The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of RedHat Enterprise Linux

vulnerability announce CVE-2016-2069

Linux kernel: privilege escalation via TLB synchronization between processors

Synthesis of the vulnerability

An attacker can trigger a synchronization error of processor' TLB in the Linux kernel, in order to escalate his privileges.
Impacted products: Debian, Linux, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 25/01/2016.
Identifiers: CERTFR-2016-AVI-069, CERTFR-2016-AVI-070, CERTFR-2016-AVI-073, CERTFR-2016-AVI-082, CERTFR-2016-AVI-099, CERTFR-2016-AVI-103, CERTFR-2016-AVI-110, CERTFR-2016-AVI-159, CERTFR-2016-AVI-186, CERTFR-2016-AVI-199, CERTFR-2017-AVI-001, CVE-2016-2069, DSA-3503-1, openSUSE-SU-2016:0537-1, openSUSE-SU-2016:1008-1, openSUSE-SU-2016:2649-1, openSUSE-SU-2016:3021-1, RHSA-2016:2574-02, RHSA-2016:2584-02, RHSA-2017:0817-01, SUSE-SU-2016:0585-1, SUSE-SU-2016:0785-1, SUSE-SU-2016:0911-1, SUSE-SU-2016:1102-1, SUSE-SU-2016:1203-1, SUSE-SU-2016:2074-1, SUSE-SU-2016:3304-1, USN-2908-1, USN-2908-2, USN-2908-3, USN-2908-4, USN-2908-5, USN-2931-1, USN-2932-1, USN-2967-1, USN-2967-2, USN-2989-1, USN-2998-1, VIGILANCE-VUL-18812.

Description of the vulnerability

The x86 processors include a cache of the page table, which must be shared by all processors.

The Linux kernel implements a specific protocol to spread changes to the page table into all the processors' cache. However, there is an error in this protocol and a consequence is that there may be a sequence of instructions and hardware interrupts that grant access to a memory area which should be unreachable.

An attacker can therefore trigger a synchronization error of processor' TLB in the Linux kernel, in order to escalate his privileges.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2016-2053

Linux kernel: denial of service via public_key_verify_signature

Synthesis of the vulnerability

An attacker can submit an ill formed X.509 certificate to the function public_key_verify_signature() of the Linux kernel, in order to trigger a denial of service.
Impacted products: Android OS, Linux, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Creation date: 25/01/2016.
Identifiers: 1300237, CERTFR-2016-AVI-267, CVE-2016-2053, openSUSE-SU-2016:1641-1, openSUSE-SU-2016:2144-1, openSUSE-SU-2016:2184-1, RHSA-2016:2574-02, RHSA-2016:2584-02, SUSE-SU-2016:1672-1, SUSE-SU-2016:1690-1, SUSE-SU-2016:1937-1, SUSE-SU-2016:1985-1, SUSE-SU-2016:2105-1, SUSE-SU-2016:2245-1, VIGILANCE-VUL-18810.

Description of the vulnerability

The Linux kernel cau use public keys from X.509 certificates.

Before public keys are used, they must be validated. However, the certificate parser does not check all the constraints and there is an ill formed certificate the processing of which will trigger an assertion violation in public_key_verify_signature(), which leads to a kernel panic.

An attacker can therefore submit an ill formed X.509 certificate to the function public_key_verify_signature() of the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2015-8781 CVE-2015-8782 CVE-2015-8783

LibTIFF: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of libtiff.
Impacted products: Debian, BIG-IP Hardware, TMOS, LibTIFF, openSUSE, openSUSE Leap, Solaris, RHEL, Ubuntu.
Severity: 2/4.
Creation date: 25/01/2016.
Identifiers: 2522, bulletinapr2016, CVE-2015-8781, CVE-2015-8782, CVE-2015-8783, DLA-880-1, DSA-3467-1, K11220361, K35155453, openSUSE-SU-2016:0405-1, openSUSE-SU-2016:0414-1, openSUSE-SU-2016:2321-1, RHSA-2016:1546-01, RHSA-2016:1547-01, SOL35155453, USN-2939-1, VIGILANCE-VUL-18807.

Description of the vulnerability

Several vulnerabilities were announced in libtiff.

An attacker can generate a memory corruption when assertion evaluation is disabled at build time, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2015-8781]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2015-8782]

An attacker can force a read at an invalid address, in order to trigger a denial of service. [severity:2/4; CVE-2015-8783]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2015-8784

LibTIFF: buffer overflow of NeXTDecode

Synthesis of the vulnerability

An attacker can generate a buffer overflow in NeXTDecode of libtiff5, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, BIG-IP Hardware, TMOS, LibTIFF, RHEL, Ubuntu.
Severity: 2/4.
Creation date: 25/01/2016.
Identifiers: 2508, CVE-2015-8784, DLA-880-1, DSA-3467-1, RHSA-2016:1546-01, RHSA-2016:1547-01, SOL89096577, USN-2939-1, VIGILANCE-VUL-18806.

Description of the vulnerability

The library libtiff handles images in the TIFF format.

The routine TIFFReadContigTileData allocates a buffer wich is used by the routine NeXTDecode. However, This last routine may write data from the image file after the end of this buffer.

An attacker can therefore generate a buffer overflow in NeXTDecode of libtiff5, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2015-5307 CVE-2015-7183 CVE-2015-8104

Oracle VM VirtualBox: multiple vulnerabilities of January 2016

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle VM VirtualBox.
Impacted products: Debian, openSUSE, VirtualBox, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Creation date: 20/01/2016.
Revision date: 22/01/2016.
Identifiers: CERTFR-2016-AVI-029, CERTFR-2016-AVI-050, cpujan2016, CVE-2015-5307, CVE-2015-7183, CVE-2015-8104, CVE-2016-0495, CVE-2016-0592, CVE-2016-0602, DSA-3454-1, openSUSE-SU-2016:0301-1, RHSA-2016:0103-01, SUSE-SU-2016:0354-1, SUSE-SU-2016:0658-1, VIGILANCE-VUL-18763.

Description of the vulnerability

Several vulnerabilities were announced in Oracle VM VirtualBox.

An attacker can use a vulnerability of Core, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; CVE-2015-7183]

An attacker can use a vulnerability of Windows Installer, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; CVE-2016-0602]

An attacker can use a vulnerability of Core, in order to trigger a denial of service. [severity:2/4; CVE-2015-5307]

An attacker can use a vulnerability of Core, in order to trigger a denial of service. [severity:2/4; CVE-2015-8104]

An attacker can use a vulnerability of Core, in order to trigger a denial of service. [severity:2/4; CVE-2016-0495]

An attacker can use a vulnerability of Core, in order to trigger a denial of service. [severity:1/4; CVE-2016-0592]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2015-7973 CVE-2015-7974 CVE-2015-7975

NTP.org: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of NTP.org.
Impacted products: SNS, Blue Coat CAS, FabricOS, Brocade Network Advisor, Brocade vTM, Cisco ASR, Cisco ACE, ASA, IOS by Cisco, IOS XE Cisco, IOS XR Cisco, Nexus by Cisco, NX-OS, Prime Collaboration Assurance, Cisco Prime DCNM, Prime Infrastructure, Cisco Prime LMS, Cisco PRSM, Cisco Router, Secure ACS, Cisco CUCM, Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP Switch, AIX, Juniper J-Series, Junos OS, Junos Space, Meinberg NTP Server, NTP.org, openSUSE, openSUSE Leap, Palo Alto Firewall PA***, PAN-OS, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 21/01/2016.
Identifiers: BSA-2016-005, BSA-2016-006, CERTFR-2016-AVI-045, cisco-sa-20160127-ntpd, CVE-2015-7973, CVE-2015-7974, CVE-2015-7975, CVE-2015-7976, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8138, CVE-2015-8139, CVE-2015-8140, CVE-2015-8158, DLA-559-1, DSA-3629-1, FEDORA-2016-34bc10a2c8, FEDORA-2016-89e0874533, FEDORA-2016-8bb1932088, FEDORA-2016-c3bd6a3496, FreeBSD-SA-16:09.ntp, HPESBHF03750, JSA10776, JSA10796, K00329831, K01324833, K06288381, openSUSE-SU-2016:1292-1, openSUSE-SU-2016:1329-1, openSUSE-SU-2016:1423-1, PAN-SA-2016-0019, RHSA-2016:0063-01, RHSA-2016:0780-01, RHSA-2016:1552-01, RHSA-2016:2583-02, SA113, SOL00329831, SOL01324833, SOL05046514, SOL06288381, SOL13304944, SOL21230183, SOL32790144, SOL71245322, SOL74363721, SSA:2016-054-04, STORM-2016-003, STORM-2016-004, SUSE-SU-2016:1175-1, SUSE-SU-2016:1177-1, SUSE-SU-2016:1247-1, SUSE-SU-2016:1278-1, SUSE-SU-2016:1291-1, SUSE-SU-2016:1311-1, SUSE-SU-2016:1471-1, SUSE-SU-2016:1912-1, SUSE-SU-2016:2094-1, USN-3096-1, VIGILANCE-VUL-18787.

Description of the vulnerability

Several vulnerabilities were announced in NTP.org.

An attacker can generate an infinite loop in ntpq, in order to trigger a denial of service. [severity:2/4; CVE-2015-8158]

The Zero Origin Timestamp value is not correctly checked. [severity:2/4; CVE-2015-8138]

An attacker can trigger a fatal error in Authenticated Broadcast Mode, in order to trigger a denial of service. [severity:2/4; CVE-2015-7979]

An attacker can trigger a fatal error in Recursive Traversal, in order to trigger a denial of service. [severity:2/4; CVE-2015-7978]

An attacker can force a NULL pointer to be dereferenced in reslist, in order to trigger a denial of service. [severity:2/4; CVE-2015-7977]

An attacker can use a filename with special characters in the "ntpq saveconfig" command. [severity:2/4; CVE-2015-7976]

An attacker can generate a buffer overflow in nextvar(), in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2015-7975]

An attacker can bypass security features in Skeleton Key, in order to escalate his privileges. [severity:2/4; CVE-2015-7974]

An attacker can use a replay attack against Deja Vu. [severity:2/4; CVE-2015-7973]

An attacker can use a replay attack against ntpq. [severity:2/4; CVE-2015-8140]

An attacker can bypass security features in ntpq and ntpdc, in order to obtain sensitive information. [severity:2/4; CVE-2015-8139]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2016-1612 CVE-2016-1613 CVE-2016-1614

Google Chrome: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Google Chrome.
Impacted products: Debian, Chrome, openSUSE, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 4/4.
Creation date: 21/01/2016.
Identifiers: CVE-2016-1612, CVE-2016-1613, CVE-2016-1614, CVE-2016-1615, CVE-2016-1616, CVE-2016-1617, CVE-2016-1618, CVE-2016-1619, CVE-2016-1620, CVE-2016-2051, CVE-2016-2052, DSA-3456-1, openSUSE-SU-2016:0249-1, openSUSE-SU-2016:0250-1, openSUSE-SU-2016:0271-1, RHSA-2016:0072-01, USN-2877-1, VIGILANCE-VUL-18785.

Description of the vulnerability

Several vulnerabilities were announced in Google Chrome.

An attacker can generate a memory corruption in V8, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-1612]

An attacker can force the usage of a freed memory area in PDFium, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-1613]

An attacker can bypass security features in Blink, in order to obtain sensitive information. [severity:2/4; CVE-2016-1614]

An attacker can bypass security features in Omnibox, in order to obtain sensitive information. [severity:2/4; CVE-2016-1615]

An attacker can spoof an url, in order to deceive the victim. [severity:2/4; CVE-2016-1616]

An attacker can use HSTS et CSP, in order to obtain sensitive information from history. [severity:2/4; CVE-2016-1617]

An attacker can predict randoms in Blink. [severity:2/4; CVE-2016-1618]

An attacker can force a read at an invalid address in PDFium, in order to trigger a denial of service. [severity:2/4; CVE-2016-1619]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-1620]

An attacker can generate a memory corruption in V8, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-2051]

An attacker can generate a memory corruption in HarfBuzz, in order to trigger a denial of service, and possibly to run code (VIGILANCE-VUL-20398). [severity:3/4; CVE-2016-2052]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2016-1981

QEMU: infinite loop of e1000

Synthesis of the vulnerability

An attacker in a guest system can generate an infinite loop in the e1000 implementation of QEMU, in order to trigger a denial of service on the host system.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, QEMU, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 20/01/2016.
Identifiers: CVE-2016-1981, DSA-3471-1, FEDORA-2016-38b20aa50f, FEDORA-2016-b49aaf2c56, FEDORA-2016-be042f7e6f, FEDORA-2016-f4504e9445, openSUSE-SU-2016:0914-1, openSUSE-SU-2016:0995-1, openSUSE-SU-2016:1750-1, openSUSE-SU-2016:2494-1, RHSA-2016:2585-02, SUSE-SU-2016:0873-1, SUSE-SU-2016:0955-1, SUSE-SU-2016:1154-1, SUSE-SU-2016:1318-1, SUSE-SU-2016:1560-1, SUSE-SU-2016:1698-1, SUSE-SU-2016:1703-1, SUSE-SU-2016:1745-1, SUSE-SU-2016:1785-1, USN-2891-1, VIGILANCE-VUL-18768.

Description of the vulnerability

The QEMU product implements the support of e1000 network devices.

However, by using invalid TDH/RDH values, an infinite loop occurs in the hw/net/e1000.c file.

An attacker in a guest system can therefore generate an infinite loop in the e1000 implementation of QEMU, in order to trigger a denial of service on the host system.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2015-8704

ISC BIND: assertion error via APL

Synthesis of the vulnerability

An attacker can force an assertion error by sending APL data to some configurations of ISC BIND, in order to trigger a denial of service.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP-UX, AIX, BIND, McAfee Email Gateway, openSUSE, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 20/01/2016.
Identifiers: AA-01335, bulletinjan2016, bulletinoct2016, c05019901, CVE-2015-8704, DSA-3449-1, FEDORA-2016-1323b9078a, FEDORA-2016-1ab53bf440, FEDORA-2016-f3517b9c4c, FEDORA-2016-feb8d77f36, FreeBSD-SA-16:08.bind, HPSBUX03552, openSUSE-SU-2016:0197-1, openSUSE-SU-2016:0199-1, openSUSE-SU-2016:0204-1, RHSA-2016:0073-01, RHSA-2016:0074-01, SB10214, SOL53445000, SSA:2016-054-01, SSRT102983, SUSE-SU-2016:0174-1, SUSE-SU-2016:0180-1, SUSE-SU-2016:0200-1, SUSE-SU-2016:0227-1, USN-2874-1, VIGILANCE-VUL-18766.

Description of the vulnerability

The ISC BIND product uses the APL structure to store "rdata" records.

These APL data are used by:
 - Slaves using text-format db files receiving a record in a zone transfer from their master.
 - Masters using text-format db files accepting a record in a DDNS update message.
 - Recursive resolvers when debug logging.
 - A server which has cached a record while performing 'rndc dumpdb'.

However, when APL data are too long, an assertion error occurs because developers did not except this case, which stops the process.

An attacker can therefore force an assertion error by sending APL data to some configurations of ISC BIND, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2015-7744 CVE-2016-0502 CVE-2016-0503

MySQL: multiple vulnerabilities of January 2016

Synthesis of the vulnerability

An attacker can use several vulnerabilities of MySQL.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, MariaDB ~ precise, MySQL Community, MySQL Enterprise, openSUSE, openSUSE Leap, Solaris, Percona Server, XtraDB Cluster, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 20/01/2016.
Identifiers: bulletinapr2016, CERTFR-2016-AVI-030, cpujan2016, CVE-2015-7744, CVE-2016-0502, CVE-2016-0503, CVE-2016-0504, CVE-2016-0505, CVE-2016-0546, CVE-2016-0594, CVE-2016-0595, CVE-2016-0596, CVE-2016-0597, CVE-2016-0598, CVE-2016-0599, CVE-2016-0600, CVE-2016-0601, CVE-2016-0605, CVE-2016-0606, CVE-2016-0607, CVE-2016-0608, CVE-2016-0609, CVE-2016-0610, CVE-2016-0611, CVE-2016-0616, DSA-3453-1, DSA-3459-1, FEDORA-2016-5cb344dd7e, FEDORA-2016-65a1f22818, FEDORA-2016-868c170507, FEDORA-2016-e30164d0a2, K77508618, openSUSE-SU-2016:0367-1, openSUSE-SU-2016:0377-1, openSUSE-SU-2016:1664-1, openSUSE-SU-2016:1686-1, RHSA-2016:0534-01, RHSA-2016:0705-01, RHSA-2016:1132-01, RHSA-2016:1480-01, RHSA-2016:1481-01, SUSE-SU-2016:1619-1, SUSE-SU-2016:1620-1, USN-2881-1, VIGILANCE-VUL-18764.

Description of the vulnerability

Several vulnerabilities were announced in MySQL.

An attacker can use a vulnerability of Client, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; CVE-2016-0546]

An attacker can use a vulnerability of Server: DML, in order to trigger a denial of service. [severity:2/4; CVE-2016-0504]

An attacker can use a vulnerability of Server: Options, in order to trigger a denial of service. [severity:2/4; CVE-2016-0505]

An attacker can use a vulnerability of Server: DML, in order to trigger a denial of service. [severity:2/4; CVE-2016-0594]

An attacker can use a vulnerability of Server: DML, in order to trigger a denial of service. [severity:2/4; CVE-2016-0595]

An attacker can use a vulnerability of Server: DML, in order to trigger a denial of service. [severity:2/4; CVE-2016-0503]

An attacker can use a vulnerability of Server: DML, in order to trigger a denial of service. [severity:2/4; CVE-2016-0596]

An attacker can use a vulnerability of Server: Optimizer, in order to trigger a denial of service. [severity:2/4; CVE-2016-0502]

An attacker can use a vulnerability of Server: Optimizer, in order to trigger a denial of service. [severity:2/4; CVE-2016-0597]

An attacker can use a vulnerability of Server: Optimizer, in order to trigger a denial of service. [severity:2/4; CVE-2016-0611]

An attacker can use a vulnerability of Server: Optimizer, in order to trigger a denial of service. [severity:2/4; CVE-2016-0616]

An attacker can use a vulnerability of Server: DML, in order to trigger a denial of service. [severity:2/4; CVE-2016-0598]

An attacker can use a vulnerability of Server: InnoDB, in order to trigger a denial of service. [severity:2/4; CVE-2016-0600]

An attacker can use a vulnerability of Server: InnoDB, in order to trigger a denial of service. [severity:2/4; CVE-2016-0610]

An attacker can use a vulnerability of Server: Optimizer, in order to trigger a denial of service. [severity:2/4; CVE-2016-0599]

An attacker can use a vulnerability of Server: Partition, in order to trigger a denial of service. [severity:2/4; CVE-2016-0601]

An attacker can use a vulnerability of Server: Security: Encryption, in order to alter information. [severity:2/4; CVE-2016-0606]

An attacker can use a vulnerability of Server: UDF, in order to trigger a denial of service. [severity:2/4; CVE-2016-0608]

An attacker can use a vulnerability of Server: Replication, in order to trigger a denial of service. [severity:1/4; CVE-2016-0607]

An attacker can use a vulnerability of Server: Security: Encryption, in order to obtain information. [severity:1/4; CVE-2015-7744]

An attacker can use a vulnerability of Server: General, in order to trigger a denial of service. [severity:1/4; CVE-2016-0605]

An attacker can use a vulnerability of Server: Security: Privileges, in order to trigger a denial of service. [severity:1/4; CVE-2016-0609]
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about RedHat Enterprise Linux: