Newest Plugins

SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3323-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

This update for the Linux Kernel 3.12.67-60_64_24 fixes several
issues. The following security issues were fixed :

- CVE-2017-16939: The XFRM dump policy implementation in
net/xfrm/xfrm_user.c allowed local users to gain
privileges or cause a denial of service (use-after-free)
via a crafted SO_RCVBUF setsockopt system call in
conjunction with XFRM_MSG_GETPOLICY Netlink messages
(bsc#1069708).

- CVE-2017-10661: Race condition in fs/timerfd.c allowed
local users to gain privileges or cause a denial of
service (list corruption or use-after-free) via
simultaneous file-descriptor operations that leverage
improper might_cancel queueing (bsc#1053153).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/1053153
https://bugzilla.suse.com/1069708
https://www.suse.com/security/cve/CVE-2017-10661.html
https://www.suse.com/security/cve/CVE-2017-16939.html
http://www.nessus.org/u?30a63925

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch
SUSE-SLE-SAP-12-SP1-2017-2085=1

SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-SP1-2017-2085=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.6
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3322-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

This update for the Linux Kernel 3.12.74-60_64_60 fixes several
issues. The following security issues were fixed :

- CVE-2017-16939: The XFRM dump policy implementation in
net/xfrm/xfrm_user.c allowed local users to gain
privileges or cause a denial of service (use-after-free)
via a crafted SO_RCVBUF setsockopt system call in
conjunction with XFRM_MSG_GETPOLICY Netlink messages
(bsc#1069708).

- CVE-2017-10661: Race condition in fs/timerfd.c allowed
local users to gain privileges or cause a denial of
service (list corruption or use-after-free) via
simultaneous file-descriptor operations that leverage
improper might_cancel queueing (bsc#1053153).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/1053153
https://bugzilla.suse.com/1069708
https://www.suse.com/security/cve/CVE-2017-10661.html
https://www.suse.com/security/cve/CVE-2017-16939.html
http://www.nessus.org/u?f768ef0c

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch
SUSE-SLE-SAP-12-SP1-2017-2081=1

SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-SP1-2017-2081=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.6
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3321-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

This update for the Linux Kernel 3.12.67-60_64_21 fixes several
issues. The following security issues were fixed :

- CVE-2017-16939: The XFRM dump policy implementation in
net/xfrm/xfrm_user.c allowed local users to gain
privileges or cause a denial of service (use-after-free)
via a crafted SO_RCVBUF setsockopt system call in
conjunction with XFRM_MSG_GETPOLICY Netlink messages
(bsc#1069708).

- CVE-2017-10661: Race condition in fs/timerfd.c allowed
local users to gain privileges or cause a denial of
service (list corruption or use-after-free) via
simultaneous file-descriptor operations that leverage
improper might_cancel queueing (bsc#1053153).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/1053153
https://bugzilla.suse.com/1069708
https://www.suse.com/security/cve/CVE-2017-10661.html
https://www.suse.com/security/cve/CVE-2017-16939.html
http://www.nessus.org/u?c3ac0543

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch
SUSE-SLE-SAP-12-SP1-2017-2079=1

SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-SP1-2017-2079=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.6
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3320-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

This update for the Linux Kernel 3.12.74-60_64_54 fixes several
issues. The following security issues were fixed :

- CVE-2017-16939: The XFRM dump policy implementation in
net/xfrm/xfrm_user.c allowed local users to gain
privileges or cause a denial of service (use-after-free)
via a crafted SO_RCVBUF setsockopt system call in
conjunction with XFRM_MSG_GETPOLICY Netlink messages
(bsc#1069708).

- CVE-2017-10661: Race condition in fs/timerfd.c allowed
local users to gain privileges or cause a denial of
service (list corruption or use-after-free) via
simultaneous file-descriptor operations that leverage
improper might_cancel queueing (bsc#1053153).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/1053153
https://bugzilla.suse.com/1069708
https://www.suse.com/security/cve/CVE-2017-10661.html
https://www.suse.com/security/cve/CVE-2017-16939.html
http://www.nessus.org/u?0ed8c248

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch
SUSE-SLE-SAP-12-SP1-2017-2077=1

SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-SP1-2017-2077=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.6
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3318-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

This update for the Linux Kernel 3.12.74-60_64_57 fixes several
issues. The following security issues were fixed :

- CVE-2017-16939: The XFRM dump policy implementation in
net/xfrm/xfrm_user.c allowed local users to gain
privileges or cause a denial of service (use-after-free)
via a crafted SO_RCVBUF setsockopt system call in
conjunction with XFRM_MSG_GETPOLICY Netlink messages
(bsc#1069708).

- CVE-2017-10661: Race condition in fs/timerfd.c allowed
local users to gain privileges or cause a denial of
service (list corruption or use-after-free) via
simultaneous file-descriptor operations that leverage
improper might_cancel queueing (bsc#1053153).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/1053153
https://bugzilla.suse.com/1069708
https://www.suse.com/security/cve/CVE-2017-10661.html
https://www.suse.com/security/cve/CVE-2017-16939.html
http://www.nessus.org/u?a863687b

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch
SUSE-SLE-SAP-12-SP1-2017-2084=1

SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-SP1-2017-2084=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.6
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3316-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

This update for the Linux Kernel 3.12.69-60_64_29 fixes several
issues. The following security issues were fixed :

- CVE-2017-16939: The XFRM dump policy implementation in
net/xfrm/xfrm_user.c allowed local users to gain
privileges or cause a denial of service (use-after-free)
via a crafted SO_RCVBUF setsockopt system call in
conjunction with XFRM_MSG_GETPOLICY Netlink messages
(bsc#1069708).

- CVE-2017-10661: Race condition in fs/timerfd.c allowed
local users to gain privileges or cause a denial of
service (list corruption or use-after-free) via
simultaneous file-descriptor operations that leverage
improper might_cancel queueing (bsc#1053153).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/1053153
https://bugzilla.suse.com/1069708
https://www.suse.com/security/cve/CVE-2017-10661.html
https://www.suse.com/security/cve/CVE-2017-16939.html
http://www.nessus.org/u?79529c50

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch
SUSE-SLE-SAP-12-SP1-2017-2080=1

SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-SP1-2017-2080=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.6
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3315-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

This update for the Linux Kernel 3.12.61-52_106 fixes several issues.
The following security issue was fixed :

- CVE-2017-15649: net/packet/af_packet.c in the Linux
kernel allowed local users to gain privileges via
crafted system calls that trigger mishandling of
packet_fanout data structures, because of a race
condition (involving fanout_add and packet_do_bind) that
leads to a use-after-free, a different vulnerability
than CVE-2017-6346 (bsc#1064388)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/1064388
https://bugzilla.suse.com/1064392
https://www.suse.com/security/cve/CVE-2017-15649.html
http://www.nessus.org/u?f633c37e

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-2017-2071=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.1
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3313-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

This update for the Linux Kernel 3.12.74-60_64_51 fixes several
issues. The following security issues were fixed :

- CVE-2017-16939: The XFRM dump policy implementation in
net/xfrm/xfrm_user.c allowed local users to gain
privileges or cause a denial of service (use-after-free)
via a crafted SO_RCVBUF setsockopt system call in
conjunction with XFRM_MSG_GETPOLICY Netlink messages
(bsc#1069708).

- CVE-2017-10661: Race condition in fs/timerfd.c allowed
local users to gain privileges or cause a denial of
service (list corruption or use-after-free) via
simultaneous file-descriptor operations that leverage
improper might_cancel queueing (bsc#1053153).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/1053153
https://bugzilla.suse.com/1069708
https://www.suse.com/security/cve/CVE-2017-10661.html
https://www.suse.com/security/cve/CVE-2017-16939.html
http://www.nessus.org/u?93dcc541

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch
SUSE-SLE-SAP-12-SP1-2017-2078=1

SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-SP1-2017-2078=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.6
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3312-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

This update for the Linux Kernel 3.12.74-60_64_45 fixes several
issues. The following security issues were fixed :

- CVE-2017-16939: The XFRM dump policy implementation in
net/xfrm/xfrm_user.c allowed local users to gain
privileges or cause a denial of service (use-after-free)
via a crafted SO_RCVBUF setsockopt system call in
conjunction with XFRM_MSG_GETPOLICY Netlink messages
(bsc#1069708).

- CVE-2017-10661: Race condition in fs/timerfd.c allowed
local users to gain privileges or cause a denial of
service (list corruption or use-after-free) via
simultaneous file-descriptor operations that leverage
improper might_cancel queueing (bsc#1053153).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/1053153
https://bugzilla.suse.com/1069708
https://www.suse.com/security/cve/CVE-2017-10661.html
https://www.suse.com/security/cve/CVE-2017-16939.html
http://www.nessus.org/u?e0cfd41f

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch
SUSE-SLE-SAP-12-SP1-2017-2083=1

SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-SP1-2017-2083=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.6
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3309-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

This update for the Linux Kernel 3.12.61-52_80 fixes several issues.
The following security issues were fixed :

- CVE-2017-16939: The XFRM dump policy implementation in
net/xfrm/xfrm_user.c allowed local users to gain
privileges or cause a denial of service (use-after-free)
via a crafted SO_RCVBUF setsockopt system call in
conjunction with XFRM_MSG_GETPOLICY Netlink messages
(bsc#1069708).

- CVE-2017-10661: Race condition in fs/timerfd.c allowed
local users to gain privileges or cause a denial of
service (list corruption or use-after-free) via
simultaneous file-descriptor operations that leverage
improper might_cancel queueing (bsc#1053153).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/1053153
https://bugzilla.suse.com/1069708
https://www.suse.com/security/cve/CVE-2017-10661.html
https://www.suse.com/security/cve/CVE-2017-16939.html
http://www.nessus.org/u?1fdcba24

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-2017-2064=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.6
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3308-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

This update for the Linux Kernel 3.12.61-52_66 fixes several issues.
The following security issues were fixed :

- CVE-2017-16939: The XFRM dump policy implementation in
net/xfrm/xfrm_user.c allowed local users to gain
privileges or cause a denial of service (use-after-free)
via a crafted SO_RCVBUF setsockopt system call in
conjunction with XFRM_MSG_GETPOLICY Netlink messages
(bsc#1069708).

- CVE-2017-10661: Race condition in fs/timerfd.c allowed
local users to gain privileges or cause a denial of
service (list corruption or use-after-free) via
simultaneous file-descriptor operations that leverage
improper might_cancel queueing (bsc#1053153).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/1053153
https://bugzilla.suse.com/1069708
https://www.suse.com/security/cve/CVE-2017-10661.html
https://www.suse.com/security/cve/CVE-2017-16939.html
http://www.nessus.org/u?feea39ed

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-2017-2059=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.6
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3307-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

This update for the Linux Kernel 3.12.61-52_101 fixes several issues.
The following security issues were fixed :

- CVE-2017-16939: The XFRM dump policy implementation in
net/xfrm/xfrm_user.c allowed local users to gain
privileges or cause a denial of service (use-after-free)
via a crafted SO_RCVBUF setsockopt system call in
conjunction with XFRM_MSG_GETPOLICY Netlink messages
(bsc#1069708).

- CVE-2017-15649: net/packet/af_packet.c allowed local
users to gain privileges via crafted system calls that
trigger mishandling of packet_fanout data structures,
because of a race condition (involving fanout_add and
packet_do_bind) that leads to a use-after-free
(bsc#1064392).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/1064388
https://bugzilla.suse.com/1064392
https://bugzilla.suse.com/1069708
https://www.suse.com/security/cve/CVE-2017-15649.html
https://www.suse.com/security/cve/CVE-2017-16939.html
http://www.nessus.org/u?a4a16309

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-2017-2061=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.0
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

This script is Copyright (C) 2017 Tenable Network Security, Inc.

SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3305-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

This update for the Linux Kernel 3.12.61-52_92 fixes several issues.
The following security issues were fixed :

- CVE-2017-16939: The XFRM dump policy implementation in
net/xfrm/xfrm_user.c allowed local users to gain
privileges or cause a denial of service (use-after-free)
via a crafted SO_RCVBUF setsockopt system call in
conjunction with XFRM_MSG_GETPOLICY Netlink messages
(bsc#1069708).

- CVE-2017-10661: Race condition in fs/timerfd.c allowed
local users to gain privileges or cause a denial of
service (list corruption or use-after-free) via
simultaneous file-descriptor operations that leverage
improper might_cancel queueing (bsc#1053153).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/1053153
https://bugzilla.suse.com/1069708
https://www.suse.com/security/cve/CVE-2017-10661.html
https://www.suse.com/security/cve/CVE-2017-16939.html
http://www.nessus.org/u?3452ac79

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-2017-2068=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.6
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3304-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

This update for the Linux Kernel 3.12.60-52_63 fixes several issues.
The following security issues were fixed :

- CVE-2017-16939: The XFRM dump policy implementation in
net/xfrm/xfrm_user.c allowed local users to gain
privileges or cause a denial of service (use-after-free)
via a crafted SO_RCVBUF setsockopt system call in
conjunction with XFRM_MSG_GETPOLICY Netlink messages
(bsc#1069708).

- CVE-2017-10661: Race condition in fs/timerfd.c allowed
local users to gain privileges or cause a denial of
service (list corruption or use-after-free) via
simultaneous file-descriptor operations that leverage
improper might_cancel queueing (bsc#1053153).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/1053153
https://bugzilla.suse.com/1069708
https://www.suse.com/security/cve/CVE-2017-10661.html
https://www.suse.com/security/cve/CVE-2017-16939.html
http://www.nessus.org/u?5ca77b85

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-2017-2058=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.6
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3303-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

This update for the Linux Kernel 3.12.61-52_89 fixes several issues.
The following security issues were fixed :

- CVE-2017-16939: The XFRM dump policy implementation in
net/xfrm/xfrm_user.c allowed local users to gain
privileges or cause a denial of service (use-after-free)
via a crafted SO_RCVBUF setsockopt system call in
conjunction with XFRM_MSG_GETPOLICY Netlink messages
(bsc#1069708).

- CVE-2017-10661: Race condition in fs/timerfd.c allowed
local users to gain privileges or cause a denial of
service (list corruption or use-after-free) via
simultaneous file-descriptor operations that leverage
improper might_cancel queueing (bsc#1053153).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/1053153
https://bugzilla.suse.com/1069708
https://www.suse.com/security/cve/CVE-2017-10661.html
https://www.suse.com/security/cve/CVE-2017-16939.html
http://www.nessus.org/u?fbe22002

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-2017-2070=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.6
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3302-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

This update for the Linux Kernel 3.12.61-52_72 fixes several issues.
The following security issues were fixed :

- CVE-2017-16939: The XFRM dump policy implementation in
net/xfrm/xfrm_user.c allowed local users to gain
privileges or cause a denial of service (use-after-free)
via a crafted SO_RCVBUF setsockopt system call in
conjunction with XFRM_MSG_GETPOLICY Netlink messages
(bsc#1069708).

- CVE-2017-10661: Race condition in fs/timerfd.c allowed
local users to gain privileges or cause a denial of
service (list corruption or use-after-free) via
simultaneous file-descriptor operations that leverage
improper might_cancel queueing (bsc#1053153).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/1053153
https://bugzilla.suse.com/1069708
https://www.suse.com/security/cve/CVE-2017-10661.html
https://www.suse.com/security/cve/CVE-2017-16939.html
http://www.nessus.org/u?5f057ea1

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-2017-2062=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.6
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3301-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

This update for the Linux Kernel 3.12.61-52_86 fixes several issues.
The following security issues were fixed :

- CVE-2017-16939: The XFRM dump policy implementation in
net/xfrm/xfrm_user.c allowed local users to gain
privileges or cause a denial of service (use-after-free)
via a crafted SO_RCVBUF setsockopt system call in
conjunction with XFRM_MSG_GETPOLICY Netlink messages
(bsc#1069708).

- CVE-2017-10661: Race condition in fs/timerfd.c allowed
local users to gain privileges or cause a denial of
service (list corruption or use-after-free) via
simultaneous file-descriptor operations that leverage
improper might_cancel queueing (bsc#1053153).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/1053153
https://bugzilla.suse.com/1069708
https://www.suse.com/security/cve/CVE-2017-10661.html
https://www.suse.com/security/cve/CVE-2017-16939.html
http://www.nessus.org/u?3f3721f0

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-2017-2066=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.6
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3299-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

This update for the Linux Kernel 3.12.61-52_77 fixes several issues.
The following security issues were fixed :

- CVE-2017-16939: The XFRM dump policy implementation in
net/xfrm/xfrm_user.c allowed local users to gain
privileges or cause a denial of service (use-after-free)
via a crafted SO_RCVBUF setsockopt system call in
conjunction with XFRM_MSG_GETPOLICY Netlink messages
(bsc#1069708).

- CVE-2017-10661: Race condition in fs/timerfd.c allowed
local users to gain privileges or cause a denial of
service (list corruption or use-after-free) via
simultaneous file-descriptor operations that leverage
improper might_cancel queueing (bsc#1053153).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/1053153
https://bugzilla.suse.com/1069708
https://www.suse.com/security/cve/CVE-2017-10661.html
https://www.suse.com/security/cve/CVE-2017-16939.html
http://www.nessus.org/u?d69323a0

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-2017-2065=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.6
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3293-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

This update for the Linux Kernel 3.12.61-52_83 fixes several issues.
The following security issues were fixed :

- CVE-2017-16939: The XFRM dump policy implementation in
net/xfrm/xfrm_user.c allowed local users to gain
privileges or cause a denial of service (use-after-free)
via a crafted SO_RCVBUF setsockopt system call in
conjunction with XFRM_MSG_GETPOLICY Netlink messages
(bsc#1069708).

- CVE-2017-10661: Race condition in fs/timerfd.c allowed
local users to gain privileges or cause a denial of
service (list corruption or use-after-free) via
simultaneous file-descriptor operations that leverage
improper might_cancel queueing (bsc#1053153).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/1053153
https://bugzilla.suse.com/1069708
https://www.suse.com/security/cve/CVE-2017-10661.html
https://www.suse.com/security/cve/CVE-2017-16939.html
http://www.nessus.org/u?5de48e9a

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-2017-2067=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.6
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3289-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

This update for the Linux Kernel 3.12.60-52_60 fixes several issues.
The following security issues were fixed :

- CVE-2017-16939: The XFRM dump policy implementation in
net/xfrm/xfrm_user.c allowed local users to gain
privileges or cause a denial of service (use-after-free)
via a crafted SO_RCVBUF setsockopt system call in
conjunction with XFRM_MSG_GETPOLICY Netlink messages
(bsc#1069708).

- CVE-2017-10661: Race condition in fs/timerfd.c allowed
local users to gain privileges or cause a denial of
service (list corruption or use-after-free) via
simultaneous file-descriptor operations that leverage
improper might_cancel queueing (bsc#1053153).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/1053153
https://bugzilla.suse.com/1069708
https://www.suse.com/security/cve/CVE-2017-10661.html
https://www.suse.com/security/cve/CVE-2017-16939.html
http://www.nessus.org/u?2014c0c1

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-2017-2060=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.6
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

SUSE SLES12 Security Update : kernel (SUSE-SU-2017:3287-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

This update for the Linux Kernel 3.12.61-52_69 fixes several issues.
The following security issues were fixed :

- CVE-2017-16939: The XFRM dump policy implementation in
net/xfrm/xfrm_user.c allowed local users to gain
privileges or cause a denial of service (use-after-free)
via a crafted SO_RCVBUF setsockopt system call in
conjunction with XFRM_MSG_GETPOLICY Netlink messages
(bsc#1069708).

- CVE-2017-10661: Race condition in fs/timerfd.c allowed
local users to gain privileges or cause a denial of
service (list corruption or use-after-free) via
simultaneous file-descriptor operations that leverage
improper might_cancel queueing (bsc#1053153).

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/1053153
https://bugzilla.suse.com/1069708
https://www.suse.com/security/cve/CVE-2017-10661.html
https://www.suse.com/security/cve/CVE-2017-16939.html
http://www.nessus.org/u?c0333217

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-2017-2063=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.6
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

RHEL 7 : JBoss EAP (RHSA-2017:3455)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

An update is now available for Red Hat JBoss Enterprise Application
Platform 7.1 for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

Red Hat JBoss Enterprise Application Platform is a platform for Java
applications based on the JBoss Application Server.

This release of Red Hat JBoss Enterprise Application Platform 7.1.0
serves as a replacement for Red Hat JBoss Enterprise Application
Platform 7.0.0, and includes bug fixes and enhancements, which are
documented in the Release Notes document linked to in the References.

Security Fix(es) :

* A Denial of Service can be caused when a long request is sent to EAP
7. (CVE-2016-7046)

* The jboss init script unsafe file handling resulting in local
privilege escalation. (CVE-2016-8656)

* A deserialization vulnerability via readValue method of ObjectMapper
which allows arbitrary code execution. (CVE-2017-7525)

* JMSObjectMessage deserializes potentially malicious objects allowing
Remote Code Execution. (CVE-2016-4978)

* Undertow is vulnerable to the injection of arbitrary HTTP headers,
and also response splitting. (CVE-2016-4993)

* The domain controller will not propagate its administrative RBAC
configuration to some slaves leading to escalate their privileges.
(CVE-2016-5406)

* Internal IP address disclosed on redirect when request header Host
field is not set. (CVE-2016-6311)

* Potential EAP resource starvation DOS attack via GET requests for
server log files. (CVE-2016-8627)

* Inefficient Header Cache could cause denial of service.
(CVE-2016-9589)

* The log file viewer allows arbitrary file read to authenticated user
via path traversal. (CVE-2017-2595)

* HTTP Request smuggling vulnerability due to permitting invalid
characters in HTTP requests. (CVE-2017-2666)

* Websocket non clean close can cause IO thread to get stuck in a
loop. (CVE-2017-2670)

* Privilege escalation with security manager's reflective permissions
when granted to Hibernate Validator. (CVE-2017-7536)

* Potential http request smuggling as Undertow parses the http headers
with unusual whitespaces. (CVE-2017-7559)

* Properties based files of the management and the application realm
are world readable allowing access to users and roles information to
all the users logged in to the system. (CVE-2017-12167)

* RBAC configuration allows users with a Monitor role to view the
sensitive information. (CVE-2016-7061)

* Improper whitespace parsing leading to potential HTTP request
smuggling. (CVE-2017-12165)

Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting
CVE-2017-7525; Calum Hutton (NCC Group) and Mikhail Egorov (Odin) for
reporting CVE-2016-4993; Luca Bueti for reporting CVE-2016-6311;
Gabriel Lavoie (Halogen Software) for reporting CVE-2016-9589; and
Gregory Ramsperger and Ryan Moak for reporting CVE-2017-2670. The
CVE-2016-5406 issue was discovered by Tomaz Cerar (Red Hat); the
CVE-2016-8627 issue was discovered by Darran Lofthouse (Red Hat) and
Brian Stansberry (Red Hat); the CVE-2017-2666 issue was discovered by
Radim Hatlapatka (Red Hat); the CVE-2017-7536 issue was discovered by
Gunnar Morling (Red Hat); the CVE-2017-7559 and CVE-2017-12165 issues
were discovered by Stuart Douglas (Red Hat); and the CVE-2017-12167
issue was discovered by Brian Stansberry (Red Hat) and Jeremy Choi
(Red Hat). Upstream acknowledges WildFly as the original reporter of
CVE-2016-6311.

See also :

https://access.redhat.com/documentation/en-us/
http://rhn.redhat.com/errata/RHSA-2017-3455.html
https://www.redhat.com/security/data/cve/CVE-2016-4978.html
https://www.redhat.com/security/data/cve/CVE-2016-4993.html
https://www.redhat.com/security/data/cve/CVE-2016-5406.html
https://www.redhat.com/security/data/cve/CVE-2016-6311.html
https://www.redhat.com/security/data/cve/CVE-2016-7046.html
https://www.redhat.com/security/data/cve/CVE-2016-7061.html
https://www.redhat.com/security/data/cve/CVE-2016-8627.html
https://www.redhat.com/security/data/cve/CVE-2016-8656.html
https://www.redhat.com/security/data/cve/CVE-2016-9589.html
https://www.redhat.com/security/data/cve/CVE-2017-2595.html
https://www.redhat.com/security/data/cve/CVE-2017-2666.html
https://www.redhat.com/security/data/cve/CVE-2017-2670.html
https://www.redhat.com/security/data/cve/CVE-2017-7525.html
https://www.redhat.com/security/data/cve/CVE-2017-7536.html
https://www.redhat.com/security/data/cve/CVE-2017-7559.html
https://www.redhat.com/security/data/cve/CVE-2017-12165.html
https://www.redhat.com/security/data/cve/CVE-2017-12167.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

RHEL 6 : JBoss EAP (RHSA-2017:3454)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

An update is now available for Red Hat JBoss Enterprise Application
Platform 7.1 for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

Red Hat JBoss Enterprise Application Platform is a platform for Java
applications based on the JBoss Application Server.

This release of Red Hat JBoss Enterprise Application Platform 7.1.0
serves as a replacement for Red Hat JBoss Enterprise Application
Platform 7.0.0, and includes bug fixes and enhancements, which are
documented in the Release Notes document linked to in the References.

Security Fix(es) :

* A Denial of Service can be caused when a long request is sent to EAP
7. (CVE-2016-7046)

* The jboss init script unsafe file handling resulting in local
privilege escalation. (CVE-2016-8656)

* A deserialization vulnerability via readValue method of ObjectMapper
which allows arbitrary code execution. (CVE-2017-7525)

* JMSObjectMessage deserializes potentially malicious objects allowing
Remote Code Execution. (CVE-2016-4978)

* Undertow is vulnerable to the injection of arbitrary HTTP headers,
and also response splitting. (CVE-2016-4993)

* The domain controller will not propagate its administrative RBAC
configuration to some slaves leading to escalate their privileges.
(CVE-2016-5406)

* Internal IP address disclosed on redirect when request header Host
field is not set. (CVE-2016-6311)

* Potential EAP resource starvation DOS attack via GET requests for
server log files. (CVE-2016-8627)

* Inefficient Header Cache could cause denial of service.
(CVE-2016-9589)

* The log file viewer allows arbitrary file read to authenticated user
via path traversal. (CVE-2017-2595)

* HTTP Request smuggling vulnerability due to permitting invalid
characters in HTTP requests. (CVE-2017-2666)

* Websocket non clean close can cause IO thread to get stuck in a
loop. (CVE-2017-2670)

* Privilege escalation with security manager's reflective permissions
when granted to Hibernate Validator. (CVE-2017-7536)

* Potential http request smuggling as Undertow parses the http headers
with unusual whitespaces. (CVE-2017-7559)

* Properties based files of the management and the application realm
are world readable allowing access to users and roles information to
all the users logged in to the system. (CVE-2017-12167)

* RBAC configuration allows users with a Monitor role to view the
sensitive information. (CVE-2016-7061)

* Improper whitespace parsing leading to potential HTTP request
smuggling. (CVE-2017-12165)

Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting
CVE-2017-7525; Calum Hutton (NCC Group) and Mikhail Egorov (Odin) for
reporting CVE-2016-4993; Luca Bueti for reporting CVE-2016-6311;
Gabriel Lavoie (Halogen Software) for reporting CVE-2016-9589; and
Gregory Ramsperger and Ryan Moak for reporting CVE-2017-2670. The
CVE-2016-5406 issue was discovered by Tomaz Cerar (Red Hat); the
CVE-2016-8627 issue was discovered by Darran Lofthouse (Red Hat) and
Brian Stansberry (Red Hat); the CVE-2017-2666 issue was discovered by
Radim Hatlapatka (Red Hat); the CVE-2017-7536 issue was discovered by
Gunnar Morling (Red Hat); the CVE-2017-7559 and CVE-2017-12165 issues
were discovered by Stuart Douglas (Red Hat); and the CVE-2017-12167
issue was discovered by Brian Stansberry (Red Hat) and Jeremy Choi
(Red Hat). Upstream acknowledges WildFly as the original reporter of
CVE-2016-6311.

See also :

https://access.redhat.com/documentation/en/
http://rhn.redhat.com/errata/RHSA-2017-3454.html
https://www.redhat.com/security/data/cve/CVE-2016-4978.html
https://www.redhat.com/security/data/cve/CVE-2016-4993.html
https://www.redhat.com/security/data/cve/CVE-2016-5406.html
https://www.redhat.com/security/data/cve/CVE-2016-6311.html
https://www.redhat.com/security/data/cve/CVE-2016-7046.html
https://www.redhat.com/security/data/cve/CVE-2016-7061.html
https://www.redhat.com/security/data/cve/CVE-2016-8627.html
https://www.redhat.com/security/data/cve/CVE-2016-8656.html
https://www.redhat.com/security/data/cve/CVE-2016-9589.html
https://www.redhat.com/security/data/cve/CVE-2017-2595.html
https://www.redhat.com/security/data/cve/CVE-2017-2666.html
https://www.redhat.com/security/data/cve/CVE-2017-2670.html
https://www.redhat.com/security/data/cve/CVE-2017-7525.html
https://www.redhat.com/security/data/cve/CVE-2017-7536.html
https://www.redhat.com/security/data/cve/CVE-2017-7559.html
https://www.redhat.com/security/data/cve/CVE-2017-12165.html
https://www.redhat.com/security/data/cve/CVE-2017-12167.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

RHEL 6 : Satellite Server (RHSA-2017:3453)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

An update for java-1.8.0-ibm is now available for Red Hat Satellite
5.8 and Red Hat Satellite 5.8 ELS.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

IBM Java SE version 8 includes the IBM Java Runtime Environment and
the IBM Java Software Development Kit.

This update upgrades IBM Java SE 8 to version 8 SR5-FP5.

Security Fix(es) :

* This update fixes multiple vulnerabilities in the IBM Java Runtime
Environment and the IBM Java Software Development Kit. Further
information about these flaws can be found on the IBM Java Security
Vulnerabilities page listed in the References section. (CVE-2016-9840,
CVE-2016-9841, CVE-2016-9842, CVE-2016-9843, CVE-2016-10165,
CVE-2017-1289, CVE-2017-3509, CVE-2017-3511, CVE-2017-3533,
CVE-2017-3539, CVE-2017-3544, CVE-2017-10053, CVE-2017-10067,
CVE-2017-10078, CVE-2017-10087, CVE-2017-10089, CVE-2017-10090,
CVE-2017-10096, CVE-2017-10101, CVE-2017-10102, CVE-2017-10105,
CVE-2017-10107, CVE-2017-10108, CVE-2017-10109, CVE-2017-10110,
CVE-2017-10115, CVE-2017-10116, CVE-2017-10243, CVE-2017-10281,
CVE-2017-10285, CVE-2017-10295, CVE-2017-10309, CVE-2017-10345,
CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349,
CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357,
CVE-2017-10388)

For details on how to apply this update, which includes the changes
described in this advisory, refer to :

https://access.redhat.com/articles/11258

For this update to take effect, Red Hat Satellite must be restarted
('/usr/sbin/rhn-satellite restart'). All running instances of IBM Java
must be restarted for this update to take effect.

See also :

http://rhn.redhat.com/errata/RHSA-2017-3453.html
https://www.redhat.com/security/data/cve/CVE-2016-9840.html
https://www.redhat.com/security/data/cve/CVE-2016-9841.html
https://www.redhat.com/security/data/cve/CVE-2016-9842.html
https://www.redhat.com/security/data/cve/CVE-2016-9843.html
https://www.redhat.com/security/data/cve/CVE-2016-10165.html
https://www.redhat.com/security/data/cve/CVE-2017-1289.html
https://www.redhat.com/security/data/cve/CVE-2017-3509.html
https://www.redhat.com/security/data/cve/CVE-2017-3511.html
https://www.redhat.com/security/data/cve/CVE-2017-3533.html
https://www.redhat.com/security/data/cve/CVE-2017-3539.html
https://www.redhat.com/security/data/cve/CVE-2017-3544.html
https://www.redhat.com/security/data/cve/CVE-2017-10053.html
https://www.redhat.com/security/data/cve/CVE-2017-10067.html
https://www.redhat.com/security/data/cve/CVE-2017-10078.html
https://www.redhat.com/security/data/cve/CVE-2017-10087.html
https://www.redhat.com/security/data/cve/CVE-2017-10089.html
https://www.redhat.com/security/data/cve/CVE-2017-10090.html
https://www.redhat.com/security/data/cve/CVE-2017-10096.html
https://www.redhat.com/security/data/cve/CVE-2017-10101.html
https://www.redhat.com/security/data/cve/CVE-2017-10102.html
https://www.redhat.com/security/data/cve/CVE-2017-10105.html
https://www.redhat.com/security/data/cve/CVE-2017-10107.html
https://www.redhat.com/security/data/cve/CVE-2017-10108.html
https://www.redhat.com/security/data/cve/CVE-2017-10109.html
https://www.redhat.com/security/data/cve/CVE-2017-10110.html
https://www.redhat.com/security/data/cve/CVE-2017-10115.html
https://www.redhat.com/security/data/cve/CVE-2017-10116.html
https://www.redhat.com/security/data/cve/CVE-2017-10243.html
https://www.redhat.com/security/data/cve/CVE-2017-10281.html
https://www.redhat.com/security/data/cve/CVE-2017-10285.html
https://www.redhat.com/security/data/cve/CVE-2017-10295.html
https://www.redhat.com/security/data/cve/CVE-2017-10309.html
https://www.redhat.com/security/data/cve/CVE-2017-10345.html
https://www.redhat.com/security/data/cve/CVE-2017-10346.html
https://www.redhat.com/security/data/cve/CVE-2017-10347.html
https://www.redhat.com/security/data/cve/CVE-2017-10348.html
https://www.redhat.com/security/data/cve/CVE-2017-10349.html
https://www.redhat.com/security/data/cve/CVE-2017-10350.html
https://www.redhat.com/security/data/cve/CVE-2017-10355.html
https://www.redhat.com/security/data/cve/CVE-2017-10356.html
https://www.redhat.com/security/data/cve/CVE-2017-10357.html
https://www.redhat.com/security/data/cve/CVE-2017-10388.html

Solution :

Update the affected java-1.8.0-ibm and / or java-1.8.0-ibm-devel
packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

openSUSE Security Update : php5 (openSUSE-2017-1371)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This update for php5 fixes the following issues :

Security issues fixed :

- CVE-2017-16642: Fix timelib_meridian error that could be
used to leak information from the interpreter
(bsc#1067441).

- CVE-2017-4025: Fix pathname truncation in
set_include_path, tempnam, rmdir, and readlink
(bsc#1067090).

- CVE-2017-9228: Fix heap out-of-bounds write that occurs
in bitset_set_range() during regex compilation
(bsc#1069606).

- CVE-2017-9229: Fix invalid pointer dereference in
left_adjust_char_head() (bsc#1069631).

This update was imported from the SUSE:SLE-12:Update update project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1067090
https://bugzilla.opensuse.org/show_bug.cgi?id=1067441
https://bugzilla.opensuse.org/show_bug.cgi?id=1069606
https://bugzilla.opensuse.org/show_bug.cgi?id=1069631

Solution :

Update the affected php5 packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

openSUSE Security Update : libapr-util1 (openSUSE-2017-1370)


Synopsis:

The remote openSUSE host is missing a security update.

Description:

This update for libapr-util1 fixes the following issues :

Security issue fixed :

- CVE-2017-12618: DoS via crafted SDBM database files in
apr_sdbm*() functions (bsc#1064990)

This update was imported from the SUSE:SLE-12:Update update project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1064990

Solution :

Update the affected libapr-util1 packages.

Risk factor :

Low / CVSS Base Score : 1.9
(CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

GLSA-201712-04 : cURL: Multiple vulnerabilities


Synopsis:

The remote Gentoo host is missing one or more security-related
patches.

Description:

The remote host is affected by the vulnerability described in GLSA-201712-04
(cURL: Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in cURL. Please review the
CVE identifiers referenced below for details.

Impact :

Remote attackers could cause a Denial of Service condition, disclose
sensitive information or other unspecified impacts.

Workaround :

There is no known workaround at this time.

See also :

https://security.gentoo.org/glsa/201712-04

Solution :

All cURL users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=net-misc/curl-7.57.0'

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

GLSA-201712-03 : OpenSSL: Multiple vulnerabilities


Synopsis:

The remote Gentoo host is missing one or more security-related
patches.

Description:

The remote host is affected by the vulnerability described in GLSA-201712-03
(OpenSSL: Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in OpenSSL. Please review
the referenced CVE identifiers for details.

Impact :

A remote attacker could cause a Denial of Service condition, recover a
private key in unlikely circumstances, circumvent security restrictions
to perform unauthorized actions, or gain access to sensitive information.

Workaround :

There are no known workarounds at this time.

See also :

https://security.gentoo.org/glsa/201712-03

Solution :

All OpenSSL users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=dev-libs/openssl-1.0.2n'

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

GLSA-201712-02 : OpenCV: Multiple vulnerabilities


Synopsis:

The remote Gentoo host is missing one or more security-related
patches.

Description:

The remote host is affected by the vulnerability described in GLSA-201712-02
(OpenCV: Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in OpenCV. Please review
the referenced CVE identifiers for details.

Impact :

An attacker can cause a denial of service condition or conduct other
memory corruption attacks.

Workaround :

There are no known workarounds at this time.

See also :

https://security.gentoo.org/glsa/201712-02

Solution :

All OpenCV users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=media-libs/opencv-2.4.13-r3'

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

GLSA-201712-01 : WebKitGTK+: Multiple vulnerabilities


Synopsis:

The remote Gentoo host is missing one or more security-related
patches.

Description:

The remote host is affected by the vulnerability described in GLSA-201712-01
(WebKitGTK+: Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in WebKitGTK+. Please
review the referenced CVE identifiers for details.

Impact :

By enticing a victim to visit maliciously crafted web content, a remote
attacker could execute arbitrary code or cause a denial of service
condition.

Workaround :

There are no known workarounds at this time.

See also :

https://security.gentoo.org/glsa/201712-01

Solution :

All WebKitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=net-libs/webkit-gtk-2.18.3'

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

FreeBSD : GitLab -- multiple vulnerabilities (e72a8864-e0bc-11e7-b627-d43d7e971a1b)


Synopsis:

The remote FreeBSD host is missing one or more security-related
updates.

Description:

GitLab reports : User without access to private Wiki can see it on the
project page Matthias Burtscher reported that it was possible for a
user to see a private Wiki on the project page without having the
corresponding permission. E-mail address disclosure through member
search fields Hugo Geoffroy reported via HackerOne that it was
possible to find out the full e-mail address of any user by
brute-forcing the member search field. Groups API leaks private
projects An internal code review discovered that users were able to
list private projects they had no access to by using the Groups API.
Cross-Site Scripting (XSS) possible by editing a comment Sylvain
Heiniger reported via HackerOne that it was possible for arbitrary
JavaScript code to be executed when editing a comment. Issue API
allows any user to create a new issue even when issues are restricted
or disabled Mohammad Hasbini reported that any user could create a new
issues in a project even when issues were disabled or restricted to
team members in the project settings.

See also :

http://www.nessus.org/u?1f594870
http://www.nessus.org/u?ae2fc238

Solution :

Update the affected packages.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

FreeBSD : node.js -- Data Confidentiality/Integrity Vulnerability, December 2017 (bea84a7a-e0c9-11e7-b4f3-11baa0c2df21)


Synopsis:

The remote FreeBSD host is missing one or more security-related
updates.

Description:

Node.js reports : Data Confidentiality/Integrity Vulnerability -
CVE-2017-15896 Node.js was affected by OpenSSL vulnerability
CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake
failure. The result was that an active network attacker could send
application data to Node.js using the TLS or HTTP2 modules in a way
that bypassed TLS authentication and encryption. Uninitialized buffer
vulnerability - CVE-2017-15897 Node.js had a bug in versions 8.X and
9.X which caused buffers to not be initialized when the encoding for
the fill value did not match the encoding specified. For example,
'Buffer.alloc(0x100, 'This is not correctly encoded', 'hex');' The
buffer implementation was updated such that the buffer will be
initialized to all zeros in these cases. Also included in OpenSSL
update - CVE 2017-3738 Note that CVE 2017-3738 of OpenSSL-1.0.2
affected Node but it was low severity.

See also :

http://www.nessus.org/u?23d8f9db
http://www.nessus.org/u?4d8ae222

Solution :

Update the affected packages.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Gallery Bank Plugin for WordPress < 2.0.20 XSS


Synopsis:

The remote web server is affected by multiple reflected cross-site
scripting vulnerabilities.

Description:

According to its self-reported version, the Gallery Bank Plugin
for WordPress running on the remote web server is prior to 2.0.20.
It is, therefore, affected by multiple reflected cross-site scripting
vulnerabilities.

A remote attacker can exploit these issues, via a specially crafted
request, to execute arbitrary code in a user's browser, within the
security context of the affected site.

Note that Nessus has not tested for this issue but has instead relied
only on the application's self-reported version number.

See also :

https://wordpress.org/plugins/gallery-bank
https://wpvulndb.com/vulnerabilities/6985
https://wpvulndb.com/vulnerabilities/6986
https://wpvulndb.com/vulnerabilities/6987

Solution :

Upgrade the Gallery Bank Plugin for WordPress to version
2.0.20 or later.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Cisco Email Security Appliance Filter Bypass Vulnerability


Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

According to its self-reported version, the Cisco Email Security
Appliance (ESA) is affected by one or more vulnerabilities. Please
see the included Cisco BIDs and the Cisco Security Advisory for more
information.

See also :

http://www.nessus.org/u?33a0a792
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvf44666

Solution :

Upgrade to the relevant fixed version referenced in Cisco bug ID
CSCvf44666.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Check_MK Internal Server Error XSS


Synopsis:

An IT monitoring application running on the remote host is affected by
a cross-site scripting vulnerability.

Description:

The version of Check_MK running on the remote web server is affected
by a reflected cross-site (XSS) scripting vulnerability in the
Internal Server Error page, due to improper encoding of error log output.
An unauthenticated, remote attacker can exploit this to execute arbitrary
script code in a user's browser session.

See also :

http://www.nessus.org/u?79bf3785

Solution :

Upgrade to Check_MK version 1.2.8p25 / 1.4.0p9 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

ESET NOD32 Antivirus for Linux Installed


Synopsis:

The remote host has an antivirus installed.

Description:

ESET NOD32 Antivirus for Linux is installed on the remote host.

See also :

https://www.eset.com/ca/home/antivirus-linux/

Solution :

n/a

Risk factor :

None

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Ubuntu 14.04 LTS / 16.04 LTS / 17.04 / 17.10 : libxml2 vulnerability (USN-3513-1)


Synopsis:

The remote Ubuntu host is missing one or more security-related
patches.

Description:

It was discovered that libxml2 incorrecty handled certain files. An
attacker could use this issue with specially constructed XML data to
cause libxml2 to consume resources, leading to a denial of service.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected packages.

Risk factor :

High

This script is Copyright (C) 2017 Tenable Network Security, Inc.

SUSE SLES12 Security Update : libapr-util1 (SUSE-SU-2017:3278-1)


Synopsis:

The remote SUSE host is missing one or more security updates.

Description:

This update for libapr-util1 fixes the following issues: Security
issue fixed :

- CVE-2017-12618: DoS via crafted SDBM database files in
apr_sdbm*() functions (bsc#1064990)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/1064990
https://www.suse.com/security/cve/CVE-2017-12618.html
http://www.nessus.org/u?6c9fce20

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t
patch SUSE-SLE-SDK-12-SP3-2017-2039=1

SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t
patch SUSE-SLE-SDK-12-SP2-2017-2039=1

SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t
patch SUSE-SLE-RPI-12-SP2-2017-2039=1

SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
SUSE-SLE-SERVER-12-SP3-2017-2039=1

SUSE Linux Enterprise Server 12-SP2:zypper in -t patch
SUSE-SLE-SERVER-12-SP2-2017-2039=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

Low / CVSS Base Score : 1.9
(CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 1.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

RHEL 6 / 7 : eap7-jboss-ec2-eap (RHSA-2017:3458)


Synopsis:

The remote Red Hat host is missing one or more security updates.

Description:

An update for eap7-jboss-ec2-eap is now available for Red Hat JBoss
Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 6 and
Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat
Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss
Enterprise Application Platform running on the Amazon Web Services
(AWS) Elastic Compute Cloud (EC2).

With this update, the eap7-jboss-ec2-eap package has been updated to
ensure compatibility with Red Hat JBoss Enterprise Application
Platform 7.1.

Refer to the JBoss Enterprise Application Platform 7.1 Release Notes,
linked to in the References section, for information on the most
significant bug fixes and enhancements included in this release.

Security Fix(es) :

* A Denial of Service can be caused when a long request is sent to EAP
7. (CVE-2016-7046)

* The jboss init script unsafe file handling resulting in local
privilege escalation. (CVE-2016-8656)

* A deserialization vulnerability via readValue method of ObjectMapper
which allows arbitrary code execution. (CVE-2017-7525)

* JMSObjectMessage deserializes potentially malicious objects allowing
Remote Code Execution. (CVE-2016-4978)

* Undertow is vulnerable to the injection of arbitrary HTTP headers,
and also response splitting. (CVE-2016-4993)

* The domain controller will not propagate its administrative RBAC
configuration to some slaves leading to escalate their privileges.
(CVE-2016-5406)

* Internal IP address disclosed on redirect when request header Host
field is not set. (CVE-2016-6311)

* Potential EAP resource starvation DOS attack via GET requests for
server log files. (CVE-2016-8627)

* Inefficient Header Cache could cause denial of service.
(CVE-2016-9589)

* The log file viewer allows arbitrary file read to authenticated user
via path traversal. (CVE-2017-2595)

* HTTP Request smuggling vulnerability due to permitting invalid
characters in HTTP requests. (CVE-2017-2666)

* Websocket non clean close can cause IO thread to get stuck in a
loop. (CVE-2017-2670)

* Privilege escalation with security manager's reflective permissions
when granted to Hibernate Validator. (CVE-2017-7536)

* Potential http request smuggling as Undertow parses the http headers
with unusual whitespaces. (CVE-2017-7559)

* Properties based files of the management and the application realm
are world readable allowing access to users and roles information to
all the users logged in to the system. (CVE-2017-12167)

* RBAC configuration allows users with a Monitor role to view the
sensitive information. (CVE-2016-7061)

* Improper whitespace parsing leading to potential HTTP request
smuggling. (CVE-2017-12165)

Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting
CVE-2017-7525; Calum Hutton (NCC Group) and Mikhail Egorov (Odin) for
reporting CVE-2016-4993; Luca Bueti for reporting CVE-2016-6311;
Gabriel Lavoie (Halogen Software) for reporting CVE-2016-9589; and
Gregory Ramsperger and Ryan Moak for reporting CVE-2017-2670. The
CVE-2016-5406 issue was discovered by Tomaz Cerar (Red Hat); the
CVE-2016-8627 issue was discovered by Darran Lofthouse (Red Hat) and
Brian Stansberry (Red Hat); the CVE-2017-2666 issue was discovered by
Radim Hatlapatka (Red Hat); the CVE-2017-7536 issue was discovered by
Gunnar Morling (Red Hat); the CVE-2017-7559 and CVE-2017-12165 issues
were discovered by Stuart Douglas (Red Hat); and the CVE-2017-12167
issue was discovered by Brian Stansberry (Red Hat) and Jeremy Choi
(Red Hat). Upstream acknowledges WildFly as the original reporter of
CVE-2016-6311.

See also :

https://access.redhat.com/documentation/en/
http://rhn.redhat.com/errata/RHSA-2017-3458.html
https://www.redhat.com/security/data/cve/CVE-2016-4978.html
https://www.redhat.com/security/data/cve/CVE-2016-4993.html
https://www.redhat.com/security/data/cve/CVE-2016-5406.html
https://www.redhat.com/security/data/cve/CVE-2016-6311.html
https://www.redhat.com/security/data/cve/CVE-2016-7046.html
https://www.redhat.com/security/data/cve/CVE-2016-7061.html
https://www.redhat.com/security/data/cve/CVE-2016-8627.html
https://www.redhat.com/security/data/cve/CVE-2016-8656.html
https://www.redhat.com/security/data/cve/CVE-2016-9589.html
https://www.redhat.com/security/data/cve/CVE-2017-2595.html
https://www.redhat.com/security/data/cve/CVE-2017-2666.html
https://www.redhat.com/security/data/cve/CVE-2017-2670.html
https://www.redhat.com/security/data/cve/CVE-2017-7525.html
https://www.redhat.com/security/data/cve/CVE-2017-7536.html
https://www.redhat.com/security/data/cve/CVE-2017-7559.html
https://www.redhat.com/security/data/cve/CVE-2017-12165.html
https://www.redhat.com/security/data/cve/CVE-2017-12167.html

Solution :

Update the affected eap7-jboss-ec2-eap and / or
eap7-jboss-ec2-eap-samples packages.

Risk factor :

High / CVSS Base Score : 7.1
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

OracleVM 3.2 : xen (OVMSA-2017-0178)


Synopsis:

The remote OracleVM host is missing one or more security updates.

Description:

The remote OracleVM system is missing necessary patches to address
critical security updates :

- From 2a99aa99fc84a45f505f84802af56b006d14c52e Mon Sep 17
00:00:00 2001 From: Andrew Cooper Date: Fri, 19 Aug 2016
15:08:10 +0100 Subject: [PATCH] xen/physmap: Do not
permit a guest to populate PoD pages for itself PoD is
supposed to be entirely transparent to guest, but this
interface has been left exposed for a long time. The use
of PoD requires careful co-ordination by the toolstack
with the XENMEM_[get,set]_pod_target hypercalls, and
xenstore ballooning target. The best a guest can do
without toolstack cooperation crash. Furthermore, there
are combinations of features (e.g. c/s c63868ff 'libxl:
disallow PCI device assignment for HVM guest when PoD is
enabled') which a toolstack might wish to explicitly
prohibit (in this case, because the two simply don't
function in combination). In such cases, the guest
mustn't be able to subvert the configuration chosen by
the toolstack.

Conflict: xen/common/memory.c

- Due to the history performance reason, we decide to
disable PoD feature in old OVM product. Please don't set
maxmem>memory XSA-246,XSA-247 [bug 27120669]
(CVE-2017-17044, CVE-2017-17045)

- x86/shadow: correct SH_LINEAR mapping detection in
sh_guess_wrmap The fix for XSA-243 / CVE-2017-15592 (c/s
bf2b4eadcf379) introduced a change in behaviour for
sh_guest_wrmap, where it had to cope with no shadow
linear mapping being present. As the name suggests,
guest_vtable is a mapping of the guests pagetable, not
Xen's pagetable, meaning that it isn't the pagetable we
need to check for the shadow linear slot in. The
practical upshot is that a shadow HVM vcpu which
switches into 4-level paging mode, with an L4 pagetable
that contains a mapping which aliases Xen's
SH_LINEAR_PT_VIRT_START will fool the safety check for
whether a SHADOW_LINEAR mapping is present. As the check
passes (when it should have failed), Xen subsequently
falls over the missing mapping with a pagefault such as:
(XEN) Pagetable walk from ffff8140a0503880: (XEN)
L4[0x102] = 000000046c218063 ffffffffffffffff (XEN)
L3[0x102] = 000000046c218063 ffffffffffffffff (XEN)
L2[0x102] = 000000046c218063 ffffffffffffffff (XEN)
L1[0x103] = 0000000000000000 ffffffffffffffff This is
part of XSA-243. (CVE-2017-15592)

- dpci: Fix a race during unbinding of MSI interrupt The
check of hvm_irq_dpci->mapping and read of flags are not
protected in same critical area, so the unbind of MSI
interrupt may intercepts between them. Like below scene:
CPU0 CPU1

---- ---- hvm_do_IRQ_dpci !test_bit(mirq,
dpci->mapping)) return 0 spin_lock(&d->event_lock)
hvm_irq_dpci->mirq[machine_gsi].flags = 0
clear_bit(machine_gsi, hvm_irq_dpci->mapping)
spin_unlock(&d->event_lock) hvm_dirq_assist
spin_lock(&d->event_lock) if (
pt_irq_need_timer(hvm_irq_dpci->mirq[pirq].flags))
set_timer spin_unlock(&d->event_lock) Then set_timer
is mistakenly called which access uninitialized timer
struct. Then page fault happen and a backtrace like
below: (XEN) Xen call trace: (XEN) []
set_timer+0x92/0x170 (XEN) []
hvm_dirq_assist+0x1c3/0x1e0 (XEN) []
do_tasklet_work_percpu+0x7f/0x120 (XEN)
[] __do_softirq+0x65/0x90 (XEN)
[] process_softirqs+0x6/0x10 (XEN)
(XEN) Pagetable walk from 0000000000000008: (XEN)
L4[0x000] = 0000002104cc1067 0000000000289430 (XEN)
L3[0x000] = 000000212ecd8067 00000000002b3447 (XEN)
L2[0x000] = 0000000000000000 ffffffffffffffff (XEN)
(XEN) **************************************** (XEN)
Panic on CPU 41: (XEN) FATAL PAGE FAULT (XEN)
[error_code=0002] (XEN) Faulting linear address:
0000000000000008 (XEN)
**************************************** This issue is
OVM3.2 only as OVM3.3 or above already has similar fix
in pt_pirq_iterate

See also :

http://www.nessus.org/u?88e7e3ea

Solution :

Update the affected xen / xen-devel / xen-tools packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.3
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now