/CVE-2017-5436.html
https://www.suse.com/security/cve/CVE-2017-5438.html
https://www.suse.com/security/cve/CVE-2017-5439.html
https://www.suse.com/security/cve/CVE-2017-5440.html
https://www.suse.com/security/cve/CVE-2017-5441.html
https://www.suse.com/security/cve/CVE-2017-5442.html
https://www.suse.com/security/cve/CVE-2017-5443.html
https://www.suse.com/security/cve/CVE-2017-5444.html
https://www.suse.com/security/cve/CVE-2017-5445.html
https://www.suse.com/security/cve/CVE-2017-5446.html
https://www.suse.com/security/cve/CVE-2017-5447.html
https://www.suse.com/security/cve/CVE-2017-5448.html
https://www.suse.com/security/cve/CVE-2017-5449.html
https://www.suse.com/security/cve/CVE-2017-5451.html
https://www.suse.com/security/cve/CVE-2017-5454.html
https://www.suse.com/security/cve/CVE-2017-5455.html
https://www.suse.com/security/cve/CVE-2017-5456.html
https://www.suse.com/security/cve/CVE-2017-5459.html
https://www.suse.com/security/cve/CVE-2017-5460.html
https://www.suse.com/security/cve/CVE-2017-5461.html
https://www.suse.com/security/cve/CVE-2017-5462.html
https://www.suse.com/security/cve/CVE-2017-5464.html
https://www.suse.com/security/cve/CVE-2017-5465.html
https://www.suse.com/security/cve/CVE-2017-5466.html
https://www.suse.com/security/cve/CVE-2017-5467.html
https://www.suse.com/security/cve/CVE-2017-5469.html
https://www.suse.com/security/cve/CVE-2017-5470.html
https://www.suse.com/security/cve/CVE-2017-5472.html
https://www.suse.com/security/cve/CVE-2017-7749.html
https://www.suse.com/security/cve/CVE-2017-7750.html
https://www.suse.com/security/cve/CVE-2017-7751.html
https://www.suse.com/security/cve/CVE-2017-7752.html
https://www.suse.com/security/cve/CVE-2017-7754.html
https://www.suse.com/security/cve/CVE-2017-7755.html
https://www.suse.com/security/cve/CVE-2017-7756.html
https://www.suse.com/security/cve/CVE-2017-7757.html
https://www.suse.com/security/cve/CVE-2017-7758.html
https://www.suse.com/security/cve/CVE-2017-7761.html
https://www.suse.com/security/cve/CVE-2017-7763.html
https://www.suse.com/security/cve/CVE-2017-7764.html
https://www.suse.com/security/cve/CVE-2017-7765.html
https://www.suse.com/security/cve/CVE-2017-7768.html
https://www.suse.com/security/cve/CVE-2017-7778.html
http://www.nessus.org/u?1976b0d7

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t
patch sdksp4-MozillaFirefox-13237=1

SUSE Linux Enterprise Server 11-SP4:zypper in -t patch
slessp4-MozillaFirefox-13237=1

SUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch
slessp3-MozillaFirefox-13237=1

SUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch
sleposp3-MozillaFirefox-13237=1

SUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch
dbgsp4-MozillaFirefox-13237=1

SUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch
dbgsp3-MozillaFirefox-13237=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2017 Tenable Network Security, Inc.

SUSE SLED12 Security Update : freerdp (SUSE-SU-2017:2234-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

This update for freerdp fixes the following issues :

- CVE-2017-2834: Out-of-bounds write in license_recv()
(bsc#1050714)

- CVE-2017-2835: Out-of-bounds write in rdp_recv_tpkt_pdu
(bsc#1050712)

- CVE-2017-2836: Rdp Client Read Server Proprietary
Certificate Denial of Service (bsc#1050699)

- CVE-2017-2837: Client GCC Read Server Security Data DoS
(bsc#1050704)

- CVE-2017-2838: Client License Read Product Info Denial
of Service Vulnerability (bsc#1050708)

- CVE-2017-2839: Client License Read Challenge Packet
Denial of Service (bsc#1050711)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/1050699
https://bugzilla.suse.com/1050704
https://bugzilla.suse.com/1050708
https://bugzilla.suse.com/1050711
https://bugzilla.suse.com/1050712
https://bugzilla.suse.com/1050714
https://www.suse.com/security/cve/CVE-2017-2834.html
https://www.suse.com/security/cve/CVE-2017-2835.html
https://www.suse.com/security/cve/CVE-2017-2836.html
https://www.suse.com/security/cve/CVE-2017-2837.html
https://www.suse.com/security/cve/CVE-2017-2838.html
https://www.suse.com/security/cve/CVE-2017-2839.html
http://www.nessus.org/u?8a1ca2f4

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch
SUSE-SLE-WE-12-SP3-2017-1365=1

SUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch
SUSE-SLE-WE-12-SP2-2017-1365=1

SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t
patch SUSE-SLE-SDK-12-SP3-2017-1365=1

SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t
patch SUSE-SLE-SDK-12-SP2-2017-1365=1

SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch
SUSE-SLE-DESKTOP-12-SP3-2017-1365=1

SUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch
SUSE-SLE-DESKTOP-12-SP2-2017-1365=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.6
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

RHEL 6 / 7 : JBoss Web Server (RHSA-2017:2493)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

An update is now available for Red Hat JBoss Enterprise Web Server
2.1.2 for Red Hat Enterprise Linux 6 and Red Hat JBoss Enterprise Web
Server 2.1.2 for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL)
and Transport Layer Security (TLS) protocols, as well as a
full-strength general-purpose cryptography library.

Apache Tomcat is a servlet container for the Java Servlet and
JavaServer Pages (JSP) technologies.

This release provides an update to OpenSSL and Tomcat 6/7 for Red Hat
JBoss Web Server 2.1.2. The updates are documented in the Release
Notes document linked to in the References.

Users of Red Hat JBoss Web Server 2.1.2 should upgrade to these
updated packages, which resolve several security issues.

Security Fix(es) :

* A memory leak flaw was found in the way OpenSSL handled TLS status
request extension data during session renegotiation. A remote attacker
could cause a TLS server using OpenSSL to consume an excessive amount
of memory and, possibly, exit unexpectedly after exhausting all
available memory, if it enabled OCSP stapling support. (CVE-2016-6304)

* A vulnerability was discovered in tomcat's handling of pipelined
requests when 'Sendfile' was used. If sendfile processing completed
quickly, it was possible for the Processor to be added to the
processor cache twice. This could lead to invalid responses or
information disclosure. (CVE-2017-5647)

* A vulnerability was discovered in the error page mechanism in
Tomcat's DefaultServlet implementation. A crafted HTTP request could
cause undesired side effects, possibly including the removal or
replacement of the custom error page. (CVE-2017-5664)

* A denial of service flaw was found in the way the TLS/SSL protocol
defined processing of ALERT packets during a connection handshake. A
remote attacker could use this flaw to make a TLS/SSL server consume
an excessive amount of CPU and fail to accept connections from other
clients. (CVE-2016-8610)

Red Hat would like to thank the OpenSSL project for reporting
CVE-2016-6304 and Shi Lei (Gear Team of Qihoo 360 Inc.) for reporting
CVE-2016-8610. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360
Inc.) as the original reporter of CVE-2016-6304.

See also :

https://access.redhat.com/articles/3155411
http://rhn.redhat.com/errata/RHSA-2017-2493.html
https://www.redhat.com/security/data/cve/CVE-2016-6304.html
https://www.redhat.com/security/data/cve/CVE-2016-8610.html
https://www.redhat.com/security/data/cve/CVE-2017-5647.html
https://www.redhat.com/security/data/cve/CVE-2017-5664.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 5.8
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

FreeBSD : SquirrelMail -- post-authentication remote code execution (e1de77e8-c45e-48d7-8866-5a6f943046de)


Synopsis:

The remote FreeBSD host is missing a security-related update.

Description:

SquirrelMail developers report :

SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN)
allows post-authentication remote code execution via a sendmail.cf
file that is mishandled in a popen call. It's possible to exploit this
vulnerability to execute arbitrary shell commands on the remote
server.

See also :

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7692
http://www.nessus.org/u?97098a97

Solution :

Update the affected package.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

FreeBSD : pspp -- multiple vulnerabilities (6876b163-8708-11e7-8568-e8e0b747a45a)


Synopsis:

The remote FreeBSD host is missing a security-related update.

Description:

CVE Details reports :

- There is an Integer overflow in the hash_int function of the libpspp
library in GNU PSPP 0.10.5-pre2 (CVE-2017-10791).

- There is a NULL pointer Dereference in the function ll_insert() of
the libpspp library in GNU PSPP 0.10.5-pre2 (CVE-2017-10792).

- There is an illegal address access in the function output_hex() in
data/data-out.c of the libpspp library in GNU PSPP 0.11.0 that will
lead to remote denial of service (CVE-2017-12958).

- There is a reachable assertion abort in the function
dict_add_mrset() in data/dictionary.c of the libpspp library in GNU
PSPP 0.11.0 that will lead to a remote denial of service attack
(CVE-2017-12959).

- There is a reachable assertion abort in the function
dict_rename_var() in data/dictionary.c of the libpspp library in GNU
PSPP 0.11.0 that will lead to remote denial of service
(CVE-2017-12960).

- There is an assertion abort in the function parse_attributes() in
data/sys-file-reader.c of the libpspp library in GNU PSPP 0.11.0 that
will lead to remote denial of service (CVE-2017-12961).

See also :

http://www.nessus.org/u?3ba60392
http://www.nessus.org/u?3d00b845

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

FreeBSD : salt -- Maliciously crafted minion IDs can cause unwanted directory traversals on the Salt-master (3531141d-a708-477c-954a-2a0549e49ca9)


Synopsis:

The remote FreeBSD host is missing one or more security-related
updates.

Description:

SaltStack reports :

Correct a flaw in minion id validation which could allow certain
minions to authenticate to a master despite not having the correct
credentials. To exploit the vulnerability, an attacker must create a
salt-minion with an ID containing characters that will cause a
directory traversal. Credit for discovering the security flaw goes to:
Vernhk@qq.com

See also :

https://docs.saltstack.com/en/latest/topics/releases/2017.7.1.html
https://docs.saltstack.com/en/latest/topics/releases/2016.11.7.html
http://www.nessus.org/u?8010f860

Solution :

Update the affected packages.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

FreeBSD : dnsdist -- multiple vulnerabilities (198d82f3-8777-11e7-950a-e8e0b747a45a)


Synopsis:

The remote FreeBSD host is missing a security-related update.

Description:

PowerDNS Security Advisory reports :

The first issue can lead to a denial of service on 32-bit if a backend
sends crafted answers, and the second to an alteration of dnsdist's
ACL if the API is enabled, writable and an authenticated user is
tricked into visiting a crafted website.

See also :

https://dnsdist.org/security-advisories/index.html
http://www.nessus.org/u?ee636969

Solution :

Update the affected package.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

FreeBSD : evince and atril -- command injection vulnerability in CBT handler (01a197ca-67f1-11e7-a266-28924a333806)


Synopsis:

The remote FreeBSD host is missing one or more security-related
updates.

Description:

GNOME reports :

The comic book backend in evince 3.24.0 (and earlier) is vulnerable to
a command injection bug that can be used to execute arbitrary commands
when a CBT file is opened.

The same vulnerabilty affects atril, the Evince fork.

See also :

https://bugzilla.gnome.org/show_bug.cgi?id=784630
https://github.com/mate-desktop/atril/issues/257
http://www.nessus.org/u?5cdda49c

Solution :

Update the affected packages.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Fedora 26 : xen (2017-f336ba205d)


Synopsis:

The remote Fedora host is missing a security update.

Description:

Qemu: serial: host memory leakage 16550A UART emulation
[CVE-2017-5579] (#1416162) Qemu: display: cirrus: OOB read access
issue [CVE-2017-7718] (#1443444) xen: various flaws (#1481765)
multiple problems with transitive grants [XSA-226, CVE-2017-12135]
x86: PV privilege escalation via map_grant_ref [XSA-227,
CVE-2017-12137] grant_table: Race conditions with maptrack free list
handling [XSA-228, CVE-2017-12136] grant_table: possibly premature
clearing of GTF_writing / GTF_reading [XSA-230, CVE-2017-12855]

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.

See also :

https://bodhi.fedoraproject.org/updates/FEDORA-2017-f336ba205d

Solution :

Update the affected xen package.

Risk factor :

Medium / CVSS Base Score : 4.9
(CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Debian DSA-3952-1 : libxml2 - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

Several vulnerabilities were discovered in libxml2, a library
providing support to read, modify and write XML and HTML files. A
remote attacker could provide a specially crafted XML or HTML file
that, when processed by an application using libxml2, would cause a
denial-of-service against the application, information leaks, or
potentially, the execution of arbitrary code with the privileges of
the user running the application.

See also :

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863018
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863019
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863021
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863022
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870865
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870867
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870870
https://packages.debian.org/source/jessie/libxml2
https://packages.debian.org/source/stretch/libxml2
http://www.debian.org/security/2017/dsa-3952

Solution :

Upgrade the libxml2 packages.

For the oldstable distribution (jessie), these problems have been
fixed in version 2.9.1+dfsg1-5+deb8u5.

For the stable distribution (stretch), these problems have been fixed
in version 2.9.4+dfsg1-2.2+deb9u1.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Debian DSA-3951-1 : smb4k - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

Sebastian Krahmer discovered that a programming error in the mount
helper binary of the Smb4k Samba network share browser may result in
local privilege escalation.

See also :

https://packages.debian.org/source/jessie/smb4k
http://www.debian.org/security/2017/dsa-3951

Solution :

Upgrade the smb4k packages.

For the oldstable distribution (jessie), this problem has been fixed
in version 1.2.1-2~deb8u1.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Microsoft Windows Search Remote Code Execution Vulnerability (CVE-2017-8543)


Synopsis:

It was possible to overflow an allocated buffer by sending crafted
windows search protocol packets.

Description:

By sending two malformed Windows Search Protocol packets over SMB,
Nessus was able to overflow an allocated buffer.

See also :

http://www.nessus.org/u?33c94e8d

Solution :

Microsoft has released a set of patches for Windows 2008, 2008 R2, 2012,
8.1, RT 8.1, 2012 R2, 10, and 2016.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Foxit PhantomPDF < 7.3.15 Multiple Vulnerabilities


Synopsis:

A PDF toolkit installed on the remote Windows host is affected by
multiple vulnerabilities.

Description:

According to its version, the Foxit PhantomPDF application (formally
known as Phantom) installed on the remote Windows host is prior to
7.3.15. It is, therefore, affected by multiple vulnerabilities :

- An unspecified NULL pointer dereference flaw allows an
unauthenticated, remote attacker to cause a crash. (VulnDB 161627)

- An unspecified flaw related to use of uninitialized memory allows
an unauthenticated, remote attacker to cause a crash.
(VulnDB 161628)

- An unspecified flaw in the Trust Manager causes the setting to
disable JavaScript actions to be ignored, thus allowing an
unauthenticated, remote attacker to execute arbitrary JavaScript
functions. (VulnDB 161629)

- An unspecified use-after-free error exists that allows an
unauthenticated, remote attacker to dereference already freed
memory, resulting in a denial of service or the execution of
arbitrary code. (VulnDB 161630)

- An unspecified out-of-bounds read flaw allows an unauthenticated,
remote attacker to disclose potentially sensitive information.
(VULNDB 161631)

- An unspecified out-of-bounds write flaw allows an unauthenticated,
remote attacker to execute arbitrary code. (VULNDB 161631)

See also :

https://www.foxitsoftware.com/support/security-bulletins.php

Solution :

Upgrade to Foxit PhantomPDF version 7.3.15 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : augeas vulnerability (USN-3400-1)


Synopsis:

The remote Ubuntu host is missing one or more security-related
patches.

Description:

It was discovered that Augeas incorrectly handled certain strings. An
attacker could use this issue to cause Augeas to crash, leading to a
denial of service, or possibly execute arbitrary code.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected augeas-tools and / or libaugeas0 packages.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 5.3
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Ubuntu Security Notice (C) 2017 Canonical, Inc. / NASL script (C) 2017 Tenable Network Security, Inc.

Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : cvs vulnerability (USN-3399-1)


Synopsis:

The remote Ubuntu host is missing a security-related patch.

Description:

Hank Leininger discovered that cvs did not properly handle SSH for
remote repositories. A remote attacker could use this to construct a
cvs repository that when accessed could run arbitrary code with the
privileges of the user.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected cvs package.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.8
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available : true

Ubuntu Security Notice (C) 2017 Canonical, Inc. / NASL script (C) 2017 Tenable Network Security, Inc.

Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : graphite2 vulnerabilities (USN-3398-1)


Synopsis:

The remote Ubuntu host is missing a security-related patch.

Description:

Holger Fuhrmannek and Tyson Smith discovered that graphite2
incorrectly handled certain malformed fonts. If a user or automated
system were tricked into opening a specially crafted font file, a
remote attacker could use this issue to cause graphite2 to crash,
resulting in a denial of service, or possibly execute arbitrary code.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected libgraphite2-3 package.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Ubuntu Security Notice (C) 2017 Canonical, Inc. / NASL script (C) 2017 Tenable Network Security, Inc.

Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : strongswan vulnerability (USN-3397-1)


Synopsis:

The remote Ubuntu host is missing one or more security-related
patches.

Description:

It was discovered that strongSwan incorrectly handled verifying
specific RSA signatures. A remote attacker could use this issue to
cause strongSwan to crash, resulting in a denial of service.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected libstrongswan and / or strongswan packages.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 5.8
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Ubuntu Security Notice (C) 2017 Canonical, Inc. / NASL script (C) 2017 Tenable Network Security, Inc.

Scientific Linux Security Update : xmlsec1 on SL7.x x86_64


Synopsis:

The remote Scientific Linux host is missing one or more security
updates.

Description:

Security Fix(es) :

- It was discovered xmlsec1's use of libxml2 inadvertently
enabled external entity expansion (XXE) along with
validation. An attacker could craft an XML file that
would cause xmlsec1 to try and read local files or
HTTP/FTP URLs, leading to information disclosure or
denial of service. (CVE-2017-1000061)

See also :

http://www.nessus.org/u?075bd29d

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Scientific Linux Security Update : mercurial on SL7.x x86_64


Synopsis:

The remote Scientific Linux host is missing one or more security
updates.

Description:

Security Fix(es) :

- A vulnerability was found in the way Mercurial handles
path auditing and caches the results. An attacker could
abuse a repository with a series of commits mixing
symlinks and regular files/directories to trick
Mercurial into writing outside of a given repository.
(CVE-2017-1000115)

- A shell command injection flaw related to the handling
of 'ssh' URLs has been discovered in Mercurial. This can
be exploited to execute shell commands with the
privileges of the user running the Mercurial client, for
example, when performing a 'checkout' or 'update' action
on a sub- repository within a malicious repository or a
legitimate repository containing a malicious commit.
(CVE-2017-1000116)

See also :

http://www.nessus.org/u?24bf8c54

Solution :

Update the affected packages.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Scientific Linux Security Update : groovy on SL7.x (noarch)


Synopsis:

The remote Scientific Linux host is missing one or more security
updates.

Description:

Security Fix(es) :

- It was found that a flaw in Apache groovy library allows
remote code execution wherever deserialization occurs in
the application. It is possible for an attacker to craft
a special serialized object that will execute code
directly when deserialized. All applications which rely
on serialization and do not isolate the code which
deserializes objects are subject to this vulnerability.
(CVE-2016-6814)

See also :

http://www.nessus.org/u?ade748c9

Solution :

Update the affected groovy and / or groovy-javadoc packages.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Scientific Linux Security Update : git on SL7.x x86_64


Synopsis:

The remote Scientific Linux host is missing one or more security
updates.

Description:

Security Fix(es) :

- A shell command injection flaw related to the handling
of 'ssh' URLs has been discovered in Git. An attacker
could use this flaw to execute shell commands with the
privileges of the user running the Git client, for
example, when performing a 'clone' action on a malicious
repository or a legitimate repository containing a
malicious commit. (CVE-2017-1000117)

See also :

http://www.nessus.org/u?59432b89

Solution :

Update the affected packages.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Scientific Linux Security Update : subversion on SL7.x x86_64


Synopsis:

The remote Scientific Linux host is missing one or more security
updates.

Description:

Security Fix(es) :

- A shell command injection flaw related to the handling
of 'svn+ssh' URLs has been discovered in Subversion. An
attacker could use this flaw to execute shell commands
with the privileges of the user running the Subversion
client, for example when performing a 'checkout' or
'update' action on a malicious repository, or a
legitimate repository containing a malicious commit.
(CVE-2017-9800)

See also :

http://www.nessus.org/u?defae32f

Solution :

Update the affected packages.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Scientific Linux Security Update : spice on SL7.x x86_64


Synopsis:

The remote Scientific Linux host is missing one or more security
updates.

Description:

Security Fix(es) :

- A vulnerability was discovered in spice server's
protocol handling. An authenticated attacker could send
specially crafted messages to the spice server, causing
out-of-bounds memory accesses, leading to parts of
server memory being leaked or a crash. (CVE-2017-7506)

This issue was discovered by Frediano Ziglio (Red Hat).

See also :

http://www.nessus.org/u?1ecd023f

Solution :

Update the affected spice-debuginfo, spice-server and / or
spice-server-devel packages.

Risk factor :

Medium / CVSS Base Score : 6.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Scientific Linux Security Update : qemu-kvm on SL7.x x86_64


Synopsis:

The remote Scientific Linux host is missing one or more security
updates.

Description:

Security Fix(es) :

- Quick Emulator (QEMU) built with the Network Block
Device (NBD) Server support is vulnerable to a crash via
a SIGPIPE signal. The crash can occur if a client aborts
a connection due to any failure during negotiation or
read operation. A remote user/process could use this
flaw to crash the qemu-nbd server resulting in a DoS.
(CVE-2017-10664)

See also :

http://www.nessus.org/u?37debd50

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Scientific Linux Security Update : libsoup on SL7.x x86_64


Synopsis:

The remote Scientific Linux host is missing one or more security
updates.

Description:

Security Fix(es) :

- A stack-based buffer overflow flaw was discovered within
the HTTP processing of libsoup. A remote attacker could
exploit this flaw to cause a crash or, potentially,
execute arbitrary code by sending a specially crafted
HTTP request to a server using the libsoup HTTP server
functionality or by tricking a user into connecting to a
malicious HTTP server with an application using the
libsoup HTTP client functionality. (CVE-2017-2885)

See also :

http://www.nessus.org/u?ebcf0907

Solution :

Update the affected libsoup, libsoup-debuginfo and / or libsoup-devel
packages.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Scientific Linux Security Update : kernel on SL7.x x86_64


Synopsis:

The remote Scientific Linux host is missing one or more security
updates.

Description:

Security Fix(es) :

- A race condition was found in the Linux kernel, present
since v3.14-rc1 through v4.12. The race happens between
threads of inotify_handle_event() and vfs_rename() while
running the rename operation against the same file. As a
result of the race the next slab data or the slab's free
list pointer can be corrupted with attacker-controlled
data. (CVE-2017-7533, Important)

Bug Fix(es) :

- Previously, direct I/O read operations going past EOF
returned an invalid error number, instead of reading 0
bytes and returning success, if these operations were in
same XFS block with EOF. Consequently, creating multiple
VMs from a Scientific Linux 7.4 template caused all the
VMs to become unresponsive in the 'Image Locked' state.
This update fixes the direct I/O feature of the file
system, and VMs created from a Scientific Linux 7.4
template now work as expected.

- This kernel is signed with the new Secure Boot key.

See also :

http://www.nessus.org/u?3ddae0ec

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now