The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of RedHat Enterprise Linux

vulnerability announce CVE-2013-7456 CVE-2016-4343 CVE-2016-5093

PHP 5: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PHP 5.
Impacted products: Mac OS X, Debian, BIG-IP Hardware, TMOS, Fedora, openSUSE, openSUSE Leap, PHP, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: privileged access/rights, denial of service on server, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 26/05/2016.
Identifiers: 71331, 72114, 72135, 72227, 72241, CERTFR-2016-AVI-195, CVE-2013-7456, CVE-2016-4343, CVE-2016-5093, CVE-2016-5094, CVE-2016-5095, CVE-2016-5096, DLA-499-1, DLA-533-1, DSA-3602-1, FEDORA-2016-65f1ffdc0c, FEDORA-2016-6b1938566f, HT206903, K43449212, K51390683, openSUSE-SU-2016:1553-1, openSUSE-SU-2016:1688-1, RHSA-2016:2750-01, SOL43449212, SOL51390683, SSA:2016-148-03, SUSE-SU-2016:1581-1, SUSE-SU-2016:1638-1, USN-3030-1, USN-3045-1, VIGILANCE-VUL-19712.

Description of the vulnerability

Several vulnerabilities were announced in PHP 5.

An attacker can generate an integer overflow via fread, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 72114, CVE-2016-5096]

An attacker can generate an integer overflow via php_html_entities, in order to trigger a denial of service, and possibly to run code. [severity:2/4; 72135, CVE-2016-5094, CVE-2016-5095]

An attacker can force a read at an invalid address via imagescale, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; 72227, CVE-2013-7456]

An attacker can force a read at an invalid address via get_icu_value_internal, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; 72241, CVE-2016-5093]

An attacker can force a read at an invalid address via phar_make_dirstream(), in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; 71331, CVE-2016-4343]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-4447 CVE-2016-4448 CVE-2016-4449

libxml2: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of libxml2.
Impacted products: iOS by Apple, iPhone, Mac OS X, Blue Coat CAS, ProxyAV, ProxyRA, ProxySG par Blue Coat, SGOS by Blue Coat, Debian, BIG-IP Hardware, TMOS, Fedora, Junos OS, Junos Space, libxml, McAfee Web Gateway, openSUSE Leap, Oracle Communications, RHEL, Slackware, Splunk Enterprise, SLES, Nessus, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, data reading, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 25/05/2016.
Identifiers: 1989337, 1991909, 1991910, 1991911, 1991913, 1991997, CERTFR-2017-AVI-012, cpujan2018, CVE-2016-4447, CVE-2016-4448, CVE-2016-4449, DLA-503-1, DSA-3593-1, FEDORA-2017-a3a47973eb, FEDORA-2017-be8574d593, HT206902, HT206903, JSA10770, JSA10916, K24322529, K41103561, openSUSE-SU-2016:1595-1, RHSA-2016:1292-01, SA129, SB10170, SOL41103561, SPL-119440, SPL-121159, SPL-123095, SSA:2016-148-01, SUSE-SU-2016:1538-1, SUSE-SU-2016:1604-1, TNS-2017-03, USN-2994-1, USN-3235-1, VIGILANCE-VUL-19694.

Description of the vulnerability

Several vulnerabilities were announced in libxml2.

An attacker can force a read at an invalid address via xmlParseName, in order to trigger a denial of service, or to obtain sensitive information. [severity:1/4; CVE-2016-4447]

An attacker can use a format string attack, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-4448]

An attacker can generate a memory corruption via Entities Content, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-4449]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2015-8874

libgd2: denial of service via imagefilltoborder

Synthesis of the vulnerability

An attacker can generate a fatal error via imagefilltoborder() of libgd2, in order to trigger a denial of service.
Impacted products: Debian, Fedora, FortiAnalyzer, FortiAnalyzer Virtual Appliance, FortiGate, FortiGate Virtual Appliance, FortiOS, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 20/05/2016.
Identifiers: CERTFR-2017-AVI-237, CVE-2015-8874, DLA-482-1, DSA-3587-1, FEDORA-2016-a4d48d6fd6, FEDORA-2016-d126bb1b74, FG-IR-17-051, openSUSE-SU-2016:1524-1, openSUSE-SU-2016:1553-1, RHSA-2016:2750-01, SUSE-SU-2016:1581-1, SUSE-SU-2016:1638-1, USN-2987-1, VIGILANCE-VUL-19670.

Description of the vulnerability

An attacker can generate a fatal error via imagefilltoborder() of libgd2, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-4913

Linux kernel: information disclosure via get_rock_ridge_filename

Synthesis of the vulnerability

A local attacker can read a memory fragment via get_rock_ridge_filename() of the Linux kernel, in order to obtain sensitive information.
Impacted products: Debian, Fedora, Linux, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 18/05/2016.
Identifiers: CERTFR-2016-AVI-220, CERTFR-2016-AVI-267, CERTFR-2017-AVI-034, CVE-2016-4913, DLA-516-1, DSA-3607-1, FEDORA-2016-06f1572324, FEDORA-2016-2363b37a98, FEDORA-2016-c1faf6005c, openSUSE-SU-2016:2144-1, RHSA-2018:3083-01, RHSA-2018:3096-01, SUSE-SU-2016:1672-1, SUSE-SU-2016:1985-1, SUSE-SU-2016:2245-1, SUSE-SU-2017:0333-1, USN-3016-1, USN-3016-2, USN-3016-3, USN-3016-4, USN-3017-1, USN-3017-2, USN-3017-3, USN-3018-1, USN-3018-2, USN-3019-1, USN-3020-1, USN-3021-1, USN-3021-2, VIGILANCE-VUL-19650.

Description of the vulnerability

The Linux kernel supports Rock Ridge extensions for ISO9660.

However, the get_rock_ridge_filename() function of the fs/isofs/rock.c file returns too many data when an entry contains the nul ('\0') character.

A local attacker can therefore read a memory fragment via get_rock_ridge_filename() of the Linux kernel, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-0718

Expat: buffer overflow

Synthesis of the vulnerability

An attacker can generate a buffer overflow of Expat, in order to trigger a denial of service, and possibly to run code.
Impacted products: Mac OS X, Debian, BIG-IP Hardware, TMOS, Fedora, Android OS, Notes, Security Directory Server, WebSphere AS Traditional, openSUSE, openSUSE Leap, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle Internet Directory, Solaris, Tuxedo, WebLogic, Python, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Nessus, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 18/05/2016.
Identifiers: 1988026, 1990421, 1990658, 2000347, bulletinjul2016, CERTFR-2018-AVI-288, cpujul2018, CVE-2016-0718, DSA-3582-1, FEDORA-2016-0fd6ca526a, FEDORA-2016-60889583ab, FEDORA-2016-7c6e7a9265, HT206903, K52320548, openSUSE-SU-2016:1441-1, openSUSE-SU-2016:1523-1, RHSA-2016:2824-01, SSA:2016-359-01, SSA:2017-266-02, SSA:2018-124-01, SUSE-SU-2016:1508-1, SUSE-SU-2016:1512-1, TNS-2016-11, TNS-2018-08, USN-2983-1, USN-3013-1, VIGILANCE-VUL-19644.

Description of the vulnerability

An attacker can generate a buffer overflow of Expat, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2016-3698

libndp: Man-in-the-Middle

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle on libndp, in order to read or write data in the session.
Impacted products: Debian, Fedora, RHEL, Ubuntu.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: intranet server.
Creation date: 17/05/2016.
Identifiers: CVE-2016-3698, DSA-3581-1, FEDORA-2016-2be4263b24, FEDORA-2016-5cbcaebaf2, RHSA-2016:1086-01, USN-2980-1, VIGILANCE-VUL-19631.

Description of the vulnerability

An attacker can act as a Man-in-the-Middle on libndp, in order to read or write data in the session.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-3707

Linux kernel RT: denial of service via Ping SysRq

Synthesis of the vulnerability

An attacker can send a Ping packet to use a SysRq command on the Linux kernel with the RT patch, in order to trigger a denial of service.
Impacted products: Linux, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: intranet client.
Creation date: 17/05/2016.
Identifiers: CERTFR-2016-AVI-267, CERTFR-2016-AVI-275, CVE-2016-3707, RHSA-2016:1341-01, SUSE-SU-2016:1764-1, SUSE-SU-2016:1937-1, SUSE-SU-2016:1985-1, VIGILANCE-VUL-19618.

Description of the vulnerability

The kernel-rt patch can be applied on the Linux kernel.

This patch contains a debugging feature enabled via /sys/kernel/debug/network_sysrq_enable. It allows to remotely send an ICMP Echo (ping) packet containing a SysRq command to run (stop processes, reboot, etc.).

This sysRq command is only executed if the ICMP packet contains the expected cookie. However, a remote attacker can perform a brute force to find this cookie (a local attacker can merely read the /sys/kernel/debug/network_sysrq_magic file).

An attacker can therefore send a Ping packet to use a SysRq command on the Linux kernel with the RT patch, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-3697

Docker: privilege escalation via Numeric UID

Synthesis of the vulnerability

A local attacker can in some cases use an uid on Docker, in order to escalate his privileges.
Impacted products: Docker CE, Fedora, QRadar SIEM, openSUSE, RHEL.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 13/05/2016.
Identifiers: 1329450, 2004947, CVE-2016-3697, FEDORA-2016-6a0d540088, openSUSE-SU-2016:1417-1, RHSA-2016:1034-01, RHSA-2016:2634-01, VIGILANCE-VUL-19615.

Description of the vulnerability

The Docker product can be installed on a system with a numeric user id. For example, if /etc/passwd contains :
  1000::0:0:::/bin/bash
  user::1000:1000:::/bin/bash

However, permission checks are performed on user with the uid 1000, but the access is granted with user named "1000".

A local attacker can therefore in some cases use an uid on Docker, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2016-1667 CVE-2016-1668 CVE-2016-1669

Google Chrome: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Google Chrome.
Impacted products: Debian, Chrome, openSUSE, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 5.
Creation date: 12/05/2016.
Identifiers: CERTFR-2016-AVI-166, CVE-2016-1667, CVE-2016-1668, CVE-2016-1669, CVE-2016-1670, CVE-2016-1671, DSA-3590-1, openSUSE-SU-2016:1304-1, openSUSE-SU-2016:1319-1, openSUSE-SU-2016:1655-1, RHSA-2016:1080-01, USN-2960-1, VIGILANCE-VUL-19611.

Description of the vulnerability

Several vulnerabilities were announced in Google Chrome.

An attacker can bypass security features in DOM, in order to escalate his privileges. [severity:3/4; CVE-2016-1667]

An attacker can bypass security features in Blink V8, in order to escalate his privileges. [severity:3/4; CVE-2016-1668]

An attacker can generate a buffer overflow in V8, in order to trigger a denial of service, and possibly to run code (VIGILANCE-VUL-20142). [severity:3/4; CVE-2016-1669]

An attacker can use a vulnerability in Loader, in order to run code. [severity:2/4; CVE-2016-1670]

An attacker can traverse directories in File Scheme, in order to read a file outside the root path. [severity:2/4; CVE-2016-1671]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-4794

Linux kernel: use after free via pcpu_extend_area_map

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area in pcpu_extend_area_map() via BPF on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Android OS, Linux, openSUSE Leap, RHEL, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: user shell.
Creation date: 12/05/2016.
Identifiers: CERTFR-2016-AVI-278, CVE-2016-4794, openSUSE-SU-2016:1798-1, RHSA-2016:2574-02, RHSA-2016:2584-02, USN-3049-1, USN-3050-1, USN-3051-1, USN-3052-1, USN-3053-1, USN-3054-1, USN-3055-1, USN-3056-1, USN-3057-1, VIGILANCE-VUL-19608.

Description of the vulnerability

An attacker can force the usage of a freed memory area in pcpu_extend_area_map() via BPF on the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about RedHat Enterprise Linux: