valentinab25
commented
6 years ago [Updated from clair-scanner] Running Clair Vulnerability Static Analysis on Plone 4:
+------------+-----------------------+--------------+----------------------+--------------------------------------------------------------+
| STATUS | CVE SEVERITY | PACKAGE NAME | PACKAGE VERSION | CVE DESCRIPTION |
+------------+-----------------------+--------------+----------------------+--------------------------------------------------------------+
| Unapproved | High CVE-2016-4448 | libxml2 | 2.9.1+dfsg1-5+deb8u6 | Format string vulnerability in libxml2 before |
| | | | | 2.9.4 allows attackers to have unspecified impact |
| | | | | via format string specifiers in unknown vectors. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2016-4448 |
+------------+-----------------------+--------------+----------------------+--------------------------------------------------------------+
| Unapproved | High CVE-2017-16913 | linux | 3.16.51-3+deb8u1 | The "stub_recv_cmd_submit()" function |
| | | | | (drivers/usb/usbip/stub_rx.c) in the Linux Kernel |
| | | | | before version 4.14.8, 4.9.71, and 4.4.114 when |
| | | | | handling CMD_SUBMIT packets allows attackers to cause |
| | | | | a denial of service (arbitrary memory allocation) |
| | | | | via a specially crafted USB over IP packet. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-16913 |
+------------+-----------------------+--------------+----------------------+--------------------------------------------------------------+
| Unapproved | High CVE-2017-18017 | linux | 3.16.51-3+deb8u1 | The tcpmss_mangle_packet function in |
| | | | | net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, |
| | | | | and 4.9.x before 4.9.36, allows remote attackers to cause |
| | | | | a denial of service (use-after-free and memory corruption) |
| | | | | or possibly have unspecified other impact by leveraging |
| | | | | the presence of xt_TCPMSS in an iptables action. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-18017 |
+------------+-----------------------+--------------+----------------------+--------------------------------------------------------------+
| Unapproved | High CVE-2016-3857 | linux | 3.16.51-3+deb8u1 | The kernel in Android before 2016-08-05 on Nexus 7 |
| | | | | (2013) devices allows attackers to gain privileges |
| | | | | via a crafted application, aka internal bug 28522518. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2016-3857 |
+------------+-----------------------+--------------+----------------------+--------------------------------------------------------------+
| Unapproved | High CVE-2017-16526 | linux | 3.16.51-3+deb8u1 | drivers/uwb/uwbd.c in the Linux kernel before 4.13.6 |
| | | | | allows local users to cause a denial of service (general |
| | | | | protection fault and system crash) or possibly have |
| | | | | unspecified other impact via a crafted USB device. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-16526 |
+------------+-----------------------+--------------+----------------------+--------------------------------------------------------------+
| Unapproved | High CVE-2018-5332 | linux | 3.16.51-3+deb8u1 | In the Linux kernel through 4.14.13, the |
| | | | | rds_message_alloc_sgs() function does not validate a |
| | | | | value that is used during DMA page allocation, leading |
| | | | | to a heap-based out-of-bounds write (related to the |
| | | | | rds_rdma_extra_size function in net/rds/rdma.c). |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-5332 |
+------------+-----------------------+--------------+----------------------+--------------------------------------------------------------+
| Unapproved | High CVE-2017-9984 | linux | 3.16.51-3+deb8u1 | The snd_msnd_interrupt function in |
| | | | | sound/isa/msnd/msnd_pinnacle.c in the Linux kernel |
| | | | | through 4.11.7 allows local users to cause a denial |
| | | | | of service (over-boundary access) or possibly have |
| | | | | unspecified other impact by changing the value of a |
| | | | | message queue head pointer between two kernel reads |
| | | | | of that value, aka a "double fetch" vulnerability. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-9984 |
+------------+-----------------------+--------------+----------------------+--------------------------------------------------------------+
| Unapproved | High CVE-2017-5972 | linux | 3.16.51-3+deb8u1 | The TCP stack in the Linux kernel 3.x does not |
| | | | | properly implement a SYN cookie protection mechanism |
| | | | | for the case of a fast network connection, which |
| | | | | allows remote attackers to cause a denial of service |
| | | | | (CPU consumption) by sending many TCP SYN packets, as |
| | | | | demonstrated by an attack against the kernel-3.10.0 |
| | | | | package in CentOS Linux 7. NOTE: third parties have been |
| | | | | unable to discern any relationship between the GitHub |
| | | | | Engineering finding and the Trigemini.c attack code. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-5972 |
+------------+-----------------------+--------------+----------------------+--------------------------------------------------------------+
| Unapproved | High CVE-2017-16914 | linux | 3.16.51-3+deb8u1 | The "stub_send_ret_submit()" function |
| | | | | (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before |
| | | | | version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows |
| | | | | attackers to cause a denial of service (NULL pointer |
| | | | | dereference) via a specially crafted USB over IP packet. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-16914 |
+------------+-----------------------+--------------+----------------------+--------------------------------------------------------------+
| Unapproved | High CVE-2017-9985 | linux | 3.16.51-3+deb8u1 | The snd_msndmidi_input_read function in |
| | | | | sound/isa/msnd/msnd_midi.c in the Linux kernel |
| | | | | through 4.11.7 allows local users to cause a denial |
| | | | | of service (over-boundary access) or possibly have |
| | | | | unspecified other impact by changing the value of a |
| | | | | message queue head pointer between two kernel reads |
| | | | | of that value, aka a "double fetch" vulnerability. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-9985 |
+------------+-----------------------+--------------+----------------------+--------------------------------------------------------------+
| Unapproved | High CVE-2017-10663 | linux | 3.16.51-3+deb8u1 | The sanity_check_ckpt function in fs/f2fs/super.c |
| | | | | in the Linux kernel before 4.12.4 does not validate |
| | | | | the blkoff and segno arrays, which allows local |
| | | | | users to gain privileges via unspecified vectors. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-10663 |
+------------+-----------------------+--------------+----------------------+--------------------------------------------------------------+
| Unapproved | High CVE-2018-1000004 | linux | 3.16.51-3+deb8u1 | In the Linux kernel 4.12, 3.10, 2.6 and possibly |
| | | | | earlier versions a race condition vulnerability |
| | | | | exists in the sound system, this can lead to |
| | | | | a deadlock and denial of service condition. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-1000004 |
+------------+-----------------------+--------------+----------------------+--------------------------------------------------------------+
| Unapproved | High CVE-2017-16645 | linux | 3.16.51-3+deb8u1 | The ims_pcu_get_cdc_union_desc function in |
| | | | | drivers/input/misc/ims-pcu.c in the Linux kernel |
| | | | | through 4.13.11 allows local users to cause |
| | | | | a denial of service (ims_pcu_parse_cdc_data |
| | | | | out-of-bounds read and system crash) or possibly have |
| | | | | unspecified other impact via a crafted USB device. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-16645 |
+------------+-----------------------+--------------+----------------------+--------------------------------------------------------------+
| Unapproved | High CVE-2017-1000379 | linux | 3.16.51-3+deb8u1 | The Linux Kernel running on AMD64 systems will |
| | | | | sometimes map the contents of PIE executable, |
| | | | | the heap or ld.so to where the stack is mapped |
| | | | | allowing attackers to more easily manipulate the |
| | | | | stack. Linux Kernel version 4.11.5 is affected. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-1000379 |
+------------+-----------------------+--------------+----------------------+--------------------------------------------------------------+
| Unapproved | High CVE-2017-16912 | linux | 3.16.51-3+deb8u1 | The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in |
| | | | | the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 |
| | | | | allows attackers to cause a denial of service (out-of-bounds |
| | | | | read) via a specially crafted USB over IP packet. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-16912 |
+------------+-----------------------+--------------+----------------------+--------------------------------------------------------------+
| Unapproved | High CVE-2013-7445 | linux | 3.16.51-3+deb8u1 | The Direct Rendering Manager (DRM) subsystem in |
| | | | | the Linux kernel through 4.x mishandles requests |
| | | | | for Graphics Execution Manager (GEM) objects, |
| | | | | which allows context-dependent attackers to cause |
| | | | | a denial of service (memory consumption) via |
| | | | | an application that processes graphics data, as |
| | | | | demonstrated by JavaScript code that creates many |
| | | | | CANVAS elements for rendering by Chrome or Firefox. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2013-7445 |
+------------+-----------------------+--------------+----------------------+--------------------------------------------------------------+
| Unapproved | High CVE-2017-13216 | linux | 3.16.51-3+deb8u1 | In ashmem_ioctl of ashmem.c, there is an out-of-bounds |
| | | | | write due to insufficient locking when accessing asma. |
| | | | | This could lead to a local elevation of privilege |
| | | | | enabling code execution as a privileged process with no |
| | | | | additional execution privileges needed. User interaction |
| | | | | is not needed for exploitation. Product: Android. |
| | | | | Versions: Android kernel. Android ID: A-66954097. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-13216 |
+------------+-----------------------+--------------+----------------------+--------------------------------------------------------------+
| Unapproved | High CVE-2017-10662 | linux | 3.16.51-3+deb8u1 | The sanity_check_raw_super function in fs/f2fs/super.c |
| | | | | in the Linux kernel before 4.11.1 does not |
| | | | | validate the segment count, which allows local |
| | | | | users to gain privileges via unspecified vectors. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-10662 |
+------------+-----------------------+--------------+----------------------+--------------------------------------------------------------+
| Unapproved | High CVE-2014-9939 | binutils | 2.25-5+deb8u1 | ihex.c in GNU Binutils before 2.26 contains a stack buffer |
| | | | | overflow when printing bad bytes in Intel Hex objects. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2014-9939 |
+------------+-----------------------+--------------+----------------------+--------------------------------------------------------------+
| Unapproved | High CVE-2017-8421 | binutils | 2.25-5+deb8u1 | The function coff_set_alignment_hook in coffcode.h in |
| | | | | Binary File Descriptor (BFD) library (aka libbfd), as |
| | | | | distributed in GNU Binutils 2.28, has a memory leak |
| | | | | vulnerability which can cause memory exhaustion in |
| | | | | objdump via a crafted PE file. Additional validation in |
| | | | | dump_relocs_in_section in objdump.c can resolve this. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-8421 |
+------------+-----------------------+--------------+----------------------+--------------------------------------------------------------+
| Unapproved | High CVE-2017-12424 | shadow | 1:4.2-3+deb8u4 | In shadow before 4.5, the newusers tool could be |
| | | | | made to manipulate internal data structures in ways |
| | | | | unintended by the authors. Malformed input may lead |
| | | | | to crashes (with a buffer overflow or other memory |
| | | | | corruption) or other unspecified behaviors. This |
| | | | | crosses a privilege boundary in, for example, certain |
| | | | | web-hosting environments in which a Control Panel allows |
| | | | | an unprivileged user account to create subaccounts. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-12424 |
+------------+-----------------------+--------------+----------------------+--------------------------------------------------------------+
| Unapproved | High CVE-2018-1000001 | glibc | 2.19-18+deb8u10 | In glibc 2.26 and earlier there is confusion in the |
| | | | | usage of getcwd() by realpath() which can be used |
| | | | | to write before the destination buffer leading to |
| | | | | a buffer underflow and potential code execution. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-1000001 |
+------------+-----------------------+--------------+----------------------+--------------------------------------------------------------+
| Unapproved | High CVE-2018-6485 | glibc | 2.19-18+deb8u10 | An integer overflow in the implementation of the |
| | | | | posix_memalign in memalign functions in the GNU C Library |
| | | | | (aka glibc or libc6) 2.26 and earlier could cause these |
| | | | | functions to return a pointer to a heap area that is |
| | | | | too small, potentially leading to heap corruption. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-6485 |
+------------+-----------------------+--------------+----------------------+--------------------------------------------------------------+
| Unapproved | High CVE-2017-8804 | glibc | 2.19-18+deb8u10 | The xdr_bytes and xdr_string functions in the GNU C |
| | | | | Library (aka glibc or libc6) 2.25 mishandle failures |
| | | | | of buffer deserialization, which allows remote |
| | | | | attackers to cause a denial of service (virtual |
| | | | | memory allocation, or memory consumption if an |
| | | | | overcommit setting is not used) via a crafted UDP |
| | | | | packet to port 111, a related issue to CVE-2017-8779. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-8804 |
+------------+-----------------------+--------------+----------------------+--------------------------------------------------------------+
| Unapproved | High CVE-2017-16997 | glibc | 2.19-18+deb8u10 | elf/dl-load.c in the GNU C Library (aka glibc or libc6) |
| | | | | 2.19 through 2.26 mishandles RPATH and RUNPATH containing |
| | | | | $ORIGIN for a privileged (setuid or AT_SECURE) program, |
| | | | | which allows local users to gain privileges via a Trojan |
| | | | | horse library in the current working directory, related |
| | | | | to the fillin_rpath and decompose_rpath functions. |
| | | | | This is associated with misinterpretion of an empty |
| | | | | RPATH/RUNPATH token as the "./" directory. NOTE: this |
| | | | | configuration of RPATH/RUNPATH for a privileged program |
| | | | | is apparently very uncommon; most likely, no such |
| | | | | program is shipped with any common Linux distribution. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-16997 |
+------------+-----------------------+--------------+----------------------+--------------------------------------------------------------+
| Unapproved | High CVE-2017-1000408 | glibc | 2.19-18+deb8u10 | A memory leak in glibc 2.1.1 (released on May 24, |
| | | | | 1999) can be reached and amplified through the |
| | | | | LD_HWCAP_MASK environment variable. Please note |
| | | | | that many versions of glibc are not vulnerable |
| | | | | to this issue if patched for CVE-2017-1000366. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-1000408 |
+------------+-----------------------+--------------+----------------------+--------------------------------------------------------------+
| Unapproved | High CVE-2014-9761 | glibc | 2.19-18+deb8u10 | Multiple stack-based buffer overflows in the GNU C Library |
| | | | | (aka glibc or libc6) before 2.23 allow context-dependent |
| | | | | attackers to cause a denial of service (application |
| | | | | crash) or possibly execute arbitrary code via a long |
| | | | | argument to the (1) nan, (2) nanf, or (3) nanl function. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2014-9761 |
+------------+-----------------------+--------------+----------------------+--------------------------------------------------------------+
| Unapproved | High CVE-2016-7950 | libxrender | 1:0.9.8-1 | The XRenderQueryFilters function in X.org libXrender before |
| | | | | 0.9.10 allows remote X servers to trigger out-of-bounds |
| | | | | write operations via vectors involving filter name lengths. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2016-7950 |
+------------+-----------------------+--------------+----------------------+--------------------------------------------------------------+
| Unapproved | High CVE-2016-7949 | libxrender | 1:0.9.8-1 | Multiple buffer overflows in the (1) XvQueryAdaptors and |
| | | | | (2) XvQueryEncodings functions in X.org libXrender before |
| | | | | 0.9.10 allow remote X servers to trigger out-of-bounds |
| | | | | write operations via vectors involving length fields. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2016-7949 |
+------------+-----------------------+--------------+----------------------+--------------------------------------------------------------+
| Unapproved | High CVE-2017-17480 | openjpeg2 | 2.1.0-2+deb8u3 | In OpenJPEG 2.3.0, a stack-based buffer overflow |
| | | | | was discovered in the pgxtovolume function in |
| | | | | jp3d/convert.c. The vulnerability causes an |
| | | | | out-of-bounds write, which may lead to remote denial |
| | | | | of service or possibly remote code execution. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-17480 |
+------------+-----------------------+--------------+----------------------+--------------------------------------------------------------+
| Unapproved | High CVE-2018-6954 | systemd | 215-17+deb8u7 | systemd-tmpfiles in systemd through 237 mishandles |
| | | | | symlinks present in non-terminal path components, which |
| | | | | allows local users to obtain ownership of arbitrary |
| | | | | files via vectors involving creation of a directory |
| | | | | and a file under that directory, and later replacing |
| | | | | that directory with a symlink. This occurs even |
| | | | | if the fs.protected_symlinks sysctl is turned on. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2018-6954 |
+------------+-----------------------+--------------+----------------------+--------------------------------------------------------------+
| Unapproved | High CVE-2017-14062 | libidn | 1.29-1+deb8u2 | Integer overflow in the decode_digit function |
| | | | | in puny_decode.c in Libidn2 before 2.0.4 allows |
| | | | | remote attackers to cause a denial of service |
| | | | | or possibly have unspecified other impact. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-14062 |
+------------+-----------------------+--------------+----------------------+--------------------------------------------------------------+
| Unapproved | High CVE-2017-1000158 | python2.7 | 2.7.9-2+deb8u1 | CPython (aka Python) up to 2.7.13 is vulnerable to an |
| | | | | integer overflow in the PyString_DecodeEscape function |
| | | | | in stringobject.c, resulting in heap-based buffer |
| | | | | overflow (and possible arbitrary code execution) |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-1000158 |
+------------+-----------------------+--------------+----------------------+--------------------------------------------------------------+
| Unapproved | High CVE-2017-2518 | sqlite3 | 3.8.7.1-1+deb8u2 | An issue was discovered in certain Apple products. |
| | | | | iOS before 10.3.2 is affected. macOS before 10.12.5 is |
| | | | | affected. tvOS before 10.2.1 is affected. watchOS before |
| | | | | 3.2.2 is affected. The issue involves the "SQLite" |
| | | | | component. It allows remote attackers to execute arbitrary |
| | | | | code or cause a denial of service (buffer overflow |
| | | | | and application crash) via a crafted SQL statement. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-2518 |
+------------+-----------------------+--------------+----------------------+--------------------------------------------------------------+
| Unapproved | High CVE-2017-2520 | sqlite3 | 3.8.7.1-1+deb8u2 | An issue was discovered in certain Apple products. |
| | | | | iOS before 10.3.2 is affected. macOS before 10.12.5 is |
| | | | | affected. tvOS before 10.2.1 is affected. watchOS before |
| | | | | 3.2.2 is affected. The issue involves the "SQLite" |
| | | | | component. It allows remote attackers to execute arbitrary |
| | | | | code or cause a denial of service (buffer overflow |
| | | | | and application crash) via a crafted SQL statement. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-2520 |
+------------+-----------------------+--------------+----------------------+--------------------------------------------------------------+
| Unapproved | High CVE-2017-10989 | sqlite3 | 3.8.7.1-1+deb8u2 | The getNodeSize function in ext/rtree/rtree.c in |
| | | | | SQLite through 3.19.3, as used in GDAL and other |
| | | | | products, mishandles undersized RTree blobs in a |
| | | | | crafted database, leading to a heap-based buffer |
| | | | | over-read or possibly unspecified other impact. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-10989 |
+------------+-----------------------+--------------+----------------------+--------------------------------------------------------------+
| Unapproved | High CVE-2017-2519 | sqlite3 | 3.8.7.1-1+deb8u2 | An issue was discovered in certain Apple products. |
| | | | | iOS before 10.3.2 is affected. macOS before 10.12.5 is |
| | | | | affected. tvOS before 10.2.1 is affected. watchOS before |
| | | | | 3.2.2 is affected. The issue involves the "SQLite" |
| | | | | component. It allows remote attackers to execute arbitrary |
| | | | | code or cause a denial of service (memory corruption |
| | | | | and application crash) via a crafted SQL statement. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2017-2519 |
+------------+-----------------------+--------------+----------------------+--------------------------------------------------------------+
| Unapproved | High CVE-2016-2779 | util-linux | 2.25.2-6 | runuser in util-linux allows local users to escape to |
| | | | | the parent session via a crafted TIOCSTI ioctl call, |
| | | | | which pushes characters to the terminal's input buffer. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2016-2779 |
+------------+-----------------------+--------------+----------------------+--------------------------------------------------------------+
| Unapproved | High CVE-2016-9843 | zlib | 1:1.2.8.dfsg-2 | The crc32_big function in crc32.c in zlib 1.2.8 might |
| | | | | allow context-dependent attackers to have unspecified |
| | | | | impact via vectors involving big-endian CRC calculation. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2016-9843 |
+------------+-----------------------+--------------+----------------------+--------------------------------------------------------------+
| Unapproved | High CVE-2016-9841 | zlib | 1:1.2.8.dfsg-2 | inffast.c in zlib 1.2.8 might allow context-dependent |
| | | | | attackers to have unspecified impact by |
| | | | | leveraging improper pointer arithmetic. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2016-9841 |
+------------+-----------------------+--------------+----------------------+--------------------------------------------------------------+
| Unapproved | High CVE-2016-2090 | libbsd | 0.7.0-2 | Off-by-one vulnerability in the fgetwln function in libbsd |
| | | | | before 0.8.2 allows attackers to have unspecified impact via |
| | | | | unknown vectors, which trigger a heap-based buffer overflow. |
| | | | | https://security-tracker.debian.org/tracker/CVE-2016-2090 |
+------------+-----------------------+--------------+----------------------+--------------------------------------------------------------+
avoinea
svx
djay
We should update the underlying OS versions :)
There are new versions of Alpine and Debian out.