The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Debian Jessie

vulnerability announce CVE-2016-2069

Linux kernel: privilege escalation via TLB synchronization between processors

Synthesis of the vulnerability

An attacker can trigger a synchronization error of processor' TLB in the Linux kernel, in order to escalate his privileges.
Impacted products: Debian, Linux, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 25/01/2016.
Identifiers: CERTFR-2016-AVI-069, CERTFR-2016-AVI-070, CERTFR-2016-AVI-073, CERTFR-2016-AVI-082, CERTFR-2016-AVI-099, CERTFR-2016-AVI-103, CERTFR-2016-AVI-110, CERTFR-2016-AVI-159, CERTFR-2016-AVI-186, CERTFR-2016-AVI-199, CERTFR-2017-AVI-001, CVE-2016-2069, DSA-3503-1, openSUSE-SU-2016:0537-1, openSUSE-SU-2016:1008-1, openSUSE-SU-2016:2649-1, openSUSE-SU-2016:3021-1, RHSA-2016:2574-02, RHSA-2016:2584-02, RHSA-2017:0817-01, SUSE-SU-2016:0585-1, SUSE-SU-2016:0785-1, SUSE-SU-2016:0911-1, SUSE-SU-2016:1102-1, SUSE-SU-2016:1203-1, SUSE-SU-2016:2074-1, SUSE-SU-2016:3304-1, USN-2908-1, USN-2908-2, USN-2908-3, USN-2908-4, USN-2908-5, USN-2931-1, USN-2932-1, USN-2967-1, USN-2967-2, USN-2989-1, USN-2998-1, VIGILANCE-VUL-18812.

Description of the vulnerability

The x86 processors include a cache of the page table, which must be shared by all processors.

The Linux kernel implements a specific protocol to spread changes to the page table into all the processors' cache. However, there is an error in this protocol and a consequence is that there may be a sequence of instructions and hardware interrupts that grant access to a memory area which should be unreachable.

An attacker can therefore trigger a synchronization error of processor' TLB in the Linux kernel, in order to escalate his privileges.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2008-7316 CVE-2015-8785

Linux kernel: infinite loop of FUSE

Synthesis of the vulnerability

An attacker can generate an infinite loop in the FUSE module of the Linux kernel, in order to trigger a denial of service.
Impacted products: Debian, Linux, openSUSE, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 25/01/2016.
Identifiers: CERTFR-2016-AVI-044, CERTFR-2016-AVI-069, CERTFR-2016-AVI-073, CERTFR-2016-AVI-082, CERTFR-2016-AVI-103, CERTFR-2016-AVI-110, CVE-2008-7316, CVE-2015-8785, DSA-3503-1, openSUSE-SU-2016:1008-1, openSUSE-SU-2016:2144-1, openSUSE-SU-2016:2649-1, SUSE-SU-2016:0585-1, SUSE-SU-2016:0785-1, SUSE-SU-2016:0911-1, SUSE-SU-2016:1102-1, SUSE-SU-2016:1203-1, SUSE-SU-2016:1764-1, SUSE-SU-2016:2074-1, USN-2886-1, USN-2886-2, USN-2907-1, USN-2907-2, USN-2908-1, USN-2908-2, USN-2908-3, USN-2908-4, USN-2908-5, USN-2909-1, USN-2909-2, USN-2910-1, USN-2910-2, VIGILANCE-VUL-18809.

Description of the vulnerability

FUSE is an interface that allows filesystems be implemented by a user space program, instead of a kernel module.

The kernel includes an interface that delegates system calls related to a file from a FUSE mount to the related user process. A write into a file may be specified by passing a list of pairs (pointer, length) to the kernel. However, when the list starts with a 0 length pair, the kernel fails to progress in the list traversal, so the system call never terminates.

An attacker can therefore generate an infinite loop in the FUSE module of the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2016-2073

libxml2: unreachable memory reading via htmlParseNameComplex Amp

Synthesis of the vulnerability

An attacker can force a read access at an invalid address via '&' in htmlParseNameComplex() of libxml2, in order to trigger a denial of service.
Impacted products: Debian, libxml, openSUSE Leap, Splunk Enterprise, SLES, Ubuntu.
Severity: 2/4.
Creation date: 25/01/2016.
Identifiers: 1989337, 1991909, 1991910, 1991911, 1991913, 1991997, CVE-2016-2073, DLA-503-1, DSA-3593-1, openSUSE-SU-2016:1595-1, SPL-119440, SPL-121159, SPL-123095, SUSE-SU-2016:1538-1, SUSE-SU-2016:1604-1, USN-2994-1, VIGILANCE-VUL-18808.

Description of the vulnerability

The libxml2 library includes an XML parser.

However, using '&' followed by three characters, the function htmlParseNameComplex() may be forced to attempt to read one byte before the beginning of the actually allocated buffer. According the le location of the buffer, this leads to use of uninitialized memory or a memory protection fault, which is typically fatal.

An attacker can therefore force a read access at an invalid address via '&' in htmlParseNameComplex() of libxml2, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2015-8781 CVE-2015-8782 CVE-2015-8783

LibTIFF: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of libtiff.
Impacted products: Debian, BIG-IP Hardware, TMOS, LibTIFF, openSUSE, openSUSE Leap, Solaris, RHEL, Ubuntu.
Severity: 2/4.
Creation date: 25/01/2016.
Identifiers: 2522, bulletinapr2016, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, DLA-880-1, DSA-3467-1, K11220361, K35155453, openSUSE-SU-2016:0405-1, openSUSE-SU-2016:0414-1, openSUSE-SU-2016:2321-1, RHSA-2016:1546-01, RHSA-2016:1547-01, SOL35155453, USN-2939-1, VIGILANCE-VUL-18807.

Description of the vulnerability

Several vulnerabilities were announced in libtiff.

An attacker can generate a memory corruption when assertion evaluation is disabled at build time, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2015-8781]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2015-8782]

An attacker can force a read at an invalid address, in order to trigger a denial of service. [severity:2/4; CVE-2015-8783]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2015-8784

LibTIFF: buffer overflow of NeXTDecode

Synthesis of the vulnerability

An attacker can generate a buffer overflow in NeXTDecode of libtiff5, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, BIG-IP Hardware, TMOS, LibTIFF, RHEL, Ubuntu.
Severity: 2/4.
Creation date: 25/01/2016.
Identifiers: 2508, CVE-2015-8784, DLA-880-1, DSA-3467-1, RHSA-2016:1546-01, RHSA-2016:1547-01, SOL89096577, USN-2939-1, VIGILANCE-VUL-18806.

Description of the vulnerability

The library libtiff handles images in the TIFF format.

The routine TIFFReadContigTileData allocates a buffer wich is used by the routine NeXTDecode. However, This last routine may write data from the image file after the end of this buffer.

An attacker can therefore generate a buffer overflow in NeXTDecode of libtiff5, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2015-5307 CVE-2015-7183 CVE-2015-8104

Oracle VM VirtualBox: multiple vulnerabilities of January 2016

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle VM VirtualBox.
Impacted products: Debian, openSUSE, VirtualBox, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Creation date: 20/01/2016.
Revision date: 22/01/2016.
Identifiers: CERTFR-2016-AVI-029, CERTFR-2016-AVI-050, cpujan2016, CVE-2015-5307, CVE-2015-7183, CVE-2015-8104, CVE-2016-0495, CVE-2016-0592, CVE-2016-0602, DSA-3454-1, openSUSE-SU-2016:0301-1, RHSA-2016:0103-01, SUSE-SU-2016:0354-1, SUSE-SU-2016:0658-1, VIGILANCE-VUL-18763.

Description of the vulnerability

Several vulnerabilities were announced in Oracle VM VirtualBox.

An attacker can use a vulnerability of Core, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; CVE-2015-7183]

An attacker can use a vulnerability of Windows Installer, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; CVE-2016-0602]

An attacker can use a vulnerability of Core, in order to trigger a denial of service. [severity:2/4; CVE-2015-5307]

An attacker can use a vulnerability of Core, in order to trigger a denial of service. [severity:2/4; CVE-2015-8104]

An attacker can use a vulnerability of Core, in order to trigger a denial of service. [severity:2/4; CVE-2016-0495]

An attacker can use a vulnerability of Core, in order to trigger a denial of service. [severity:1/4; CVE-2016-0592]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2015-7973 CVE-2015-7974 CVE-2015-7975

NTP.org: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of NTP.org.
Impacted products: SNS, Blue Coat CAS, FabricOS, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco ACE, ASA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Nexus by Cisco, NX-OS, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Cisco PRSM, Cisco Router, Secure ACS, Cisco CUCM, Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP Switch, AIX, Juniper J-Series, Junos OS, Junos Space, Meinberg NTP Server, NTP.org, openSUSE, openSUSE Leap, Palo Alto Firewall PA***, PAN-OS, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 21/01/2016.
Identifiers: BSA-2016-005, BSA-2016-006, CERTFR-2016-AVI-045, cisco-sa-20160127-ntpd, CVE-2015-7973, CVE-2015-7974, CVE-2015-7975, CVE-2015-7976, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8138, CVE-2015-8139, CVE-2015-8140, CVE-2015-8158, DLA-559-1, DSA-3629-1, FEDORA-2016-34bc10a2c8, FEDORA-2016-89e0874533, FEDORA-2016-8bb1932088, FEDORA-2016-c3bd6a3496, FreeBSD-SA-16:09.ntp, HPESBHF03750, JSA10776, JSA10796, K00329831, K01324833, K06288381, openSUSE-SU-2016:1292-1, openSUSE-SU-2016:1329-1, openSUSE-SU-2016:1423-1, PAN-SA-2016-0019, RHSA-2016:0063-01, RHSA-2016:0780-01, RHSA-2016:1552-01, RHSA-2016:2583-02, SA113, SOL00329831, SOL01324833, SOL05046514, SOL06288381, SOL13304944, SOL21230183, SOL32790144, SOL71245322, SOL74363721, SSA:2016-054-04, STORM-2016-003, STORM-2016-004, SUSE-SU-2016:1175-1, SUSE-SU-2016:1177-1, SUSE-SU-2016:1247-1, SUSE-SU-2016:1278-1, SUSE-SU-2016:1291-1, SUSE-SU-2016:1311-1, SUSE-SU-2016:1471-1, SUSE-SU-2016:1912-1, SUSE-SU-2016:2094-1, USN-3096-1, VIGILANCE-VUL-18787.

Description of the vulnerability

Several vulnerabilities were announced in NTP.org.

An attacker can generate an infinite loop in ntpq, in order to trigger a denial of service. [severity:2/4; CVE-2015-8158]

The Zero Origin Timestamp value is not correctly checked. [severity:2/4; CVE-2015-8138]

An attacker can trigger a fatal error in Authenticated Broadcast Mode, in order to trigger a denial of service. [severity:2/4; CVE-2015-7979]

An attacker can trigger a fatal error in Recursive Traversal, in order to trigger a denial of service. [severity:2/4; CVE-2015-7978]

An attacker can force a NULL pointer to be dereferenced in reslist, in order to trigger a denial of service. [severity:2/4; CVE-2015-7977]

An attacker can use a filename with special characters in the "ntpq saveconfig" command. [severity:2/4; CVE-2015-7976]

An attacker can generate a buffer overflow in nextvar(), in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2015-7975]

An attacker can bypass security features in Skeleton Key, in order to escalate his privileges. [severity:2/4; CVE-2015-7974]

An attacker can use a replay attack against Deja Vu. [severity:2/4; CVE-2015-7973]

An attacker can use a replay attack against ntpq. [severity:2/4; CVE-2015-8140]

An attacker can bypass security features in ntpq and ntpdc, in order to obtain sensitive information. [severity:2/4; CVE-2015-8139]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2016-1612 CVE-2016-1613 CVE-2016-1614

Google Chrome: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Google Chrome.
Impacted products: Debian, Chrome, openSUSE, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 4/4.
Creation date: 21/01/2016.
Identifiers: CVE-2016-1612, CVE-2016-1613, CVE-2016-1614, CVE-2016-1615, CVE-2016-1616, CVE-2016-1617, CVE-2016-1618, CVE-2016-1619, CVE-2016-1620, CVE-2016-2051, CVE-2016-2052, DSA-3456-1, openSUSE-SU-2016:0249-1, openSUSE-SU-2016:0250-1, openSUSE-SU-2016:0271-1, RHSA-2016:0072-01, USN-2877-1, VIGILANCE-VUL-18785.

Description of the vulnerability

Several vulnerabilities were announced in Google Chrome.

An attacker can generate a memory corruption in V8, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-1612]

An attacker can force the usage of a freed memory area in PDFium, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-1613]

An attacker can bypass security features in Blink, in order to obtain sensitive information. [severity:2/4; CVE-2016-1614]

An attacker can bypass security features in Omnibox, in order to obtain sensitive information. [severity:2/4; CVE-2016-1615]

An attacker can spoof an url, in order to deceive the victim. [severity:2/4; CVE-2016-1616]

An attacker can use HSTS et CSP, in order to obtain sensitive information from history. [severity:2/4; CVE-2016-1617]

An attacker can predict randoms in Blink. [severity:2/4; CVE-2016-1618]

An attacker can force a read at an invalid address in PDFium, in order to trigger a denial of service. [severity:2/4; CVE-2016-1619]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-1620]

An attacker can generate a memory corruption in V8, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-2051]

An attacker can generate a memory corruption in HarfBuzz, in order to trigger a denial of service, and possibly to run code (VIGILANCE-VUL-20398). [severity:3/4; CVE-2016-2052]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2016-1570

Xen: memory corruption via PV Superpage

Synthesis of the vulnerability

An attacker in a guest system can generate a memory corruption in the PV Superpage feature of Xen, in order to trigger a denial of service, and possibly to run code on the host system.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 2/4.
Creation date: 20/01/2016.
Identifiers: CVE-2016-1570, DLA-479-1, DSA-3519-1, FEDORA-2016-2c15b72b01, FEDORA-2016-e1784417af, openSUSE-SU-2016:0914-1, openSUSE-SU-2016:0995-1, SUSE-SU-2016:0873-1, SUSE-SU-2016:0955-1, SUSE-SU-2016:1154-1, SUSE-SU-2016:1318-1, SUSE-SU-2016:1745-1, VIGILANCE-VUL-18773, XSA-167.

Description of the vulnerability

The Xen product offers the PV Superpage feature, which is disabled by default.

However, parameters of the HYPERVISOR_mmuext_op hypercall (sub-operation MMUEXT_MARK_SUPER and MMUEXT_UNMARK_SUPER) are not checked.

An attacker in a guest system can therefore generate a memory corruption in the PV Superpage feature of Xen, in order to trigger a denial of service, and possibly to run code on the host system.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2016-1571

Xen: denial of service via VMX INVLPG

Synthesis of the vulnerability

An attacker in a guest system can use INVLPG/INVVPID of Xen, in order to trigger a denial of service on the host system.
Impacted products: Debian, Fedora, openSUSE, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 1/4.
Creation date: 20/01/2016.
Identifiers: CVE-2016-1571, DLA-479-1, DSA-3519-1, FEDORA-2016-2c15b72b01, FEDORA-2016-e1784417af, openSUSE-SU-2016:0995-1, SUSE-SU-2016:0873-1, SUSE-SU-2016:0955-1, SUSE-SU-2016:1154-1, SUSE-SU-2016:1318-1, SUSE-SU-2016:1745-1, VIGILANCE-VUL-18772, XSA-168.

Description of the vulnerability

The Xen product can be installed in HVM mode with Shadow Mode Paging, on an Intel/Cyrix processor.

However, in this configuration, using INVVPID with a non-canonical address generates a fatal error in paging_invlpg().

An attacker in a guest system can therefore use INVLPG/INVVPID of Xen, in order to trigger a denial of service on the host system.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Debian Jessie: