The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of RedHat Enterprise Linux

computer vulnerability announce CVE-2016-5410

firewalld: privilege escalation

Synthesis of the vulnerability

An attacker can bypass restrictions of firewalld, in order to escalate his privileges.
Impacted products: Fedora, RHEL.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, data flow.
Provenance: user account.
Creation date: 22/08/2016.
Identifiers: CVE-2016-5410, FEDORA-2016-de55d2c2c9, RHSA-2016:2597-02, VIGILANCE-VUL-20447.

Description of the vulnerability

An attacker can bypass restrictions of firewalld, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-6888

QEMU: NULL pointer dereference via VMXNET3

Synthesis of the vulnerability

An attacker, who is administrator in a guest system, can force a NULL pointer to be dereferenced via VMXNET3 of QEMU, in order to trigger a denial of service on the host system.
Impacted products: Debian, openSUSE, openSUSE Leap, QEMU, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: privileged shell.
Creation date: 19/08/2016.
Identifiers: CVE-2016-6888, DLA-1599-1, openSUSE-SU-2016:2494-1, openSUSE-SU-2016:2497-1, openSUSE-SU-2016:2642-1, RHSA-2017:2392-01, SUSE-SU-2016:2473-1, SUSE-SU-2016:2507-1, SUSE-SU-2016:2533-1, SUSE-SU-2016:2589-1, USN-3125-1, VIGILANCE-VUL-20439.

Description of the vulnerability

The QEMU product supports VMWARE VMXNET3 devices.

However, an integer overflow in the net_tx_pkt_init() function leads to the usage of the memory at address zero.

An attacker, who is administrator in a guest system, can therefore force a NULL pointer to be dereferenced via VMXNET3 of QEMU, in order to trigger a denial of service on the host system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2016-7124 CVE-2016-7125 CVE-2016-7126

PHP 7: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PHP 7.
Impacted products: PHP, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 18.
Creation date: 19/08/2016.
Identifiers: 71894, 72024, 72142, 72660, 72663, 72674, 72681, 72697, 72708, 72710, 72730, 72742, 72749, 72750, 72771, 72782, 72790, 72799, 72807, 72837, CVE-2016-7124, CVE-2016-7125, CVE-2016-7126, CVE-2016-7127, CVE-2016-7129, CVE-2016-7130, CVE-2016-7131, CVE-2016-7132, CVE-2016-7133, CVE-2016-7134, RHSA-2016:2750-01, SUSE-SU-2016:2408-1, SUSE-SU-2016:2460-1, SUSE-SU-2016:2460-2, SUSE-SU-2016:2683-1, SUSE-SU-2016:2683-2, USN-3095-1, VIGILANCE-VUL-20437.

Description of the vulnerability

Several vulnerabilities were announced in PHP 7.

An attacker can create a memory leak via microtime, in order to trigger a denial of service. [severity:1/4; 72024]

An attacker can inject data in PHP Session. [severity:2/4; 72681, CVE-2016-7125]

An attacker can generate an integer overflow via bzdecompress, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 72837]

An attacker can generate a buffer overflow via zif_cal_from_jd, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 71894]

An attacker can generate an integer overflow via curl_escape, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 72807]

An attacker can generate a buffer overflow via mb_ereg, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 72710]

An attacker can generate an integer overflow via Mcrypt, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 72782]

An attacker can generate an integer overflow via php_snmp_parse_oid, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 72708]

An attacker can use a Protocol Downgrade on ftps://, in order to read or alter data. [severity:2/4; 72771]

An attacker can generate a memory corruption via wddx_serialize_value, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 72142]

An attacker can force a read at an invalid address via wddx_deserialize, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; 72749, CVE-2016-7129]

An attacker can force a NULL pointer to be dereferenced via wddx_deserialize, in order to trigger a denial of service. [severity:1/4; 72750, 72790, 72799, CVE-2016-7130, CVE-2016-7131, CVE-2016-7132]

An attacker can force a NULL pointer to be dereferenced via zend_virtual_cwd, in order to trigger a denial of service. [severity:1/4; 72660]

An attacker can use a vulnerability via __wakeup(), in order to run code. [severity:2/4; 72663, CVE-2016-7124]

An attacker can generate a buffer overflow via select_colors(), in order to trigger a denial of service, and possibly to run code. [severity:2/4; 72697, CVE-2016-7126]

An attacker can generate a buffer overflow via imagegammacorrect(), in order to trigger a denial of service, and possibly to run code. [severity:2/4; 72730, CVE-2016-7127]

An attacker can generate a memory corruption via Memory Allocator, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 72742, CVE-2016-7133]

An attacker can generate a buffer overflow via curl_escape(), in order to trigger a denial of service, and possibly to run code. [severity:2/4; 72674, CVE-2016-7134]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-7124 CVE-2016-7125 CVE-2016-7126

PHP 5: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PHP 5.
Impacted products: Debian, BIG-IP Hardware, TMOS, openSUSE, openSUSE Leap, PHP, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 21.
Creation date: 19/08/2016.
Identifiers: 70436, 71894, 72024, 72142, 72627, 72663, 72681, 72697, 72708, 72710, 72730, 72749, 72750, 72771, 72790, 72799, 72807, 72836, 72837, 72838, 72848, 72849, 72850, CVE-2016-7124, CVE-2016-7125, CVE-2016-7126, CVE-2016-7127, CVE-2016-7128, CVE-2016-7129, CVE-2016-7130, CVE-2016-7131, CVE-2016-7132, DLA-749-1, DSA-3689-1, K54308010, openSUSE-SU-2016:2337-1, openSUSE-SU-2016:2451-1, RHSA-2016:2750-01, SOL35232053, SOL54308010, SSA:2016-252-01, SUSE-SU-2016:2328-1, SUSE-SU-2016:2408-1, SUSE-SU-2016:2459-1, SUSE-SU-2016:2460-1, SUSE-SU-2016:2460-2, SUSE-SU-2016:2683-1, SUSE-SU-2016:2683-2, USN-3095-1, VIGILANCE-VUL-20436.

Description of the vulnerability

Several vulnerabilities were announced in PHP 5.

An attacker can generate an integer overflow via bzdecompress, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 72837]

An attacker can force the usage of a freed memory area via unserialize, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 70436]

An attacker can create a memory leak via microtime, in order to trigger a denial of service. [severity:1/4; 72024]

An attacker can inject data in PHP Session. [severity:2/4; 72681, CVE-2016-7125]

An attacker can generate a buffer overflow via zif_cal_from_jd, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 71894]

An attacker can generate an integer overflow via curl_escape, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 72807]

An attacker can generate an integer overflow via sql_regcase, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 72838]

An attacker can create a memory leak via exif_process_IFD_in_TIFF, in order to trigger a denial of service. [severity:1/4; 72627, CVE-2016-7128]

An attacker can generate a buffer overflow via mb_ereg, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 72710]

An attacker can generate an integer overflow via php_snmp_parse_oid, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 72708]

An attacker can generate an integer overflow via base64_decode, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 72836]

An attacker can generate an integer overflow via quoted_printable_encode, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 72848]

An attacker can generate an integer overflow via urlencode, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 72849]

An attacker can generate an integer overflow via php_uuencode, in order to trigger a denial of service, and possibly to run code. [severity:3/4; 72850]

An attacker can use a Protocol Downgrade on ftps://, in order to read or alter data. [severity:2/4; 72771]

An attacker can generate a memory corruption via wddx_serialize_value, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 72142]

An attacker can force a read at an invalid address via wddx_deserialize, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; 72749, CVE-2016-7129]

An attacker can force a NULL pointer to be dereferenced via wddx_deserialize, in order to trigger a denial of service. [severity:1/4; 72750, 72790, 72799, CVE-2016-7130, CVE-2016-7131, CVE-2016-7132]

An attacker can use a vulnerability via __wakeup(), in order to run code. [severity:2/4; 72663, CVE-2016-7124]

An attacker can generate a buffer overflow via select_colors(), in order to trigger a denial of service, and possibly to run code. [severity:2/4; 72697, CVE-2016-7126]

An attacker can generate a buffer overflow via imagegammacorrect(), in order to trigger a denial of service, and possibly to run code. [severity:2/4; 72730, CVE-2016-7127]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-6327

Linux kernel: NULL pointer dereference via srpt_handle_tsk_mgmt

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via srpt_handle_tsk_mgmt of the Linux kernel, in order to trigger a denial of service.
Impacted products: Linux, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Creation date: 19/08/2016.
Identifiers: CERTFR-2017-AVI-001, CERTFR-2017-AVI-053, CVE-2016-6327, openSUSE-SU-2016:2625-1, openSUSE-SU-2016:3021-1, RHSA-2016:2574-02, RHSA-2016:2584-02, SUSE-SU-2016:2912-1, SUSE-SU-2016:3304-1, SUSE-SU-2017:0471-1, VIGILANCE-VUL-20433.

Description of the vulnerability

An attacker can force a NULL pointer to be dereferenced via srpt_handle_tsk_mgmt of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-5404

FreeIPA: denial of service via cert_revoke

Synthesis of the vulnerability

An attacker, who has the "retrieve certificate" permission, can revoke certificates on FreeIPA, in order to trigger a denial of service.
Impacted products: Fedora, FreeIPA, RHEL.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: user shell.
Creation date: 18/08/2016.
Identifiers: 1351593, CVE-2016-5404, FEDORA-2016-7898627d08, FEDORA-2016-92a3655b70, RHSA-2016:1797-01, VIGILANCE-VUL-20426.

Description of the vulnerability

The FreeIPA product can be used to manage authentication certificates.

The cert_revoke command revokes a certificate. However, this command does not check if the user has the "revoke certificate" permission.

An attacker, who has the "retrieve certificate" permission, can therefore revoke certificates on FreeIPA, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-6313

GnuPG: predicting 160 bits

Synthesis of the vulnerability

An attacker can use a vulnerability in the pseudo-random generator of GnuPG, in order to predict bits.
Impacted products: Debian, Fedora, GnuPG, Security Directory Server, openSUSE, openSUSE Leap, Solaris, RHEL, Slackware, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 18/08/2016.
Identifiers: 2000347, bulletinoct2017, CVE-2016-6313, CVE-2016-6316-ERROR, DLA-600-1, DLA-602-1, DSA-3649-1, DSA-3650-1, FEDORA-2016-2b4ecfa79f, FEDORA-2016-3a0195918f, FEDORA-2016-81aab0aff9, FEDORA-2016-9864953aa3, openSUSE-SU-2016:2208-1, openSUSE-SU-2016:2423-1, RHSA-2016:2674-01, SSA:2016-236-01, SSA:2016-236-02, USN-3064-1, USN-3065-1, VIGILANCE-VUL-20413.

Description of the vulnerability

The GnuPG/Libgcrypt product uses a pseudo-random generator to generate series of bits, used by keys.

However, an attacker who can read 4640 successive bits can predict the 160 next bits.

Existing RSA keys are not weakened. Existing DSA / ElGamal keys should not be weakened. The editor thus recommends to not revoke existing keys.

An attacker can therefore use a vulnerability in the pseudo-random generator of GnuPG, in order to predict bits.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-6828

Linux kernel: use after free via tcp_xmit_retransmit_queue

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via tcp_xmit_retransmit_queue() on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, Android OS, Linux, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: user shell.
Creation date: 16/08/2016.
Identifiers: CERTFR-2016-AVI-334, CERTFR-2017-AVI-001, CERTFR-2017-AVI-034, CERTFR-2017-AVI-053, CERTFR-2017-AVI-054, CVE-2016-6828, DLA-609-1, DSA-3659-1, FEDORA-2016-5e24d8c350, FEDORA-2016-723350dd75, FEDORA-2016-f1adaaadc6, K62442245, openSUSE-SU-2016:2290-1, openSUSE-SU-2016:2625-1, openSUSE-SU-2016:3021-1, RHSA-2017:0036-01, RHSA-2017:0086-01, RHSA-2017:0091-01, RHSA-2017:0113-01, SUSE-SU-2016:2912-1, SUSE-SU-2016:2976-1, SUSE-SU-2016:3069-1, SUSE-SU-2016:3304-1, SUSE-SU-2017:0333-1, SUSE-SU-2017:0471-1, SUSE-SU-2017:0494-1, USN-3097-1, USN-3097-2, USN-3098-1, USN-3098-2, USN-3099-1, USN-3099-2, USN-3099-3, USN-3099-4, VIGILANCE-VUL-20384.

Description of the vulnerability

The Linux kernel manages a TCP sending queue.

However, special system call sequence forces the tcp_xmit_retransmit_queue() function to free a memory area before reusing it.

An attacker can therefore force the usage of a freed memory area via tcp_xmit_retransmit_queue() on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2015-5221

JasPer: use after free via mif_cod.c

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via mif_cod.c of JasPer, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, RHEL, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 16/08/2016.
Identifiers: CVE-2015-5221, DLA-1583-1, FEDORA-2016-5a7e745a56, FEDORA-2016-7776983633, FEDORA-2016-bbecf64af4, openSUSE-SU-2016:2722-1, openSUSE-SU-2016:2737-1, openSUSE-SU-2016:2833-1, RHSA-2017:1208-01, USN-3693-1, VIGILANCE-VUL-20380.

Description of the vulnerability

An attacker can force the usage of a freed memory area via mif_cod.c of JasPer, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2015-5203

JasPer: use after free via jasper_image_stop_load

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via jasper_image_stop_load of JasPer, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, RHEL, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 16/08/2016.
Identifiers: CVE-2015-5203, DLA-1583-1, FEDORA-2016-5a7e745a56, FEDORA-2016-7776983633, FEDORA-2016-bbecf64af4, openSUSE-SU-2016:2722-1, openSUSE-SU-2016:2737-1, openSUSE-SU-2016:2833-1, RHSA-2017:1208-01, USN-3693-1, VIGILANCE-VUL-20379.

Description of the vulnerability

An attacker can force the usage of a freed memory area via jasper_image_stop_load of JasPer, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about RedHat Enterprise Linux: