The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Debian Jessie

vulnerability CVE-2014-9904

Linux kernel: integer overflow via snd_compress_check_input

Synthesis of the vulnerability

An attacker can generate an integer overflow via snd_compress_check_input() on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Linux, openSUSE, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: user shell.
Creation date: 19/08/2016.
Identifiers: CERTFR-2016-AVI-378, CERTFR-2017-AVI-053, CVE-2014-9904, DSA-3616-1, openSUSE-SU-2016:2144-1, openSUSE-SU-2016:2184-1, SUSE-SU-2016:1937-1, SUSE-SU-2016:2105-1, SUSE-SU-2017:0471-1, USN-3127-1, USN-3127-2, VIGILANCE-VUL-20440.

Description of the vulnerability

An attacker can generate an integer overflow via snd_compress_check_input() on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-6888

QEMU: NULL pointer dereference via VMXNET3

Synthesis of the vulnerability

An attacker, who is administrator in a guest system, can force a NULL pointer to be dereferenced via VMXNET3 of QEMU, in order to trigger a denial of service on the host system.
Impacted products: Debian, openSUSE, openSUSE Leap, QEMU, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: privileged shell.
Creation date: 19/08/2016.
Identifiers: CVE-2016-6888, DLA-1599-1, openSUSE-SU-2016:2494-1, openSUSE-SU-2016:2497-1, openSUSE-SU-2016:2642-1, RHSA-2017:2392-01, SUSE-SU-2016:2473-1, SUSE-SU-2016:2507-1, SUSE-SU-2016:2533-1, SUSE-SU-2016:2589-1, USN-3125-1, VIGILANCE-VUL-20439.

Description of the vulnerability

The QEMU product supports VMWARE VMXNET3 devices.

However, an integer overflow in the net_tx_pkt_init() function leads to the usage of the memory at address zero.

An attacker, who is administrator in a guest system, can therefore force a NULL pointer to be dereferenced via VMXNET3 of QEMU, in order to trigger a denial of service on the host system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-7124 CVE-2016-7125 CVE-2016-7126

PHP 5: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PHP 5.
Impacted products: Debian, BIG-IP Hardware, TMOS, openSUSE, openSUSE Leap, PHP, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 21.
Creation date: 19/08/2016.
Identifiers: 70436, 71894, 72024, 72142, 72627, 72663, 72681, 72697, 72708, 72710, 72730, 72749, 72750, 72771, 72790, 72799, 72807, 72836, 72837, 72838, 72848, 72849, 72850, CVE-2016-7124, CVE-2016-7125, CVE-2016-7126, CVE-2016-7127, CVE-2016-7128, CVE-2016-7129, CVE-2016-7130, CVE-2016-7131, CVE-2016-7132, DLA-749-1, DSA-3689-1, K54308010, openSUSE-SU-2016:2337-1, openSUSE-SU-2016:2451-1, RHSA-2016:2750-01, SOL35232053, SOL54308010, SSA:2016-252-01, SUSE-SU-2016:2328-1, SUSE-SU-2016:2408-1, SUSE-SU-2016:2459-1, SUSE-SU-2016:2460-1, SUSE-SU-2016:2460-2, SUSE-SU-2016:2683-1, SUSE-SU-2016:2683-2, USN-3095-1, VIGILANCE-VUL-20436.

Description of the vulnerability

Several vulnerabilities were announced in PHP 5.

An attacker can generate an integer overflow via bzdecompress, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 72837]

An attacker can force the usage of a freed memory area via unserialize, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 70436]

An attacker can create a memory leak via microtime, in order to trigger a denial of service. [severity:1/4; 72024]

An attacker can inject data in PHP Session. [severity:2/4; 72681, CVE-2016-7125]

An attacker can generate a buffer overflow via zif_cal_from_jd, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 71894]

An attacker can generate an integer overflow via curl_escape, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 72807]

An attacker can generate an integer overflow via sql_regcase, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 72838]

An attacker can create a memory leak via exif_process_IFD_in_TIFF, in order to trigger a denial of service. [severity:1/4; 72627, CVE-2016-7128]

An attacker can generate a buffer overflow via mb_ereg, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 72710]

An attacker can generate an integer overflow via php_snmp_parse_oid, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 72708]

An attacker can generate an integer overflow via base64_decode, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 72836]

An attacker can generate an integer overflow via quoted_printable_encode, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 72848]

An attacker can generate an integer overflow via urlencode, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 72849]

An attacker can generate an integer overflow via php_uuencode, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 72850]

An attacker can use a Protocol Downgrade on ftps://, in order to read or alter data. [severity:2/4; 72771]

An attacker can generate a memory corruption via wddx_serialize_value, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 72142]

An attacker can force a read at an invalid address via wddx_deserialize, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; 72749, CVE-2016-7129]

An attacker can force a NULL pointer to be dereferenced via wddx_deserialize, in order to trigger a denial of service. [severity:1/4; 72750, 72790, 72799, CVE-2016-7130, CVE-2016-7131, CVE-2016-7132]

An attacker can use a vulnerability via __wakeup(), in order to run code. [severity:2/4; 72663, CVE-2016-7124]

An attacker can generate a buffer overflow via select_colors(), in order to trigger a denial of service, and possibly to run code. [severity:2/4; 72697, CVE-2016-7126]

An attacker can generate a buffer overflow via imagegammacorrect(), in order to trigger a denial of service, and possibly to run code. [severity:2/4; 72730, CVE-2016-7127]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-6313

GnuPG: predicting 160 bits

Synthesis of the vulnerability

An attacker can use a vulnerability in the pseudo-random generator of GnuPG, in order to predict bits.
Impacted products: Debian, Fedora, GnuPG, Security Directory Server, openSUSE, openSUSE Leap, Solaris, RHEL, Slackware, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 18/08/2016.
Identifiers: 2000347, bulletinoct2017, CVE-2016-6313, CVE-2016-6316-ERROR, DLA-600-1, DLA-602-1, DSA-3649-1, DSA-3650-1, FEDORA-2016-2b4ecfa79f, FEDORA-2016-3a0195918f, FEDORA-2016-81aab0aff9, FEDORA-2016-9864953aa3, openSUSE-SU-2016:2208-1, openSUSE-SU-2016:2423-1, RHSA-2016:2674-01, SSA:2016-236-01, SSA:2016-236-02, USN-3064-1, USN-3065-1, VIGILANCE-VUL-20413.

Description of the vulnerability

The GnuPG/Libgcrypt product uses a pseudo-random generator to generate series of bits, used by keys.

However, an attacker who can read 4640 successive bits can predict the 160 next bits.

Existing RSA keys are not weakened. Existing DSA / ElGamal keys should not be weakened. The editor thus recommends to not revoke existing keys.

An attacker can therefore use a vulnerability in the pseudo-random generator of GnuPG, in order to predict bits.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2016-6606 CVE-2016-6607 CVE-2016-6608

phpMyAdmin: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of phpMyAdmin.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, phpMyAdmin, TYPO3 Extensions ~ not comprehensive.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 28.
Creation date: 17/08/2016.
Identifiers: CVE-2016-6606, CVE-2016-6607, CVE-2016-6608, CVE-2016-6609, CVE-2016-6610, CVE-2016-6611, CVE-2016-6612, CVE-2016-6613, CVE-2016-6614, CVE-2016-6615, CVE-2016-6616, CVE-2016-6617, CVE-2016-6618, CVE-2016-6619, CVE-2016-6620, CVE-2016-6621, CVE-2016-6622, CVE-2016-6623, CVE-2016-6624, CVE-2016-6625, CVE-2016-6626, CVE-2016-6627, CVE-2016-6628, CVE-2016-6629, CVE-2016-6630, CVE-2016-6631, CVE-2016-6632, CVE-2016-6633, DLA-1415-1, DLA-626-1, DLA-757-1, DLA-834-1, FEDORA-2016-06e4de8210, FEDORA-2016-2eef68e635, openSUSE-SU-2016:2168-1, openSUSE-SU-2016:2176-1, PMASA-2016-29, PMASA-2016-30, PMASA-2016-31, PMASA-2016-32, PMASA-2016-33, PMASA-2016-34, PMASA-2016-35, PMASA-2016-36, PMASA-2016-37, PMASA-2016-38, PMASA-2016-39, PMASA-2016-40, PMASA-2016-41, PMASA-2016-42, PMASA-2016-43, PMASA-2016-44, PMASA-2016-45, PMASA-2016-46, PMASA-2016-47, PMASA-2016-48, PMASA-2016-49, PMASA-2016-50, PMASA-2016-51, PMASA-2016-52, PMASA-2016-53, PMASA-2016-54, PMASA-2016-55, PMASA-2016-56, TYPO3-EXT-SA-2016-025, VIGILANCE-VUL-20412.

Description of the vulnerability

Several vulnerabilities were announced in phpMyAdmin.

An attacker can bypass security features via Cookie Encryption, in order to obtain sensitive information. [severity:2/4; CVE-2016-6606, PMASA-2016-29]

An attacker can trigger a Cross Site Scripting, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2016-6607, PMASA-2016-30]

An attacker can trigger a Cross Site Scripting, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2016-6608, PMASA-2016-31]

An attacker can use a vulnerability via Array Export, in order to run code. [severity:2/4; CVE-2016-6609, PMASA-2016-32]

An attacker can bypass security features via Full Path, in order to obtain sensitive information. [severity:1/4; CVE-2016-6610, PMASA-2016-33]

An attacker can use a SQL injection, in order to read or alter data. [severity:2/4; CVE-2016-6611, PMASA-2016-34]

An attacker can bypass file access restrictions via LOAD LOCAL INFILE, in order to obtain sensitive information. [severity:2/4; CVE-2016-6612, PMASA-2016-35]

An attacker can bypass file access restrictions via UploadDir, in order to obtain sensitive information. [severity:2/4; CVE-2016-6613, PMASA-2016-36]

An attacker can traverse directories via SaveDir/UploadDir, in order to read/create a file outside the root path. [severity:2/4; CVE-2016-6614, PMASA-2016-37]

An attacker can trigger a Cross Site Scripting, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2016-6615, PMASA-2016-38]

An attacker can use a SQL injection, in order to read or alter data. [severity:2/4; CVE-2016-6616, PMASA-2016-39]

An attacker can use a SQL injection, in order to read or alter data. [severity:2/4; CVE-2016-6617, PMASA-2016-40]

An attacker can trigger a fatal error via Transformation, in order to trigger a denial of service. [severity:2/4; CVE-2016-6618, PMASA-2016-41]

An attacker can use a SQL injection via Control User, in order to read or alter data. [severity:2/4; CVE-2016-6619, PMASA-2016-42]

An attacker can use a vulnerability via Unserialize, in order to run code. [severity:2/4; CVE-2016-6620, PMASA-2016-43]

A SSRF vulnerability was announced via Setup Script. [severity:2/4; CVE-2016-6621, PMASA-2016-44]

An attacker can trigger a fatal error via Persistent Connections, in order to trigger a denial of service. [severity:2/4; CVE-2016-6622, PMASA-2016-45]

An attacker can generate an infinite loop, in order to trigger a denial of service. [severity:2/4; CVE-2016-6623, PMASA-2016-46]

An attacker can bypass security features via Proxy Server, in order to escalate his privileges. [severity:2/4; CVE-2016-6624, PMASA-2016-47]

An attacker can bypass security features, in order to obtain sensitive information. [severity:2/4; CVE-2016-6625, PMASA-2016-48]

An attacker can deceive the user, in order to redirect him to a malicious site. [severity:1/4; CVE-2016-6626, PMASA-2016-49]

An attacker can bypass security features via url.php, in order to obtain sensitive information. [severity:2/4; CVE-2016-6627, PMASA-2016-50]

An attacker can bypass file access restrictions via SVG, in order to obtain sensitive information. [severity:2/4; CVE-2016-6628, PMASA-2016-51]

An attacker can bypass security features via ArbitraryServerRegexp, in order to escalate his privileges. [severity:2/4; CVE-2016-6629, PMASA-2016-52]

An attacker can trigger a fatal error via Long Password, in order to trigger a denial of service. [severity:2/4; CVE-2016-6630, PMASA-2016-53]

An attacker can use a vulnerability via CGI, in order to run code. [severity:3/4; CVE-2016-6631, PMASA-2016-54]

An attacker can trigger a fatal error via Dbase Extension, in order to trigger a denial of service. [severity:3/4; CVE-2016-6632, PMASA-2016-55]

An attacker can use a vulnerability via Dbase Extension, in order to run code. [severity:3/4; CVE-2016-6633, PMASA-2016-56]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-3857

Linux kernel: privilege escalation via ARM CONFIG_OABI_COMPAT

Synthesis of the vulnerability

A local attacker can use sys_oabi_epoll_wait() or sys_oabi_semtimedop() on a Linux kernel for ARM, in order to escalate his privileges.
Impacted products: Debian, Linux, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 17/08/2016.
Identifiers: CERTFR-2016-AVI-315, CVE-2016-3857, DLA-609-1, USN-3082-1, USN-3082-2, VIGILANCE-VUL-20403.

Description of the vulnerability

The Linux kernel can be installed on an ARM processor, with the CONFIG_OABI_COMPAT option compiled.

However, the sys_oabi_epoll_wait() and sys_oabi_semtimedop() functions do not check access privileges.

A local attacker can therefore use sys_oabi_epoll_wait() or sys_oabi_semtimedop() on a Linux kernel for ARM, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-6828

Linux kernel: use after free via tcp_xmit_retransmit_queue

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via tcp_xmit_retransmit_queue() on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, Android OS, Linux, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: user shell.
Creation date: 16/08/2016.
Identifiers: CERTFR-2016-AVI-334, CERTFR-2017-AVI-001, CERTFR-2017-AVI-034, CERTFR-2017-AVI-053, CERTFR-2017-AVI-054, CVE-2016-6828, DLA-609-1, DSA-3659-1, FEDORA-2016-5e24d8c350, FEDORA-2016-723350dd75, FEDORA-2016-f1adaaadc6, K62442245, openSUSE-SU-2016:2290-1, openSUSE-SU-2016:2625-1, openSUSE-SU-2016:3021-1, RHSA-2017:0036-01, RHSA-2017:0086-01, RHSA-2017:0091-01, RHSA-2017:0113-01, SUSE-SU-2016:2912-1, SUSE-SU-2016:2976-1, SUSE-SU-2016:3069-1, SUSE-SU-2016:3304-1, SUSE-SU-2017:0333-1, SUSE-SU-2017:0471-1, SUSE-SU-2017:0494-1, USN-3097-1, USN-3097-2, USN-3098-1, USN-3098-2, USN-3099-1, USN-3099-2, USN-3099-3, USN-3099-4, VIGILANCE-VUL-20384.

Description of the vulnerability

The Linux kernel manages a TCP sending queue.

However, special system call sequence forces the tcp_xmit_retransmit_queue() function to free a memory area before reusing it.

An attacker can therefore force the usage of a freed memory area via tcp_xmit_retransmit_queue() on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-6491

ImageMagick: out-of-bounds memory reading via TIFF

Synthesis of the vulnerability

An attacker can force a read at an invalid address via TIFF of ImageMagick, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, Solaris.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 16/08/2016.
Identifiers: bulletinjul2016, CVE-2016-6491, DLA-731-1, DLA-731-2, DSA-3652-1, FEDORA-2017-3a568adb31, FEDORA-2017-8f27031c8f, openSUSE-SU-2016:2072-1, openSUSE-SU-2016:2148-1, VIGILANCE-VUL-20383.

Description of the vulnerability

An attacker can force a read at an invalid address via TIFF of ImageMagick, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2016-5010

ImageMagick: out-of-bounds memory reading via CopyMagickMemory

Synthesis of the vulnerability

An attacker can force a read at an invalid address via CopyMagickMemory of ImageMagick, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 16/08/2016.
Identifiers: CVE-2016-5010, DLA-731-1, DLA-731-2, DSA-3652-1, FEDORA-2017-3a568adb31, FEDORA-2017-8f27031c8f, openSUSE-SU-2016:2072-1, openSUSE-SU-2016:2148-1, VIGILANCE-VUL-20382.

Description of the vulnerability

An attacker can force a read at an invalid address via CopyMagickMemory of ImageMagick, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2015-5221

JasPer: use after free via mif_cod.c

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via mif_cod.c of JasPer, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, RHEL, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 16/08/2016.
Identifiers: CVE-2015-5221, DLA-1583-1, FEDORA-2016-5a7e745a56, FEDORA-2016-7776983633, FEDORA-2016-bbecf64af4, openSUSE-SU-2016:2722-1, openSUSE-SU-2016:2737-1, openSUSE-SU-2016:2833-1, RHSA-2017:1208-01, USN-3693-1, VIGILANCE-VUL-20380.

Description of the vulnerability

An attacker can force the usage of a freed memory area via mif_cod.c of JasPer, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Debian Jessie: