The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Red Hat Enterprise Linux

vulnerability alert CVE-2016-9962

Docker Engine: privilege escalation via file descriptors

Synthesis of the vulnerability

An attacker, inside a guest system, can use file descriptor inherited via the debug support of Docker Engine, in order to escalate his privileges on the host system.
Impacted products: Docker CE, Fedora, Kubernetes, openSUSE Leap, RHEL.
Severity: 1/4.
Creation date: 11/01/2017.
Identifiers: CVE-2016-9962, FEDORA-2017-0200646669, FEDORA-2017-20cdb2063a, FEDORA-2017-c2c2d1be16, FEDORA-2017-dbc2b618eb, FEDORA-2017-fcd02e2c2d, openSUSE-SU-2017:1966-1, RHSA-2017:0116-01, RHSA-2017:0123-01, RHSA-2017:0127-01, VIGILANCE-VUL-21551.

Description of the vulnerability

The Docker Engine product offers cross container debugging support.

However, file descriptors inherited by new processes are not filtered, so an attacker can access files opened by a process in another container.

An attacker, inside a guest system, can therefore use file descriptor inherited via the debug support of Docker Engine, in order to escalate his privileges on the host system.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2016-8745

Apache Tomcat: information disclosure via sendfile

Synthesis of the vulnerability

An attacker can use a vulnerability via sendfile() of Apache Tomcat, in order to obtain sensitive information or to hijack a session.
Impacted products: Tomcat, Debian, Fedora, openSUSE Leap, Oracle DB, Oracle Fusion Middleware, Oracle OIT, Solaris, Tuxedo, WebLogic, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Creation date: 12/12/2016.
Revision date: 05/01/2017.
Identifiers: bulletinjan2017, cpuapr2018, cpuoct2017, CVE-2016-8745, DLA-779-1, DSA-3754-1, DSA-3755-1, FEDORA-2017-19c5440abe, FEDORA-2017-376ae2b92c, openSUSE-SU-2017:1292-1, RHSA-2017:0455-01, RHSA-2017:0456-01, RHSA-2017:0457-01, RHSA-2017:0527-01, RHSA-2017:0935-01, SUSE-SU-2017:1229-1, SUSE-SU-2017:1382-1, SUSE-SU-2017:1632-1, SUSE-SU-2017:1660-1, USN-3177-1, USN-3177-2, VIGILANCE-VUL-21355.

Description of the vulnerability

The Apache Tomcat product includes an HTTP server.

It may use the sendfile() function from the operating system to send the content of a file without reading it itself. However, an attacker can trigger an error in the response processing, in such a a way that the client receive the respond of another client, including response headers and notably the session identifier.

An attacker can therefore use a vulnerability via sendfile() of Apache Tomcat, in order to obtain sensitive information or to hijack a session.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2016-7030 CVE-2016-9575

FreeIPA: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of FreeIPA.
Impacted products: Fedora, FreeIPA, RHEL.
Severity: 3/4.
Creation date: 19/12/2016.
Revision date: 03/01/2017.
Identifiers: CVE-2016-7030, CVE-2016-9575, FEDORA-2016-ca1d1e1dc1, FEDORA-2016-d337166907, RHSA-2017:0001-01, VIGILANCE-VUL-21418.

Description of the vulnerability

Several vulnerabilities were announced in FreeIPA.

An authenticated attacker can change the validation rules for X.509 certificates via the command certprofile-mod, in order to install himself as a man in the middle or to trigger a denial of service. [severity:2/4; CVE-2016-9575]

An attacker can force locking of user account when Kerberos is used, in order to trigger a denial of service. [severity:3/4; CVE-2016-7030]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2016-9810

GStreamer Plugin: out-of-bounds memory reading via FLIC

Synthesis of the vulnerability

An attacker can force a read at an invalid address via FLIC of GStreamer Plugin, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Creation date: 29/12/2016.
Identifiers: CVE-2016-9810, openSUSE-SU-2017:0071-1, openSUSE-SU-2017:0141-1, openSUSE-SU-2017:0151-1, openSUSE-SU-2017:0160-1, openSUSE-SU-2017:0298-1, openSUSE-SU-2017:0847-1, RHSA-2017:2060-01, SUSE-SU-2016:3288-1, SUSE-SU-2016:3303-1, SUSE-SU-2017:0210-1, SUSE-SU-2017:0225-1, SUSE-SU-2017:0237-1, VIGILANCE-VUL-21477.

Description of the vulnerability

The GStreamer Plugin product offers a web service.

However, it tries to read a memory area located outside the expected range, which triggers a fatal error, or leads to the disclosure of a memory fragment.

An attacker can therefore force a read at an invalid address via FLIC of GStreamer Plugin, in order to trigger a denial of service, or to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2016-0736 CVE-2016-2161 CVE-2016-8743

Apache httpd: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Apache httpd.
Impacted products: Apache httpd, Mac OS X, Debian, BIG-IP Hardware, TMOS, Fedora, HP-UX, Junos Space, openSUSE Leap, RHEL, Slackware, TrendMicro ServerProtect, Ubuntu.
Severity: 3/4.
Creation date: 21/12/2016.
Revision date: 22/12/2016.
Identifiers: 1117414, APPLE-SA-2017-09-25-1, CVE-2016-0736, CVE-2016-2161, CVE-2016-8743, DLA-841-1, DLA-841-2, DSA-3796-1, DSA-3796-2, FEDORA-2016-8d9b62c784, FEDORA-2016-d22f50d985, HPESBUX03725, HT207615, HT208144, HT208221, JSA10838, K00373024, openSUSE-SU-2017:0897-1, openSUSE-SU-2017:0903-1, RHSA-2017:0906-01, RHSA-2017:1721-01, SSA:2016-358-01, USN-3279-1, USN-3373-1, VIGILANCE-VUL-21434.

Description of the vulnerability

Several vulnerabilities were announced in Apache httpd.

An attacker can tamper with encrypted session data, in order to get knowledge of the plain text value. [severity:1/4; CVE-2016-0736]

An attacker can trigger a fatal error in case of use of shared memory, in order to trigger a denial of service. [severity:2/4; CVE-2016-2161]

An attacker can make profit of syntax error recovery to tamper with HTTP responses headers and bodies. [severity:3/4; CVE-2016-8743]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2016-10009 CVE-2016-10010 CVE-2016-10011

OpenSSH: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenSSH.
Impacted products: Mac OS X, Blue Coat CAS, BIG-IP Hardware, TMOS, Fedora, FreeBSD, AIX, Copssh, Data ONTAP, OpenSSH, openSUSE Leap, Solaris, pfSense, RHEL, Slackware, Ubuntu.
Severity: 2/4.
Creation date: 19/12/2016.
Identifiers: 1009, 1010, bulletinapr2017, CVE-2016-10009, CVE-2016-10010, CVE-2016-10011, CVE-2016-10012, FEDORA-2017-4767e2991d, FreeBSD-SA-17:01.openssh, HT207615, K24324390, K31440025, K62201745, K64292204, NTAP-20171130-0002, openSUSE-SU-2017:0344-1, openSUSE-SU-2017:0674-1, pfSense-SA-17_03.webgui, RHSA-2017:2029-01, SA144, SSA:2016-358-02, USN-3538-1, VIGILANCE-VUL-21419.

Description of the vulnerability

Several vulnerabilities were announced in OpenSSH.

An attacker can bypass security features via ssh-agent, in order to escalate his privileges. [severity:2/4; CVE-2016-10009]

An attacker can bypass security features via Unix Domain Sockets, in order to escalate his privileges. [severity:2/4; CVE-2016-10010]

An attacker can bypass security features via Privilege-separated Child realloc(), in order to obtain sensitive information. [severity:1/4; CVE-2016-10011]

An attacker can generate a buffer overflow via Pre-authentication Compression, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-10012]

An attacker can bypass security features via AllowUser/DenyUsers Address Ranges, in order to escalate his privileges. [severity:2/4]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2016-10002 CVE-2016-10003

Squid cache: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Squid cache.
Impacted products: Debian, Fedora, openSUSE Leap, RHEL, Squid, Ubuntu.
Severity: 3/4.
Creation date: 19/12/2016.
Identifiers: CERTFR-2016-AVI-422, CVE-2016-10002, CVE-2016-10003, DLA-763-1, DSA-3745-1, FEDORA-2016-c614315d29, openSUSE-SU-2017:0192-1, RHSA-2017:0182-01, RHSA-2017:0183-01, USN-3192-1, VIGILANCE-VUL-21417.

Description of the vulnerability

Several vulnerabilities were announced in Squid cache.

When the configuration directive collapsed_forwarding is enabled, an attacker can request an URL with some specially crafted headers, to get the response which was cached while processing a request for a previous client, in order to get the response body of the initial client. [severity:3/4; CVE-2016-10003]

An attacker can request an URL with specially crafted header If-None-Modified, to get the response which was cached while processing a request for a previous client, in order to get the response body of the initial client, including session cookies and the associated access rights. [severity:3/4; CVE-2016-10002]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2016-2123 CVE-2016-2125

Samba: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Samba.
Impacted products: Debian, Fedora, openSUSE Leap, Pulse Connect Secure, RHEL, Samba, Slackware, Ubuntu, WindRiver Linux.
Severity: 2/4.
Creation date: 19/12/2016.
Identifiers: CERTFR-2016-AVI-423, CVE-2016-2123, CVE-2016-2125, CVE-2016-2126-REJECTERROR, DLA-776-1, DSA-3740-1, FEDORA-2016-364f61377b, FEDORA-2017-d0a537062c, openSUSE-SU-2017:0020-1, openSUSE-SU-2017:0021-1, RHSA-2017:0662-01, RHSA-2017:0744-01, RHSA-2017:1265-01, SA43730, SSA:2016-363-02, USN-3158-1, VIGILANCE-VUL-21416, ZDI-17-053.

Description of the vulnerability

Several vulnerabilities were announced in Samba.

An attacker can generate an integer overflow via ndr_pull_dnsp_name(), in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-2123, ZDI-17-053]

An attacker can bypass security features via a Kerberos ticket, in order to escalate his privileges. [severity:2/4; CVE-2016-2125]

An attacker can bypass security features via tjhe cryptographic algorithm arcfour-hmac-md5 is used, in order to escalate his privileges. [severity:2/4; CVE-2016-2126-REJECTERROR]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2016-9572 CVE-2016-9573

OpenJPEG: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of OpenJPEG.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Creation date: 12/12/2016.
Identifiers: CVE-2016-9572, CVE-2016-9573, DSA-3678-1, FEDORA-2016-0b80dcfe5a, FEDORA-2016-52a1b18397, FEDORA-2016-89ee54c661, FEDORA-2016-fc8577bf00, openSUSE-SU-2017:0155-1, openSUSE-SU-2017:0185-1, openSUSE-SU-2017:0207-1, openSUSE-SU-2017:2567-1, RHSA-2017:0838-01, SSA:2017-279-02, SUSE-SU-2016:3270-1, VIGILANCE-VUL-21351.

Description of the vulnerability

Several vulnerabilities were announced in OpenJPEG.

An unknown vulnerability was announced. [severity:2/4; CVE-2016-9572]

An unknown vulnerability was announced. [severity:2/4; CVE-2016-9573]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2016-9935 CVE-2016-9936

PHP: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PHP.
Impacted products: Mac OS X, Debian, openSUSE, openSUSE Leap, Solaris, PHP, RHEL, Slackware, Ubuntu.
Severity: 2/4.
Creation date: 08/12/2016.
Identifiers: 61183, 71494, 72978, 73087, 73392, 73631, bulletinjul2017, CVE-2016-9935, CVE-2016-9936, DLA-818-1, DSA-3737-1, HT207615, openSUSE-SU-2016:3239-1, openSUSE-SU-2017:0061-1, openSUSE-SU-2017:0081-1, openSUSE-SU-2017:0598-1, RHSA-2018:1296-01, SSA:2016-347-03, USN-3196-1, USN-3211-1, USN-3211-2, VIGILANCE-VUL-21327.

Description of the vulnerability

Several vulnerabilities were announced in PHP.

An attacker can create a memory leak via Spl Hash, in order to trigger a denial of service. [severity:1/4]

An attacker can generate an integer overflow via Calendar, in order to trigger a denial of service, and possibly to run code. [severity:2/4]

An attacker can force the usage of a freed memory area via Zend Allocator Management, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 73392]

An attacker can generate a memory corruption via PDO_Firebird bindParam, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 61183, 71494, 73087]

An attacker can create a memory leak via wddx, in order to trigger a denial of service. [severity:1/4; 73631, CVE-2016-9935]

An unknown vulnerability was announced via wddx. [severity:2/4; 73631, CVE-2016-9935]

An attacker can force the usage of a freed memory area via unserialize(), in order to trigger a denial of service, and possibly to run code. [severity:2/4; 72978, CVE-2016-9936]
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Red Hat Enterprise Linux: