New RED HAT Security Bulletin

RED HAT Security Bulletin 20170717-0949

RED HAT Security Bulletin

RHSA-2017:1739

    CVE-2017-7400:
    • A cross-site scripting flaw was discovered in the OpenStack dashboard (horizon) which allowed remote authenticated administrators to conduct XSS attacks using a crafted federation mapping rule. For this flaw to be exploited, federation mapping must be enabled in the dashboard.

RHSA-2017:1731

    CVE-2017-3080, CVE-2017-3099, -3100:
    • This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.

RHSA-2017:1723

    CVE-2017-7895:
    • The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.

RHSA-2017:1721

    CVE-2016-8743:
    • can be used to re-enable the old less strict parsing. However, such setting also re-introduces the CVE-2016-8743 issue.

RHSA-2017:1715

    CVE-2017-7895:
    • The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.

RHSA-2017:1712

    CVE-2017-1000364:
    • ed stack allocations
    CVE-2017-1000366:
    • glibc: heap/stack gap jumping via unbounded stack allocations
    CVE-2017-7502:
    • nss: Null pointer dereference when handling empty SSLv2 messages
    CVE-2017-7512:
    • as found that RH-3scale AMP would permit creation of an access token without a client secret. An attacker could use this flaw to circumvent authentication controls and gain access to restricted APIs.

RHSA-2017:1685

    CVE-2016-8647:
    • An input validation vulnerability was found in Ansible’s mysql_user module which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed.
    CVE-2016-9587:
    • An input validation vulnerability was found in Ansible’s handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.
    CVE-2017-7466:
    • The CVE-2017-7466 issue was discovered by Evgeni Golov (Red Hat).

RHSA-2017:1682

    CVE-2017-9524:
    • Quick Emulator (QEMU) built with Network Block Device (NBD) Server support was vulnerable to a null-pointer dereference issue. The flaw could occur when releasing a client, which was not initialized due to failed negotiation. A remote user or process could exploit this flaw to crash the qemu-nbd server (denial of service).

RHSA-2017:1681

    CVE-2017-9524:
    • or process could exploit this flaw to crash the qemu-nbd server (denial of service).

RHSA-2017:1680

    CVE-2017-3142:
    • A flaw was found in the way BIND handled TSIG authentication of AXFR requests. A remote attacker, able to communicate with an authoritative BIND server, could use this flaw to view the entire contents of a zone by sending a specially constructed request packet.
    CVE-2017-3143:
    • A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG(0) signature for a dynamic update request.

RHSA-2017:1679

    CVE-2017-3142:
    • A flaw was found in the way BIND handled TSIG authentication of AXFR requests. A remote attacker, able to communicate with an authoritative BIND server, could use this flaw to view the entire contents of a zone by sending a specially constructed request packet.
    CVE-2017-3143:
    • A flaw was found in the way BIND handled TSIG authentication for dynamic updates. A remote attacker able to communicate with an authoritative BIND server could use this flaw to manipulate the contents of a zone, by forging a valid TSIG or SIG(0) signature for a dynamic update request.

RHSA-2017:1678

    CVE-2017-7484:
    • tables they are otherwise not allowed to access.
    CVE-2017-7485:
    • It was discovered that the PostgreSQL client library (libpq) did not enforce the use of TLS/SSL for a connection to a PostgreSQL server when the PGREQUIRESSL environment variable was set. An man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server.
    CVE-2017-7486:
    • It was found that the pg_user_mappings view could disclose information about user mappings to a foreign database to non-administrative database users. A database user with USAGE privilege for this mapping could, when querying the view, obtain user mapping data, such as the username and password used to connect to the foreign database.

RHSA-2017:1677

    CVE-2017-7484:
    • ivileges before providing information from pg_statistic, possibly leaking information. A non-administrative database user could use this flaw to steal some information from tables they are otherwise not allowed to access.
    CVE-2017-7485:
    • It was discovered that the PostgreSQL client library (libpq) did not enforce the use of TLS/SSL for a connection to a PostgreSQL server when the PGREQUIRESSL environment variable was set. An man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server.
    CVE-2017-7486:
    • It was found that the pg_user_mappings view could disclose information about user mappings to a foreign database to non-administrative database users. A database user with USAGE privilege for this mapping could, when querying the view, obtain user mapping data, such as the username and password used to connect to the foreign database.

RHSA-2017:1676

    CVE-2016-6346:
    • It was found that GZIPInterceptor is enabled when not necessarily required in RESTEasy. An attacker could use this flaw to launch a Denial of Service attack.
    CVE-2016-9606:
    • It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy.
    CVE-2017-5929:
    • It was found that logback is vulnerable to a deserialization issue. Logback can be configured to allow remote logging through SocketServer/ServerSocketReceiver interfaces that can accept untrusted serialized data. Authenticated attackers on the adjacent network can leverage this vulnerability to execute arbitrary code through deserialization of custom gadget chains.

RHSA-2017:1675

    CVE-2016-6346:
    • It was found that GZIPInterceptor is enabled when not necessarily required in RESTEasy. An attacker could use this flaw to launch a Denial of Service attack.
    CVE-2016-9606:
    • It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy.
    CVE-2017-5929:
    • It was found that logback is vulnerable to a deserialization issue. Logback can be configured to allow remote logging through SocketServer/ServerSocketReceiver interfaces that can accept untrusted serialized data. Authenticated attackers on the adjacent network can leverage this vulnerability to execute arbitrary code through deserialization of custom gadget chains.