| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of Red Hat Enterprise Linux
Docker Engine: privilege escalation via file descriptors
Synthesis of the vulnerability
An attacker, inside a guest system, can use file descriptor inherited via the debug support of Docker Engine, in order to escalate his privileges on the host system.
Impacted products: Docker CE, Fedora, Kubernetes, openSUSE Leap, RHEL.
Severity: 1/4.
Creation date: 11/01/2017.
Identifiers: CVE-2016-9962, FEDORA-2017-0200646669, FEDORA-2017-20cdb2063a, FEDORA-2017-c2c2d1be16, FEDORA-2017-dbc2b618eb, FEDORA-2017-fcd02e2c2d, openSUSE-SU-2017:1966-1, RHSA-2017:0116-01, RHSA-2017:0123-01, RHSA-2017:0127-01, VIGILANCE-VUL-21551.
Description of the vulnerability
The Docker Engine product offers cross container debugging support.
However, file descriptors inherited by new processes are not filtered, so an attacker can access files opened by a process in another container.
An attacker, inside a guest system, can therefore use file descriptor inherited via the debug support of Docker Engine, in order to escalate his privileges on the host system.
Complete Vigil@nce bulletin.... (Free trial) |
Apache Tomcat: information disclosure via sendfile
Synthesis of the vulnerability
An attacker can use a vulnerability via sendfile() of Apache Tomcat, in order to obtain sensitive information or to hijack a session.
Impacted products: Tomcat, Debian, Fedora, openSUSE Leap, Oracle DB, Oracle Fusion Middleware, Oracle OIT, Solaris, Tuxedo, WebLogic, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Creation date: 12/12/2016.
Revision date: 05/01/2017.
Identifiers: bulletinjan2017, cpuapr2018, cpuoct2017, CVE-2016-8745, DLA-779-1, DSA-3754-1, DSA-3755-1, FEDORA-2017-19c5440abe, FEDORA-2017-376ae2b92c, openSUSE-SU-2017:1292-1, RHSA-2017:0455-01, RHSA-2017:0456-01, RHSA-2017:0457-01, RHSA-2017:0527-01, RHSA-2017:0935-01, SUSE-SU-2017:1229-1, SUSE-SU-2017:1382-1, SUSE-SU-2017:1632-1, SUSE-SU-2017:1660-1, USN-3177-1, USN-3177-2, VIGILANCE-VUL-21355.
Description of the vulnerability
The Apache Tomcat product includes an HTTP server.
It may use the sendfile() function from the operating system to send the content of a file without reading it itself. However, an attacker can trigger an error in the response processing, in such a a way that the client receive the respond of another client, including response headers and notably the session identifier.
An attacker can therefore use a vulnerability via sendfile() of Apache Tomcat, in order to obtain sensitive information or to hijack a session.
Complete Vigil@nce bulletin.... (Free trial) |
FreeIPA: two vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of FreeIPA.
Impacted products: Fedora, FreeIPA, RHEL.
Severity: 3/4.
Creation date: 19/12/2016.
Revision date: 03/01/2017.
Identifiers: CVE-2016-7030, CVE-2016-9575, FEDORA-2016-ca1d1e1dc1, FEDORA-2016-d337166907, RHSA-2017:0001-01, VIGILANCE-VUL-21418.
Description of the vulnerability
Several vulnerabilities were announced in FreeIPA.
An authenticated attacker can change the validation rules for X.509 certificates via the command certprofile-mod, in order to install himself as a man in the middle or to trigger a denial of service. [severity:2/4; CVE-2016-9575]
An attacker can force locking of user account when Kerberos is used, in order to trigger a denial of service. [severity:3/4; CVE-2016-7030]
Complete Vigil@nce bulletin.... (Free trial) |
GStreamer Plugin: out-of-bounds memory reading via FLIC
Synthesis of the vulnerability
An attacker can force a read at an invalid address via FLIC of GStreamer Plugin, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Creation date: 29/12/2016.
Identifiers: CVE-2016-9810, openSUSE-SU-2017:0071-1, openSUSE-SU-2017:0141-1, openSUSE-SU-2017:0151-1, openSUSE-SU-2017:0160-1, openSUSE-SU-2017:0298-1, openSUSE-SU-2017:0847-1, RHSA-2017:2060-01, SUSE-SU-2016:3288-1, SUSE-SU-2016:3303-1, SUSE-SU-2017:0210-1, SUSE-SU-2017:0225-1, SUSE-SU-2017:0237-1, VIGILANCE-VUL-21477.
Description of the vulnerability
The GStreamer Plugin product offers a web service.
However, it tries to read a memory area located outside the expected range, which triggers a fatal error, or leads to the disclosure of a memory fragment.
An attacker can therefore force a read at an invalid address via FLIC of GStreamer Plugin, in order to trigger a denial of service, or to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial) |
Apache httpd: three vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of Apache httpd.
Impacted products: Apache httpd, Mac OS X, Debian, BIG-IP Hardware, TMOS, Fedora, HP-UX, Junos Space, openSUSE Leap, RHEL, Slackware, TrendMicro ServerProtect, Ubuntu.
Severity: 3/4.
Creation date: 21/12/2016.
Revision date: 22/12/2016.
Identifiers: 1117414, APPLE-SA-2017-09-25-1, CVE-2016-0736, CVE-2016-2161, CVE-2016-8743, DLA-841-1, DLA-841-2, DSA-3796-1, DSA-3796-2, FEDORA-2016-8d9b62c784, FEDORA-2016-d22f50d985, HPESBUX03725, HT207615, HT208144, HT208221, JSA10838, K00373024, openSUSE-SU-2017:0897-1, openSUSE-SU-2017:0903-1, RHSA-2017:0906-01, RHSA-2017:1721-01, SSA:2016-358-01, USN-3279-1, USN-3373-1, VIGILANCE-VUL-21434.
Description of the vulnerability
Several vulnerabilities were announced in Apache httpd.
An attacker can tamper with encrypted session data, in order to get knowledge of the plain text value. [severity:1/4; CVE-2016-0736]
An attacker can trigger a fatal error in case of use of shared memory, in order to trigger a denial of service. [severity:2/4; CVE-2016-2161]
An attacker can make profit of syntax error recovery to tamper with HTTP responses headers and bodies. [severity:3/4; CVE-2016-8743]
Complete Vigil@nce bulletin.... (Free trial) |
OpenSSH: five vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of OpenSSH.
Impacted products: Mac OS X, Blue Coat CAS, BIG-IP Hardware, TMOS, Fedora, FreeBSD, AIX, Copssh, Data ONTAP, OpenSSH, openSUSE Leap, Solaris, pfSense, RHEL, Slackware, Ubuntu.
Severity: 2/4.
Creation date: 19/12/2016.
Identifiers: 1009, 1010, bulletinapr2017, CVE-2016-10009, CVE-2016-10010, CVE-2016-10011, CVE-2016-10012, FEDORA-2017-4767e2991d, FreeBSD-SA-17:01.openssh, HT207615, K24324390, K31440025, K62201745, K64292204, NTAP-20171130-0002, openSUSE-SU-2017:0344-1, openSUSE-SU-2017:0674-1, pfSense-SA-17_03.webgui, RHSA-2017:2029-01, SA144, SSA:2016-358-02, USN-3538-1, VIGILANCE-VUL-21419.
Description of the vulnerability
Several vulnerabilities were announced in OpenSSH.
An attacker can bypass security features via ssh-agent, in order to escalate his privileges. [severity:2/4; CVE-2016-10009]
An attacker can bypass security features via Unix Domain Sockets, in order to escalate his privileges. [severity:2/4; CVE-2016-10010]
An attacker can bypass security features via Privilege-separated Child realloc(), in order to obtain sensitive information. [severity:1/4; CVE-2016-10011]
An attacker can generate a buffer overflow via Pre-authentication Compression, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-10012]
An attacker can bypass security features via AllowUser/DenyUsers Address Ranges, in order to escalate his privileges. [severity:2/4]
Complete Vigil@nce bulletin.... (Free trial) |
Squid cache: two vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of Squid cache.
Impacted products: Debian, Fedora, openSUSE Leap, RHEL, Squid, Ubuntu.
Severity: 3/4.
Creation date: 19/12/2016.
Identifiers: CERTFR-2016-AVI-422, CVE-2016-10002, CVE-2016-10003, DLA-763-1, DSA-3745-1, FEDORA-2016-c614315d29, openSUSE-SU-2017:0192-1, RHSA-2017:0182-01, RHSA-2017:0183-01, USN-3192-1, VIGILANCE-VUL-21417.
Description of the vulnerability
Several vulnerabilities were announced in Squid cache.
When the configuration directive collapsed_forwarding is enabled, an attacker can request an URL with some specially crafted headers, to get the response which was cached while processing a request for a previous client, in order to get the response body of the initial client. [severity:3/4; CVE-2016-10003]
An attacker can request an URL with specially crafted header If-None-Modified, to get the response which was cached while processing a request for a previous client, in order to get the response body of the initial client, including session cookies and the associated access rights. [severity:3/4; CVE-2016-10002]
Complete Vigil@nce bulletin.... (Free trial) |
Samba: three vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of Samba.
Impacted products: Debian, Fedora, openSUSE Leap, Pulse Connect Secure, RHEL, Samba, Slackware, Ubuntu, WindRiver Linux.
Severity: 2/4.
Creation date: 19/12/2016.
Identifiers: CERTFR-2016-AVI-423, CVE-2016-2123, CVE-2016-2125, CVE-2016-2126-REJECTERROR, DLA-776-1, DSA-3740-1, FEDORA-2016-364f61377b, FEDORA-2017-d0a537062c, openSUSE-SU-2017:0020-1, openSUSE-SU-2017:0021-1, RHSA-2017:0662-01, RHSA-2017:0744-01, RHSA-2017:1265-01, SA43730, SSA:2016-363-02, USN-3158-1, VIGILANCE-VUL-21416, ZDI-17-053.
Description of the vulnerability
Several vulnerabilities were announced in Samba.
An attacker can generate an integer overflow via ndr_pull_dnsp_name(), in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-2123, ZDI-17-053]
An attacker can bypass security features via a Kerberos ticket, in order to escalate his privileges. [severity:2/4; CVE-2016-2125]
An attacker can bypass security features via tjhe cryptographic algorithm arcfour-hmac-md5 is used, in order to escalate his privileges. [severity:2/4; CVE-2016-2126-REJECTERROR]
Complete Vigil@nce bulletin.... (Free trial) |
OpenJPEG: two vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of OpenJPEG.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Creation date: 12/12/2016.
Identifiers: CVE-2016-9572, CVE-2016-9573, DSA-3678-1, FEDORA-2016-0b80dcfe5a, FEDORA-2016-52a1b18397, FEDORA-2016-89ee54c661, FEDORA-2016-fc8577bf00, openSUSE-SU-2017:0155-1, openSUSE-SU-2017:0185-1, openSUSE-SU-2017:0207-1, openSUSE-SU-2017:2567-1, RHSA-2017:0838-01, SSA:2017-279-02, SUSE-SU-2016:3270-1, VIGILANCE-VUL-21351.
Description of the vulnerability
Several vulnerabilities were announced in OpenJPEG.
An unknown vulnerability was announced. [severity:2/4; CVE-2016-9572]
An unknown vulnerability was announced. [severity:2/4; CVE-2016-9573]
Complete Vigil@nce bulletin.... (Free trial) |
PHP: multiple vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of PHP.
Impacted products: Mac OS X, Debian, openSUSE, openSUSE Leap, Solaris, PHP, RHEL, Slackware, Ubuntu.
Severity: 2/4.
Creation date: 08/12/2016.
Identifiers: 61183, 71494, 72978, 73087, 73392, 73631, bulletinjul2017, CVE-2016-9935, CVE-2016-9936, DLA-818-1, DSA-3737-1, HT207615, openSUSE-SU-2016:3239-1, openSUSE-SU-2017:0061-1, openSUSE-SU-2017:0081-1, openSUSE-SU-2017:0598-1, RHSA-2018:1296-01, SSA:2016-347-03, USN-3196-1, USN-3211-1, USN-3211-2, VIGILANCE-VUL-21327.
Description of the vulnerability
Several vulnerabilities were announced in PHP.
An attacker can create a memory leak via Spl Hash, in order to trigger a denial of service. [severity:1/4]
An attacker can generate an integer overflow via Calendar, in order to trigger a denial of service, and possibly to run code. [severity:2/4]
An attacker can force the usage of a freed memory area via Zend Allocator Management, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 73392]
An attacker can generate a memory corruption via PDO_Firebird bindParam, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 61183, 71494, 73087]
An attacker can create a memory leak via wddx, in order to trigger a denial of service. [severity:1/4; 73631, CVE-2016-9935]
An unknown vulnerability was announced via wddx. [severity:2/4; 73631, CVE-2016-9935]
An attacker can force the usage of a freed memory area via unserialize(), in order to trigger a denial of service, and possibly to run code. [severity:2/4; 72978, CVE-2016-9936]
Complete Vigil@nce bulletin.... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about Red Hat Enterprise Linux:
|