The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Red Hat Fedora

cybersecurity bulletin CVE-2018-13095

Linux kernel: assertion error via fs/xfs/libxfs/xfs_inode_buf.c

Synthesis of the vulnerability

An attacker can force an assertion error via fs/xfs/libxfs/xfs_inode_buf.c of the Linux kernel, in order to trigger a denial of service.
Severity: 1/4.
Creation date: 04/07/2018.
Identifiers: 1103505, CERTFR-2018-AVI-456, CERTFR-2018-AVI-466, CERTFR-2018-AVI-480, CERTFR-2019-AVI-245, CVE-2018-13095, FEDORA-2018-50075276e8, openSUSE-SU-2018:2738-1, openSUSE-SU-2018:3071-1, RHSA-2019:1350-01, RHSA-2019:2029-01, RHSA-2019:2043-01, SUSE-SU-2018:2858-1, SUSE-SU-2018:2862-1, SUSE-SU-2018:2980-1, SUSE-SU-2018:3084-1, VIGILANCE-VUL-26616.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force an assertion error via fs/xfs/libxfs/xfs_inode_buf.c of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

security bulletin CVE-2018-13094

Linux kernel: NULL pointer dereference via xfs_da_shrink_inode

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via xfs_da_shrink_inode() of the Linux kernel, in order to trigger a denial of service.
Severity: 1/4.
Creation date: 04/07/2018.
Identifiers: 1103505, CERTFR-2018-AVI-408, CERTFR-2018-AVI-413, CERTFR-2018-AVI-456, CERTFR-2018-AVI-466, CERTFR-2018-AVI-480, CERTFR-2019-AVI-183, CVE-2018-13094, DLA-1529-1, FEDORA-2018-50075276e8, openSUSE-SU-2018:2738-1, openSUSE-SU-2018:3071-1, RHSA-2019:0831-01, RHSA-2019:2029-01, RHSA-2019:2043-01, SUSE-SU-2018:2858-1, SUSE-SU-2018:2862-1, SUSE-SU-2018:2980-1, SUSE-SU-2018:3084-1, USN-3752-1, USN-3752-2, USN-3752-3, USN-3753-1, USN-3753-2, USN-3754-1, VIGILANCE-VUL-26615.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via xfs_da_shrink_inode() of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-13093

Linux kernel: NULL pointer dereference via fs/xfs/xfs_icache.c

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via fs/xfs/xfs_icache.c of the Linux kernel, in order to trigger a denial of service.
Severity: 1/4.
Creation date: 04/07/2018.
Identifiers: 1103505, CERTFR-2018-AVI-456, CERTFR-2018-AVI-460, CERTFR-2018-AVI-466, CERTFR-2018-AVI-480, CERTFR-2019-AVI-188, CERTFR-2019-AVI-391, CERTFR-2019-AVI-419, CVE-2018-13093, DLA-1529-1, FEDORA-2018-50075276e8, openSUSE-SU-2018:2738-1, openSUSE-SU-2018:3071-1, RHSA-2019:2029-01, RHSA-2019:2043-01, SUSE-SU-2018:2858-1, SUSE-SU-2018:2862-1, SUSE-SU-2018:2908-1, SUSE-SU-2018:2908-2, SUSE-SU-2018:2980-1, SUSE-SU-2018:3083-1, SUSE-SU-2018:3084-1, USN-4094-1, USN-4118-1, VIGILANCE-VUL-26614.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via fs/xfs/xfs_icache.c of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer weakness note 26612

Fedora: privilege escalation via Standard Test Interface Ansible Roles

Synthesis of the vulnerability

An attacker can bypass restrictions via Standard Test Interface Ansible Roles of Fedora, in order to escalate his privileges.
Severity: 2/4.
Creation date: 04/07/2018.
Identifiers: FEDORA-2018-c5c870e3ab, VIGILANCE-VUL-26612.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via Standard Test Interface Ansible Roles of Fedora, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer threat CVE-2018-12910

Libsoup: denial of service via Cookie Requests

Synthesis of the vulnerability

An attacker can generate a fatal error via Cookie Requests of Libsoup, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 04/07/2018.
Identifiers: CVE-2018-12910, DLA-1416-1, DSA-4241-1, FEDORA-2018-c3838931e1, FEDORA-2018-fb2afee474, openSUSE-SU-2018:2296-1, openSUSE-SU-2019:1310-1, RHSA-2018:3140-01, SUSE-SU-2018:2204-1, SUSE-SU-2018:2204-2, USN-3701-1, VIGILANCE-VUL-26611.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via Cookie Requests of Libsoup, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-10841

GlusterFS: privilege escalation via Remote-host Trusted Peer Group Access

Synthesis of the vulnerability

An attacker can bypass restrictions via Remote-host Trusted Peer Group Access of GlusterFS, in order to escalate his privileges.
Severity: 2/4.
Creation date: 04/07/2018.
Identifiers: CVE-2018-10841, FEDORA-2018-d873767641, VIGILANCE-VUL-26610.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via Remote-host Trusted Peer Group Access of GlusterFS, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

security threat 26609

Apache Ant: directory traversal

Synthesis of the vulnerability

An attacker can traverse directories of Apache Ant, in order to create a file outside the service root path. This vulnerability is a member of the Zip Slip family (VIGILANCE-VUL-26357).
Severity: 2/4.
Creation date: 04/07/2018.
Identifiers: CVE-2018-10886-REJECTERROR, DLA-1431-1, DLA-1457-1, DSA-4255-1, FEDORA-2018-4943b0505b, FEDORA-2018-cba3ccd747, openSUSE-SU-2018:2895-1, SUSE-SU-2018:2789-1, SUSE-SU-2018:2838-1, SUSE-SU-2018:2866-1, USN-3721-1, VIGILANCE-VUL-26609.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can traverse directories of Apache Ant, in order to create a file outside the service root path. This vulnerability is a member of the Zip Slip family (VIGILANCE-VUL-26357).
Full Vigil@nce bulletin... (Free trial)

threat CVE-2018-6541

ZZIPlib: denial of service via __zzip_fetch_disk_trailer

Synthesis of the vulnerability

An attacker can generate a fatal error via __zzip_fetch_disk_trailer() of ZZIPlib, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 03/07/2018.
Identifiers: CVE-2018-6541, FEDORA-2018-237e9b550c, RHSA-2019:2196-01, USN-3699-1, VIGILANCE-VUL-26608.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via __zzip_fetch_disk_trailer() of ZZIPlib, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

security announce CVE-2018-13053

Linux kernel: integer overflow via alarm_timer_nsleep

Synthesis of the vulnerability

An attacker can generate an integer overflow via alarm_timer_nsleep() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Severity: 2/4.
Creation date: 03/07/2018.
Identifiers: 1103505, CERTFR-2018-AVI-358, CERTFR-2018-AVI-365, CERTFR-2018-AVI-392, CERTFR-2018-AVI-426, CERTFR-2018-AVI-557, CERTFR-2019-AVI-183, CERTFR-2019-AVI-391, CERTFR-2019-AVI-419, CVE-2018-13053, DLA-1715-1, DLA-1731-1, DLA-1731-2, FEDORA-2018-50075276e8, openSUSE-SU-2018:2118-1, openSUSE-SU-2018:2119-1, RHSA-2019:0831-01, RHSA-2019:2029-01, RHSA-2019:2043-01, SSA:2019-030-01, SSB-439005, SUSE-SU-2018:2051-1, SUSE-SU-2018:2150-1, SUSE-SU-2018:2332-1, SUSE-SU-2018:2344-1, SUSE-SU-2018:2362-1, SUSE-SU-2018:2366-1, SUSE-SU-2018:2384-1, SUSE-SU-2018:2637-1, USN-3821-1, USN-3821-2, USN-4094-1, USN-4118-1, VIGILANCE-VUL-26605.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate an integer overflow via alarm_timer_nsleep() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer threat note CVE-2018-12896

Linux kernel: denial of service via posix-timers.c

Synthesis of the vulnerability

An attacker can generate a fatal error via posix-timers.c of the Linux kernel, in order to trigger a denial of service.
Severity: 1/4.
Creation date: 03/07/2018.
Identifiers: CERTFR-2018-AVI-456, CERTFR-2018-AVI-459, CERTFR-2018-AVI-460, CERTFR-2018-AVI-466, CERTFR-2018-AVI-480, CERTFR-2018-AVI-529, CERTFR-2018-AVI-608, CERTFR-2019-AVI-188, CVE-2018-12896, DLA-1715-1, DLA-1731-1, DLA-1731-2, FEDORA-2018-50075276e8, openSUSE-SU-2018:2738-1, openSUSE-SU-2018:3071-1, SSA:2019-030-01, SUSE-SU-2018:2858-1, SUSE-SU-2018:2862-1, SUSE-SU-2018:2879-1, SUSE-SU-2018:2908-1, SUSE-SU-2018:2908-2, SUSE-SU-2018:2980-1, SUSE-SU-2018:3083-1, SUSE-SU-2018:3084-1, SUSE-SU-2018:3088-1, SUSE-SU-2018:3618-1, USN-3847-1, USN-3847-2, USN-3847-3, USN-3848-1, USN-3848-2, USN-3849-1, USN-3849-2, VIGILANCE-VUL-26604.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via posix-timers.c of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Red Hat Fedora: