在2016年3月份至2016年4月份,Red Hat CVE漏洞库发布了3个“重要”、“严重”等级的安全漏洞,并针对出现的安全漏洞发布了对应的Bugzilla。安全公告每月更新一次,旨在解决严重的漏洞问题。
由于漏洞太多,以下只列举了“重要”、“严重”程度的安全漏洞,供您参考。
CVE名称 |
等级 |
影响组件 |
发布时间 |
CVE-2016-0636 |
Critical |
Java |
2016/3/23 |
CVE-2015-5370 |
Critical |
Samba |
2016/4/12 |
CVE-2016-2118 |
Important |
Samba |
2016/4/12 |
关于这些新发布的所有安全漏洞,可以在以下页面中找到详细信息:
https://access.redhat.com/security/cve/
备注:需使用您的Red Hat账号登录,方可查看全部安全漏洞详细信息。
安全漏洞详细信息
公告标识 CVE-2016-0636 |
|
标题 |
CVE-2016-0636 |
描述 |
An improper type safety check was discovered in the Hotspot component. An untrusted Java application or applet could use this flaw to bypass Java Sandbox restrictions. |
Find out more about CVE-2016-0636 from the MITRE CVE dictionary dictionary and NIST NVD. |
|
最高严重等级 |
Critical |
漏洞的影响 |
Red Hat Enterprise Linux 5 (java-1.7.0-openjdk、java-1.7.0-oracle) |
Red Hat Enterprise Linux 6 (java-1.7.0-openjdk、 java-1.8.0-openjdk、java-1.8.0-oracle、java-1.7.0-oracle) |
|
Red Hat Enterprise Linux 7 (java-1.7.0-openjdk、 java-1.8.0-openjdk、java-1.8.0-oracle、java-1.7.0-oracle) |
|
Bugzilla |
1320650: CVE-2016-0636 OpenJDK: missing type safety checks for MethodHandle calls across class loaders, incorrect CVE-2013-5838 fix (Hotspot, 8151666) |
详细信息 |
https://access.redhat.com/security/cve/cve-2016-0636 |
公告标识 CVE-2015-5370 |
|
标题 |
CVE-2015-5370 |
描述 |
Multiple flaws were found in Samba's DCE/RPC protocol implementation. A remote, authenticated attacker could use these flaws to cause a denial of service against the Samba server (high CPU load or a crash) or, possibly, execute arbitrary code with the permissions of the user running Samba (root). This flaw could also be used to downgrade a secure DCE/RPC connection by a man-in-the-middle attacker taking control of an Active Directory (AD) object and compromising the security of a Samba Active Directory Domain Controller (DC). |
Find out more about CVE-2015-5370 from the MITRE CVE dictionary dictionary and NIST NVD. |
|
最高严重等级 |
Critical |
漏洞的影响 |
Red Hat Enterprise Linux 5 (samba3x) |
Red Hat Enterprise Linux 6 (samba4、samba) |
|
Red Hat Enterprise Linux 7 (samba) |
|
Bugzilla |
1309987: CVE-2015-5370 samba: crash in dcesrv_auth_bind_ack due to missing error check |
详细信息 |
https://access.redhat.com/security/cve/cve-2015-5370 |
公告标识 CVE-2016-2118 |
|
标题 |
CVE-2016-2118 |
描述 |
A protocol flaw, publicly referred to as Badlock, was found in the Security Account Manager Remote Protocol (MS-SAMR) and the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD). Any authenticated DCE/RPC connection that a client initiates against a server could be used by a man-in-the-middle attacker to impersonate the authenticated user against the SAMR or LSA service on the server. As a result, the attacker would be able to get read/write access to the Security Account Manager database, and use this to reveal all passwords or any other potentially sensitive information in that database. |
Find out more about CVE-2016-2118 from the MITRE CVE dictionary dictionary and NIST NVD. |
|
最高严重等级 |
Important |
漏洞的影响 |
Red Hat Enterprise Linux 4 ( samba ) |
Red Hat Enterprise Linux 5 (samba3x、samba) |
|
Red Hat Enterprise Linux 6 (samba4、samba ) |
|
Red Hat Enterprise Linux 7 (samba ) |
|
Bugzilla |
1317990: CVE-2016-2118 samba: SAMR and LSA man in the middle attacks |
详细信息 |
https://access.redhat.com/security/cve/cve-2016-2118 |
注意和免责声明
关于信息的一致性:
如果Redhat CVE漏洞库网站上的安全公告内容和本邮件中的内容不一致,请以网站上的安全公告内容为准。