The Security Bulletin (APSB17-24) published on August 8 regarding updates for Adobe Acrobat and Reader has been updated to reflect the availability of new updates as of August 29.

The August 29 updates resolve a functional regression with XFA forms functionality that affected some users, as well as provide a resolution to security vulnerability CVE-2017-11223.  This CVE was originally addressed in the August 8 updates (versions 2017.012.20093, 2017.011.30059 and 2015.006.30352). Due to a functional regression in those releases, optional hotfixes [0,1,2] were offered to affected customers that temporarily reverted the fix for CVE-2017-11223. The August 29 releases resolve both the functional regression and provide a fix for CVE-2017-11223.

At this time, Adobe is not aware of exploits in the wild for CVE-2017-11223, or any of the other issues addressed in the August 8 or August 29 releases.


[0] Hotfix for 2017.012.20093

[1] Hotfix for 2017.011.30059

[2] Hotfix for 2015.006.30352

Ref :

저작자 표시

'취약점 정보2' 카테고리의 다른 글

iptime 업데이트  (0) 2017.09.05
libgd2 security update  (0) 2017.09.05
어도비 제품군 업데이트 안내  (0) 2017.09.01
ffmpeg security update  (0) 2017.09.01
WinDbg 업데이트  (0) 2017.08.30
Lg 모바일 8월 업데이트 안내  (0) 2017.08.25
블로그 이미지

Ryansecurity Ryansecurity

Life is fun security story


젠킨스(Jenkins)는 소프트웨어 개발 시 지속적 통합(continuous integration) 서비스를 제공하는 툴 취약점이 발견되어 업데이트가 필요해 보입니다 .

Multiple Cross-Site Request Forgery vulnerabilities in Jenkins allowed malicious users to perform several administrative actions by tricking a 

victim into opening a web page. 

The most notable ones:

SECURITY-412: Restart Jenkins immediately, after all builds are finished, or after all plugin installations and builds are finished

SECURITY-412: Schedule a downgrade of Jenkins to a previously installed version if Jenkins previously upgraded itself

SECURITY-413: Install and (optionally) dynamically load any plugin present on a configured update site

SECURITY-414: Remove any update site from the Jenkins configuration

SECURITY-415: Change a user’s API token

SECURITY-416: Submit system configuration

SECURITY-417: Submit global security configuration

SECURITY-418, SECURITY-420: For Jenkins user database authentication realm: create an account if signup is enabled; or create an account if the victim is an administrator,

 possibly deleting the existing default admin user in the process

SECURITY-419: Create a new agent, possibly executing arbitrary shell commands on the master node by choosing the appropriate launch method

SECURITY-420: Cancel a scheduled restart

SECURITY-420: Configure the global logging levels

SECURITY-420: Create a copy of an existing agent

SECURITY-420: Create copies of views in users' "My Views" or as children of the experimental "Tree View" feature

SECURITY-420: Enter "quiet down" mode in which no new builds are started

SECURITY-420: On Windows, after successful installation as a service, restart

SECURITY-420: On Windows, try to install Jenkins as a service

SECURITY-420: Set the descriptions of items (jobs), builds, and users

SECURITY-420: Submit global tools configuration (Jenkins 2.0 and up)

SECURITY-420: Toggle keeping a build forever (i.e. exclude or include it in log rotation)

SECURITY-420: Try to connect all disconnected agents simultaneously

SECURITY-420: Update the node monitor data on all agents

The above, as well as several other more minor issues, have all been fixed and these actions now require POST requests, and, if configured, a CSRF crumb, to work.

CLI: Unauthenticated remote code execution

SECURITY-429 / CVE-2017-1000353

An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java SignedObject object to the remoting-based Jenkins CLI, that would be deserialized using a new ObjectInputStream, bypassing the existing blacklist-based protection mechanism.

SignedObject has been added to the remoting blacklist.

In Jenkins 2.54, the remoting-based CLI protocol was deprecated and a new, HTTP based protocol introduced as the new default, in addition to the existing SSH-based CLI. This feature has been backported to Jenkins 2.46.2. It is strongly recommended that users upgrading Jenkins disable the remoting-based CLI, and use the one of the other modes (HTTP or SSH) instead.

CLI: Login command allowed impersonating any Jenkins user

SECURITY-466 / CVE-2017-1000354

The login command available in the remoting-based CLI stored the encrypted user name of the successfully authenticated user in a cache file used to authenticate further commands. Users with sufficient permission to create secrets in Jenkins, and download their encrypted values (e.g. with Job/Configure permission), were able to impersonate any other Jenkins user on the same instance.

This has been fixed by storing the cached authentication as a hash-based MAC with a key specific to the Jenkins instance and the CLI authentication cache.

Previously cached authentications are invalidated when upgrading Jenkins to a version containing a fix for this.

XStream: Java crash when trying to instantiate void/Void

SECURITY-503 / CVE-2017-1000355

Jenkins uses the XStream library to serialize and deserialize XML. Its maintainer recently published a security vulnerability that allows anyone able to provide XML to Jenkins for processing using XStream to crash the Java process. In Jenkins this typically applies to users with permission to create or configure items (jobs), views, or agents.

Jenkins now prohibits the attempted deserialization of void / Void that results in a crash.


SECURITY-412 through SECURITY-420: high

SECURITY-429: critical

SECURITY-466: high

SECURITY-503: medium

Affected versions

All Jenkins main line releases up to and including 2.56

All Jenkins LTS releases up to and including 2.46.1


Jenkins main line users should update to 2.57

Jenkins LTS users should update to 2.46.2

These versions include fixes to all the vulnerabilities described above. All prior versions are affected by these vulnerabilities unless otherwise indicated.

저작자 표시
블로그 이미지

Ryansecurity Ryansecurity

Life is fun security story

Several vulnerabilities have been discovered in FFmpeg, a multimedia
player, server and encoder. These issues could lead to Denial-of-Service
and, in some situation, the execution of arbitrary code.


    Yihan Lian of Qihoo 360 GearTeam discovered a NULL pointer access when
    parsing a crafted MOV file.


    Thierry Foucu discovered that it was possible to leak information from
    files and symlinks ending in common multimedia extensions, using the
    HTTP Live Streaming.


    Liu Bingchang of IIE discovered an integer overflow in the APE decoder
    that can be triggered by a crafted APE file.


    JunDong Xie of Ant-financial Light-Year Security Lab discovered that
    an attacker able to craft a RTMP stream can crash FFmpeg.


    Liu Bingchang of IIE discovered an out-of-bound access that can be
    triggered by a crafted DNxHD file. 

For the stable distribution (stretch), these problems have been fixed in
version 7:3.2.7-1~deb9u1.

We recommend that you upgrade your ffmpeg packages.
저작자 표시

'취약점 정보2' 카테고리의 다른 글

libgd2 security update  (0) 2017.09.05
어도비 제품군 업데이트 안내  (0) 2017.09.01
ffmpeg security update  (0) 2017.09.01
WinDbg 업데이트  (0) 2017.08.30
Lg 모바일 8월 업데이트 안내  (0) 2017.08.25
삼성 모바일 8월 업데이트 안내  (0) 2017.08.25
블로그 이미지

Ryansecurity Ryansecurity

Life is fun security story














HTS 모듈로 유포되는 악성코드 주의를 당부드립니다.


저작자 표시
블로그 이미지

Ryansecurity Ryansecurity

Life is fun security story












HTS 모듈로 유포되는 악성코드 주의를 당부드립니다.

저작자 표시
블로그 이미지

Ryansecurity Ryansecurity

Life is fun security story

티스토리 툴바