The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Red Hat Fedora

vulnerability announce CVE-2018-7584

PHP: buffer overflow

Synthesis of the vulnerability

An attacker can generate a buffer overflow of PHP, in order to trigger a denial of service, and possibly to run code.
Impacted products: Mac OS X, Debian, Fedora, openSUSE Leap, Solaris, PHP, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: privileged access/rights, denial of service on service, denial of service on client.
Provenance: internet server.
Creation date: 01/03/2018.
Identifiers: 75981, bulletinapr2018, CERTFR-2018-AVI-109, CVE-2018-7584, DLA-1326-1, DLA-1397-1, DSA-4240-1, FEDORA-2018-a89ccf7133, FEDORA-2018-e8bc8d2784, HT208849, openSUSE-SU-2018:0657-1, openSUSE-SU-2018:0725-1, SUSE-SU-2018:0806-1, USN-3600-1, USN-3600-2, VIGILANCE-VUL-25412.

Description of the vulnerability

An attacker can generate a buffer overflow of PHP, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-7435 CVE-2018-7436 CVE-2018-7437

FreeXL: buffer overflow

Synthesis of the vulnerability

An attacker can generate a buffer overflow of FreeXL, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, openSUSE Leap.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 01/03/2018.
Identifiers: CVE-2018-7435, CVE-2018-7436, CVE-2018-7437, CVE-2018-7438, CVE-2018-7439, DLA-1297-1, DSA-4129-1, FEDORA-2018-2eb691e7d7, FEDORA-2018-5573046c3b, openSUSE-SU-2018:0570-1, VIGILANCE-VUL-25408.

Description of the vulnerability

An attacker can generate a buffer overflow of FreeXL, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-5803

Linux kernel: memory corruption via _sctp_make_chunk

Synthesis of the vulnerability

An attacker can generate a memory corruption via _sctp_make_chunk() of the Linux kernel, in order to trigger a denial of service.
Impacted products: Debian, Fedora, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server, denial of service on client.
Provenance: intranet client.
Creation date: 01/03/2018.
Identifiers: CERTFR-2018-AVI-250, CERTFR-2018-AVI-257, CERTFR-2018-AVI-299, CERTFR-2018-AVI-308, CERTFR-2018-AVI-319, CERTFR-2018-AVI-321, CERTFR-2018-AVI-392, CERTFR-2018-AVI-426, CVE-2018-5803, DLA-1369-1, DSA-4187-1, DSA-4188-1, FEDORA-2018-2bce10900e, FEDORA-2018-884a105c04, openSUSE-SU-2018:1418-1, openSUSE-SU-2018:2119-1, RHSA-2018:1854-01, RHSA-2018:2948-01, RHSA-2018:3083-01, RHSA-2018:3096-01, SUSE-SU-2018:1366-1, SUSE-SU-2018:1761-1, SUSE-SU-2018:1762-1, SUSE-SU-2018:1816-1, SUSE-SU-2018:1855-1, SUSE-SU-2018:2332-1, SUSE-SU-2018:2366-1, SUSE-SU-2018:2637-1, USN-3654-1, USN-3654-2, USN-3656-1, USN-3697-1, USN-3697-2, USN-3698-1, USN-3698-2, VIGILANCE-VUL-25407.

Description of the vulnerability

An attacker can generate a memory corruption via _sctp_make_chunk() of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-12627

Apache Xerces-C++: NULL pointer dereference via the DTD reference

Synthesis of the vulnerability

An attacker can force Apache Xerces-C++ dereference a NULL pointer while processing the path to the external DTD, in order to trigger a denial of service.
Impacted products: Xerces-C++, Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 01/03/2018.
Identifiers: CVE-2017-12627, DLA-1328-1, FEDORA-2018-51ce232320, FEDORA-2018-7b97e553ff, openSUSE-SU-2019:1283-1, SUSE-SU-2018:3277-1, SUSE-SU-2019:0977-1, VIGILANCE-VUL-25404.

Description of the vulnerability

An attacker can force Apache Xerces-C++ dereference a NULL pointer while processing the path to the external DTD, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-5733

ISC DHCP: integer overflow via dhcpd

Synthesis of the vulnerability

An attacker can generate an integer overflow via dhcpd of ISC DHCP, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, IBM i, ISC DHCP, McAfee Web Gateway, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 28/02/2018.
Identifiers: AA-01565, AA-01567, bulletinapr2018, CVE-2018-5733, DLA-1313-1, DSA-4133-1, FEDORA-2018-5051dbd15e, N1022543, openSUSE-SU-2018:0827-1, RHSA-2018:0469-01, RHSA-2018:0483-01, SB10231, SSA:2018-060-01, SUSE-SU-2018:0810-2, USN-3586-1, USN-3586-2, VIGILANCE-VUL-25402.

Description of the vulnerability

An attacker can generate an integer overflow via dhcpd of ISC DHCP, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-5732

ISC DHCP: buffer overflow via dhclient

Synthesis of the vulnerability

An attacker can generate a buffer overflow via dhclient of ISC DHCP, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, IBM i, ISC DHCP, McAfee Web Gateway, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on service, denial of service on client.
Provenance: intranet server.
Creation date: 28/02/2018.
Identifiers: AA-01565, AA-01567, bulletinapr2018, CVE-2018-5732, DLA-1313-1, DSA-4133-1, FEDORA-2018-5051dbd15e, K08306700, N1022543, openSUSE-SU-2018:0827-1, RHSA-2018:0469-01, RHSA-2018:0483-01, SB10231, SSA:2018-060-01, SUSE-SU-2018:0810-2, Synology-SA-18:14, USN-3586-1, USN-3586-2, VIGILANCE-VUL-25401.

Description of the vulnerability

An attacker can generate a buffer overflow via dhclient of ISC DHCP, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-7170 CVE-2018-7182 CVE-2018-7183

NTP.org: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of NTP.org.
Impacted products: Blue Coat CAS, BIG-IP Hardware, TMOS, Fedora, FreeBSD, AIX, Juniper EX-Series, Juniper J-Series, Junos OS, SRX-Series, McAfee Web Gateway, Meinberg NTP Server, NTP.org, openSUSE Leap, Solaris, SafeNet Network HSM, Slackware, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: privileged access/rights, data reading, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 5.
Creation date: 28/02/2018.
Identifiers: bulletinapr2018, bulletinapr2019, CERTFR-2018-AVI-545, CVE-2018-7170, CVE-2018-7182, CVE-2018-7183, CVE-2018-7184, CVE-2018-7185, FEDORA-2018-7051d682fa, FEDORA-2018-70c191d84a, FEDORA-2018-de113aeac6, FreeBSD-SA-18:02.ntp, JSA10898, K04912972, K13540723, K82570157, KB0018260, openSUSE-SU-2018:0970-1, openSUSE-SU-2018:3438-1, openSUSE-SU-2018:3452-1, SA165, SB10231, SB10264, SSA:2018-060-02, SUSE-SU-2018:1464-1, SUSE-SU-2018:1765-1, SUSE-SU-2018:3342-1, SUSE-SU-2018:3351-1, SUSE-SU-2018:3352-1, SUSE-SU-2018:3356-1, SUSE-SU-2018:3386-1, Synology-SA-18:13, Synology-SA-18:14, USN-3707-1, USN-3707-2, VIGILANCE-VUL-25397.

Description of the vulnerability

An attacker can use several vulnerabilities of NTP.org.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce 25392

unbound: privilege escalation via configuration file change

Synthesis of the vulnerability

An attacker can change the configuration of unbound, in order to raise his privileges.
Impacted products: Fedora.
Severity: 1/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: privileged shell.
Creation date: 28/02/2018.
Identifiers: FEDORA-2018-cb1f26bd2c, VIGILANCE-VUL-25392.

Description of the vulnerability

An attacker can change the configuration of unbound, in order to raise his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-7697

libsamplerate: buffer overflow via calc_output_single

Synthesis of the vulnerability

An attacker can generate a buffer overflow via calc_output_single of libsamplerate, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 28/02/2018.
Identifiers: CVE-2017-7697, FEDORA-2018-2012089e37, FEDORA-2018-418e67c843, VIGILANCE-VUL-25391.

Description of the vulnerability

An attacker can generate a buffer overflow via calc_output_single of libsamplerate, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-1000002

knot-resolver: partial DNSSEC signature check

Synthesis of the vulnerability

An attacker can bypass the DNSSEC signature check of knot-resolver, in order to make it accept tampered data.
Impacted products: Fedora.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: internet server.
Creation date: 28/02/2018.
Identifiers: CVE-2018-1000002, FEDORA-2018-844a1e9778, FEDORA-2018-fe5a6ed3b7, VIGILANCE-VUL-25390.

Description of the vulnerability

An attacker can bypass the DNSSEC signature check of knot-resolver, in order to make it accept tampered data.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Red Hat Fedora: