The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of RedHat Enterprise Linux

security note CVE-2017-2982 CVE-2017-2984 CVE-2017-2985

Adobe Flash Player: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Flash Player.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 13.
Creation date: 14/02/2017.
Revision date: 17/02/2017.
Identifiers: 1007, 1008, 1013, 1018, 4010250, APSB17-04, CERTFR-2017-AVI-051, CERTFR-2017-AVI-055, CVE-2017-2982, CVE-2017-2984, CVE-2017-2985, CVE-2017-2986, CVE-2017-2987, CVE-2017-2988, CVE-2017-2990, CVE-2017-2991, CVE-2017-2992, CVE-2017-2993, CVE-2017-2994, CVE-2017-2995, CVE-2017-2996, MS17-005, RHSA-2017:0275-01, SUSE-SU-2017:0523-1, VIGILANCE-VUL-21834, ZDI-17-109, ZDI-17-110, ZDI-17-287.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Adobe Flash Player.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2017-2995, ZDI-17-109]

An attacker can generate an integer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2017-2987]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2017-2982]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2017-2985]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2017-2993]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2017-2994, ZDI-17-110, ZDI-17-287]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2017-2986]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2017-2992]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2017-2984]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2017-2988]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2017-2990]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2017-2991]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2017-2996]
Full Vigil@nce bulletin... (Free trial)

cybersecurity vulnerability CVE-2017-2618

Linux kernel: denial of service via setprocattr

Synthesis of the vulnerability

An attacker can generate a fatal error via setprocattr() on the Linux kernel, in order to trigger a denial of service.
Severity: 1/4.
Creation date: 15/02/2017.
Identifiers: CERTFR-2017-AVI-250, CVE-2017-2618, DSA-3791-1, RHSA-2017:0931-01, RHSA-2017:0933-01, USN-3361-1, USN-3381-1, USN-3381-2, VIGILANCE-VUL-21847.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via setprocattr() on the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2016-10195 CVE-2016-10196 CVE-2016-10197

libevent: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of libevent.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 6.
Creation date: 15/02/2017.
Identifiers: bulletinjul2018, CERTFR-2017-AVI-134, cpujul2017, CVE-2016-10195, CVE-2016-10196, CVE-2016-10197, CVE-2017-10195-ERROR, CVE-2017-10196-ERROR, CVE-2017-10197-ERROR, DLA-824-1, DSA-3789-1, FEDORA-2017-31c64a0bbf, FEDORA-2017-82265ed89e, FEDORA-2017-87e23bcc34, MFSA-2017-10, MFSA-2017-11, MFSA-2017-12, MFSA-2017-13, openSUSE-SU-2018:0220-1, RHSA-2017:1201-01, SSA:2017-112-01, SUSE-SU-2017:1669-1, SUSE-SU-2017:2235-1, USN-3228-1, USN-3278-1, VIGILANCE-VUL-21846.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of libevent.
Full Vigil@nce bulletin... (Free trial)

weakness note CVE-2017-5986

Linux kernel: assertion error via sctp_wait_for_sndbuf

Synthesis of the vulnerability

An attacker can force an assertion error via sctp_wait_for_sndbuf() on the Linux kernel, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 14/02/2017.
Identifiers: CERTFR-2017-AVI-060, CERTFR-2017-AVI-128, CERTFR-2017-AVI-162, CERTFR-2017-AVI-282, CERTFR-2017-AVI-311, CVE-2017-5986, DLA-849-1, DSA-3804-1, FEDORA-2017-2e1f3694b2, FEDORA-2017-387ff46a66, FEDORA-2017-fb89ca752a, openSUSE-SU-2017:0541-1, openSUSE-SU-2017:0547-1, RHSA-2017:1308-01, SUSE-SU-2017:0575-1, SUSE-SU-2017:1247-1, SUSE-SU-2017:1301-1, SUSE-SU-2017:1360-1, SUSE-SU-2017:1990-1, SUSE-SU-2017:2342-1, SUSE-SU-2017:2525-1, USN-3264-1, USN-3264-2, USN-3265-1, USN-3265-2, USN-3266-1, USN-3266-2, VIGILANCE-VUL-21833.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force an assertion error via sctp_wait_for_sndbuf() on the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer weakness bulletin CVE-2017-5973

QEMU: infinite loop via xhci_kick_epctx

Synthesis of the vulnerability

An attacker can generate an infinite loop via xhci_kick_epctx() of QEMU, in order to trigger a denial of service.
Severity: 1/4.
Creation date: 14/02/2017.
Identifiers: CVE-2017-5973, DLA-1497-1, DLA-842-1, DLA-845-1, openSUSE-SU-2017:1872-1, RHSA-2017:2392-01, SUSE-SU-2017:0570-1, SUSE-SU-2017:0582-1, SUSE-SU-2017:0647-1, SUSE-SU-2017:1774-1, SUSE-SU-2017:2946-1, SUSE-SU-2017:2963-1, SUSE-SU-2017:2969-1, SUSE-SU-2017:3084-1, USN-3261-1, VIGILANCE-VUL-21829.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate an infinite loop via xhci_kick_epctx() of QEMU, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer threat bulletin CVE-2016-10207

TigerVNC: denial of service via TLS

Synthesis of the vulnerability

An attacker can generate a fatal error via the TLS handshake in TigerVNC, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 13/02/2017.
Identifiers: bulletinjan2018, CVE-2016-10207, openSUSE-SU-2017:0444-1, RHSA-2017:0630-01, RHSA-2017:2000-01, VIGILANCE-VUL-21810.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via the TLS handshake in TigerVNC, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

security weakness CVE-2017-5884 CVE-2017-5885

gtk-vnc: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of gtk-vnc.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 13/02/2017.
Identifiers: bulletinjan2018, CVE-2017-5884, CVE-2017-5885, DLA-831-1, FEDORA-2017-404f1a29fc, FEDORA-2017-a9e6a5c249, FEDORA-2017-ab04a91edd, FEDORA-2017-c3739273e5, RHSA-2017:2258-01, USN-3203-1, VIGILANCE-VUL-21804.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of gtk-vnc.
Full Vigil@nce bulletin... (Free trial)

security alert CVE-2017-5970

Linux kernel: NULL pointer dereference via ipv4_pktinfo_prepare

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via ipv4_pktinfo_prepare() on the Linux kernel, in order to trigger a denial of service.
Severity: 1/4.
Creation date: 13/02/2017.
Identifiers: 2011746, CERTFR-2017-AVI-060, CERTFR-2017-AVI-128, CERTFR-2017-AVI-282, CERTFR-2017-AVI-287, CERTFR-2017-AVI-307, CERTFR-2017-AVI-311, CVE-2017-5970, DLA-922-1, DSA-3791-1, FEDORA-2017-0054c7b1f0, FEDORA-2017-787bc0d5b4, K60104355, openSUSE-SU-2017:0541-1, openSUSE-SU-2017:0547-1, RHSA-2017:1842-01, RHSA-2017:2077-01, RHSA-2017:2669-01, SA148, SUSE-SU-2017:0517-1, SUSE-SU-2017:0575-1, SUSE-SU-2017:1247-1, SUSE-SU-2017:1301-1, SUSE-SU-2017:1990-1, SUSE-SU-2017:2342-1, SUSE-SU-2017:2525-1, USN-3265-1, USN-3265-2, USN-3361-1, USN-3422-1, USN-3422-2, VIGILANCE-VUL-21801.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via ipv4_pktinfo_prepare() on the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

cybersecurity note CVE-2017-3302

MySQL: use after free via libmysqlclient

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via libmysqlclient of MySQL, in order to trigger a denial of service, and possibly to run code.
Severity: 2/4.
Creation date: 10/02/2017.
Identifiers: cpuapr2017, CVE-2017-3302, DLA-819-1, DLA-819-2, DLA-916-1, DSA-3809-1, DSA-3834-1, openSUSE-SU-2017:1209-1, openSUSE-SU-2017:1475-1, openSUSE-SU-2017:1530-1, RHSA-2017:2192-01, RHSA-2017:2787-01, RHSA-2018:0574-01, SSA:2017-087-01, SUSE-SU-2017:1137-1, SUSE-SU-2017:1311-1, SUSE-SU-2017:1315-1, USN-3269-1, VIGILANCE-VUL-21795.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force the usage of a freed memory area via libmysqlclient of MySQL, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

security note CVE-2017-3135

ISC BIND: assertion error via the combination DNS64+RPZ

Synthesis of the vulnerability

An attacker can force an assertion failure when functions DNS64 and RPZ of ISC BIND are both enabled, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 09/02/2017.
Identifiers: bulletinjul2018, CVE-2017-3135, DLA-843-1, DSA-2019-131, DSA-3795-1, FEDORA-2017-27099c270a, FEDORA-2017-2b46c8b6c2, FEDORA-2017-96b7f4f53e, FEDORA-2017-d0c9bf9508, HPESBUX03747, JSA10799, K80533167, NTAP-20180926-0001, NTAP-20180926-0002, NTAP-20180926-0003, NTAP-20180926-0004, NTAP-20180926-0005, NTAP-20180927-0001, openSUSE-SU-2017:0620-1, RHSA-2017:0276-01, SSA:2017-041-01, USN-3201-1, VIGILANCE-VUL-21790.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The ISC BIND product is a DNS server.

It can compute responses for IPv6 address queries from data for IPv4 addresses. However, when this function is enabled and that the function "Response Policy Zone" is also enabled, an assertion may be evaluated as false, which stops the process with a SIGABORT signal.

An attacker can therefore force an assertion failure when functions DNS64 and RPZ of ISC BIND are both enabled, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about RedHat Enterprise Linux: