The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Red Hat Fedora

computer vulnerability announce CVE-2018-14884 CVE-2018-5712

PHP: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PHP.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, PHP, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, client access/rights, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 04/01/2018.
Identifiers: bulletinapr2018, CERTFR-2018-AVI-007, CVE-2018-14884, CVE-2018-5712, DLA-1251-1, FEDORA-2018-c4e9207c31, FEDORA-2018-d034538627, openSUSE-SU-2018:0248-1, openSUSE-SU-2018:0318-1, RHSA-2018:1296-01, SSA:2018-034-01, SSA:2018-136-02, SUSE-SU-2018:0806-1, USN-3566-1, USN-3600-1, USN-3600-2, VIGILANCE-VUL-24947.

Description of the vulnerability

An attacker can use several vulnerabilities of PHP.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-1000456

Poppler: buffer overflow

Synthesis of the vulnerability

An attacker can generate a buffer overflow of Poppler, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 03/01/2018.
Identifiers: bulletinjan2019, CVE-2017-1000456, DLA-1228-1, DSA-4097-1, FEDORA-2018-048468d7a8, FEDORA-2018-20ba39cba9, openSUSE-SU-2018:1721-1, SUSE-SU-2018:1662-1, SUSE-SU-2018:1691-1, USN-3517-1, VIGILANCE-VUL-24937.

Description of the vulnerability

An attacker can generate a buffer overflow of Poppler, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-1000409

glibc: buffer overflow via LD_LIBRARY_PATH

Synthesis of the vulnerability

An attacker can generate a buffer overflow via LD_LIBRARY_PATH of glibc, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 03/01/2018.
Identifiers: CVE-2017-1000409, FEDORA-2017-828f8a8fc6, openSUSE-SU-2018:0089-1, SUSE-SU-2018:0074-1, USN-3534-1, VIGILANCE-VUL-24925.

Description of the vulnerability

An attacker can generate a buffer overflow via LD_LIBRARY_PATH of glibc, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-1000408

glibc: memory leak via LD_HWCAP_MASK

Synthesis of the vulnerability

An attacker can create a memory leak via LD_HWCAP_MASK of glibc, in order to trigger a denial of service.
Impacted products: Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 03/01/2018.
Identifiers: CVE-2017-1000408, FEDORA-2017-828f8a8fc6, openSUSE-SU-2018:0089-1, SUSE-SU-2018:0074-1, USN-3534-1, VIGILANCE-VUL-24924.

Description of the vulnerability

An attacker can create a memory leak via LD_HWCAP_MASK of glibc, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-7409

unixODBC: buffer overflow via unicode_to_ansi_copy

Synthesis of the vulnerability

An attacker can generate a buffer overflow via unicode_to_ansi_copy() of unixODBC, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 02/01/2018.
Identifiers: bulletinoct2018, CVE-2018-7409, FEDORA-2018-9565c0bc9a, openSUSE-SU-2018:1845-1, SUSE-SU-2018:1832-1, VIGILANCE-VUL-24923.

Description of the vulnerability

An attacker can generate a buffer overflow via unicode_to_ansi_copy() of unixODBC, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-17935

Wireshark: out-of-bounds memory reading via File_read_line

Synthesis of the vulnerability

An attacker can force a read at an invalid address via File_read_line() of Wireshark, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: Debian, Fedora, Wireshark.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: internet client.
Creation date: 28/12/2017.
Identifiers: 14295, CVE-2017-17935, DLA-1634-1, FEDORA-2018-8c3a01cc65, VIGILANCE-VUL-24898.

Description of the vulnerability

An attacker can force a read at an invalid address via File_read_line() of Wireshark, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-1000499

phpMyAdmin: Cross Site Request Forgery

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery of phpMyAdmin, in order to force the victim to perform operations.
Impacted products: Fedora, openSUSE Leap, phpMyAdmin, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: user access/rights.
Provenance: internet client.
Creation date: 28/12/2017.
Identifiers: CERTFR-2018-AVI-001, CVE-2017-1000499, FEDORA-2017-481515e199, FEDORA-2017-cad79c7c6c, openSUSE-SU-2017:3448-1, openSUSE-SU-2017:3451-1, PMASA-2017-9, VIGILANCE-VUL-24897.

Description of the vulnerability

The phpMyAdmin product offers a web service.

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery of phpMyAdmin, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-17852 CVE-2017-17853 CVE-2017-17854

Linux kernel: six vulnerabilities via BPF

Synthesis of the vulnerability

An attacker can use several vulnerabilities via BPF of the Linux kernel.
Impacted products: Fedora, Linux.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 6.
Creation date: 28/12/2017.
Identifiers: CVE-2017-17852, CVE-2017-17853, CVE-2017-17854, CVE-2017-17855, CVE-2017-17856, CVE-2017-17857, FEDORA-2018-22d5fa8a90, FEDORA-2018-884a105c04, FEDORA-2018-8ed5eff2c0, VIGILANCE-VUL-24896.

Description of the vulnerability

An attacker can use several vulnerabilities via BPF of the Linux kernel.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-17531

GNU GLOBAL: code execution via gozilla.c

Synthesis of the vulnerability

An attacker can use a vulnerability via gozilla.c of GNU GLOBAL, in order to run code.
Impacted products: Fedora, openSUSE Leap.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 28/12/2017.
Identifiers: CVE-2017-17531, FEDORA-2017-fd9462d9ef, openSUSE-SU-2017:3442-1, VIGILANCE-VUL-24895.

Description of the vulnerability

An attacker can use a vulnerability via gozilla.c of GNU GLOBAL, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-6328

libexif: integer overflow via MNOTE

Synthesis of the vulnerability

An attacker can generate an integer overflow via MNOTE of libexif, in order to trigger a denial of service, and possibly to run code.
Impacted products: Fedora, openSUSE Leap.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 28/12/2017.
Identifiers: CVE-2016-6328, FEDORA-2017-b24ef59f94, FEDORA-2017-c28bfe0986, openSUSE-SU-2018:0211-1, VIGILANCE-VUL-24890.

Description of the vulnerability

An attacker can generate an integer overflow via MNOTE of libexif, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Red Hat Fedora: