在2016年4月份至2016年5月份Red hat CVE漏洞库发布了12个“重要”“严重”等级的安全漏洞,针对出现的安全漏洞,发布了对应的Bugzilla。安全公告每月更新一次,旨在查找解决严重的漏洞问题。
由于漏洞太多,以下只列举“严重”、“重要”程度的安全漏洞,供您参考。
CVE名称 | 等级 | 影响组件 | 发布时间 |
|---|---|---|---|
CVE-2016-0376 | Critical | Java | 2016/04/14 |
CVE-2016-0687 | Critical | Java | 2016/04/19 |
CVE-2016-3427 | Critical | Java | 2016/04/19 |
CVE-2016-0686 | Critical | Java | 2016/04/19 |
CVE-2016-3443 | Critical | Java | 2016/04/19 |
CVE-2016-3449 | Important | Java | 2016/04/19 |
CVE-2016-0639 | Critical | rh-mysql56-mysql | 2016/04/21 |
CVE-2016-0264 | Important | Java | 2016/04/27 |
CVE-2015-8869 | Important | Ocaml | 2016/04/28 |
CVE-2016-1541 | Important | libarchive | 2016/05/02 |
CVE-2016-2108 | Important | openssl | 2016/05/03 |
CVE-2016-3710 | Important | kvm | 2016/05/09 |
关于这些新发布的所有安全漏洞,可以在以下页面中找到详细信息:
https://access.redhat.com/security/cve/
备注:需使用您的Red Hat账号登录,方可查看全部安全漏洞详细信息。
安全漏洞详细信息
公告标识 CVE-2016-0376 | |
|---|---|
标题 | CVE-2016-0376 |
描述 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. |
Find out more about CVE-2016-0376 from the MITRE CVE dictionary dictionary and NIST NVD. | |
最高严重等级 | Critical |
漏洞的影响 | Red Hat Enterprise Linux 6 (java-1.8.0-ibm) |
Red Hat Enterprise Linux 7 ( java-1.8.0-ibm) | |
Bugzilla | 1330986: CVE-2016-0376 IBM JDK: insecure deserialization in CORBA, incorrect CVE-2013-5456 fix |
详细信息 | https://access.redhat.com/security/cve/cve-2016-0376 |
公告标识 CVE-2016-0687 | |
标题 | CVE-2016-0687 |
描述 | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component. |
Find out more about CVE-2016-0687 from the MITRE CVE dictionary dictionary and NIST NVD. | |
最高严重等级 | Critical |
漏洞的影响 | Red Hat Enterprise Linux 5 (java-1.7.0-openjdk、java-1.6.0-openjdk) |
Red Hat Enterprise Linux 6 (java-1.8.0-openjdk、java-1.7.0-openjdk、java-1.8.0-ibm) | |
Red Hat Enterprise Linux 7 (java-1.8.0-openjdk、java-1.7.0-openjdk、java-1.6.0-openjdk) | |
Bugzilla | 1327749: CVE-2016-0687 OpenJDK: insufficient byte type checks (Hotspot, 8132051) |
详细信息 | https://access.redhat.com/security/cve/cve-2016-0687 |
公告标识 CVE-2016-3427 | |
标题 | CVE-2016-3427 |
描述 | It was discovered that the RMI server implementation in the JMX component in OpenJDK did not restrict which classes can be deserialized when deserializing authentication credentials. A remote, unauthenticated attacker able to connect to a JMX port could possibly use this flaw to trigger deserialization flaws. |
Find out more about CVE-2016-3427 from the MITRE CVE dictionary dictionary and NIST NVD. | |
最高严重等级 | Critical |
漏洞的影响 | Red Hat Enterprise Linux 5 (java-1.7.0-openjdk、java-1.6.0-openjdk) |
Red Hat Enterprise Linux 6 (java-1.8.0-openjdk、java-1.7.0-openjdk、java-1.6.0-openjdk、java-1.8.0-ibm) | |
Red Hat Enterprise Linux 7 (java-1.8.0-openjdk、java-1.7.0-openjdk、java-1.6.0-openjdk) | |
Bugzilla | 1328210: CVE-2016-3427 OpenJDK: unrestricted deserialization of authentication credentials (JMX, 8144430) |
详细信息 | https://access.redhat.com/security/cve/cve-2016-3427 |
公告标识 CVE-2016-0686 | |
标题 | CVE-2016-0686 |
描述 | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization. |
Find out more about CVE-2016-0686 from the MITRE CVE dictionary dictionary and NIST NVD. | |
最高严重等级 | Critical |
漏洞的影响 | Red Hat Enterprise Linux 5 (java-1.7.0-openjdk、java-1.6.0-openjdk) |
Red Hat Enterprise Linux 6 (java-1.8.0-openjdk、java-1.7.0-openjdk、java-1.6.0-openjdk、java-1.8.0-ibm) | |
Red Hat Enterprise Linux 7 (java-1.8.0-openjdk、java-1.7.0-openjdk、java-1.6.0-openjdk) | |
Bugzilla | 1327743: CVE-2016-0686 OpenJDK: insufficient thread consistency checks in ObjectInputStream (Serialization, 8129952) |
详细信息 | https://access.redhat.com/security/cve/cve-2016-0686 |
公告标识 CVE-2016-3443 | |
标题 | CVE-2016-3443 |
描述 | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. |
Find out more about CVE-2016-3443 from the MITRE CVE dictionary dictionary and NIST NVD. | |
最高严重等级 | Critical |
漏洞的影响 | Red Hat Enterprise Linux 5 (java-1.6.0-sun、java-1.7.0-oracle) |
Red Hat Enterprise Linux 6 (java-1.6.0-sun 、java-1.8.0-oracle 、java-1.7.0-oracle 、java-1.8.0-ibm) | |
Red Hat Enterprise Linux 7 ( java-1.6.0-sun 、 java-1.7.0-oracle 、 java-1.8.0-oracle、java-1.8.0-ibm) | |
Bugzilla | 1328618: CVE-2016-3443 Oracle JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (2D) |
详细信息 | https://access.redhat.com/security/cve/cve-2016-3443 |
公告标识 CVE-2016-3449 | |
标题 | CVE-2016-3449 |
描述 | Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Deployment. |
Find out more about CVE-2016-3449 from the MITRE CVE dictionary dictionary and NIST NVD. | |
最高严重等级 | Important |
漏洞的影响 | Red Hat Enterprise Linux 5 (java-1.6.0-sun、java-1.7.0-oracle) |
Red Hat Enterprise Linux 6 (java-1.6.0-sun 、java-1.8.0-oracle 、java-1.7.0-oracle 、java-1.8.0-ibm) | |
Red Hat Enterprise Linux 7 ( java-1.6.0-sun 、 java-1.7.0-oracle 、 java-1.8.0-oracle、java-1.8.0-ibm) | |
Bugzilla | 1328619: CVE-2016-3449 Oracle JDK: unspecified vulnerability fixed in 6u115, 7u101 and 8u91 (Deployment) |
详细信息 | https://access.redhat.com/security/cve/cve-2016-3449 |
公告标识 CVE-2016-0639 | |
标题 | CVE-2016-0639 |
描述 | Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Pluggable Authentication. |
Find out more about CVE-2016-0639 from the MITRE CVE dictionary dictionary and NIST NVD. | |
最高严重等级 | Critical |
漏洞的影响 | Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) (rh-mysql56-mysql) |
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) (rh-mysql56-mysql) | |
Bugzilla | 1329238: CVE-2016-0639 mysql: unspecified vulnerability in subcomponent: Server: Pluggable Authentication (CPU April 2016) |
详细信息 | https://access.redhat.com/security/cve/cve-2016-0639 |
公告标识 CVE-2016-0264 | |
标题 | CVE-2016-0264 |
描述 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. |
Find out more about CVE-2016-0264 from the MITRE CVE dictionary dictionary and NIST NVD. | |
最高严重等级 | Important |
漏洞的影响 | Red Hat Enterprise Linux 6 (java-1.8.0-ibm) |
Red Hat Enterprise Linux 7 (java-1.8.0-ibm) | |
Bugzilla | 1331359: CVE-2016-0264 IBM JDK: buffer overflow vulnerability in the IBM JVM |
详细信息 | https://access.redhat.com/security/cve/cve-2016-0264 |
公告标识 CVE-2015-8869 | |
标题 | CVE-2015-8869 |
描述 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. |
Find out more about CVE-2015-8869 from the MITRE CVE dictionary dictionary and NIST NVD. | |
最高严重等级 | Important |
漏洞的影响 | Red Hat Enterprise Linux 6 ( ocaml) |
Red Hat Enterprise Linux 7 ( ocaml) | |
Bugzilla | 1332090: CVE-2015-8869 ocaml: sizes arguments are sign-extended from 32 to 64 bits |
详细信息 | https://access.redhat.com/security/cve/cve-2015-8869 |
公告标识 CVE-2016-1541 | |
标题 | CVE-2016-1541 |
描述 | Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive. |
Find out more about CVE-2016-1541 from the MITRE CVE dictionary dictionary and NIST NVD. | |
最高严重等级 | Important |
漏洞的影响 | Red Hat Enterprise Linux 6 ( libarchive) |
Red Hat Enterprise Linux 7 ( libarchive) | |
Bugzilla | 1334211: CVE-2016-1541 libarchive: heap-based buffer overflow due to improper input validation |
详细信息 | https://access.redhat.com/security/cve/cve-2016-1541 |
公告标识 CVE-2016-2108 | |
标题 | CVE-2016-2108 |
描述 | A flaw was found in the way OpenSSL encoded certain ASN.1 data structures. An attacker could use this flaw to create a specially crafted certificate which, when verified or re-encoded by OpenSSL, could cause it to crash, or execute arbitrary code using the permissions of the user running an application compiled against the OpenSSL library. |
Find out more about CVE-2016-2108 from the MITRE CVE dictionary dictionary and NIST NVD. | |
最高严重等级 | Important |
漏洞的影响 | Red Hat Enterprise Linux 5 (openssl) |
Red Hat Enterprise Linux 6 (openssl) | |
Red Hat Enterprise Linux 7 (openssl) | |
Bugzilla | 1331402: CVE-2016-2108 openssl: Memory corruption in the ASN.1 encoder |
详细信息 | https://access.redhat.com/security/cve/cve-2016-2108 |
公告标识 CVE-2016-3710 | |
标题 | CVE-2016-3710 |
描述 | An out-of-bounds read/write access flaw was found in the way QEMU's VGA emulation with VESA BIOS Extensions (VBE) support performed read/write operations using I/O port methods. A privileged guest user could use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process. |
Find out more about CVE-2016-3710 from the MITRE CVE dictionary dictionary and NIST NVD. | |
最高严重等级 | Important |
漏洞的影响 | Red Hat Enterprise Linux 5 (kvm) |
Red Hat Enterprise Linux 6 ( qemu-kvm、qemu-kvm-rhev) | |
Red Hat Enterprise Linux 7 ( qemu-kvm) | |
Bugzilla | 1331401: CVE-2016-3710 qemu: incorrect banked access bounds checking in vga module |
详细信息 | https://access.redhat.com/security/cve/cve-2016-3710 |
注意和免责声明
关于信息的一致性:
如果Redhat CVE漏洞库网站上的安全公告内容和本文中的内容不一致,请以网站上的安全公告内容为准。
