The security updates of spip, tomcat8, jython, flatpak, apache2 and expat.
Vulnerability Information
DSA-3890-1 spip — Security Updates
Security database details:
Emeric Boit of ANSSI reported that SPIP, a website engine for publishing, insufficiently sanitises the value from the X-Forwarded-Host HTTP header field. An unauthenticated attacker can take advantage of this flaw to cause remote code execution.
DSA-3891-1 tomcat8 — Security Updates
Security database details:
Aniket Nandkishor Kulkarni discovered that in tomcat8, a servlet and JSP engine, static error pages used the original request's HTTP method to serve content, instead of systematically using the GET method. This could under certain conditions result in undesirable results, including the replacement or removal of the custom error page.
DSA-3893-1 jython — Security Updates
Security database details:
Alvaro Munoz and Christian Schneider discovered that jython, an implementation of the Python language seamlessly integrated with Java, is prone to arbitrary code execution triggered when sending a serialized function to the deserializer.
DSA-3895-1 flatpak — Security Updates
Security database details:
It was discovered that Flatpak, an application deployment framework for desktop apps insufficiently restricted file permissinons in third-party repositories, which could result in privilege escalation.
DSA-3896-1 apache2 — Security Updates
Security database details:
Several vulnerabilities have been found in the Apache HTTPD server.
- CVE-2017-3167: Emmanuel Dreyfus reported that the use of ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.
- CVE-2017-3169: Vasileios Panopoulos of AdNovum Informatik AG discovered that mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port leading to a denial of service.
- CVE-2017-7659: Robert Swiecki reported that a specially crafted HTTP/2 request could cause mod_http2 to dereference a NULL pointer and crash the server process.
- CVE-2017-7668: Javier Jimenez reported that the HTTP strict parsing contains a flaw leading to a buffer overread in ap_find_token(). A remote attacker can take advantage of this flaw by carefully crafting a sequence of request headers to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.
- CVE-2017-7679; ChenQin and Hanno Boeck reported that mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.
DSA-3898-1 expat — Security Updates
Security database details:
Multiple vulnerabilities have been discovered in Expat, an XML parsing C library. The Common Vulnerabilities and Exposures project identifies the following problems:
- CVE-2016-9063: Gustavo Grieco discovered an integer overflow flaw during parsing of XML. An attacker can take advantage of this flaw to cause a denial of service against an application using the Expat library.
- CVE-2017-9233: Rhodri James discovered an infinite loop vulnerability within the entityValueInitProcessor() function while parsing malformed XML in an external entity. An attacker can take advantage of this flaw to cause a denial of service against an application using the Expat library.
Fixing Status
spip security vulnerabilities have been fixed in version 3.1.4-3;
tomcat8 security vulnerabilities have been fixed in version 8.5.14-2;
jython security vulnerabilities have been fixed in version 2.5.3-17;
flatpak security vulnerabilities have been fixed in version 0.8.7-1;
apache2 security vulnerabilities have been fixed in version 2.4.25-4;
expat security vulnerabilities have been fixed in version 2.2.1-1.
We recommend that you upgrade the system to obtain the patches to fix the vulnerabilities.