The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Red Hat Enterprise Linux

computer vulnerability announce CVE-2018-14884 CVE-2018-5712

PHP: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PHP.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, PHP, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, client access/rights, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 04/01/2018.
Identifiers: bulletinapr2018, CERTFR-2018-AVI-007, CVE-2018-14884, CVE-2018-5712, DLA-1251-1, FEDORA-2018-c4e9207c31, FEDORA-2018-d034538627, openSUSE-SU-2018:0248-1, openSUSE-SU-2018:0318-1, RHSA-2018:1296-01, SSA:2018-034-01, SSA:2018-136-02, SUSE-SU-2018:0806-1, USN-3566-1, USN-3600-1, USN-3600-2, VIGILANCE-VUL-24947.

Description of the vulnerability

An attacker can use several vulnerabilities of PHP.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-18017

Linux kernel: use after free via tcpmss_mangle_packet

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via tcpmss_mangle_packet() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 04/01/2018.
Identifiers: CERTFR-2018-AVI-075, CERTFR-2018-AVI-080, CERTFR-2018-AVI-104, CERTFR-2018-AVI-119, CERTFR-2018-AVI-161, CERTFR-2018-AVI-196, CERTFR-2018-AVI-197, CERTFR-2018-AVI-228, CERTFR-2018-AVI-259, CVE-2017-18017, DLA-1369-1, DSA-4187-1, openSUSE-SU-2018:0408-1, RHSA-2018:0676-01, RHSA-2018:1062-01, RHSA-2018:1130-01, RHSA-2018:1170-01, RHSA-2018:1319-01, RHSA-2018:1737-01, SUSE-SU-2018:0383-1, SUSE-SU-2018:0416-1, SUSE-SU-2018:0555-1, SUSE-SU-2018:0660-1, SUSE-SU-2018:0834-1, SUSE-SU-2018:0841-1, SUSE-SU-2018:0848-1, SUSE-SU-2018:0986-1, USN-3583-1, USN-3583-2, VIGILANCE-VUL-24940.

Description of the vulnerability

An attacker can force the usage of a freed memory area via tcpmss_mangle_packet() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-7829 CVE-2017-7846 CVE-2017-7847

Thunderbird: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Thunderbird.
Impacted products: Debian, Thunderbird, openSUSE Leap, Solaris, RHEL, Slackware, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 4.
Creation date: 28/12/2017.
Identifiers: bulletinjan2018, CERTFR-2017-AVI-484, CVE-2017-7829, CVE-2017-7846, CVE-2017-7847, CVE-2017-7848, DLA-1223-1, DSA-4075-1, MFSA-2017-30, openSUSE-SU-2017:3433-1, openSUSE-SU-2017:3434-1, RHSA-2018:0061-01, SSA:2017-356-01, USN-3529-1, VIGILANCE-VUL-24877.

Description of the vulnerability

An attacker can use several vulnerabilities of Thunderbird.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-17790

Ruby: code execution via lazy_initialze

Synthesis of the vulnerability

An attacker can use a vulnerability via lazy_initialze() of Ruby, in order to run code.
Impacted products: Debian, Fedora, Solaris, RHEL, Ubuntu.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 28/12/2017.
Identifiers: bulletinjan2019, CVE-2017-17790, DLA-1221-1, DLA-1222-1, DLA-1421-1, DSA-4259-1, FEDORA-2018-1fffa787e7, FEDORA-2018-40ed78700c, RHSA-2018:0378-01, RHSA-2018:0583-01, RHSA-2018:0584-01, RHSA-2018:0585-01, USN-3528-1, VIGILANCE-VUL-24876.

Description of the vulnerability

An attacker can use a vulnerability via lazy_initialze() of Ruby, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-17806

Linux kernel: buffer overflow via HMAC

Synthesis of the vulnerability

An attacker can generate a buffer overflow via HMAC of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Android OS, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 21/12/2017.
Identifiers: CERTFR-2018-AVI-005, CERTFR-2018-AVI-014, CERTFR-2018-AVI-018, CERTFR-2018-AVI-029, CERTFR-2018-AVI-048, CERTFR-2018-AVI-083, CERTFR-2018-AVI-165, CERTFR-2018-AVI-170, CERTFR-2018-AVI-198, CVE-2017-17806, DLA-1232-1, DSA-4073-1, DSA-4082-1, openSUSE-SU-2018:0022-1, openSUSE-SU-2018:0023-1, RHSA-2018:2948-01, SUSE-SU-2018:0010-1, SUSE-SU-2018:0011-1, SUSE-SU-2018:0012-1, SUSE-SU-2018:0040-1, SUSE-SU-2018:0069-1, SUSE-SU-2018:0131-1, SUSE-SU-2018:0171-1, SUSE-SU-2018:0437-1, SUSE-SU-2018:0525-1, USN-3583-1, USN-3583-2, USN-3617-1, USN-3617-2, USN-3617-3, USN-3619-1, USN-3619-2, USN-3632-1, VIGILANCE-VUL-24871.

Description of the vulnerability

An attacker can generate a buffer overflow via HMAC of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-17805

Linux kernel: use after free via Salsa20

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via Salsa20 of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 21/12/2017.
Identifiers: CERTFR-2018-AVI-005, CERTFR-2018-AVI-014, CERTFR-2018-AVI-018, CERTFR-2018-AVI-029, CERTFR-2018-AVI-048, CERTFR-2018-AVI-083, CERTFR-2018-AVI-165, CERTFR-2018-AVI-170, CERTFR-2018-AVI-198, CVE-2017-17805, DLA-1232-1, DSA-4073-1, DSA-4082-1, openSUSE-SU-2018:0022-1, openSUSE-SU-2018:0023-1, RHSA-2018:2948-01, RHSA-2018:3083-01, RHSA-2018:3096-01, SUSE-SU-2018:0010-1, SUSE-SU-2018:0011-1, SUSE-SU-2018:0012-1, SUSE-SU-2018:0040-1, SUSE-SU-2018:0069-1, SUSE-SU-2018:0131-1, SUSE-SU-2018:0171-1, SUSE-SU-2018:0437-1, SUSE-SU-2018:0525-1, USN-3617-1, USN-3617-2, USN-3617-3, USN-3619-1, USN-3619-2, USN-3620-1, USN-3620-2, USN-3632-1, VIGILANCE-VUL-24870.

Description of the vulnerability

An attacker can force the usage of a freed memory area via Salsa20 of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-17405

Ruby: code execution via FTP Pipe File

Synthesis of the vulnerability

An attacker can use a vulnerability via FTP Pipe File of Ruby, in order to run code.
Impacted products: Mac OS X, Debian, Solaris, RHEL, Slackware, Ubuntu.
Severity: 3/4.
Consequences: user access/rights.
Provenance: internet server.
Creation date: 20/12/2017.
Identifiers: bulletinjan2019, CVE-2017-17405, DLA-1221-1, DLA-1222-1, DLA-1421-1, DSA-4259-1, HT208937, HT209193, RHSA-2018:0378-01, RHSA-2018:0583-01, RHSA-2018:0584-01, RHSA-2018:0585-01, SSA:2017-353-01, USN-3515-1, VIGILANCE-VUL-24840.

Description of the vulnerability

An attacker can use a vulnerability via FTP Pipe File of Ruby, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-15804

glibc: buffer overflow via User Names Unescaping

Synthesis of the vulnerability

An attacker can generate a buffer overflow via User Names Unescaping of glibc, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 20/12/2017.
Identifiers: CVE-2017-15804, FEDORA-2017-fb5e227432, openSUSE-SU-2018:0089-1, RHSA-2018:0805-01, RHSA-2018:1879-01, SUSE-SU-2018:0074-1, SUSE-SU-2018:2185-1, SUSE-SU-2018:2187-1, SUSE-SU-2018:2883-1, USN-3534-1, VIGILANCE-VUL-24838.

Description of the vulnerability

An attacker can generate a buffer overflow via User Names Unescaping of glibc, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-15124

QEMU: denial of service via VNC Server

Synthesis of the vulnerability

An attacker can generate a fatal error via VNC Server of QEMU, in order to trigger a denial of service.
Impacted products: Debian, openSUSE Leap, QEMU, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 19/12/2017.
Identifiers: CVE-2017-15124, DSA-4213-1, openSUSE-SU-2018:0780-1, RHSA-2018:0816-01, RHSA-2018:3062-01, SUSE-SU-2018:0762-1, SUSE-SU-2018:0831-1, USN-3575-1, USN-3575-2, VIGILANCE-VUL-24813.

Description of the vulnerability

An attacker can generate a fatal error via VNC Server of QEMU, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-17712

Linux kernel: memory corruption via raw_sendmsg

Synthesis of the vulnerability

An attacker can generate a memory corruption via raw_sendmsg() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Android OS, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 18/12/2017.
Identifiers: CERTFR-2018-AVI-075, CERTFR-2018-AVI-080, CERTFR-2018-AVI-094, CERTFR-2018-AVI-124, CERTFR-2018-AVI-196, CVE-2017-17712, DSA-4073-1, FEDORA-2017-7810b7c59f, FEDORA-2017-f7cb245861, FEDORA-2018-884a105c04, LSN-0035-1, openSUSE-SU-2018:0408-1, RHSA-2018:0502-01, SUSE-SU-2018:0383-1, SUSE-SU-2018:0416-1, SUSE-SU-2018:0986-1, Synology-SA-18:14, USN-3581-1, USN-3581-2, USN-3581-3, USN-3582-1, USN-3582-2, VIGILANCE-VUL-24787.

Description of the vulnerability

An attacker can generate a memory corruption via raw_sendmsg() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Red Hat Enterprise Linux: