在2016年7月份至2016年8月份 Red hat CVE漏洞库发布了8个“重要”“严重”等级的安全漏洞,针对出现的安全漏洞,发布了对应的Bugzilla。安全公告每月更新一次,旨在查找解决严重的漏洞问题。
2016年8月新的安全漏洞
以下是所有安全公告的内容,供您参考。
CVE名称 | 等级 | 影响组件 | 发布时间 |
|---|---|---|---|
CVE-2016-1000110 | Important | python | 2016/7/18 |
CVE-2016-1000111 | Important | python-twisted-web | 2016/7/18 |
CVE-2016-5387 | Important | httpd | 2016/7/18 |
CVE-2016-3552 | Important | java-1.8.0-oracle | 2016/7/18 |
CVE-2016-3598 | Critical | java-1.7.0-openjdk、java-1.8.0-openjdk | 2016/7/19 |
CVE-2016-3587 | Critical | java-1.8.0-openjdk | 2016/7/19 |
CVE-2016-3610 | Critical | java-1.8.0-openjdk、java-1.8.0-openjdk | 2016/7/19 |
CVE-2016-3477 | Important | rh-mysql56-mysql、mariadb55-mariadb、rh-mariadb100-mariadb、mariadb、mysql55-mysql | 2016/7/20 |
关于这些新发布的所有安全漏洞,可在以下页面中找到详细信息:
https://access.redhat.com/security/cve/
备注:需使用您的Red Hat账号登录,方可查看全部安全漏洞详细信息。
安全漏洞详细信息
公告标识 CVE-2016-1000110 ▽ | |
|---|---|
标题 | CVE-2016-1000110 |
描述 | It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request. |
Find out more about CVE-2016-1000110 from the MITRE CVE dictionary dictionary and NIST NVD. | |
最高严重等级 | Important |
漏洞的影响 | Red Hat Enterprise Linux 5 (python) |
Red Hat Enterprise Linux 6 (python) | |
Red Hat Enterprise Linux 7 (python) | |
Bugzilla | 1357334: CVE-2016-1000110 Python CGIHandler: sets environmental variable based on user supplied Proxy request header |
详细信息 | https://access.redhat.com/security/cve/cve-2016-1000110 |
公告标识 CVE-2016-1000111 ▽ | |
标题 | CVE-2016-1000111 |
描述 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. |
Find out more about CVE-2016-1000111 from the MITRE CVE dictionary dictionary and NIST NVD. | |
最高严重等级 | Important |
漏洞的影响 | Red Hat Enterprise Linux 6 (python-twisted-web) |
Red Hat Enterprise Linux 7 (python-twisted-web) | |
Bugzilla | 1357345: CVE-2016-1000111 Python Twisted: sets environmental variable based on user supplied Proxy request header |
详细信息 | https://access.redhat.com/security/cve/cve-2016-1000111 |
公告标识 CVE-2016-5387 ▽ | |
标题 | CVE-2016-5387 |
描述 | It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. |
Find out more about CVE-2016-5387 from the MITRE CVE dictionary dictionary and NIST NVD | |
最高严重等级 | Important |
漏洞的影响 | Red Hat Enterprise Linux 6 (httpd) |
Red Hat Enterprise Linux 6 (httpd) | |
Red Hat Enterprise Linux 7 (httpd) | |
Bugzilla | 1353755: CVE-2016-5387 Apache HTTPD: sets environmental variable based on user supplied Proxy request header |
详细信息 | https://access.redhat.com/security/cve/cve-2016-5387 |
公告标识 CVE-2016-3552 ▽ | |
标题 | CVE-2016-3552 |
描述 | Unspecified vulnerability in Oracle Java SE 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Install. |
Find out more about CVE-2016-3552 from the MITRE CVE dictionary dictionary and NIST NVD. | |
最高严重等级 | Important |
漏洞的影响 | Red Hat Enterprise Linux 6 (java-1.8.0-oracle) |
Red Hat Enterprise Linux 7 ( java-1.8.0-oracle ) | |
Bugzilla | 1358167: CVE-2016-3552 Oracle JDK: unspecified vulnerability fixed in 8u101 (Install) |
详细信息 | https://access.redhat.com/security/cve/cve-2016-3552 |
公告标识 CVE-2016-3598 ▽ | |
标题 | CVE-2016-3598 |
描述 | Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610. |
Find out more about CVE-2016-3598 from the MITRE CVE dictionary dictionary and NIST NVD. | |
最高严重等级 | Critical |
漏洞的影响 | Red Hat Enterprise Linux 5 (java-1.7.0-openjdk) |
Red Hat Enterprise Linux 6 (java-1.7.0-openjdk、java-1.8.0-openjdk) | |
Red Hat Enterprise Linux 7 (java-1.7.0-openjdk、java-1.8.0-openjdk) | |
Bugzilla | 1356971: CVE-2016-3598 OpenJDK: incorrect handling of MethodHandles.dropArguments() argument (Libraries, 8155985) |
详细信息 | https://access.redhat.com/security/cve/cve-2016-3598 |
公告标识 CVE-2016-3587 ▽ | |
标题 | CVE-2016-3587 |
描述 | Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot. |
Find out more about CVE-2016-3587 from the MITRE CVE dictionary dictionary and NIST NVD. | |
最高严重等级 | Critical |
漏洞的影响 | Red Hat Enterprise Linux 6 (java-1.8.0-openjdk) |
Red Hat Enterprise Linux 7 (java-1.8.0-openjdk) | |
Bugzilla | 1356987: CVE-2016-3587 OpenJDK: insufficient protection of MethodHandle.invokeBasic() (Hotspot, 8154475) |
详细信息 | https://access.redhat.com/security/cve/cve-2016-3587 |
公告标识 CVE-2016-3610 ▽ | |
标题 | CVE-2016-3610 |
描述 | Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3598. |
Find out more about CVE-2016-3610 from the MITRE CVE dictionary dictionary and NIST NVD. | |
最高严重等级 | Critical |
漏洞的影响 | Red Hat Enterprise Linux 5 (java-1.7.0-openjdk) |
Red Hat Enterprise Linux 6 (java-1.7.0-openjdk、java-1.8.0-openjdk) | |
Red Hat Enterprise Linux 7 (java-1.7.0-openjdk、java-1.8.0-openjdk) | |
Bugzilla | 1356994: CVE-2016-3610 OpenJDK: insufficient value count check in MethodHandles.filterReturnValue() (Libraries, 8158571) |
详细信息 | https://access.redhat.com/security/cve/cve-2016-3610 |
公告标识 CVE-2016-3477 ▽ | |
标题 | CVE-2016-3477 |
描述 | Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser. |
Find out more about CVE-2016-3477 from the MITRE CVE dictionary dictionary and NIST NVD. | |
最高严重等级 | Important |
漏洞的影响 | Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) (rh-mysql56-mysql 、 mariadb55-mariadb、 rh-mariadb100-mariadb、 mysql55-mysql) |
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) (rh-mariadb100-mariadb、 mariadb55-mariadb、 rh-mysql56-mysql、 mysql55-mysql) | |
Red Hat Enterprise Linux 7 (mariadb) | |
Bugzilla | 1358205: CVE-2016-3477 mysql: unspecified vulnerability in subcomponent: Server: Parser (CPU July 2016) |
详细信息 | https://access.redhat.com/security/cve/cve-2016-3477 |
注意和免责声明
关于信息的一致性:
如果Redhat CVE漏洞库网站上的安全公告内容和本文中的内容不一致,请以网站上的安全公告内容为准。
