The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Red Hat Fedora

vulnerability bulletin CVE-2016-7995

QEMU: memory leak via ehci_process_itd

Synthesis of the vulnerability

An attacker, inside a guest system, can create a memory leak via ehci_process_itd() of QEMU, in order to trigger a denial of service on the host system.
Impacted products: Fedora, openSUSE Leap, QEMU, Ubuntu.
Severity: 1/4.
Creation date: 07/10/2016.
Identifiers: CVE-2016-7995, FEDORA-2016-a56fb613a8, openSUSE-SU-2016:3237-1, openSUSE-SU-2017:0007-1, USN-3125-1, VIGILANCE-VUL-20803.

Description of the vulnerability

The QEMU product emulates USB EHCI (Enhanced Host Controller Interface).

However, the memory allocated to process ehci_process_itd() is never freed.

An attacker, inside a guest system, can therefore create a memory leak via ehci_process_itd() of QEMU, in order to trigger a denial of service on the host system.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2016-7994

QEMU: memory leak via virtio_gpu_resource_create_2d

Synthesis of the vulnerability

An attacker, inside a guest system, can create a memory leak via virtio_gpu_resource_create_2d() of QEMU, in order to trigger a denial of service on the host system.
Impacted products: Fedora, openSUSE Leap, QEMU, Ubuntu.
Severity: 1/4.
Creation date: 07/10/2016.
Identifiers: CVE-2016-7994, FEDORA-2017-12394e2cc7, FEDORA-2017-b953d4d3a4, openSUSE-SU-2016:3237-1, USN-3125-1, VIGILANCE-VUL-20802.

Description of the vulnerability

The QEMU product implements a virtio GPU (Graphics Processing Unit).

However, the memory allocated to process virtio_gpu_resource_create_2d() is never freed.

An attacker, inside a guest system, can therefore create a memory leak via virtio_gpu_resource_create_2d() of QEMU, in order to trigger a denial of service on the host system.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2016-5407 CVE-2016-7942 CVE-2016-7943

X.Org: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of X.Org.
Impacted products: Debian, Fedora, OpenBSD, openSUSE, openSUSE Leap, Solaris, Slackware, XOrg Bundle ~ not comprehensive, libX11.
Severity: 2/4.
Creation date: 05/10/2016.
Identifiers: bulletinoct2016, CVE-2016-5407, CVE-2016-7942, CVE-2016-7943, CVE-2016-7944, CVE-2016-7945, CVE-2016-7946, CVE-2016-7947, CVE-2016-7948, CVE-2016-7949, CVE-2016-7950, CVE-2016-7951, CVE-2016-7952, CVE-2016-7953, DLA-654-1, DLA-660-1, DLA-664-1, DLA-667-1, DLA-671-1, DLA-684-1, DLA-684-2, DLA-685-1, DLA-685-2, DLA-686-1, FEDORA-2016-0e7694c456, FEDORA-2016-21f0de504c, FEDORA-2016-3b41a9eaa8, FEDORA-2016-49d560da23, FEDORA-2016-5aa206bd16, FEDORA-2016-83040426d6, FEDORA-2016-8877cf648b, FEDORA-2016-a236cb3315, FEDORA-2016-b26b497381, FEDORA-2016-c1d4b1df79, FEDORA-2016-cabb6d7ef7, FEDORA-2016-d045c2c7b3, FEDORA-2016-d286ffb801, FEDORA-2016-ff5a2f4839, openSUSE-SU-2016:2600-1, openSUSE-SU-2016:3031-1, openSUSE-SU-2016:3033-1, openSUSE-SU-2016:3034-1, openSUSE-SU-2016:3036-1, openSUSE-SU-2016:3037-1, openSUSE-SU-2016:3059-1, SSA:2016-305-02, VIGILANCE-VUL-20768.

Description of the vulnerability

Several vulnerabilities were announced in X.Org libraries.

An attacker can force a read at an invalid address via libX11 XGetImage(), in order to trigger a denial of service, or to obtain sensitive information. [severity:1/4; CVE-2016-7942]

An attacker can force a read at an invalid address via libX11 XListFonts(), in order to trigger a denial of service, or to obtain sensitive information. [severity:1/4; CVE-2016-7943]

An attacker can generate an integer overflow via libXfixes, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-7944]

An attacker can force a read at an invalid address via libXi, in order to trigger a denial of service, or to obtain sensitive information. [severity:1/4; CVE-2016-7945]

An attacker can generate an infinite loop via libXi, in order to trigger a denial of service. [severity:1/4; CVE-2016-7946]

An attacker can generate an integer overflow via libXrandr, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-7947]

An attacker can trigger a fatal error via libXrandr, in order to trigger a denial of service. [severity:1/4; CVE-2016-7948]

An attacker can generate a buffer overflow via libXrender, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-7949]

An attacker can generate a buffer overflow via libXrender XRenderQueryFilters, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-7950]

An attacker can force a read at an invalid address via libXtst XRecord, in order to trigger a denial of service, or to obtain sensitive information. [severity:1/4; CVE-2016-7951]

An attacker can generate an infinite loop via libXtst XRecord, in order to trigger a denial of service. [severity:1/4; CVE-2016-7952]

An attacker can generate a memory corruption via libXv, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-5407]

An attacker can force a read at an invalid address via libXvMC, in order to trigger a denial of service, or to obtain sensitive information. [severity:1/4; CVE-2016-7953]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2016-7777

Xen: information disclosure via HVM CR0.TS/EM

Synthesis of the vulnerability

An attacker can use CR0.TS/EM on Xen x86 HVM, in order to obtain sensitive information on the current system.
Impacted products: XenServer, Debian, Fedora, openSUSE, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 1/4.
Creation date: 04/10/2016.
Identifiers: CERTFR-2016-AVI-328, CTX217363, CVE-2016-7777, DLA-699-1, DSA-3729-1, FEDORA-2016-4c407cd849, FEDORA-2016-689f240960, openSUSE-SU-2016:3134-1, openSUSE-SU-2017:0007-1, openSUSE-SU-2017:0008-1, SUSE-SU-2016:3044-1, SUSE-SU-2016:3067-1, SUSE-SU-2016:3083-1, SUSE-SU-2016:3156-1, SUSE-SU-2016:3174-1, SUSE-SU-2016:3273-1, VIGILANCE-VUL-20762, XSA-190.

Description of the vulnerability

The Xen product can manage x86 HVM guest systems.

However, an attacker can raise a Device Not Available Exception while CR0.EM or CR0.TS are set, which can be used to read a register of another task on the same VM.

An attacker can therefore use CR0.TS/EM on Xen x86 HVM, in order to obtain sensitive information on the current system.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability 20745

OpenSSH: NULL pointer dereference via NEWKEYS

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via NEWKEYS of OpenSSH, in order to trigger a denial of service.
Impacted products: Fedora, OpenSSH.
Severity: 2/4.
Creation date: 03/10/2016.
Identifiers: FEDORA-2016-2d90928b5b, FEDORA-2016-bb007a4097, VIGILANCE-VUL-20745.

Description of the vulnerability

The OpenSSH product implements the SSH protocol which uses the SSH2_MSG_NEWKEYS message to change keys.

However, if this message comes too soon, the kex_input_newkeys() function does not check if a pointer is NULL, before using it.

An attacker can therefore force a NULL pointer to be dereferenced via NEWKEYS of OpenSSH, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2016-6830 CVE-2016-6831

CHICKEN: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of CHICKEN.
Impacted products: Debian, Fedora.
Severity: 2/4.
Creation date: 03/10/2016.
Identifiers: CVE-2016-6830, CVE-2016-6831, DLA-643-1, FEDORA-2016-0ef628998f, FEDORA-2016-9b3ed5f170, VIGILANCE-VUL-20742.

Description of the vulnerability

Several vulnerabilities were announced in CHICKEN.

An attacker can generate a buffer overflow via process-execute/spawn, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-6830]

An attacker can create a memory leak via process-execute/spawn, in order to trigger a denial of service. [severity:1/4; CVE-2016-6831]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2016-5177 CVE-2016-5178

Google Chrome: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Google Chrome.
Impacted products: Debian, Fedora, Chrome, openSUSE, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Creation date: 30/09/2016.
Identifiers: CERTFR-2016-AVI-324, CVE-2016-5177, CVE-2016-5178, DSA-3683-1, FEDORA-2016-2e50862950, FEDORA-2016-d61c4f72da, openSUSE-SU-2016:2429-1, openSUSE-SU-2016:2432-1, RHSA-2016:2007-01, USN-3091-1, VIGILANCE-VUL-20741.

Description of the vulnerability

Several vulnerabilities were announced in Google Chrome.

An attacker can force the usage of a freed memory area via the JavaScript interpreter V8, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5177]

An attacker can generate several memory corruptions, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-5178]

An unknown vulnerability was announced. [severity:3/4]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2016-7405

php-adodb: SQL injection

Synthesis of the vulnerability

An attacker can use a SQL injection of php-adodb, in order to read or alter data.
Impacted products: Fedora.
Severity: 2/4.
Creation date: 30/09/2016.
Identifiers: CVE-2016-7405, FEDORA-2016-14bc73b990, FEDORA-2016-b1b1ef703c, VIGILANCE-VUL-20740.

Description of the vulnerability

The php-adodb product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection of php-adodb, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2016-4997

Linux kernel: memory corruption via IP6T_SO_SET_REPLACE

Synthesis of the vulnerability

An attacker can generate a memory corruption via IP6T_SO_SET_REPLACE on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Android OS, Linux, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 29/09/2016.
Revision date: 29/09/2016.
Identifiers: CERTFR-2016-AVI-220, CERTFR-2016-AVI-267, CERTFR-2017-AVI-034, CERTFR-2017-AVI-282, CVE-2016-4997, DSA-3607-1, FEDORA-2016-1c409313f4, FEDORA-2016-63ee0999e4, FEDORA-2016-73a733f4d9, openSUSE-SU-2016:1798-1, openSUSE-SU-2016:2144-1, openSUSE-SU-2016:2184-1, openSUSE-SU-2016:2290-1, openSUSE-SU-2017:1140-1, RHSA-2016:1847-01, RHSA-2016:1875-01, RHSA-2016:1883-01, SUSE-SU-2016:1709-1, SUSE-SU-2016:1710-1, SUSE-SU-2016:1937-1, SUSE-SU-2016:1985-1, SUSE-SU-2016:2018-1, SUSE-SU-2016:2105-1, SUSE-SU-2016:2245-1, SUSE-SU-2016:3069-1, SUSE-SU-2017:0333-1, SUSE-SU-2017:1990-1, SUSE-SU-2017:2342-1, USN-3016-1, USN-3016-2, USN-3016-3, USN-3016-4, USN-3017-1, USN-3017-2, USN-3017-3, USN-3018-1, USN-3018-2, USN-3019-1, USN-3020-1, USN-3338-1, USN-3338-2, VIGILANCE-VUL-20735.

Description of the vulnerability

The Linux kernel offers the ip6_tables or ip_tables module.

However, the IP6T_SO_SET_REPLACE or IPT_SO_SET_REPLACE option of setsockopt() does not correctly check offsets, which leads to a memory corruption.

An attacker can therefore generate a memory corruption via IP6T_SO_SET_REPLACE on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2016-5325 CVE-2016-7099

Node.js: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Node.js.
Impacted products: Fedora, IRAD, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Creation date: 26/09/2016.
Revision date: 28/09/2016.
Identifiers: 1992681, 1993777, CVE-2016-5325, CVE-2016-7099, FEDORA-2016-861b8c46b7, openSUSE-SU-2016:2496-1, RHSA-2017:0002-01, SUSE-SU-2016:2470-1, SUSE-SU-2016:2470-2, VIGILANCE-VUL-20694.

Description of the vulnerability

Several vulnerabilities were announced in Node.js.

An attacker can tamper with the handling of X.509 certificate for TLS. [severity:3/4; CVE-2016-7099]

On MS-Windows platforms, an attacker can tamper with the process of cryptographic modules loading by OpenSSL to inject an arbitrary DLL into the server process. [severity:1/4]

An attacker can inject data into HTTP response headers to fake responses. [severity:1/4; CVE-2016-5325]
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Red Hat Fedora: