BSA-2017-431

Security Advisory ID : BSA-2017-431 Component : Kernel Revision : 3.0: Interim A stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the...

BSA-2017-445

Security Advisory ID : BSA-2017-445 Component : DENX Das U-Boot Revision : 3.0: Final Das U-Boot is a devicebootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector and improper...

BSA-2017-441

Security Advisory ID : BSA-2017-441 Component : Samba Revision : 2.0: Interim It was found that samba did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text. Affected Products...

BSA-2017-438

Security Advisory ID : BSA-2017-438 Component : Apache Struts Revision : 2.0: Interim It was found thatFreemarkerin Struts would permit using read-only properties in value assignment of tag expressions. An attacker could use this to execute arbitrary code. Affected Products Brocade is investigati...

BSA-2017-436

Security Advisory ID : BSA-2017-436 Component : Perl Revision : 2.0: Interim Heap-based buffer overflow in the regular expression compiler in PERL before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service crash via a crafted regular expression with the...

BSA-2017-440

Security Advisory ID : BSA-2017-440 Component : Samba Revision : 2.0: Interim An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the...

BSA-2017-437

Security Advisory ID : BSA-2017-437 Component : Perl Revision : 2.0: Interim Buffer overflow in the regular expression parser in PERL before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service crash or leak data from memory via vectors involving use...

BSA-2017-432

Security Advisory ID : BSA-2017-432 Component : JOBSS Revision : 2.0: Interim Red HatJBossEAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact. Affected Products Brocade is investigating...

BSA-2017-442

Security Advisory ID : BSA-2017-442 Component : OpenLDAP Revision : 3.0: Final /usr/libexec/openldap/generate-server-cert.sh inopenldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation...

BSA-2017-426

Security Advisory ID : BSA-2017-426 Component : OpenSSL Revision : 1.0: Interim While parsing anIPAddressFamilyextension in an X.509 certificate, it is possible to do a one-byteoverread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is...

BSA-2017-427

Security Advisory ID : BSA-2017-427 Component : Apache Struts 2 Revision : 2.0: Interim The REST Plugin in Apache Struts2 is usingaXStreamHandlerwith an instance ofXStreamfor deserialization without any type filtering which could lead to Remote Code Execution whendeserializingXML payloads. An...

BSA-2017-429

Security Advisory ID : BSA-2017-429 Component : Struts REST Revision : 2.0: Interim A flaw was found in the Struts REST plugin when using an outdatedXStreamlibrary. An attacker could perform a denial of service attack using a malicious request with specially crafted XML payload. Affected Products...

BSA-2017-428

Security Advisory ID : BSA-2017-428 Component : Apache Struts Revision : 2.0: Interim The previous fix issued with CVE-2017-7672 was incomplete. If an application allows enter an URL in a form field and built-inURLValidatoris used, it is possible to prepare a special URL which will be used to...

BSA-2017-375

Security Advisory ID : BSA-2017-375 Component : NFS Revision : 3.0: Final The NFS2/3 RPC client could send long arguments to the NFS server. These encoded arguments are stored in an array of memory pages, and accessed using pointer variables. Arbitrarily long arguments could make these pointers...

BSA-2017-376

Security Advisory ID : BSA-2017-376 Component : Apache HTTPD Revision : 3.0: Final When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behavior...

BSA-2017-361

Security Advisory ID : BSA-2017-361 Component : Apache HTTPD Revision : 2.0: Final In Apachehttpd2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of theapgetbasicauthpw by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed...

BSA-2017-364

Security Advisory ID : BSA-2017-364 Component : Apache HTTPD Revision : 2.0: Final The HTTP strict parsing changes added in Apachehttpd2.2.32 and 2.4.24 introduced a bug in token list parsing, which allowsapfindtokento search past the end of its input string. By maliciously crafting a sequence of...

BSA-2017-377

Security Advisory ID : BSA-2017-377 Component : Apache HTTPD Revision : 3.0: Final In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in Proxy-Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by...

BSA-2017-384

Security Advisory ID : BSA-2017-384 Component : HEIMDAL/ KERBEROS 5 Revision : 2.0: Interim OHeimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In...

BSA-2017-423

Security Advisory ID : BSA-2017-423 Component : Kernel Revision : 2.0: Interim Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service list corruption or use-after-free via simultaneous file-descriptor operations that...

BSA-2017-383

Security Advisory ID : BSA-2017-383 Component : OpenSSL Revision : 2.0: Interim The signing function in crypto/ecdsa/ecdsaossl.c in certain OpenSSL versions and forks is vulnerable to timing attacks when signing with the standardized elliptic curve P-256 despite featuring constant-time curve...

BSA-2017-370

Security Advisory ID : BSA-2017-370 Component : Systemd Revision : 2.0: Interim In systemd through 233, certain sizes passed to dnspacketnew in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP...

BSA-2017-354

Security Advisory ID : BSA-2017-354 Component : Linux Kernel Revision : 3.0: Interim The tcpv6synrecvsock function in net/ipv6/tcpipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system...

BSA-2017-351

Security Advisory ID : BSA-2017-351 Component : Linux Kernel Revision : 3.0: Interim Theinetcskclonelockfunction in net/ipv4/inetconnectionsock.cin the Linux kernel allows attackers to cause a denial of service double free or possibly have unspecified other impact by leveraging use of the accept...

BSA-2017-355

Security Advisory ID : BSA-2017-355 Component : Stack Revision : 2.0: Interim A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap or different memory region and stack memory regions were adjacent to each other, an attacker could use this flaw to ju...

BSA-2017-421

Security Advisory ID : BSA-2017-421 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JCE. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14...

BSA-2017-374

Security Advisory ID : BSA-2017-374 Component : Linux Kernel Revision : 2.0: Interim The doanonymouspage function in mm/memory.c in the Linux kernel before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4, and 2.6.35.x before 2.6.35.2 does not properly separate the stack and the hea...

BSA-2017-358

Security Advisory ID : BSA-2017-358 Component : Offset2lib Patch Protection Bypass Revision : 2.0: Interim The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to beexecve'edwith 1GB of arguments or environmental strings then the stack occupies the...

BSA-2017-352

Security Advisory ID : BSA-2017-352 Component : Linux Kernel Revision : 3.0: Interim The sctpv6createacceptsk function in net/sctp/ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system...

BSA-2017-359

Security Advisory ID : BSA-2017-359 Component : Kernel Revision : 2.0: Interim The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMITSTACK is set to RLIMITINFINITY and 1 Gigabyte of memory is allocated the maximum under the 1/4 restriction then the stack will be grow...

BSA-2017-353

Security Advisory ID : BSA-2017-353 Component : Linux Kernel Revision : 3.0: Interim The IPv6 DCCP implementation in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue t...

BSA-2017-360

Security Advisory ID : BSA-2017-360 Component : Linux Kernel Revision : 2.0: Interim The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMITSTACK is set to RLIMITINFINITY and 1 Gigabyte of memory is allocated the maximum under the 1/4 restriction then the stack will b...

BSA-2017-373

Security Advisory ID : BSA-2017-373 Component : NFSv4 Revision : 2.0: Interim The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is...

BSA-2017-372

Security Advisory ID : BSA-2017-372 Component : RedHat Jboss EAP Revision : 2.0: Interim Red Hat JBoss Enterprise Application Platform EAP 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of service CPU and disk consumption via a long URL...

BSA-2017-356

Security Advisory ID : BSA-2017-356 Component : Heap Stack Revision : 2.0: Interim A flaw was found in the way memory was being allocated on the stack for user space binaries. If heap or different memory region and stack memory regions were adjacent to each other, an attacker could use this flaw ...

BSA-2017-424

Security Advisory ID : BSA-2017-424 Component : Kernel Revision : 3.0: Interim The sanitycheckrawsuper function in fs/f2fs/super.c in the Linux kernel before 4.11.1 does not validate the segment count, which allows local users to gain privileges via unspecified vectors kernel: Missing sanity chec...

BSA-2017-411

Security Advisory ID : BSA-2017-411 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit...

BSA-2017-413

Security Advisory ID : BSA-2017-413 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit...

BSA-2017-418

Security Advisory ID : BSA-2017-418 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: 2D. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14...

BSA-2017-397

Security Advisory ID : BSA-2017-397 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit:...

BSA-2017-400

Security Advisory ID : BSA-2017-400 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit:...

BSA-2017-401

Security Advisory ID : BSA-2017-401 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit:...

BSA-2017-405

Security Advisory ID : BSA-2017-405 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Libraries. Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable...

BSA-2017-406

Security Advisory ID : BSA-2017-406 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JAXP. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable...

BSA-2017-408

Security Advisory ID : BSA-2017-408 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit:...

BSA-2017-402

Security Advisory ID : BSA-2017-402 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit:...

BSA-2017-414

Security Advisory ID : BSA-2017-414 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit...

BSA-2017-419

Security Advisory ID : BSA-2017-419 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Serialization. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit:...

BSA-2017-417

Security Advisory ID : BSA-2017-417 Component : Java Revision : 2.0: Interim Vulnerability in the Java SE component of Oracle Java SE subcomponent: Deployment. Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Easily exploitable vulnerability allows unauthenticated attacke...

BSA-2017-382

Security Advisory ID : BSA-2017-382 Component : gSOAP Revision : 2.0: Interim Integer overflow in the soapget function in Genivia gSOAP 2.7.x and 2.8.x before 2.8.48, as used on Axis cameras and other devices, allows remote attackers to execute arbitrary code or cause a denial of service...