The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Fedora

computer vulnerability alert CVE-2018-7541

Xen: denial of service via a change of page table type

Synthesis of the vulnerability

A privileged attacker in a guest system can request a change of page table type to Xen without unmapping related pages, in order to make the host crash.
Impacted products: XenServer, Debian, Fedora, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 1/4.
Creation date: 27/02/2018.
Identifiers: CERTFR-2018-AVI-102, CERTFR-2018-AVI-145, CERTFR-2018-AVI-171, CTX232096, CTX232655, CVE-2018-7541, DLA-1300-1, DSA-4131-1, FEDORA-2018-0746dac335, FEDORA-2018-c553a586c8, SUSE-SU-2018:0678-1, SUSE-SU-2018:0909-1, VIGILANCE-VUL-25386, XSA-255.

Description of the vulnerability

A privileged attacker in a guest system can request a change of page table type to Xen without unmapping related pages, in order to make the host crash.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2018-7540

Xen: denial of service via the L3/L4 page table management

Synthesis of the vulnerability

A privileged attacker in a guest system can make interrupt processing too long by requesting Xen to change the L3/L4 page tables, in order to trigger a denial of service.
Impacted products: XenServer, Debian, Fedora, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 1/4.
Creation date: 27/02/2018.
Identifiers: CERTFR-2018-AVI-102, CERTFR-2018-AVI-145, CERTFR-2018-AVI-171, CTX232096, CTX232655, CVE-2018-7540, DLA-1300-1, DSA-4131-1, FEDORA-2018-0746dac335, FEDORA-2018-c553a586c8, SUSE-SU-2018:0678-1, SUSE-SU-2018:0909-1, VIGILANCE-VUL-25385, XSA-252.

Description of the vulnerability

A privileged attacker in a guest system can make interrupt processing too long by requesting Xen to change the L3/L4 page tables, in order to trigger a denial of service.

A detailed analysis was not performed for this bulletin.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2018-6794

suricata: HTTP analysis bypass

Synthesis of the vulnerability

An attacker can prevent recognition of HTTP, in order to disable traffic analysis for the connection.
Impacted products: Fedora.
Severity: 1/4.
Creation date: 26/02/2018.
Identifiers: CVE-2018-6794, FEDORA-2018-ee417c4b28, VIGILANCE-VUL-25369.

Description of the vulnerability

An attacker can prevent recognition of HTTP, in order to disable traffic analysis for the connection.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2018-1000026

Linux kernel: denial of service via the bnx2x driver

Synthesis of the vulnerability

An attacker can block the netword card drived by the bnx2x module of the Linux kernel, in order to trigger a denial of service.
Impacted products: Fedora, Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 12/02/2018.
Identifiers: CERTFR-2018-AVI-147, CERTFR-2018-AVI-165, CERTFR-2018-AVI-170, CERTFR-2018-AVI-196, CVE-2018-1000026, FEDORA-2018-03a6606cb5, FEDORA-2018-7a62047e30, openSUSE-SU-2018:0781-1, SUSE-SU-2018:0785-1, SUSE-SU-2018:0786-1, SUSE-SU-2018:0986-1, USN-3617-1, USN-3617-2, USN-3617-3, USN-3619-1, USN-3619-2, USN-3620-1, USN-3620-2, USN-3632-1, VIGILANCE-VUL-25279.

Description of the vulnerability

An attacker can block the netword card drived by the bnx2x module of the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2017-15698

tomcat-native: bypass of certificate check based on OCSP

Synthesis of the vulnerability

An attacker can bypass the validation of its client X.509 certificate and so use a revoked certificate, in order to spoof a valid user.
Impacted products: Debian, Fedora.
Severity: 2/4.
Creation date: 09/02/2018.
Identifiers: CVE-2017-15698, DLA-1276-1, DSA-4118-1, FEDORA-2018-318b5d74bd, FEDORA-2018-7b1517bc6e, RHSA-2018:0465-01, RHSA-2018:0466-01, VIGILANCE-VUL-25269.

Description of the vulnerability

An attacker can bypass the validation of its client X.509 certificate and so use a revoked certificate, in order to spoof a valid user.

A detailed analysis was not performed for this bulletin.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2017-14992

Docker Moby: denial of service via gzip decompression

Synthesis of the vulnerability

An attacker can consume all disk storage via the unlimited decompression of a Gzip file by Docker Moby, in order to trigger a denial of service.
Impacted products: Docker CE, Fedora, openSUSE Leap.
Severity: 2/4.
Creation date: 11/12/2017.
Revision date: 08/02/2018.
Identifiers: 35075, CVE-2017-14992, FEDORA-2017-15efa72a0c, FEDORA-2017-3976710f1e, openSUSE-SU-2018:0406-1, VIGILANCE-VUL-24719.

Description of the vulnerability

An attacker can consume all disk storage via the unlimited decompression of a Gzip file by Docker Moby, in order to trigger a denial of service.

A detailed analysis was not performed for this bulletin.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2018-5750

Linux kernel: adress disclosure via the boot log

Synthesis of the vulnerability

A local attacker can read the log file for kernel boot messages, in order to get kernel addresses.
Impacted products: Debian, Fedora, Linux, RHEL, Ubuntu.
Severity: 1/4.
Creation date: 29/01/2018.
Identifiers: CVE-2018-5750, DLA-1349-1, DSA-4120-1, DSA-4120-2, FEDORA-2018-d09a73ce72, FEDORA-2018-d82b617d6c, RHSA-2018:0676-01, RHSA-2018:1062-01, USN-3631-1, USN-3631-2, VIGILANCE-VUL-25170.

Description of the vulnerability

A local attacker can read the log file for kernel boot messages, in order to get kernel addresses.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2018-5784

LibTIFF: denial of service

Synthesis of the vulnerability

An attacker can trigger an overuse of resources in LibTIFF, in order to trigger a denial of service.
Impacted products: Fedora, LibTIFF, Ubuntu, WindRiver Linux.
Severity: 1/4.
Creation date: 22/01/2018.
Identifiers: 2772, CVE-2018-5784, FEDORA-2018-e6a51e99a4, USN-3602-1, USN-3606-1, VIGILANCE-VUL-25132.

Description of the vulnerability

An attacker can trigger an overuse of resources in LibTIFF, in order to trigger a denial of service.

Technical details are unknown.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2017-15107

Dnsmasq: denial of service via NSEC

Synthesis of the vulnerability

An attacker can make Dnsmasq declare that a domain does not exist, because of an error in the signature check step, in order to trigger a denial of service.
Impacted products: Dnsmasq, Fedora.
Severity: 1/4.
Creation date: 22/01/2018.
Identifiers: CVE-2017-15107, FEDORA-2018-9780220f7d, FEDORA-2018-fbe4017846, VIGILANCE-VUL-25130.

Description of the vulnerability

An attacker can make Dnsmasq declare that a domain does not exist, because of an error in the signature check step, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2017-1000499

phpMyAdmin: Cross Site Request Forgery

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery of phpMyAdmin, in order to force the victim to perform operations.
Impacted products: Fedora, openSUSE Leap, phpMyAdmin, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Creation date: 28/12/2017.
Identifiers: CERTFR-2018-AVI-001, CVE-2017-1000499, FEDORA-2017-481515e199, FEDORA-2017-cad79c7c6c, openSUSE-SU-2017:3448-1, openSUSE-SU-2017:3451-1, PMASA-2017-9, VIGILANCE-VUL-24897.

Description of the vulnerability

The phpMyAdmin product offers a web service.

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery of phpMyAdmin, in order to force the victim to perform operations.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Fedora: