The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Red Hat Enterprise Linux

vulnerability alert CVE-2018-10779

LibTIFF: out-of-bounds memory reading via TIFFWriteScanline

Synthesis of the vulnerability

An attacker can force a read at an invalid address via TIFFWriteScanline() of LibTIFF, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: LibTIFF, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 09/05/2018.
Identifiers: 2788, bulletinjan2019, CVE-2018-10779, openSUSE-SU-2018:2880-1, openSUSE-SU-2018:3370-1, openSUSE-SU-2018:3371-1, RHSA-2019:2053-01, SSA:2018-316-01, SUSE-SU-2018:2676-1, SUSE-SU-2018:2836-1, SUSE-SU-2018:3327-1, USN-3906-1, USN-3906-2, VIGILANCE-VUL-26081.

Description of the vulnerability

An attacker can force a read at an invalid address via TIFFWriteScanline() of LibTIFF, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-1059

DPDK: information disclosure via Guest Physical Ranges

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Guest Physical Ranges of DPDK, in order to obtain sensitive information.
Impacted products: Fedora, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 09/05/2018.
Identifiers: CVE-2018-1059, FEDORA-2018-2c965abb15, openSUSE-SU-2018:1560-1, openSUSE-SU-2018:4003-1, RHSA-2018:2038-01, SUSE-SU-2018:1492-1, SUSE-SU-2018:3923-1, USN-3642-1, USN-3642-2, VIGILANCE-VUL-26075.

Description of the vulnerability

An attacker can bypass access restrictions to data via Guest Physical Ranges of DPDK, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-1089

389 Directory Server: denial of service via Ldapsearch Large Filter

Synthesis of the vulnerability

An attacker can generate a fatal error via Ldapsearch Large Filter of 389 Directory Server, in order to trigger a denial of service.
Impacted products: Debian, RHEL, SLES.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 09/05/2018.
Identifiers: CVE-2018-1089, DLA-1428-1, RHSA-2018:1364-01, RHSA-2018:1380-01, SUSE-SU-2019:2155-1, VIGILANCE-VUL-26074.

Description of the vulnerability

An attacker can generate a fatal error via Ldapsearch Large Filter of 389 Directory Server, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-1118

Linux kernel: information disclosure via vhost_new_msg

Synthesis of the vulnerability

A local attacker can read a memory fragment via vhost_new_msg( of the Linux kernel, in order to obtain sensitive information.
Impacted products: Debian, Linux, openSUSE Leap, RHEL, Ubuntu.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 09/05/2018.
Identifiers: CERTFR-2018-AVI-428, CVE-2018-1118, DLA-1423-1, DLA-1424-1, DLA-1434-1, openSUSE-SU-2018:2119-1, RHSA-2018:2948-01, RHSA-2018:3083-01, RHSA-2018:3096-01, USN-3762-1, USN-3762-2, VIGILANCE-VUL-26073.

Description of the vulnerability

A local attacker can read a memory fragment via vhost_new_msg( of the Linux kernel, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-1087

Linux kernel: privilege escalation via KVM DB Exceptions

Synthesis of the vulnerability

An attacker, inside a guest system, can bypass restrictions via KVM DB Exceptions of the Linux kernel, in order to escalate his privileges on the host system.
Impacted products: Debian, QRadar SIEM, Linux, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 09/05/2018.
Identifiers: CERTFR-2018-AVI-224, CERTFR-2018-AVI-226, CERTFR-2018-AVI-228, CERTFR-2018-AVI-232, CERTFR-2018-AVI-584, CVE-2018-1087, DSA-4196-1, ibm10742755, RHSA-2018:1318-01, RHSA-2018:1345-01, RHSA-2018:1347-01, RHSA-2018:1348-01, RHSA-2018:1355-01, SUSE-SU-2018:1171-1, SUSE-SU-2018:1172-1, SUSE-SU-2018:1173-1, SUSE-SU-2018:1220-1, SUSE-SU-2018:1221-1, USN-3641-1, USN-3641-2, VIGILANCE-VUL-26072.

Description of the vulnerability

An attacker, inside a guest system, can bypass restrictions via KVM DB Exceptions of the Linux kernel, in order to escalate his privileges on the host system.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-8897

Linux kernel: privilege escalation via DB Exceptions

Synthesis of the vulnerability

An attacker can bypass restrictions via DB Exceptions of the Linux kernel, in order to escalate his privileges.
Impacted products: Debian, BIG-IP Hardware, TMOS, FreeBSD, QRadar SIEM, Linux, pfSense, RHEL, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 09/05/2018.
Identifiers: CERTFR-2018-AVI-224, CERTFR-2018-AVI-226, CERTFR-2018-AVI-228, CERTFR-2018-AVI-232, CERTFR-2018-AVI-584, CVE-2018-8897, DLA-1392-1, DSA-4196-1, FreeBSD-SA-18:06.debugreg, ibm10742755, K17403481, RHSA-2018:1318-01, RHSA-2018:1319-01, RHSA-2018:1345-01, RHSA-2018:1346-01, RHSA-2018:1347-01, RHSA-2018:1348-01, RHSA-2018:1349-01, RHSA-2018:1350-01, RHSA-2018:1351-01, RHSA-2018:1352-01, RHSA-2018:1353-01, RHSA-2018:1354-01, RHSA-2018:1355-01, SUSE-SU-2018:1171-1, SUSE-SU-2018:1172-1, SUSE-SU-2018:1173-1, SUSE-SU-2018:1220-1, SUSE-SU-2018:1221-1, Synology-SA-18:51, USN-3641-1, USN-3641-2, VIGILANCE-VUL-26071, VU#631579.

Description of the vulnerability

An attacker can bypass restrictions via DB Exceptions of the Linux kernel, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-0494

wget: information disclosure via Cookies Injection

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Cookies Injection of wget, in order to obtain sensitive information.
Impacted products: Debian, Fedora, McAfee Web Gateway, openSUSE Leap, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: internet server.
Creation date: 09/05/2018.
Identifiers: CVE-2018-0494, DLA-1375-1, DSA-4195-1, FEDORA-2018-11b37d7a68, FEDORA-2018-29ebba0906, FEDORA-2018-f29459149a, openSUSE-SU-2018:1383-1, RHSA-2018:3052-01, SB10276, SSA:2018-129-02, SUSE-SU-2018:1367-1, SUSE-SU-2018:1373-1, USN-3643-1, USN-3643-2, VIGILANCE-VUL-26070.

Description of the vulnerability

An attacker can bypass access restrictions to data via Cookies Injection of wget, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-1100

Zsh: buffer overflow via checkmailpath

Synthesis of the vulnerability

An attacker can generate a buffer overflow via checkmailpath() of Zsh, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, openSUSE Leap, Solaris, RHEL, Slackware, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 07/05/2018.
Identifiers: bulletinoct2018, CVE-2018-1100, FEDORA-2018-ac1d9c2777, openSUSE-SU-2018:1893-1, openSUSE-SU-2018:2966-1, RHSA-2018:1932-01, RHSA-2018:3073-01, SSA:2019-013-01, SUSE-SU-2018:1874-1, USN-3764-1, VIGILANCE-VUL-26051.

Description of the vulnerability

An attacker can generate a buffer overflow via checkmailpath() of Zsh, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-10675

Linux kernel: use after free via do_get_mempolicy

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via do_get_mempolicy() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: QRadar SIEM, Junos Space, Linux, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 03/05/2018.
Identifiers: CERTFR-2018-AVI-256, CERTFR-2018-AVI-319, CERTFR-2018-AVI-330, CERTFR-2018-AVI-386, CERTFR-2018-AVI-408, CERTFR-2018-AVI-457, CERTFR-2018-AVI-584, CVE-2018-10675, ibm10742755, JSA10917, RHSA-2018:2164-01, RHSA-2018:2384-01, RHSA-2018:2395-01, RHSA-2018:2785-01, RHSA-2018:2791-01, RHSA-2018:2924-01, RHSA-2018:2925-01, RHSA-2018:2933-01, RHSA-2018:3540-01, RHSA-2018:3586-01, RHSA-2018:3590-01, SUSE-SU-2018:1368-1, SUSE-SU-2018:1374-1, SUSE-SU-2018:1375-1, SUSE-SU-2018:1376-1, SUSE-SU-2018:1846-1, USN-3754-1, VIGILANCE-VUL-26038.

Description of the vulnerability

An attacker can force the usage of a freed memory area via do_get_mempolicy() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-10583

LibreOffice/OpenOffice: information disclosure via SMB Credentials

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via SMB Credential of LibreOffice/OpenOffice, in order to obtain sensitive information.
Impacted products: OpenOffice, LibreOffice, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet server.
Creation date: 02/05/2018.
Identifiers: CVE-2018-10583, openSUSE-SU-2018:2532-1, openSUSE-SU-2018:2533-1, openSUSE-SU-2018:3796-1, RHSA-2018:3054-01, SUSE-SU-2018:2485-1, SUSE-SU-2018:2485-2, SUSE-SU-2018:2535-1, SUSE-SU-2018:3683-1, USN-3883-1, VIGILANCE-VUL-26023.

Description of the vulnerability

An attacker can bypass access restrictions to data via SMB Credential of LibreOffice/OpenOffice, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Red Hat Enterprise Linux: