前往小程序,Get更优阅读体验!
立即前往
文档建议反馈控制台
首页
学习
活动
专区
工具
TVP
最新优惠活动
文章/答案/技术大牛
发布
首页
学习
活动
专区
工具
TVP最新优惠活动
返回腾讯云官网
社区首页 >专栏 >Red Hat安全公告—2016年8月

Red Hat安全公告—2016年8月

作者头像
嘉为蓝鲸
发布2018-12-21 10:43:19
7330
发布2018-12-21 10:43:19
举报
文章被收录于专栏:嘉为蓝鲸的专栏嘉为蓝鲸的专栏

在2016年7月份至2016年8月份 Red hat CVE漏洞库发布了8个“重要”“严重”等级的安全漏洞,针对出现的安全漏洞,发布了对应的Bugzilla。安全公告每月更新一次,旨在查找解决严重的漏洞问题。

2016年8月新的安全漏洞

以下是所有安全公告的内容,供您参考。

CVE名称

等级

影响组件

发布时间

CVE-2016-1000110

Important

python

2016/7/18

CVE-2016-1000111

Important

python-twisted-web

2016/7/18

CVE-2016-5387

Important

httpd

2016/7/18

CVE-2016-3552

Important

java-1.8.0-oracle

2016/7/18

CVE-2016-3598

Critical

java-1.7.0-openjdk、java-1.8.0-openjdk

2016/7/19

CVE-2016-3587

Critical

java-1.8.0-openjdk

2016/7/19

CVE-2016-3610

Critical

java-1.8.0-openjdk、java-1.8.0-openjdk

2016/7/19

CVE-2016-3477

Important

rh-mysql56-mysql、mariadb55-mariadb、rh-mariadb100-mariadb、mariadb、mysql55-mysql

2016/7/20

关于这些新发布的所有安全漏洞,可在以下页面中找到详细信息:

https://access.redhat.com/security/cve/

备注:需使用您的Red Hat账号登录,方可查看全部安全漏洞详细信息。

安全漏洞详细信息

公告标识 CVE-2016-1000110 ▽

标题

CVE-2016-1000110

描述

It was discovered that the Python CGIHandler class did not properly protect against the HTTP_PROXY variable name clash in a CGI context. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a Python CGI script to an attacker-controlled proxy via a malicious HTTP request.

Find out more about CVE-2016-1000110 from the MITRE CVE dictionary dictionary and NIST NVD.

最高严重等级

Important

漏洞的影响

Red Hat Enterprise Linux 5 (python)

Red Hat Enterprise Linux 6 (python)

Red Hat Enterprise Linux 7 (python)

Bugzilla

1357334: CVE-2016-1000110 Python CGIHandler: sets environmental variable based on user supplied Proxy request header

详细信息

https://access.redhat.com/security/cve/cve-2016-1000110

公告标识 CVE-2016-1000111 ▽

标题

CVE-2016-1000111

描述

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Find out more about CVE-2016-1000111 from the MITRE CVE dictionary dictionary and NIST NVD.

最高严重等级

Important

漏洞的影响

Red Hat Enterprise Linux 6 (python-twisted-web)

Red Hat Enterprise Linux 7 (python-twisted-web)

Bugzilla

1357345: CVE-2016-1000111 Python Twisted: sets environmental variable based on user supplied Proxy request header

详细信息

https://access.redhat.com/security/cve/cve-2016-1000111

公告标识 CVE-2016-5387 ▽

标题

CVE-2016-5387

描述

It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request.

Find out more about CVE-2016-5387 from the MITRE CVE dictionary dictionary and NIST NVD

最高严重等级

Important

漏洞的影响

Red Hat Enterprise Linux 6 (httpd)

Red Hat Enterprise Linux 6 (httpd)

Red Hat Enterprise Linux 7 (httpd)

Bugzilla

1353755: CVE-2016-5387 Apache HTTPD: sets environmental variable based on user supplied Proxy request header

详细信息

https://access.redhat.com/security/cve/cve-2016-5387

公告标识 CVE-2016-3552 ▽

标题

CVE-2016-3552

描述

Unspecified vulnerability in Oracle Java SE 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Install.

Find out more about CVE-2016-3552 from the MITRE CVE dictionary dictionary and NIST NVD.

最高严重等级

Important

漏洞的影响

Red Hat Enterprise Linux 6 (java-1.8.0-oracle)

Red Hat Enterprise Linux 7 ( java-1.8.0-oracle )

Bugzilla

1358167: CVE-2016-3552 Oracle JDK: unspecified vulnerability fixed in 8u101 (Install)

详细信息

https://access.redhat.com/security/cve/cve-2016-3552

公告标识 CVE-2016-3598 ▽

标题

CVE-2016-3598

描述

Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610.

Find out more about CVE-2016-3598 from the MITRE CVE dictionary dictionary and NIST NVD.

最高严重等级

Critical

漏洞的影响

Red Hat Enterprise Linux 5 (java-1.7.0-openjdk)

Red Hat Enterprise Linux 6 (java-1.7.0-openjdk、java-1.8.0-openjdk)

Red Hat Enterprise Linux 7 (java-1.7.0-openjdk、java-1.8.0-openjdk)

Bugzilla

1356971: CVE-2016-3598 OpenJDK: incorrect handling of MethodHandles.dropArguments() argument (Libraries, 8155985)

详细信息

https://access.redhat.com/security/cve/cve-2016-3598

公告标识 CVE-2016-3587 ▽

标题

CVE-2016-3587

描述

Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot.

Find out more about CVE-2016-3587 from the MITRE CVE dictionary dictionary and NIST NVD.

最高严重等级

Critical

漏洞的影响

Red Hat Enterprise Linux 6 (java-1.8.0-openjdk)

Red Hat Enterprise Linux 7 (java-1.8.0-openjdk)

Bugzilla

1356987: CVE-2016-3587 OpenJDK: insufficient protection of MethodHandle.invokeBasic() (Hotspot, 8154475)

详细信息

https://access.redhat.com/security/cve/cve-2016-3587

公告标识 CVE-2016-3610 ▽

标题

CVE-2016-3610

描述

Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3598.

Find out more about CVE-2016-3610 from the MITRE CVE dictionary dictionary and NIST NVD.

最高严重等级

Critical

漏洞的影响

Red Hat Enterprise Linux 5 (java-1.7.0-openjdk)

Red Hat Enterprise Linux 6 (java-1.7.0-openjdk、java-1.8.0-openjdk)

Red Hat Enterprise Linux 7 (java-1.7.0-openjdk、java-1.8.0-openjdk)

Bugzilla

1356994: CVE-2016-3610 OpenJDK: insufficient value count check in MethodHandles.filterReturnValue() (Libraries, 8158571)

详细信息

https://access.redhat.com/security/cve/cve-2016-3610

公告标识 CVE-2016-3477 ▽

标题

CVE-2016-3477

描述

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser.

Find out more about CVE-2016-3477 from the MITRE CVE dictionary dictionary and NIST NVD.

最高严重等级

Important

漏洞的影响

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) (rh-mysql56-mysql 、 mariadb55-mariadb、 rh-mariadb100-mariadb、 mysql55-mysql)

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) (rh-mariadb100-mariadb、 mariadb55-mariadb、 rh-mysql56-mysql、 mysql55-mysql)

Red Hat Enterprise Linux 7 (mariadb)

Bugzilla

1358205: CVE-2016-3477 mysql: unspecified vulnerability in subcomponent: Server: Parser (CPU July 2016)

详细信息

https://access.redhat.com/security/cve/cve-2016-3477

注意和免责声明

关于信息的一致性:

如果Redhat CVE漏洞库网站上的安全公告内容和本文中的内容不一致,请以网站上的安全公告内容为准。

本文参与 腾讯云自媒体分享计划,分享自微信公众号。
原始发表:2016-08-16,如有侵权请联系 cloudcommunity@tencent.com 删除
安全漏洞

本文分享自 嘉为科技 微信公众号,前往查看

如有侵权,请联系 cloudcommunity@tencent.com 删除。

本文参与 腾讯云自媒体分享计划  ,欢迎热爱写作的你一起参与!

安全漏洞
评论
登录后参与评论
0 条评论
热度
最新
登录 后参与评论
推荐阅读
LV.
文章
0
获赞
0
相关产品与服务
云数据库 MySQL
腾讯云数据库 MySQL(TencentDB for MySQL)为用户提供安全可靠,性能卓越、易于维护的企业级云数据库服务。其具备6大企业级特性,包括企业级定制内核、企业级高可用、企业级高可靠、企业级安全、企业级扩展以及企业级智能运维。通过使用腾讯云数据库 MySQL,可实现分钟级别的数据库部署、弹性扩展以及全自动化的运维管理,不仅经济实惠,而且稳定可靠,易于运维。
免费体验产品介绍产品文档
云数据库采购特惠,高性能、高可靠、高安全,超值优惠等你享!
领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2024 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 深公网安备号 44030502008569

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号 | 京公网安备号11010802020287

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档

Copyright © 2013 - 2024 Tencent Cloud.

All Rights Reserved. 腾讯云 版权所有

登录 后参与评论