Newest Plugins

SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2016:1374-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

This update to MozillaFirefox 38.8.0 ESR fixes the following security
issues (bsc#977333) :

- CVE-2016-2805: Miscellaneous memory safety hazards -
MFSA 2016-39 (bsc#977374)

- CVE-2016-2807: Miscellaneous memory safety hazards -
MFSA 2016-39 (bsc#977376)

- CVE-2016-2808: Write to invalid HashMap entry through
JavaScript.watch()

- MFSA 2016-47 (bsc#977386)

- CVE-2016-2814: Buffer overflow in libstagefright with
CENC offsets - MFSA 2016-44 (bsc#977381)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/977333
https://bugzilla.suse.com/977374
https://bugzilla.suse.com/977376
https://bugzilla.suse.com/977381
https://bugzilla.suse.com/977386
https://www.suse.com/security/cve/CVE-2016-2805.html
https://www.suse.com/security/cve/CVE-2016-2807.html
https://www.suse.com/security/cve/CVE-2016-2808.html
https://www.suse.com/security/cve/CVE-2016-2814.html
http://www.nessus.org/u?f72c9cc3

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE OpenStack Cloud 5 :

zypper in -t patch sleclo50sp3-MozillaFirefox-12569=1

SUSE Manager Proxy 2.1 :

zypper in -t patch slemap21-MozillaFirefox-12569=1

SUSE Manager 2.1 :

zypper in -t patch sleman21-MozillaFirefox-12569=1

SUSE Linux Enterprise Software Development Kit 11-SP4 :

zypper in -t patch sdksp4-MozillaFirefox-12569=1

SUSE Linux Enterprise Server 11-SP4 :

zypper in -t patch slessp4-MozillaFirefox-12569=1

SUSE Linux Enterprise Server 11-SP3-LTSS :

zypper in -t patch slessp3-MozillaFirefox-12569=1

SUSE Linux Enterprise Debuginfo 11-SP4 :

zypper in -t patch dbgsp4-MozillaFirefox-12569=1

SUSE Linux Enterprise Debuginfo 11-SP3 :

zypper in -t patch dbgsp3-MozillaFirefox-12569=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2016 Tenable Network Security, Inc.

SUSE SLES11 Security Update : Recommended udpate for SUSE Manager Client Tools (SUSE-SU-2016:1366-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

This update for SUSE Manager Client Tools provides the following fixes
and enhancements :

rhnlib :

- Use TLSv1_METHOD in SSL Context (bsc#970989)

suseRegisterInfo :

- Fix file permissions (bsc#970550)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/970550
https://bugzilla.suse.com/970989
http://www.nessus.org/u?842bbc8d

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 11-SP4 :

zypper in -t patch slessp4-client-tools-21-201602-12567=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Scientific Linux Security Update : libndp on SL7.x x86_64


Synopsis:

The remote Scientific Linux host is missing one or more security
updates.

Description:

Security Fix(es) :

- It was found that libndp did not properly validate and
check the origin of Neighbor Discovery Protocol (NDP)
messages. An attacker on a non-local network could use
this flaw to advertise a node as a router, allowing them
to perform man-in-the-middle attacks on a connecting
client, or disrupt the network connectivity of that
client. (CVE-2016-3698)

See also :

http://www.nessus.org/u?45dc3213

Solution :

Update the affected libndp, libndp-debuginfo and / or libndp-devel
packages.

Risk factor :

High

This script is Copyright (C) 2016 Tenable Network Security, Inc.

OracleVM 3.3 : kernel-uek (OVMSA-2016-0053)


Synopsis:

The remote OracleVM host is missing one or more security updates.

Description:

The remote OracleVM system is missing necessary patches to address
critical security updates :

- KEYS: Fix ASN.1 indefinite length object parsing This
fixes CVE-2016-0758. (David Howells) [Orabug: 23279020]
(CVE-2016-0758)

- net: add validation for the socket syscall protocol
argument (Hannes Frederic Sowa) [Orabug: 23267997]
(CVE-2015-8543) (CVE-2015-8543)

- ipv6: addrconf: validate new MTU before applying it
(Marcelo Leitner) [Orabug: 23263252] (CVE-2015-8215)

- unix: properly account for FDs passed over unix sockets
(willy tarreau) [Orabug: 23262276] (CVE-2013-4312)
(CVE-2013-4312)

See also :

https://oss.oracle.com/pipermail/oraclevm-errata/2016-May/000466.html

Solution :

Update the affected kernel-uek / kernel-uek-firmware packages.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Oracle Linux 6 / 7 : docker-engine (ELSA-2016-3568)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

Description of changes:

docker-engine
[1.10.3-1.0.3]
- CVE-2016-3697: docker: Potential privilege escalation via confusion of
usernames and UIDs [orabug 23279003]

docker-engine-selinux
[1.10.3-1.0.3]
- Rebuild with the updated docker-engine

See also :

https://oss.oracle.com/pipermail/el-errata/2016-May/006086.html
https://oss.oracle.com/pipermail/el-errata/2016-May/006087.html

Solution :

Update the affected docker-engine packages.

Risk factor :

High

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2016-3567)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

Description of changes:

kernel-uek
[2.6.32-400.37.17.el6uek]
- net: add validation for the socket syscall protocol argument (Hannes
Frederic Sowa) [Orabug: 23267965] {CVE-2015-8543} {CVE-2015-8543}
- ext4: Fix null dereference in ext4_fill_super() (Ben Hutchings)
[Orabug: 23263398] {CVE-2015-8324} {CVE-2015-8324}
- ipv6: addrconf: validate new MTU before applying it (Marcelo Leitner)
[Orabug: 23263242] {CVE-2015-8215}
- ext4: avoid hang when mounting non-journal filesystems with orphan
list (Theodore Ts'o) [Orabug: 23262201] {CVE-2015-7509}
- ext4: make orphan functions be no-op in no-journal mode (Anatol
Pomozov) [Orabug: 23262201] {CVE-2015-7509}
- unix: properly account for FDs passed over unix sockets (willy
tarreau) [Orabug: 23262258] {CVE-2013-4312} {CVE-2013-4312}

See also :

https://oss.oracle.com/pipermail/el-errata/2016-May/006084.html
https://oss.oracle.com/pipermail/el-errata/2016-May/006085.html

Solution :

Update the affected unbreakable enterprise kernel packages.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2016-3566)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

Description of changes:

[2.6.39-400.278.3.el6uek]
- net: add validation for the socket syscall protocol argument (Hannes
Frederic Sowa) [Orabug: 23267976] {CVE-2015-8543} {CVE-2015-8543}
- ipv6: addrconf: validate new MTU before applying it (Marcelo Leitner)
[Orabug: 23263251] {CVE-2015-8215}
- ext4: avoid hang when mounting non-journal filesystems with orphan
list (Theodore Ts'o) [Orabug: 23262219] {CVE-2015-7509}
- ext4: make orphan functions be no-op in no-journal mode (Anatol
Pomozov) [Orabug: 23262219] {CVE-2015-7509}
- unix: properly account for FDs passed over unix sockets (willy
tarreau) [Orabug: 23262265] {CVE-2013-4312} {CVE-2013-4312}

See also :

https://oss.oracle.com/pipermail/el-errata/2016-May/006081.html
https://oss.oracle.com/pipermail/el-errata/2016-May/006082.html

Solution :

Update the affected unbreakable enterprise kernel packages.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3565)


Synopsis:

The remote Oracle Linux host is missing one or more security updates.

Description:

Description of changes:

kernel-uek
[3.8.13-118.6.2.el7uek]
- KEYS: Fix ASN.1 indefinite length object parsing This fixes
CVE-2016-0758. (David Howells) [Orabug: 23279020] {CVE-2016-0758}
- net: add validation for the socket syscall protocol argument (Hannes
Frederic Sowa) [Orabug: 23267997] {CVE-2015-8543} {CVE-2015-8543}
- ipv6: addrconf: validate new MTU before applying it (Marcelo Leitner)
[Orabug: 23263252] {CVE-2015-8215}
- unix: properly account for FDs passed over unix sockets (willy
tarreau) [Orabug: 23262276] {CVE-2013-4312} {CVE-2013-4312}

See also :

https://oss.oracle.com/pipermail/el-errata/2016-May/006079.html
https://oss.oracle.com/pipermail/el-errata/2016-May/006080.html

Solution :

Update the affected unbreakable enterprise kernel packages.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

openSUSE Security Update : php5 (openSUSE-2016-626)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This update for php5 fixes the following security issues :

- CVE-2016-4073: A remote attacker could have caused
denial of service, or possibly execute arbitrary code,
due to incorrect handling of string length calculations
in mb_strcut() (bsc#977003)

- CVE-2015-8867: The PHP function
openssl_random_pseudo_bytes() did not return
cryptographically secure random bytes (bsc#977005)

- CVE-2016-4070: The libxml_disable_entity_loader()
setting was shared between threads, which could have
resulted in XML external entity injection and entity
expansion issues (bsc#976997)

- CVE-2015-8866: A remote attacker could have caused
denial of service due to incorrect handling of large
strings in php_raw_url_encode() (bsc#976996)

- CVE-2016-4071: A remote attacker could have caused
denial of service, or possibly execute arbitrary code,
due to incorrect handling of string formatting in
php_snmp_error() (bsc#977000)

This update was imported from the SUSE:SLE-12:Update update project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=976996
https://bugzilla.opensuse.org/show_bug.cgi?id=976997
https://bugzilla.opensuse.org/show_bug.cgi?id=977000
https://bugzilla.opensuse.org/show_bug.cgi?id=977003
https://bugzilla.opensuse.org/show_bug.cgi?id=977005

Solution :

Update the affected php5 packages.

Risk factor :

High

This script is Copyright (C) 2016 Tenable Network Security, Inc.

openSUSE Security Update : libksba (openSUSE-2016-624)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This update for libksba fixes the following issues :

Security issue fixed :

- boo#979261: OOB read access bugs remote DoS

- CVE-2016-4574: off-by-one OOB read access (incomplete
fix for CVE-2016-4356)

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=979261

Solution :

Update the affected libksba packages.

Risk factor :

Medium

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Debian DSA-3585-1 : wireshark - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

Multiple vulnerabilities were discovered in the dissectors/parsers for
PKTC, IAX2, GSM CBCH and NCP which could result in denial of service.

See also :

https://packages.debian.org/source/jessie/wireshark
http://www.debian.org/security/2016/dsa-3585

Solution :

Upgrade the wireshark packages.

For the stable distribution (jessie), these problems have been fixed
in version 1.12.1+g01b65bf-4+deb8u6.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Debian DLA-486-1 : imagemagick security update


Synopsis:

The remote Debian host is missing a security update.

Description:

Nikolay Ermishkin from the Mail.Ru Security Team and Stewie discovered
several vulnerabilities in ImageMagick, a program suite for image
manipulation. These vulnerabilities, collectively known as
ImageTragick, are the consequence of lack of sanitization of untrusted
input. An attacker with control on the image input could, with the
privileges of the user running the application, execute code
(CVE-2016-3714), make HTTP GET or FTP requests (CVE-2016-3718), or
delete (CVE-2016-3715), move (CVE-2016-3716), or read (CVE-2016-3717)
local files.

These vulnerabilities are particularly critical if Imagemagick
processes images coming from remote parties, such as part of a web
service.

The update disables the vulnerable coders (EPHEMERAL, URL, MVG, MSL,
and PLT) and indirect reads via /etc/ImageMagick/policy.xml file. In
addition, we introduce extra preventions, including some sanitization
for input filenames in http/https delegates, the full remotion of
PLT/Gnuplot decoder, and the need of explicit reference in the
filename for the insecure coders.

For the wheezy, these problems have been fixed in version
8:6.7.7.10-5+deb7u5.

We recommend that you upgrade your imagemagick packages.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues.

See also :

https://lists.debian.org/debian-lts-announce/2016/05/msg00039.html
https://packages.debian.org/source/wheezy/imagemagick

Solution :

Upgrade the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.3
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Debian DLA-485-1 : extplorer security update


Synopsis:

The remote Debian host is missing a security update.

Description:

This security update fixes a security issue in extplorer. We recommend
you upgrade your extplorer package.

- CVE-2015-5660 Cross-site request forgery (CSRF)
vulnerability allows remote attackers to hijack the
authentication of arbitrary users for requests that
execute PHP code.

Further information about Debian LTS security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues.

See also :

https://lists.debian.org/debian-lts-announce/2016/05/msg00038.html
https://packages.debian.org/source/wheezy/extplorer
https://wiki.debian.org/LTS

Solution :

Upgrade the affected extplorer package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.6
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : curl (SSA:2016-141-01)


Synopsis:

The remote Slackware host is missing a security update.

Description:

New curl packages are available for Slackware 13.0, 13.1, 13.37,
14.0, 14.1, and -current to fix a security issue.

See also :

http://www.nessus.org/u?0414682b

Solution :

Update the affected curl package.

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Moxa NPort Serial-to-Ethernet Server Multiple Vulnerabilities


Synopsis:

The remote Moxa NPort Serial-to-Ethernet server model is affected by
multiple vulnerabilities.

Description:

According to its telnet banner, the Moxa NPort Serial-to-Ethernet
server model is affected by multiple vulnerabilities :

- An information disclosure vulnerability exists that
allows an unauthenticated attacker to disclose sensitive
account information.

- A remote code execution vulnerability exists due to a
failure to authenticate firmware updates.

- An unspecified buffer overflow condition exists that
allows an attacker to execute arbitrary code.

- An unspecified cross-site scripting (XSS) vulnerability
exists that allows a remote attacker to execute
arbitrary code in the user's browser session.

- An unspecified cross-site request forgery vulnerability
(XSRF) exists that allows a remote attacker to trick
a user into making an unintentional request.

See also :

https://ics-cert.us-cert.gov/alerts/ICS-ALERT-16-099-01

Solution :

There is currently no known workaround or solution. Moxa will release
fixes for all devices in late August 2016, except for model version
6110, which is discontinued.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Moxa NPort Serial-to-Ethernet Server Detection


Synopsis:

The host is a Moxa NPort Serial-to-Ethernet server, used for
configuration or monitoring.

Description:

Nessus has detected the telnet interface for a Moxa NPort
Serial-to-Ethernet server, which is used for configuration and
monitoring.

Solution :

Restrict access to this device to authorized management addresses.

Risk factor :

None

This script is Copyright (C) 2016 Tenable Network Security, Inc.

SUSE SLES10 Security Update : openssl (SUSE-SU-2016:1360-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

This update for OpenSSL fixes the following security issues :

CVE-2016-2105: EVP_EncodeUpdate overflow (bsc#977614)

CVE-2016-2106: EVP_EncryptUpdate overflow (bsc#977615)

CVE-2016-2108: Memory corruption in the ASN.1 encoder (bsc#977617)

CVE-2016-2109: ASN.1 BIO excessive memory allocation (bsc#976942)

CVE-2016-0702: Side channel attack on modular exponentiation
'CacheBleed' (bsc#968050)

Additionally, the following non-security issues have been fixed :

Fix buffer overrun in ASN1_parse. (bsc#976943)

Allow weak DH groups. (bsc#973223)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/968050
https://bugzilla.suse.com/973223
https://bugzilla.suse.com/976942
https://bugzilla.suse.com/976943
https://bugzilla.suse.com/977614
https://bugzilla.suse.com/977615
https://bugzilla.suse.com/977617
http://www.nessus.org/u?940836c9
https://www.suse.com/security/cve/CVE-2016-0702.html
https://www.suse.com/security/cve/CVE-2016-2105.html
https://www.suse.com/security/cve/CVE-2016-2106.html
https://www.suse.com/security/cve/CVE-2016-2108.html
https://www.suse.com/security/cve/CVE-2016-2109.html
http://www.nessus.org/u?3cba1ae4

Solution :

Update the affected openssl packages

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2016 Tenable Network Security, Inc.

SUSE SLES10 Security Update : Mozilla Firefox (SUSE-SU-2016:1352-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

Mozilla Firefox was updated to fix the following vulnerabilities
(bsc#977333) :

CVE-2016-2805: Memory safety bug fixed in Firefox ESR 38.8 (MFSA
2016-39, bsc#977374)

CVE-2016-2807: Memory safety bugs fixed in Firefox ESR 45.1, Firefox
ESR 38.8 and Firefox 46 (MFSA 2016-39, bsc#977376)

CVE-2016-2808: Write to invalid HashMap entry through
JavaScript.watch() (MFSA 2016-47, bsc#977386)

CVE-2016-2814: Buffer overflow in libstagefright with CENC offsets
(MFSA 2016-44, bsc#977381)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/977333
https://bugzilla.suse.com/977374
https://bugzilla.suse.com/977376
https://bugzilla.suse.com/977381
https://bugzilla.suse.com/977386
http://www.nessus.org/u?ddee7cd3
https://www.suse.com/security/cve/CVE-2016-2805.html
https://www.suse.com/security/cve/CVE-2016-2807.html
https://www.suse.com/security/cve/CVE-2016-2808.html
https://www.suse.com/security/cve/CVE-2016-2814.html
http://www.nessus.org/u?29c554d0

Solution :

Update the affected Mozilla Firefox packages

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2016 Tenable Network Security, Inc.

OracleVM 3.4 : kernel-uek (OVMSA-2016-0052)


Synopsis:

The remote OracleVM host is missing one or more security updates.

Description:

The remote OracleVM system is missing necessary patches to address
critical security updates :

- move part of fix for 'unix: properly account for FDs
passed over unix sockets' (Chuck Anderson) [Orabug:
23294626] (CVE-2013-4312) (CVE-2013-4312)

- KEYS: Fix ASN.1 indefinite length object parsing This
fixes CVE-2016-0758. (David Howells) [Orabug: 23279022]
(CVE-2016-0758)

- uek-rpm: ol6: revert DRM for experimental or
OL6-incompatible drivers (Todd Vierling) [Orabug:
23270829]

- unix: properly account for FDs passed over unix sockets
(willy tarreau) [Orabug: 23262277] (CVE-2013-4312)
(CVE-2013-4312)

- sctp: Prevent soft lockup when sctp_accept is called
during a timeout event (Karl Heiss) [Orabug: 23222731]
(CVE-2015-8767)

See also :

https://oss.oracle.com/pipermail/oraclevm-errata/2016-May/000465.html

Solution :

Update the affected kernel-uek / kernel-uek-firmware packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2016 Tenable Network Security, Inc.

openSUSE Security Update : mercurial (openSUSE-2016-609)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This update for mercurial fixes the following issues :

Security issue fixed :

- CVE-2016-3105: Fixed arbitrary code execution whenusing
the convert extension on Git repo. (boo#978391)

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=978391

Solution :

Update the affected mercurial packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

openSUSE Security Update : librsvg (openSUSE-2016-608)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This librsvg update to version 2.40.15 fixes the following issues :

Security issues fixed :

- CVE-2016-4348: DoS parsing SVGs with circular
definitions _rsvg_css_normalize_font_size() function
(boo#977986)

Bugs fixed :

- Actually scale the image if required, regression fix
from upstream git (bgo#760262).

- Fixed bgo#759084: Don't crash when filters don't
actually exist.

- Updated our autogen.sh to use modern autotools.

- Fixed bgo#761728: Memory leak in the
PrimitiveComponentTransfer filter.

- Added basic support for the 'baseline-shift' attribute
in text objects (bgo#340047).

- Fixed some duplicate logic when rendering paths
(bgo#749415).

- Rewrote the markers engine (bgo#685906, bgo#760180).

- Refactoring of the test harness to use Glib's gtest
infrastructure, instead of using home-grown machinery.
Tests can simply be put as SVG files in the
tests/subdirectories
it is not necessary to list them
explicitly in some text file.

- Gzipped SVGs now work if read from streams.

- References to objects/filters/URIs/etc. are now handled
lazily. Also, there is a general-purpose cycle detector
so malformed SVGs don't cause infinite loops.

- Removed parsing of Adobe blend modes
they were not
implemented, anyway.

- Add project files for building on Visual Studio
(bgo#753555).

- Added an '--export-id' option to rsvg-convert(1). This
lets you select a single object to export, for example,
to pick out a group from a multi-part drawing. Note that
this is mostly useful for PNG output right now
for SVG
output we don't preserve many attributes which could be
useful in the extracted version. Doing this properly
requires an internal 'output to SVG' backend instead of
just telling Cairo to render to SVG.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=977986

Solution :

Update the affected librsvg packages.

Risk factor :

Medium

This script is Copyright (C) 2016 Tenable Network Security, Inc.

openSUSE Security Update : mysql-community-server (openSUSE-2016-607)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This mysql-community-server version update to 5.6.30 fixes the
following issues :

Security issues fixed :

- fixed CVEs (boo#962779, boo#959724): CVE-2016-0705,
CVE-2016-0639, CVE-2015-3194, CVE-2016-0640,
CVE-2016-2047, CVE-2016-0644, CVE-2016-0646,
CVE-2016-0647, CVE-2016-0648, CVE-2016-0649,
CVE-2016-0650, CVE-2016-0665, CVE-2016-0666,
CVE-2016-0641, CVE-2016-0642, CVE-2016-0655,
CVE-2016-0661, CVE-2016-0668, CVE-2016-0643

- changes
http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-
30.html
http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-
29.html

Bugs fixed :

- don't delete the log data when migration fails

- add 'log-error' and 'secure-file-priv' configuration
options (added via configuration-tweaks.tar.bz2)
[boo#963810]

- add '/etc/my.cnf.d/error_log.conf' that specifies
'log-error = /var/log/mysql/mysqld.log'. If no path is
set, the error log is written to
'/var/lib/mysql/$HOSTNAME.err', which is not picked up
by logrotate.

- add '/etc/my.cnf.d/secure_file_priv.conf' which
specifies that 'LOAD DATA', 'SELECT ... INTO' and 'LOAD
FILE()' will only work with files in the directory
specified by 'secure-file-priv' option
(='/var/lib/mysql-files').

See also :

http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-29.html
http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-30.html
https://bugzilla.opensuse.org/show_bug.cgi?id=959724
https://bugzilla.opensuse.org/show_bug.cgi?id=962779
https://bugzilla.opensuse.org/show_bug.cgi?id=963810

Solution :

Update the affected mysql-community-server packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

openSUSE Security Update : go (openSUSE-2016-606)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This go update to version 1.6 fixes the following issues :

Security issues fixed :

- CVE-2016-3959: Infinite loop in several big integer
routines (boo#974232)

- CVE-2015-8618: Carry propagation in Int.Exp Montgomery
code in math/big library (boo#960151)

Bugs fixed :

- Update to version 1.6 :

- On Linux on little-endian 64-bit PowerPC
(linux/ppc64le), Go 1.6 now supports cgo with external
linking and is roughly feature complete.

- Vendoring support

- HTTP2 transparent support

- fix gc and gccgo incompatibility regarding embedded
unexported struct types containing exported fields

- Linux on 64-bit MIPS and Android on 32-bit x86

- enforced rules for sharing Go pointers with C

- new mechanism for template reuse

- performance improvements ... and more! see more in
https://tip.golang.org/doc/go1.6

- Updated to version 1.5.2: This release includes bug
fixes to the compiler, linker, and the mime/multipart,
net, and runtime packages.
https://golang.org/doc/devel/release.html#go1.5.minor

- Updated to version 1.5.1:
This release includes bug
fixes to the go command, the compiler, assembler, and
the fmt, net/textproto, net/http, and runtime packages.
https://golang.org/doc/devel/release.html#go1.5.minor

- Update to version 1.5 :

- see https://golang.org/doc/go1.5

- install shared stdlib on x86_64

- add go.gdbinit for debug friendly

- Adapt to Leap

- use gcc5-go than go1.4 is the proper requirement for
Leap

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=960151
https://bugzilla.opensuse.org/show_bug.cgi?id=974232
https://golang.org/doc/devel/release.html#go1.5.minor
https://golang.org/doc/go1.5
https://tip.golang.org/doc/go1.6

Solution :

Update the affected go packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

openSUSE Security Update : ocaml (openSUSE-2016-605)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This update for ocaml fixes the following issues :

Security issue fixed :

- CVE-2015-8869: prevent buffer overflow and information
leak (boo#977990)

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=977990

Solution :

Update the affected ocaml packages.

Risk factor :

Medium

This script is Copyright (C) 2016 Tenable Network Security, Inc.

openSUSE Security Update : libressl (openSUSE-2016-604)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This libressl update to version 2.2.7 fixes the following issues :

Security issues fixed :

- Fix multiple vulnerabilities in libcrypto relating to
ASN.1 and encoding. [boo#978492, boo#977584]

- CVE-2015-3194: Certificate verify crash with missing PSS
parameter (boo#957815)

- CVE-2015-3195: X509_ATTRIBUTE memory leak (boo#957812)

- CVE-2015-5333: Memory Leak (boo#950707)

- CVE-2015-5334: Buffer Overflow (boo#950708)

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=950707
https://bugzilla.opensuse.org/show_bug.cgi?id=950708
https://bugzilla.opensuse.org/show_bug.cgi?id=957812
https://bugzilla.opensuse.org/show_bug.cgi?id=957815
https://bugzilla.opensuse.org/show_bug.cgi?id=977584
https://bugzilla.opensuse.org/show_bug.cgi?id=978492

Solution :

Update the affected libressl packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

openSUSE Security Update : proftpd (openSUSE-2016-603)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This proftpd update to version 1.3.5b fixes the following issues :

Security issues fixed :

- CVE-2016-3125: Fixed selection of DH groups from
TLSDHParamFile. (boo#970890)

Bugs fixed :

- update to 1.3.5b:
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.5b

- SSH RSA hostkeys smaller than 2048 bits now work
properly.

- MLSD response lines are now properly CRLF terminated.

See also :

http://www.proftpd.org/docs/RELEASE_NOTES-1.3.5b
https://bugzilla.opensuse.org/show_bug.cgi?id=970890

Solution :

Update the affected proftpd packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

openSUSE Security Update : GraphicsMagick (openSUSE-2016-602)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This update for GraphicsMagick fixes the following issues :

Security issues fixed :

- Multiple security issues in GraphicsMagick/ImageMagick
[boo#978061] (CVE-2016-3714, CVE-2016-3718,
CVE-2016-3715, CVE-2016-3717)

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=978061

Solution :

Update the affected GraphicsMagick packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

openSUSE Security Update : cacti (openSUSE-2016-601)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This update for cacti fixes the following issues :

Security issues fixed :

- CVE-2016-3172: SQL injection in tree.php (boo#971357)

- CVE-2016-3659: SQL injection in lib/functions.php
(boo#974013)

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=971357
https://bugzilla.opensuse.org/show_bug.cgi?id=974013

Solution :

Update the affected cacti package.

Risk factor :

Medium / CVSS Base Score : 6.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

openSUSE Security Update : imlib2 (openSUSE-2016-600)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This imlib2 update to version 1.4.9 fixes the following issues :

Security issues fixed :

- CVE-2011-5326: divide by 0 when drawing an ellipse of
height 1 (boo#974202)

- CVE-2014-9762: segmentation fault on images without
colormap (boo#963796)

- CVE-2014-9764: segmentation fault when opening
specifically crafted input (boo#963797)

- CVE-2014-9763: division-by-zero crashes when opening
images (boo#963800)

- CVE-2014-9771: exploitable integer overflow in
_imlib_SaveImage (boo#974854)

- CVE-2016-3994: imlib2/evas Potential DOS in giflib
loader (boo#973759)

- CVE-2016-3993: off by 1 Potential DOS (boo#973761)

- CVE-2016-4024: integer overflow resulting in
insufficient heap allocation (boo#975703)

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=963796
https://bugzilla.opensuse.org/show_bug.cgi?id=963797
https://bugzilla.opensuse.org/show_bug.cgi?id=963800
https://bugzilla.opensuse.org/show_bug.cgi?id=973759
https://bugzilla.opensuse.org/show_bug.cgi?id=973761
https://bugzilla.opensuse.org/show_bug.cgi?id=974202
https://bugzilla.opensuse.org/show_bug.cgi?id=974854
https://bugzilla.opensuse.org/show_bug.cgi?id=975703

Solution :

Update the affected imlib2 packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

openSUSE Security Update : ntp (openSUSE-2016-599)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This update for ntp to 4.2.8p7 fixes the following issues :

- CVE-2016-1547, bsc#977459: Validate crypto-NAKs, AKA:
CRYPTO-NAK DoS.

- CVE-2016-1548, bsc#977461: Interleave-pivot

- CVE-2016-1549, bsc#977451: Sybil vulnerability:
ephemeral association attack.

- CVE-2016-1550, bsc#977464: Improve NTP security against
buffer comparison timing attacks.

- CVE-2016-1551, bsc#977450: Refclock impersonation
vulnerability

- CVE-2016-2516, bsc#977452: Duplicate IPs on unconfig
directives will cause an assertion botch in ntpd.

- CVE-2016-2517, bsc#977455: remote configuration
trustedkey/ requestkey/controlkey values are not
properly validated.

- CVE-2016-2518, bsc#977457: Crafted addpeer with hmode >
7 causes array wraparound with MATCH_ASSOC.

- CVE-2016-2519, bsc#977458: ctl_getitem() return value
not always checked.

- This update also improves the fixes for: CVE-2015-7704,
CVE-2015-7705, CVE-2015-7974

Bugs fixed :

- Restrict the parser in the startup script to the first
occurrance of 'keys' and 'controlkey' in ntp.conf
(bsc#957226).

This update was imported from the SUSE:SLE-12-SP1:Update update
project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=957226
https://bugzilla.opensuse.org/show_bug.cgi?id=977446
https://bugzilla.opensuse.org/show_bug.cgi?id=977450
https://bugzilla.opensuse.org/show_bug.cgi?id=977451
https://bugzilla.opensuse.org/show_bug.cgi?id=977452
https://bugzilla.opensuse.org/show_bug.cgi?id=977455
https://bugzilla.opensuse.org/show_bug.cgi?id=977457
https://bugzilla.opensuse.org/show_bug.cgi?id=977458
https://bugzilla.opensuse.org/show_bug.cgi?id=977459
https://bugzilla.opensuse.org/show_bug.cgi?id=977461
https://bugzilla.opensuse.org/show_bug.cgi?id=977464

Solution :

Update the affected ntp packages.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:N/AC:H/Au:S/C:N/I:P/A:N)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

FreeBSD : wpa_supplicant -- psk configuration parameter update allowing arbitrary data to be written (967b852b-1e28-11e6-8dd3-002590263bf5)


Synopsis:

The remote FreeBSD host is missing a security-related update.

Description:

Jouni Malinen reports :

psk configuration parameter update allowing arbitrary data to be
written (2016-1 - CVE-2016-4476/CVE-2016-4477).

See also :

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209564
http://w1.fi/security/2016-1/psk-parameter-config-update.txt
http://www.nessus.org/u?4794f1f9

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2016 Tenable Network Security, Inc.

FreeBSD : expat -- denial of service vulnerability on malformed input (57b3aba7-1e25-11e6-8dd3-002590263bf5)


Synopsis:

The remote FreeBSD host is missing a security-related update.

Description:

Gustavo Grieco reports :

The Expat XML parser mishandles certain kinds of malformed input
documents, resulting in buffer overflows during processing and error
reporting. The overflows can manifest as a segmentation fault or as
memory corruption during a parse operation. The bugs allow for a
denial of service attack in many applications by an unauthenticated
attacker, and could conceivably result in remote code execution.

See also :

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209360
http://www.openwall.com/lists/oss-security/2016/05/17/12
http://www.nessus.org/u?c9cf7378

Solution :

Update the affected package.

Risk factor :

High

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Debian DSA-3584-1 : librsvg - security update


Synopsis:

The remote Debian host is missing a security-related update.

Description:

Gustavo Grieco discovered several flaws in the way librsvg, a
SAX-based renderer library for SVG files, parses SVG files with
circular definitions. A remote attacker can take advantage of these
flaws to cause an application using the librsvg library to crash.

See also :

https://packages.debian.org/source/jessie/librsvg
http://www.debian.org/security/2016/dsa-3584

Solution :

Upgrade the librsvg packages.

For the stable distribution (jessie), these problems have been fixed
in version 2.40.5-1+deb8u2.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 5.9
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Debian DLA-483-1 : expat security update


Synopsis:

The remote Debian host is missing a security update.

Description:

Gustavo Grieco discovered that Expat, a XML parsing C library, does
not properly handle certain kinds of malformed input documents,
resulting in buffer overflows during processing and error reporting. A
remote attacker can take advantage of this flaw to cause an
application using the Expat library to crash, or potentially, to
execute arbitrary code with the privileges of the user running the
application.

For Debian 7 'Wheezy', these problems have been fixed in version
2.1.0-1+deb7u3.

We recommend that you upgrade your expat packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues.

See also :

https://lists.debian.org/debian-lts-announce/2016/05/msg00036.html
https://packages.debian.org/source/wheezy/expat
https://wiki.debian.org/LTS

Solution :

Upgrade the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Debian DLA-482-1 : libgd2 security update


Synopsis:

The remote Debian host is missing a security update.

Description:

It was discovered that there was a stack consumption vulnerability in
the libgd2 graphics library which allowed remote attackers to cause a
denial of service via a crafted imagefilltoborder call.

For Debian 7 'Wheezy', this issue has been fixed in libgd2 version
2.0.36~rc1~dfsg-6.1+deb7u3.

We recommend that you upgrade your libgd2 packages.

NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues.

See also :

https://lists.debian.org/debian-lts-announce/2016/05/msg00035.html
https://packages.debian.org/source/wheezy/libgd2

Solution :

Upgrade the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.1
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2016 Tenable Network Security, Inc.

SSL/TLS Service Requires Client Certificate


Synopsis:

The remote service requires an SSL client certificate to establish
an SSL/TLS connection.

Description:

The remote service encrypts communications using SSL/TLS and requires
a client certificate in order to establish an SSL/TLS connection.

Solution :

n/a

Risk factor :

None

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Apple Xcode < 7.3.1 Multiple RCE (Mac OS X)


Synopsis:

An application installed on the remote Mac OS X host is affected by
multiple remote code execution vulnerabilities.

Description:

The version of Apple Xcode installed on the remote Mac OS X host is
prior to 7.3.1. It is, therefore, affected by multiple remote code
execution vulnerabilities in the bundled version of Git due to
overflow conditions in the path_name() function in revision.c that are
triggered when pushing or cloning a repository with a large filename
or containing a large number of nested trees. A remote attacker can
exploit these issues to cause a heap-based buffer overflow, resulting
in the execution of arbitrary code.

See also :

https://support.apple.com/en-us/HT206338
http://www.nessus.org/u?1dc5b9fd

Solution :

Upgrade to Apple Xcode version 7.3.1 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Symantec Antivirus Engine 20151.1.0.32 Malformed PE Header Parser Memory Access Violation (SYM16-008)


Synopsis:

An antivirus application installed on the remote host is affected by a
remote code execution vulnerability.

Description:

The version of Symantec Antivirus Engine (AVE) installed on the remote
host is 20151.1.0.32. It is, therefore, affected by a remote code
execution vulnerability due to improper parsing of malformed
portable-executable (PE) header files and executables packed with
early versions of Aspack. A remote attacker can exploit this by
convincing a user to download and scan a document or application
containing specially crafted PE header files, resulting in the
execution of arbitrary code.

See also :

http://www.nessus.org/u?ca2cdf44

Solution :

Upgrade to Symantec Antivirus Engine 20151.1.1.4 or later.

Risk factor :

High / CVSS Base Score : 8.8
(CVSS2#AV:N/AC:M/Au:N/C:N/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2016 Tenable Network Security, Inc.

HP System Management Homepage < 7.5.4.3 AddCertsToTrustCfgList DoS


Synopsis:

An application running on the remote web server is affected by a
denial of service vulnerability.

Description:

The version of HP System Management Homepage (SMH) hosted on the
remote web server is prior to 7.5.4.3. It is, therefore, affected by a
flaw in the AddCertsToTrustCfgList() function within
file mod_smh_config.so due to improper extraction of the common name
in the subject when processing X.509 certificates. An unauthenticated,
remote attacker can exploit this issue, via a crafted certificate, to
cause a denial of service condition. Note that to exploit this
vulnerability, the 'Trust Mode' setting must be configured with
'Trust All', the 'IP Restricted login' setting must allow the attacker
to access SMH, and the 'Kerberos Authorization' (Windows only) setting
must be disabled.

See also :

http://www.tenable.com/security/research/tra-2016-14

Solution :

Upgrade to HP System Management Homepage (SMH) version 7.5.4.3 or
later.

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 2.1
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2016 Tenable Network Security, Inc.

Ubuntu 12.04 LTS / 14.04 / 15.10 / 16.04 : expat vulnerability (USN-2983-1)


Synopsis:

The remote Ubuntu host is missing one or more security-related patches.

Description:

Gustavo Grieco discovered that Expat incorrectly handled malformed XML
data. If a user or application linked against Expat were tricked into
opening a crafted XML file, an attacker could cause a denial of
service, or possibly execute arbitrary code. (CVE-2016-0718).

Solution :

Update the affected lib64expat1 and / or libexpat1 packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Ubuntu Security Notice (C) 2016 Canonical, Inc. / NASL script (C) 2016 Tenable Network Security, Inc.