The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Debian Jessie

computer vulnerability bulletin CVE-2013-7446

Linux kernel: use after free via peer_wait_queue

Synthesis of the vulnerability

A local attacker can force the usage of a freed memory area in the peer_wait_queue() function of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, Android OS, Linux, openSUSE, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 18/11/2015.
Identifiers: CERTFR-2015-AVI-554, CERTFR-2015-AVI-561, CERTFR-2016-AVI-044, CERTFR-2016-AVI-073, CERTFR-2016-AVI-103, CERTFR-2016-AVI-110, CVE-2013-7446, DSA-3426-1, DSA-3426-2, FEDORA-2015-c1c2f5e168, FEDORA-2015-c59710b05d, openSUSE-SU-2016:1641-1, openSUSE-SU-2016:2144-1, openSUSE-SU-2016:2649-1, SOL20022580, SUSE-SU-2016:0585-1, SUSE-SU-2016:0785-1, SUSE-SU-2016:0911-1, SUSE-SU-2016:1102-1, SUSE-SU-2016:1203-1, SUSE-SU-2016:2074-1, USN-2886-1, USN-2886-2, USN-2887-1, USN-2887-2, USN-2888-1, USN-2889-1, USN-2889-2, USN-2890-1, USN-2890-2, USN-2890-3, VIGILANCE-VUL-18328.

Description of the vulnerability

The Linux kernel implements an epoll wait mechanism which can monitor Unix sockets (AF_UNIX) stored in a chained list.

However, if the socket is closed, the reference in this list is still used.

A local attacker can therefore force the usage of a freed memory area in the peer_wait_queue() function of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2015-8241

libxml2: unreachable memory reading via xmlParseMarkupDecl

Synthesis of the vulnerability

An attacker can create a malformed XML file, in order to generate a denial of service in applications linked to libxml2.
Impacted products: Debian, AIX, libxml, openSUSE, openSUSE Leap, RHEL, Nessus, Ubuntu.
Severity: 1/4.
Creation date: 17/11/2015.
Identifiers: 756263, CVE-2015-8241, DSA-3430-1, openSUSE-SU-2015:2372-1, openSUSE-SU-2016:0106-1, RHSA-2015:2549-01, RHSA-2015:2550-01, RHSA-2016:1087-01, RHSA-2016:1088-01, RHSA-2016:1089-01, TNS-2017-03, USN-2834-1, VIGILANCE-VUL-18321.

Description of the vulnerability

The libxml2 library implements an XML parser.

However, the xmlParseMarkupDecl() function tries to read an unreachable memory area, which triggers a fatal error.

An attacker can therefore create a malformed XML file, in order to generate a denial of service in applications linked to libxml2.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2015-0272 CVE-2015-8215

Linux kernel, NetworkManager: denial of service via IPv6 RA MTU

Synthesis of the vulnerability

An attacker can send an IPv6 RA packet with a malicious MTU, which is accepted by NetworkManager and by the Linux kernel, in order to trigger a denial of service.
Impacted products: Debian, Linux, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Creation date: 22/09/2015.
Revision date: 17/11/2015.
Identifiers: 1192132, CERTFR-2015-AVI-435, CERTFR-2015-AVI-436, CERTFR-2015-AVI-508, CERTFR-2015-AVI-563, CERTFR-2016-AVI-050, CERTFR-2016-AVI-073, CVE-2015-0272, CVE-2015-8215, DSA-3364-1, openSUSE-SU-2015:1842-1, openSUSE-SU-2016:0301-1, openSUSE-SU-2016:0318-1, openSUSE-SU-2016:2649-1, RHSA-2015:2315-01, RHSA-2016:0855-01, SUSE-SU-2015:2108-1, SUSE-SU-2015:2194-1, SUSE-SU-2015:2292-1, SUSE-SU-2015:2339-1, SUSE-SU-2015:2350-1, SUSE-SU-2016:0354-1, SUSE-SU-2016:0585-1, SUSE-SU-2016:2074-1, USN-2775-1, USN-2776-1, USN-2778-1, USN-2779-1, USN-2792-1, USN-2796-1, USN-2797-1, VIGILANCE-VUL-17946.

Description of the vulnerability

On a local network, IPv6 routers send the ICMPv6 Router Advertisement message to announce their presence and propose a MTU.

However, neither NetworkManager (CVE-2015-0272), nor the Linux kernel (CVE-2015-8215), check if the offered MTU is in the range IPV6_MIN_MTU to InterfaceMTU.

An attacker can therefore send an IPv6 RA packet with a malicious MTU, which is accepted by NetworkManager and by the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2014-9720

Tornado: information disclosure via BREACH

Synthesis of the vulnerability

An attacker can use the BREACH attack on Tornado, in order to obtain a cookie to perform operations on the service.
Impacted products: Debian, Fedora, openSUSE.
Severity: 1/4.
Creation date: 16/11/2015.
Identifiers: CVE-2014-9720, DLA-475-1, FEDORA-2015-8606, FEDORA-2015-9143, openSUSE-SU-2015:1998-1, VIGILANCE-VUL-18314.

Description of the vulnerability

The Tornado product offers a web service with TLS.

However, an attacker can use a TLS BREACH attack (VIGILANCE-VUL-13198) on messages, in order to guess the CSRF session cookie.

An attacker can therefore use the BREACH attack on Tornado, in order to obtain a cookie to perform operations on the service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2015-8126

libpng: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of libpng.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, libpng, Domino, Notes, ePO, openSUSE, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu, VLC.
Severity: 3/4.
Creation date: 12/11/2015.
Identifiers: 1975365, 1976200, 1976262, 1977405, bulletinjul2016, CERTFR-2015-AVI-488, CVE-2015-8126, DSA-3399-1, FEDORA-2015-13668fff74, FEDORA-2015-1d87313b7c, FEDORA-2015-233750b6ab, FEDORA-2015-39499d9af8, FEDORA-2015-4ad4998d00, FEDORA-2015-501493d853, FEDORA-2015-5e52306c9c, FEDORA-2015-8a1243db75, FEDORA-2015-97fc1797fa, FEDORA-2015-ac8100927a, FEDORA-2015-c80ec85542, FEDORA-2015-ec2ddd15d7, FEDORA-2016-43735c33a7, FEDORA-2016-9a1c707b10, openSUSE-SU-2015:2099-1, openSUSE-SU-2015:2100-1, openSUSE-SU-2015:2135-1, openSUSE-SU-2015:2136-1, openSUSE-SU-2016:0103-1, openSUSE-SU-2016:0104-1, openSUSE-SU-2016:0105-1, openSUSE-SU-2016:0263-1, openSUSE-SU-2016:0268-1, openSUSE-SU-2016:0270-1, openSUSE-SU-2016:0272-1, openSUSE-SU-2016:0279-1, RHSA-2015:2594-01, RHSA-2015:2595-01, RHSA-2015:2596-01, SB10148, SOL76930736, SSA:2015-337-01, SUSE-SU-2016:0256-1, SUSE-SU-2016:0265-1, SUSE-SU-2016:0269-1, SUSE-SU-2016:0390-1, SUSE-SU-2016:0399-1, SUSE-SU-2016:0401-1, SUSE-SU-2016:0428-1, SUSE-SU-2016:0431-1, SUSE-SU-2016:0433-1, SUSE-SU-2016:0636-1, SUSE-SU-2016:0770-1, SUSE-SU-2016:0776-1, USN-2815-1, VIGILANCE-VUL-18301.

Description of the vulnerability

Several vulnerabilities were announced in libpng.

An attacker can force a read at an invalid address in png_set_tIME, in order to trigger a denial of service. [severity:1/4]

An attacker can generate a buffer overflow in png_get_PLTE, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-8126]

An attacker can generate a buffer overflow in png_set_PLTE, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-8126]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2015-1302

Google Chrome: information disclosure via PDF Viewer

Synthesis of the vulnerability

An attacker can use a vulnerability in the PDF Viewer of Google Chrome, in order to obtain sensitive information.
Impacted products: Debian, Chrome, openSUSE, openSUSE Leap, Opera, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Creation date: 12/11/2015.
Identifiers: CERTFR-2015-AVI-482, CVE-2015-1302, DSA-3415-1, openSUSE-SU-2015:2068-1, openSUSE-SU-2015:2069-1, VIGILANCE-VUL-18295.

Description of the vulnerability

The Google Chrome product contains a PDF viewer.

However, an attacker can use it to bypass access restrictions to data. Technical details are unknown.

An attacker can therefore use a vulnerability in the PDF Viewer of Google Chrome, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2015-4852 CVE-2015-6420 CVE-2015-6934

Apache Commons Collections: code execution via InvokerTransformer

Synthesis of the vulnerability

An attacker can send a malicious serialized Gadget Chain object to a Java application using Apache Commons Collections, in order to run shell code.
Impacted products: CAS Server, Blue Coat CAS, SGOS by Blue Coat, Brocade Network Advisor, Brocade vTM, ASA, AsyncOS, Cisco ESA, Cisco Prime Access Registrar, Prime Infrastructure, Cisco Prime LMS, Cisco PRSM, Secure ACS, Cisco CUCM, Cisco Unified CCX, Cisco MeetingPlace, Cisco Unity ~ precise, Debian, BIG-IP Hardware, TMOS, HPE BSM, HPE NNMi, HP Operations, DB2 UDB, IRAD, QRadar SIEM, SPSS Modeler, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere AS Traditional, JBoss AS OpenSource, Junos Space, Domino, Notes, ePO, Mule ESB, Snap Creator Framework, SnapManager, NetIQ Sentinel, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Proxy Server, Oracle iPlanet Web Server, Oracle OIT, Solaris, Tuxedo, Oracle Virtual Directory, WebLogic, Oracle Web Tier, RHEL, JBoss EAP by Red Hat, SAS Add-in for Microsoft Office, SAS Analytics Pro, Base SAS Software, SAS Enterprise BI Server, SAS Enterprise Guide, SAS Grid Manager, SAS Management Console, SAS OLAP Server, SAS SAS/ACCESS, SAS SAS/AF, SAS SAS/CONNECT, SAS SAS/EIS, SAS SAS/ETS, SAS SAS/FSP, SAS SAS/GRAPH, SAS SAS/IML, SAS SAS/OR, SAS SAS/STAT, SAS SAS/Web Report Studio, Unix (platform) ~ not comprehensive, vCenter Server.
Severity: 3/4.
Creation date: 12/11/2015.
Identifiers: 1610582, 1970575, 1971370, 1971531, 1971533, 1971751, 1972261, 1972373, 1972565, 1972794, 1972839, 2011281, 7014463, 7022958, 9010052, BSA-2016-004, bulletinjul2016, c04953244, c05050545, c05206507, c05325823, c05327447, CERTFR-2015-AVI-484, CERTFR-2015-AVI-555, cisco-sa-20151209-java-deserialization, COLLECTIONS-580, cpuapr2017, cpuapr2018, cpujan2017, cpujan2018, cpujul2017, cpuoct2016, cpuoct2017, CVE-2015-4852, CVE-2015-6420, CVE-2015-6934, CVE-2015-7420-ERROR, CVE-2015-7450, CVE-2015-7501, CVE-2015-8545, CVE-2015-8765, CVE-2016-1985, CVE-2016-1997, CVE-2016-4373, CVE-2016-4398, DSA-3403-1, HPSBGN03542, HPSBGN03560, HPSBGN03630, HPSBGN03656, HPSBGN03670, JSA10838, NTAP-20151123-0001, RHSA-2015:2500-01, RHSA-2015:2501-01, RHSA-2015:2502-01, RHSA-2015:2516-01, RHSA-2015:2517-01, RHSA-2015:2521-01, RHSA-2015:2522-01, RHSA-2015:2523-01, RHSA-2015:2524-01, RHSA-2015:2534-01, RHSA-2015:2535-01, RHSA-2015:2536-01, RHSA-2015:2537-01, RHSA-2015:2538-01, RHSA-2015:2539-01, RHSA-2015:2540-01, RHSA-2015:2541-01, RHSA-2015:2542-01, RHSA-2015:2547-01, RHSA-2015:2548-01, RHSA-2015:2556-01, RHSA-2015:2557-01, RHSA-2015:2559-01, RHSA-2015:2560-01, RHSA-2015:2578-01, RHSA-2015:2579-01, RHSA-2015:2670-01, RHSA-2015:2671-01, RHSA-2016:0040-01, RHSA-2016:0118-01, SA110, SB10144, SOL30518307, VIGILANCE-VUL-18294, VMSA-2015-0009, VMSA-2015-0009.1, VMSA-2015-0009.2, VMSA-2015-0009.3, VMSA-2015-0009.4, VU#576313.

Description of the vulnerability

The Apache Commons Collections library is used by several Java applications.

A Java Gadgets ("gadget chains") object can contain Transformers, with an "exec" string containing a shell command which is run with the Java.lang.Runtime.exec() method. When raw data are unserialized, the readObject() method is thus called to rebuild the Gadgets object, and it uses InvokerTransformer, which runs the indicated shell command.

It can be noted that other classes (CloneTransformer, ForClosure, InstantiateFactory, InstantiateTransformer, PrototypeCloneFactory, PrototypeSerializationFactory, WhileClosure) also execute a shell command from raw data to deserialize.

However, several applications publicly expose (before authentication) the Java unserialization feature.

An attacker can therefore send a malicious serialized Gadget Chain object to a Java application using Apache Commons Collections, in order to run shell code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2015-4141 CVE-2015-4143 CVE-2015-4144

wpasupplicant: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of wpasupplicant.
Impacted products: Debian, openSUSE Leap.
Severity: 1/4.
Creation date: 12/11/2015.
Identifiers: CVE-2015-4141, CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146, DSA-3397-1, openSUSE-SU-2016:2357-1, openSUSE-SU-2017:2896-1, VIGILANCE-VUL-18290.

Description of the vulnerability

Several vulnerabilities were announced in wpasupplicant.

An attacker can trigger a fatal error in WPS UPnP, in order to trigger a denial of service. [severity:1/4; CVE-2015-4141]

An attacker can trigger a fatal error in EAP-pwd, in order to trigger a denial of service. [severity:1/4; CVE-2015-4143]

An attacker can trigger a fatal error in EAP-pwd, in order to trigger a denial of service. [severity:1/4; CVE-2015-4144]

An attacker can trigger a fatal error in EAP-pwd, in order to trigger a denial of service. [severity:1/4; CVE-2015-4145]

An attacker can trigger a fatal error in EAP-pwd, in order to trigger a denial of service. [severity:1/4; CVE-2015-4146]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2015-5310 CVE-2015-5314 CVE-2015-5315

wpasupplicant: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of wpasupplicant.
Impacted products: Debian, openSUSE Leap, Ubuntu.
Severity: 2/4.
Creation date: 10/11/2015.
Identifiers: CVE-2015-5310, CVE-2015-5314, CVE-2015-5315, CVE-2015-5316, DSA-3397-1, openSUSE-SU-2016:2357-1, openSUSE-SU-2017:2896-1, USN-2808-1, VIGILANCE-VUL-18289.

Description of the vulnerability

Several vulnerabilities were announced in wpasupplicant.

An attacker can trigger a fatal error in WMM Sleep Mode Response, in order to trigger a denial of service. [severity:2/4; CVE-2015-5310]

An attacker can trigger a fatal error in EAP-pwd, in order to trigger a denial of service. [severity:2/4; CVE-2015-5314]

An attacker can trigger a fatal error in EAP-pwd, in order to trigger a denial of service. [severity:2/4; CVE-2015-5315]

An attacker can trigger a fatal error in EAP-pwd Confirm, in order to trigger a denial of service. [severity:2/4; CVE-2015-5316]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2015-8104

Xen, Linux KVM: infinite loop of x86 Debug Exception

Synthesis of the vulnerability

An attacker, who is administrator in a guest system, can generate an infinite loop with a Debug Exception on Xen, in order to trigger a denial of service on the host system.
Impacted products: XenServer, Debian, BIG-IP Hardware, TMOS, Fedora, Junos Space, NSM Central Manager, NSMXpress, Linux, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Xen.
Severity: 1/4.
Creation date: 10/11/2015.
Identifiers: CERTFR-2015-AVI-466, CERTFR-2015-AVI-508, CERTFR-2015-AVI-549, CERTFR-2015-AVI-554, CERTFR-2015-AVI-556, CERTFR-2015-AVI-563, CERTFR-2016-AVI-050, CERTFR-2017-AVI-012, CTX202583, CTX203879, CVE-2015-8104, DLA-479-1, DSA-3414-1, DSA-3426-1, DSA-3426-2, DSA-3454-1, FEDORA-2015-115c302856, FEDORA-2015-394835a3f6, FEDORA-2015-668d213dc3, FEDORA-2015-cd94ad8d7c, FEDORA-2015-f150b2a8c8, FEDORA-2015-f2c534bc12, JSA10770, JSA10853, K31026324, openSUSE-SU-2015:2232-1, openSUSE-SU-2015:2249-1, openSUSE-SU-2015:2250-1, openSUSE-SU-2016:0124-1, openSUSE-SU-2016:0301-1, openSUSE-SU-2016:0318-1, openSUSE-SU-2016:1008-1, openSUSE-SU-2016:2649-1, RHSA-2015:2552-01, RHSA-2015:2636-01, RHSA-2015:2645-01, RHSA-2016:0004-01, RHSA-2016:0024-01, RHSA-2016:0046-01, RHSA-2016:0103-01, SOL31026324, SUSE-SU-2015:2108-1, SUSE-SU-2015:2194-1, SUSE-SU-2015:2339-1, SUSE-SU-2015:2350-1, SUSE-SU-2016:0354-1, SUSE-SU-2016:0658-1, SUSE-SU-2016:2074-1, USN-2840-1, USN-2841-1, USN-2841-2, USN-2842-1, USN-2842-2, USN-2843-1, USN-2843-2, USN-2844-1, VIGILANCE-VUL-18269, XSA-156.

Description of the vulnerability

On an x86 processor, when an exception occurs, while another exception is in progress, the second has to be managed sequentially. The Xen product implements workarounds to forbid infinite loops in this case.

However, when a DB (Debug) exception occurs with a hardware breakpoint, this case is not managed.

An attacker, who is administrator in a guest system, can therefore generate an infinite loop with a Debug Exception on Xen, in order to trigger a denial of service on the host system.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Debian Jessie: