The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Red Hat Enterprise Linux

computer vulnerability bulletin CVE-2017-7541

Linux kernel: buffer overflow via brcmf_cfg80211_mgmt_tx

Synthesis of the vulnerability

An attacker can generate a buffer overflow via brcmf_cfg80211_mgmt_tx() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Android OS, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 24/07/2017.
Identifiers: CERTFR-2017-AVI-275, CERTFR-2017-AVI-277, CERTFR-2017-AVI-293, CERTFR-2017-AVI-307, CERTFR-2017-AVI-375, CERTFR-2017-AVI-383, CERTFR-2017-AVI-390, CERTFR-2017-AVI-400, CVE-2017-7541, DSA-3927-1, FEDORA-2017-39b5facda0, FEDORA-2017-544eef948f, openSUSE-SU-2017:2110-1, openSUSE-SU-2017:2112-1, RHSA-2017:2863-01, RHSA-2017:2918-01, RHSA-2017:2930-01, RHSA-2017:2931-01, SUSE-SU-2017:2286-1, SUSE-SU-2017:2869-1, SUSE-SU-2017:2908-1, SUSE-SU-2017:2920-1, SUSE-SU-2017:2956-1, USN-3405-1, USN-3405-2, USN-3419-1, USN-3419-2, USN-3422-1, USN-3422-2, VIGILANCE-VUL-23338.

Description of the vulnerability

An attacker can generate a buffer overflow via brcmf_cfg80211_mgmt_tx() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.

A detailed analysis was not performed for this bulletin.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2017-11499

Node Core: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Node Core.
Impacted products: openSUSE Leap, RHEL, Synology DSM.
Severity: 3/4.
Creation date: 12/07/2017.
Identifiers: CVE-2017-11499, openSUSE-SU-2017:2179-1, RHSA-2017:2908-01, RHSA-2017:3002-01, Synology-SA-17:32, VIGILANCE-VUL-23220.

Description of the vulnerability

Several vulnerabilities were announced in Node Core.

An attacker can trigger an overload via Constant Hashtable Seeds, in order to trigger a denial of service. [severity:3/4; CVE-2017-11499]

An attacker can trigger a fatal error via Http.get With Numeric Authorization, in order to trigger a denial of service. [severity:2/4]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2017-3142 CVE-2017-3143

ISC BIND: two vulnerabilities via TSIG Authentication

Synthesis of the vulnerability

An attacker can use several vulnerabilities via TSIG Authentication of ISC BIND.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, HP-UX, AIX, BIND, Junos OS, SRX-Series, NetBSD, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Creation date: 30/06/2017.
Revision date: 07/07/2017.
Identifiers: AA-01503, AA-01504, bulletinjan2018, CERTFR-2017-AVI-199, CVE-2017-3142, CVE-2017-3143, DLA-1025-1, DLA-1025-2, DSA-3904-1, DSA-3904-2, FEDORA-2017-001f135337, FEDORA-2017-167cfa7b09, FEDORA-2017-59127a606c, FEDORA-2017-d04f7ddd73, HPESBUX03772, JSA10875, K02230327, K59448931, openSUSE-SU-2017:1809-1, RHSA-2017:1679-01, RHSA-2017:1680-01, SSA:2017-180-02, SUSE-SU-2017:1736-1, SUSE-SU-2017:1737-1, SUSE-SU-2017:1738-1, USN-3346-1, USN-3346-2, USN-3346-3, VIGILANCE-VUL-23107.

Description of the vulnerability

Several vulnerabilities were announced in ISC BIND.

An attacker can use a Zone Transfer, in order to obtain sensitive information. [severity:2/4; AA-01504, CVE-2017-3142]

An attacker can use a Dynamic Update, in order to alter a zone. [severity:3/4; AA-01503, CERTFR-2017-AVI-199, CVE-2017-3143]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2017-11142 CVE-2017-11143 CVE-2017-11144

PHP: four vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PHP.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, PHP, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 05/07/2017.
Identifiers: 73807, 74145, 74651, 74819, bulletinapr2018, CERTFR-2017-AVI-204, CVE-2017-11142, CVE-2017-11143, CVE-2017-11144, CVE-2017-11145, CVE-2017-11146-REJECT, DLA-1034-1, DSA-4080-1, DSA-4081-1, FEDORA-2017-5ade380ab2, FEDORA-2017-b674dc22ad, FEDORA-2017-b8bb4b86e2, openSUSE-SU-2017:2337-1, openSUSE-SU-2017:2366-1, RHSA-2018:1296-01, SUSE-SU-2017:2303-1, USN-3382-1, USN-3382-2, VIGILANCE-VUL-23133.

Description of the vulnerability

Several vulnerabilities were announced in PHP.

An attacker can generate a memory corruption via an ill formed X.509 certificate, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 74651, CVE-2017-11144]

An attacker can read a memory fragment via php_parse_date(), in order to obtain sensitive information. [severity:1/4; 74819, CVE-2017-11145, CVE-2017-11146-REJECT]

An attacker can trigger server overload with POST requests over 2Mb. [severity:1/4; 73807, CVE-2017-11142]

An attacker can trigger a wrong memory free which leads to a fatal exception. [severity:2/4; 74145, CVE-2017-11143]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2017-5087 CVE-2017-5088 CVE-2017-5089

Google chrome: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Google Chrome.
Impacted products: Debian, Fedora, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Creation date: 19/06/2017.
Identifiers: CERTFR-2017-AVI-183, CVE-2017-5087, CVE-2017-5088, CVE-2017-5089, DSA-3926-1, FEDORA-2017-01e4d46f23, FEDORA-2017-1e34da27f3, FEDORA-2017-a7a488d8d0, FEDORA-2017-c2e1dc46a1, FEDORA-2017-e8a1e1e62a, openSUSE-SU-2017:1591-1, openSUSE-SU-2017:1593-1, RHSA-2017:1495-01, VIGILANCE-VUL-22991.

Description of the vulnerability

An attacker can use several vulnerabilities of Google Chrome.

Technical details are unknown.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2016-5203 CVE-2016-5204 CVE-2016-5205

Chrome: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Chrome.
Impacted products: Debian, Fedora, Chrome, openSUSE, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Creation date: 02/12/2016.
Revisions dates: 01/02/2017, 15/06/2017.
Identifiers: 1000, 994, CERTFR-2016-AVI-394, CVE-2016-5203, CVE-2016-5204, CVE-2016-5205, CVE-2016-5206, CVE-2016-5207, CVE-2016-5208, CVE-2016-5209, CVE-2016-5210, CVE-2016-5211, CVE-2016-5212, CVE-2016-5213, CVE-2016-5214, CVE-2016-5215, CVE-2016-5216, CVE-2016-5217, CVE-2016-5218, CVE-2016-5219, CVE-2016-5220, CVE-2016-5221, CVE-2016-5222, CVE-2016-5223, CVE-2016-5224, CVE-2016-5225, CVE-2016-5226, CVE-2016-9650, CVE-2016-9651, CVE-2016-9652, DSA-3731-1, FEDORA-2016-a815b7bf5d, FEDORA-2016-e0e1cb2b2b, FEDORA-2017-98bed96d12, FEDORA-2017-ae1fde5fb8, openSUSE-SU-2016:3108-1, openSUSE-SU-2017:0434-1, openSUSE-SU-2017:0563-1, openSUSE-SU-2017:0565-1, RHSA-2016:2919-01, USN-3153-1, VIGILANCE-VUL-21255.

Description of the vulnerability

Several vulnerabilities were announced in Chrome.

An attacker can bypass security features via V8, in order to obtain sensitive information. [severity:3/4; CVE-2016-9651]

An attacker can trigger a Cross Site Scripting via Blink, in order to run JavaScript code in the context of the web site. [severity:3/4; CVE-2016-5208]

An attacker can trigger a Cross Site Scripting via Blink, in order to run JavaScript code in the context of the web site. [severity:3/4; CVE-2016-5207]

An attacker can bypass the origin check via PDFium, in order to access to victim's data. [severity:3/4; CVE-2016-5206]

An attacker can trigger a Cross Site Scripting via Blink, in order to run JavaScript code in the context of the web site. [severity:3/4; CVE-2016-5205]

An attacker can trigger a Cross Site Scripting via Blink, in order to run JavaScript code in the context of the web site. [severity:3/4; CVE-2016-5204]

An attacker can generate a buffer overflow via Blink, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5209]

An attacker can force the usage of a freed memory area via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5203]

An attacker can generate a buffer overflow via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5210]

An attacker can bypass security features via DevTools, in order to obtain sensitive information. [severity:3/4; CVE-2016-5212]

An attacker can force the usage of a freed memory area via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5211]

An attacker can force the usage of a freed memory area via V8, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5213]

An attacker can bypass security features via File Download, in order to obtain sensitive information. [severity:2/4; CVE-2016-5214]

An attacker can force the usage of a freed memory area via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-5216]

An attacker can force the usage of a freed memory area via Webaudio, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-5215]

An attacker can generate a memory corruption via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-5217]

An attacker can alter displayed information via Omnibox, in order to deceive the victim. [severity:2/4; CVE-2016-5218]

An attacker can force the usage of a freed memory area via V8, in order to trigger a denial of service, and possibly to run code (VIGILANCE-VUL-21621). [severity:2/4; CVE-2016-5219]

An attacker can generate an integer overflow via ANGLE, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-5221]

An attacker can bypass file access restrictions via PDFium, in order to obtain sensitive information. [severity:2/4; CVE-2016-5220]

An attacker can alter displayed information via Omnibox, in order to deceive the victim. [severity:2/4; CVE-2016-5222]

An attacker can bypass security features via CSP Referrer, in order to obtain sensitive information. [severity:1/4; CVE-2016-9650]

An attacker can generate an integer overflow via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:1/4; CVE-2016-5223]

An attacker can trigger a Cross Site Scripting via Blink, in order to run JavaScript code in the context of the web site. [severity:1/4; CVE-2016-5226]

An attacker can bypass security features via Blink, in order to obtain sensitive information. [severity:1/4; CVE-2016-5225]

An attacker can bypass the origin check via SVG, in order to access to victim's data. [severity:1/4; CVE-2016-5224]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-9652]

An unknown vulnerability was announced via HTMLKeygenElement::shadowSelect(). [severity:2/4; 994]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2017-1000367 CVE-2017-1000368

sudo: privilege escalation via the parsing of /proc/pid/stat

Synthesis of the vulnerability

A local attacker can tamper with the parsing of /proc/[pid]/stat by sudo, in order to escalate his privileges.
Impacted products: Debian, Fedora, Junos Space, McAfee Web Gateway, openSUSE Leap, RHEL, Slackware, Sudo, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, InterScan Messaging Security Suite, Ubuntu, WindRiver Linux.
Severity: 2/4.
Creation date: 30/05/2017.
Revision date: 15/06/2017.
Identifiers: 1117723, CERTFR-2017-AVI-238, CERTFR-2017-AVI-365, CVE-2017-1000367, CVE-2017-1000368, DLA-1011-1, DLA-970-1, DSA-3867-1, FEDORA-2017-54580efa82, FEDORA-2017-8b250ebe97, FEDORA-2017-facd994774, JSA10824, JSA10826, openSUSE-SU-2017:1455-1, openSUSE-SU-2017:1697-1, RHSA-2017:1381-01, RHSA-2017:1382-01, RHSA-2017:1574-01, SB10205, SSA:2017-150-01, SUSE-SU-2017:1446-1, SUSE-SU-2017:1450-1, SUSE-SU-2017:1626-1, SUSE-SU-2017:1627-1, SUSE-SU-2017:1778-1, Synology-SA-17:19, USN-3304-1, VIGILANCE-VUL-22865.

Description of the vulnerability

The sudo product looks for its controlling tty.

Fot that, it reads the file /proc/pid/stat. However, the parsing of this file is wrong. An attacker can tamper with the program path to make sudo write into any file with root privileges.

A local attacker can therefore tamper with the parsing of /proc/[pid]/stat by sudo, in order to escalate his privileges.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2017-1000380

Linux kernel: information disclosure via snd_timer_user_read

Synthesis of the vulnerability

A local attacker can read a memory fragment via snd_timer_user_read() of the Linux kernel, in order to get sensitive information.
Impacted products: Debian, Android OS, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu, WindRiver Linux.
Severity: 1/4.
Creation date: 13/06/2017.
Identifiers: CERTFR-2017-AVI-217, CERTFR-2017-AVI-233, CERTFR-2017-AVI-282, CERTFR-2017-AVI-288, CERTFR-2017-AVI-311, CERTFR-2017-AVI-383, CERTFR-2017-AVI-390, CERTFR-2017-AVI-440, CVE-2017-1000380, DLA-1099-1, DSA-3981-1, openSUSE-SU-2017:1633-1, openSUSE-SU-2017:1685-1, RHSA-2017:3295-01, RHSA-2017:3315-01, RHSA-2017:3322-01, SUSE-SU-2017:1853-1, SUSE-SU-2017:1990-1, SUSE-SU-2017:2342-1, SUSE-SU-2017:2389-1, SUSE-SU-2017:2525-1, SUSE-SU-2017:2908-1, SUSE-SU-2017:2920-1, USN-3358-1, USN-3359-1, USN-3360-1, USN-3360-2, USN-3364-1, USN-3364-2, USN-3364-3, USN-3371-1, VIGILANCE-VUL-22954.

Description of the vulnerability

In the Linux kernel, the ALSA subsystem manages sound devices.

However, the function snd_timer_user_read does not initialize a memory area before returning it to the user in an ioctl call.

A local attacker can therefore read a memory fragment via snd_timer_user_read() of the Linux kernel, in order to get sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2017-9524

QEMU: denial of service against the Network Block Device server

Synthesis of the vulnerability

An attacker can start NBD connexions to QEMU, in order to trigger a denial of service.
Impacted products: Debian, Fedora, openSUSE Leap, QEMU, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 13/06/2017.
Identifiers: CVE-2017-9524, DSA-3920-1, DSA-3925-1, FEDORA-2017-b7f1197c23, openSUSE-SU-2017:2941-1, RHSA-2017:1681-01, SUSE-SU-2017:2936-1, USN-3414-1, USN-3414-2, VIGILANCE-VUL-22953.

Description of the vulnerability

QEMU includes a "Network Block Device" server, which emulates a kind a remote raw disk.

However, when the NBS signalling is aborted at connexion time, a data structure becomes invalid, which leads to the use of an invalid pointer and a fatal exception.

An attacker can therefore start NBD connexions to QEMU, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2017-9374

QEMU: memory leak via the EHCI emulation

Synthesis of the vulnerability

A privileged attacker, inside a guest system, can create a memory leak via the EHCI emulation in QEMU, in order to trigger a denial of service on the host system.
Impacted products: Debian, Fedora, openSUSE Leap, QEMU, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu, WindRiver Linux.
Severity: 2/4.
Creation date: 07/06/2017.
Identifiers: CVE-2017-9374, DLA-1497-1, DSA-3920-1, FEDORA-2017-f941184db1, openSUSE-SU-2017:1872-1, RHSA-2017:2392-01, SUSE-SU-2017:1770-1, SUSE-SU-2017:1774-1, SUSE-SU-2017:1795-1, SUSE-SU-2017:1812-1, SUSE-SU-2017:2946-1, USN-3414-1, USN-3414-2, VIGILANCE-VUL-22912.

Description of the vulnerability

A privileged attacker, inside a guest system, can create a memory leak via the EHCI emulation in QEMU, in order to trigger a denial of service on the host system.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Red Hat Enterprise Linux: