| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of Debian Lenny
Linux kernel: NULL pointer dereference via slhc_init
Synthesis of the vulnerability
A local attacker can force a NULL pointer to be dereferenced in the slhc_init() function of the Linux kernel, in order to trigger a denial of service.
Severity: 1/4.
Creation date: 12/10/2015.
Identifiers: CERTFR-2015-AVI-549, CERTFR-2015-AVI-554, CERTFR-2015-AVI-563, CERTFR-2016-AVI-044, CERTFR-2016-AVI-073, CVE-2015-7799, DSA-3426-1, DSA-3426-2, FEDORA-2015-115c302856, FEDORA-2015-cd94ad8d7c, FEDORA-2015-f2c534bc12, openSUSE-SU-2015:2232-1, openSUSE-SU-2016:0301-1, openSUSE-SU-2016:0318-1, openSUSE-SU-2016:1008-1, openSUSE-SU-2016:2649-1, SUSE-SU-2015:2194-1, SUSE-SU-2015:2292-1, SUSE-SU-2015:2339-1, SUSE-SU-2015:2350-1, SUSE-SU-2016:0585-1, SUSE-SU-2016:1203-1, SUSE-SU-2016:2074-1, USN-2841-1, USN-2841-2, USN-2842-1, USN-2842-2, USN-2843-1, USN-2843-2, USN-2843-3, USN-2844-1, USN-2886-1, USN-2886-2, VIGILANCE-VUL-18071.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
The Linux kernel implements the PPPIOCSMAXCID ioctl, which defines the maximal size of entries for PPP compression.
This ioctl calls the slhc_init() function of the drivers/net/slip/slhc.c file. However, if the size is too large, the comp->tstate pointer becomes NULL, and this function does not check if this pointer is NULL, before using it.
A local attacker can therefore force a NULL pointer to be dereferenced in the slhc_init() function of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
PostgreSQL: two vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of PostgreSQL.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 08/10/2015.
Identifiers: CERTFR-2015-AVI-433, CVE-2015-5288, CVE-2015-5289, DSA-2019-131, DSA-3374-1, DSA-3475-1, FEDORA-2015-6d2a957a87, openSUSE-SU-2015:1907-1, openSUSE-SU-2015:1919-1, RHSA-2015:2077-01, RHSA-2015:2078-01, RHSA-2015:2081-01, RHSA-2015:2083-01, SUSE-SU-2016:0677-1, USN-2772-1, VIGILANCE-VUL-18062.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
Several vulnerabilities were announced in PostgreSQL.
An attacker can trigger a fatal error when json/jsonb data are analyzed, in order to trigger a denial of service. [severity:2/4; CVE-2015-5289]
An attacker can read a memory fragment via the crypt() function, in order to obtain sensitive information. [severity:1/4; CVE-2015-5288]
Full Vigil@nce bulletin... (Free trial) |
Spice: two vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of Spice.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 07/10/2015.
Identifiers: CVE-2015-5260, CVE-2015-5261, DSA-3371-1, FEDORA-2015-7fcc957ba6, openSUSE-SU-2015:1750-1, RHSA-2015:1889-01, RHSA-2015:1890-01, USN-2766-1, VIGILANCE-VUL-18051.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
Several vulnerabilities were announced in Spice.
An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2015-5260]
An attacker can bypass access restrictions, in order to read or alter data in memory. [severity:2/4; CVE-2015-5261]
Full Vigil@nce bulletin... (Free trial) |
FreeType: three vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of FreeType.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 07/10/2015.
Identifiers: cpujul2018, CVE-2014-9745, CVE-2014-9746, CVE-2014-9747, DSA-3370-1, openSUSE-SU-2015:1704-1, SOL52439336, VIGILANCE-VUL-18050.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
Several vulnerabilities were announced in FreeType.
An attacker can trigger a fatal error, in order to trigger a denial of service. [severity:2/4; CVE-2014-9745]
An attacker can trigger a fatal error, in order to trigger a denial of service. [severity:2/4; CVE-2014-9746]
An attacker can trigger a fatal error, in order to trigger a denial of service. [severity:2/4; CVE-2014-9747]
Full Vigil@nce bulletin... (Free trial) |
OpenJPEG: use after free
Synthesis of the vulnerability
An attacker can force the usage of a freed memory area of OpenJPEG, in order to trigger a denial of service, and possibly to run code.
Severity: 2/4.
Creation date: 06/10/2015.
Identifiers: CVE-2015-6581, DSA-3665-1, FEDORA-2015-1c9ed24c61, FEDORA-2015-773ef285ef, VIGILANCE-VUL-18045.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
An attacker can force the usage of a freed memory area of OpenJPEG, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
PHP: denial of service via phar_make_dirstream
Synthesis of the vulnerability
An attacker can force an invalid pointer to be dereferenced in the phar_make_dirstream() function of PHP, in order to trigger a denial of service.
Severity: 1/4.
Creation date: 05/10/2015.
Identifiers: 70433, CVE-2015-7804, DSA-3380-1, FEDORA-2015-366f3dd73f, FEDORA-2015-b24a52fc97, openSUSE-SU-2016:0251-1, RHSA-2016:0457-01, USN-2786-1, VIGILANCE-VUL-18041.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
The phar extension can be installed on PHP.
However, when the phar_make_dirstream() function processes a ZIP archive containing the "/" file, it does not check if a pointer is valid, before using it.
An attacker can therefore force an invalid pointer to be dereferenced in the phar_make_dirstream() function of PHP, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
FreeImage: integer overflow of PluginPCX.cpp
Synthesis of the vulnerability
An attacker can generate an integer overflow in PluginPCX.cpp of FreeImage, in order to trigger a denial of service, and possibly to run code.
Severity: 2/4.
Creation date: 02/10/2015.
Identifiers: CVE-2015-0852, DSA-3392-1, FEDORA-2015-16104, FEDORA-2015-16105, FEDORA-2015-992342e82f, FEDORA-2015-decbab7c9f, VIGILANCE-VUL-18024.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
An attacker can generate an integer overflow in PluginPCX.cpp of FreeImage, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial) |
Linux kernel: privilege escalation via IPC
Synthesis of the vulnerability
A local attacker can manipulate IPC on the Linux kernel, in order to escalate his privileges.
Severity: 2/4.
Creation date: 02/10/2015.
Identifiers: CERTFR-2015-AVI-419, CERTFR-2015-AVI-430, CERTFR-2015-AVI-498, CVE-2015-7613, DSA-3372-1, FEDORA-2015-d7e074ba30, FEDORA-2015-dcc260f2f2, JSA10853, K90230486, RHSA-2015:2152-02, RHSA-2015:2411-01, RHSA-2015:2587-01, RHSA-2015:2636-01, SB10146, SOL90230486, SUSE-SU-2015:1727-1, SUSE-SU-2015:2084-1, SUSE-SU-2015:2085-1, SUSE-SU-2015:2086-1, SUSE-SU-2015:2087-1, SUSE-SU-2015:2089-1, SUSE-SU-2015:2090-1, SUSE-SU-2015:2091-1, USN-2761-1, USN-2762-1, USN-2763-1, USN-2764-1, USN-2765-1, USN-2792-1, USN-2796-1, VIGILANCE-VUL-18021.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
The shmget() system call creates a shared memory segment with IPC_CREAT, so two processes can communicate via IPC.
The newque() function of the ipc/msg.c function of the Linux kernel creates this segment. However, it calls ipc_addid() too soon, so the uid associated to the segment is incorrect.
A local attacker can therefore manipulate IPC on the Linux kernel, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial) |
PHP: NULL pointer dereference via phar_get_fp_offset
Synthesis of the vulnerability
An attacker can force a NULL pointer to be dereferenced in the phar_get_fp_offset() function of PHP, in order to trigger a denial of service.
Severity: 1/4.
Creation date: 02/10/2015.
Identifiers: 69720, CVE-2015-7803, DSA-3380-1, FEDORA-2015-366f3dd73f, FEDORA-2015-b24a52fc97, openSUSE-SU-2016:0251-1, openSUSE-SU-2016:0366-1, RHSA-2016:0457-01, SUSE-SU-2016:1145-1, SUSE-SU-2016:1581-1, SUSE-SU-2016:1638-1, USN-2786-1, VIGILANCE-VUL-18020.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
The phar extension can be installed on PHP.
However, when the phar_get_fp_offset() function processes a special ZIP archive, it does not check if a pointer is NULL, before using it.
An attacker can therefore force a NULL pointer to be dereferenced in the phar_get_fp_offset() function of PHP, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial) |
LXC: privilege escalation
Synthesis of the vulnerability
An attacker can bypass restrictions of LXC, in order to escalate his privileges.
Severity: 2/4.
Creation date: 30/09/2015.
Identifiers: CVE-2015-1335, DSA-3400-1, FEDORA-2015-211974138f, FEDORA-2015-ebfe46536f, openSUSE-SU-2015:1717-1, openSUSE-SU-2019:1481-1, USN-2753-1, USN-2753-2, USN-2753-3, VIGILANCE-VUL-17997.
Full Vigil@nce bulletin... (Free trial)
Description of the vulnerability
An attacker can bypass restrictions of LXC, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about Debian Lenny:
|