The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of RedHat Enterprise Linux

computer vulnerability announce CVE-2014-5355

MIT krb5: two vulnerabilities via krb5_read_message

Synthesis of the vulnerability

An attacker can force two errors due to the krb5_read_message() function of MIT krb5, in order to trigger a denial of service.
Impacted products: AIX, MBS, MIT krb5, openSUSE, Solaris, RHEL, Ubuntu.
Severity: 2/4.
Creation date: 23/02/2015.
Identifiers: bulletinjan2015, CVE-2014-5355, MDVSA-2015:069, openSUSE-SU-2015:0542-1, RHSA-2015:0794-01, RHSA-2015:2154-07, USN-2810-1, VIGILANCE-VUL-16247.

Description of the vulnerability

The krb5_read_message() function reads network messages, and store them in a string.

The krb5_read_message() function does not guaranties that the string containing the version ends with a '\0'. The recvauth_common() function then tries to read a memory area which is not reachable, which triggers a fatal error. [severity:2/4]

An attacker can use a version with a zero length, to force a NULL pointer to be dereferenced in recvauth_common(), in order to trigger a denial of service. [severity:2/4]

An attacker can therefore force two errors due to the krb5_read_message() function of MIT krb5, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2015-0275

Linux kernel: denial of service via ext4_zero_range

Synthesis of the vulnerability

An attacker can force an assertion error in the ext4_zero_range() function of the Linux kernel, in order to trigger a denial of service.
Impacted products: Fedora, Linux, RHEL, Ubuntu.
Severity: 1/4.
Creation date: 23/02/2015.
Identifiers: CERTFR-2015-AVI-254, CERTFR-2015-AVI-391, CVE-2015-0275, FEDORA-2015-3011, FEDORA-2015-3594, RHSA-2015:1778-01, RHSA-2015:1787-01, RHSA-2015:1788-01, USN-2635-1, USN-2636-1, USN-2637-1, USN-2638-1, VIGILANCE-VUL-16241.

Description of the vulnerability

The Linux kernel uses the ext4 filesystem.

However, when a range has a zero size, an assertion error occurs because developers did not expect this case, which stops the process.

An attacker can therefore force an assertion error in the ext4_zero_range() function of the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2015-0273

PHP: two vulnerabilities of unserialize DateTimeZone

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via an unserialize of DateTimeZone on PHP, in order to trigger a denial of service, and possibly to execute code. It is also possible to read a memory area.
Impacted products: Debian, Fedora, HP-UX, MBS, openSUSE, Solaris, PHP, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Creation date: 17/02/2015.
Revision date: 23/02/2015.
Identifiers: 68942, bulletinjul2015, c04686230, CERTFR-2015-AVI-074, CVE-2015-0273, DSA-3195-1, FEDORA-2015-2315, FEDORA-2015-2328, HPSBUX03337, MDVSA-2015:079, MDVSA-2015:080, openSUSE-SU-2015:0440-1, RHSA-2015:1053-01, RHSA-2015:1066-01, RHSA-2015:1135-01, RHSA-2015:1218-01, SSRT102066, SUSE-SU-2016:1638-1, USN-2535-1, VIGILANCE-VUL-16209.

Description of the vulnerability

The PHP unserialize() function converts a string to a PHP data structure.

A DateTimeZone object is used to represent a localized time. The php_date_initialize_from_hash() function unserializes a DateTimeZone object. However, two vulnerabilities were announced in this function.

An attacker can force the usage of a freed memory area in php_date_initialize_from_hash(), in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CERTFR-2015-AVI-074, CVE-2015-0273]

An attacker can read a memory fragment via php_date_initialize_from_hash(), in order to obtain sensitive information. [severity:1/4]

An attacker can therefore force the usage of a freed memory area via an unserialize of DateTimeZone on PHP, in order to trigger a denial of service, and possibly to execute code. It is also possible to read a memory area.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2014-9656 CVE-2014-9657 CVE-2014-9658

FreeType: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of FreeType.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, Android OS, MBS, OpenBSD, openSUSE, Solaris, RHEL, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Creation date: 20/02/2015.
Identifiers: bulletinapr2015, CVE-2014-9656, CVE-2014-9657, CVE-2014-9658, CVE-2014-9659, CVE-2014-9660, CVE-2014-9661, CVE-2014-9662, CVE-2014-9663, CVE-2014-9664, CVE-2014-9665, CVE-2014-9666, CVE-2014-9667, CVE-2014-9668, CVE-2014-9669, CVE-2014-9670, CVE-2014-9671, CVE-2014-9672, CVE-2014-9673, CVE-2014-9674, CVE-2014-9675, DSA-3188-1, DSA-3461-1, FEDORA-2015-2216, FEDORA-2015-2237, MDVSA-2015:055, MDVSA-2015:089, openSUSE-SU-2015:0627-1, RHSA-2015:0696-01, SOL16900, USN-2510-1, VIGILANCE-VUL-16229.

Description of the vulnerability

Several vulnerabilities were announced in FreeType.

An attacker can generate an integer overflow in tt_sbit_decoder_load_image, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-9656]

An attacker can force a read at an invalid address in tt_face_load_hdmx, in order to trigger a denial of service. [severity:2/4; CVE-2014-9657]

An attacker can force a read at an invalid address in tt_face_load_kern, in order to trigger a denial of service. [severity:2/4; CVE-2014-9658]

An attacker can generate a buffer overflow in cff/cf2intrp.c, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-9659]

An attacker can force a NULL pointer to be dereferenced in _bdf_parse_glyphs, in order to trigger a denial of service. [severity:2/4; CVE-2014-9660]

An attacker can force the usage of a freed memory area in type42/t42parse.c, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-9661]

An attacker can generate a buffer overflow in cff/cf2ft.c, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-9662]

An attacker can force a read at an invalid address in tt_cmap4_validate, in order to trigger a denial of service. [severity:2/4; CVE-2014-9663]

An attacker can force a read at an invalid address in type42/t42parse.c and type1/t1load.c, in order to trigger a denial of service. [severity:2/4; CVE-2014-9664]

An attacker can generate an integer overflow in Load_SBit_Png, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-9665]

An attacker can force a read at an invalid address in tt_sbit_decoder_init, in order to trigger a denial of service. [severity:2/4; CVE-2014-9666]

An attacker can force a read at an invalid address in sfnt/ttload.c, in order to trigger a denial of service. [severity:2/4; CVE-2014-9667]

An attacker can generate an integer overflow in woff_open_font, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-9668]

An attacker can generate an integer overflow in sfnt/ttcmap.c, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-9669]

An attacker can generate an integer overflow in pcf_get_encodings, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-9670]

An attacker can force a NULL pointer to be dereferenced in pcf_get_properties, in order to trigger a denial of service. [severity:2/4; CVE-2014-9671]

An attacker can force a read at an invalid address in parse_fond, in order to trigger a denial of service. [severity:2/4; CVE-2014-9672]

An attacker can generate an integer overflow in Mac_Read_POST_Resource, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-9673]

An attacker can generate a buffer overflow in Mac_Read_POST_Resource, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; CVE-2014-9674]

An attacker can use bdf/bdflib.c, in order to obtain sensitive information on ASLR. [severity:2/4; CVE-2014-9675]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2015-1349

BIND: denial of service via DNSSEC Trust Anchor

Synthesis of the vulnerability

An attacker can invite BIND to perform a DNSSEC validation, in order to trigger a denial of service.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP-UX, BIND, MBS, openSUSE, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 19/02/2015.
Identifiers: c04745746, CVE-2015-1349, DSA-3162-1, FEDORA-2015-2543, FEDORA-2015-2548, FreeBSD-SA-15:05.bind, HPSBUX03379, MDVSA-2015:054, MDVSA-2015:165, openSUSE-SU-2015:1250-1, openSUSE-SU-2015:1250-2, openSUSE-SU-2015:1326-1, RHSA-2015:0672-01, SOL16356, SSA:2015-111-01, SSRT101976, SUSE-SU-2015:1205-1, USN-2503-1, VIGILANCE-VUL-16215.

Description of the vulnerability

The BIND product can be configured to perform DNSSEC validation, with "dnssec-validation auto;" or "dnssec-lookaside auto;".

However, an assertion error occurs when BIND validates a Trust Anchor, with:
 - a key which was previously trusted but now flagged as revoked
 - when there are no other trusted keys available
 - when there is a standby key, but it is not trusted yet

An attacker can therefore invite BIND to perform a DNSSEC validation, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2014-9683

Linux kernel: buffer overflow of ecryptfs_decode_from_filename

Synthesis of the vulnerability

An attacker can generate a buffer overflow in the ecryptfs_decode_from_filename() function of the Linux kernel, in order to trigger a denial of service, and possibly to execute code.
Impacted products: Debian, Linux, MBS, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 18/02/2015.
Identifiers: CERTFR-2015-AVI-081, CERTFR-2015-AVI-121, CVE-2014-9683, DSA-3170-1, MDVSA-2015:058, openSUSE-SU-2016:0301-1, RHSA-2015:1272-01, SUSE-SU-2015:1376-1, SUSE-SU-2015:1478-1, USN-2515-1, USN-2515-2, USN-2516-1, USN-2516-2, USN-2516-3, USN-2517-1, USN-2518-1, USN-2541-1, VIGILANCE-VUL-16211.

Description of the vulnerability

The eCryptfs filesystem is used to encrypt data.

However, if a file name is special, an overflow of one byte occurs in the ecryptfs_decode_from_filename() function.

An attacker can therefore generate a buffer overflow in the ecryptfs_decode_from_filename() function of the Linux kernel, in order to trigger a denial of service, and possibly to execute code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2015-1593

Linux kernel: weakness of ASLR via randomize_stack_top

Synthesis of the vulnerability

An attacker can use a weakness of ASLR of the Linux kernel, in order to more easily guess a stack address.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, Linux, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 13/02/2015.
Identifiers: CERTFR-2015-AVI-140, CERTFR-2015-AVI-144, CERTFR-2015-AVI-263, CVE-2015-1593, DSA-3170-1, FEDORA-2015-3011, FEDORA-2015-3594, openSUSE-SU-2015:0713-1, openSUSE-SU-2015:0714-1, RHSA-2015:1137-01, RHSA-2015:1138-01, RHSA-2015:1139-01, RHSA-2015:1221-01, SOL17244, SUSE-SU-2015:0581-1, SUSE-SU-2015:0736-1, USN-2560-1, USN-2561-1, USN-2562-1, USN-2563-1, USN-2564-1, USN-2565-1, VIGILANCE-VUL-16193.

Description of the vulnerability

Systems use ASLR in order to randomize memory addresses used by programs and libraries.

The randomize_stack_top() function of the fs/binfmt_elf.c file randomizes stack addresses. However, it uses a 32 bit integer to store 34 bits, so two bits of random are lost. An attacker thus have four more chances to bypass ASLR (268 million values, instead of 1 billion).

An attacker can therefore use a weakness of ASLR of the Linux kernel, in order to more easily guess a stack address.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2015-0255

X.Org Server: information disclosure via XkbSetGeometry

Synthesis of the vulnerability

A local attacker can read a memory fragment via XkbSetGeometry on X.Org Server, in order to obtain sensitive information.
Impacted products: Debian, Fedora, MBS, OpenBSD, openSUSE, Solaris, RHEL, Ubuntu, XOrg Bundle ~ not comprehensive.
Severity: 1/4.
Creation date: 11/02/2015.
Identifiers: bulletinapr2015, bulletinjul2015, CERTFR-2015-AVI-169, CVE-2015-0255, DSA-3160-1, FEDORA-2015-3948, FEDORA-2015-3964, MDVSA-2015:119, openSUSE-SU-2015:0337-1, openSUSE-SU-2015:0338-1, RHSA-2015:0797-01, USN-2500-1, VIGILANCE-VUL-16168.

Description of the vulnerability

The XKB extension of the X11 protocol offers advanced features to manage keyboards.

The XkbSetGeometry message defines physical properties of a keyboard: size, shape, key color, doodads, etc.

However, if the client indicates large field sizes in XkbSetGeometry, then the xkb/xkb.c file of the X11 server accepts to copy too many data, and to return them to the user.

A local attacker can therefore read a memory fragment via XkbSetGeometry on X.Org Server, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2014-9679

CUPS: buffer overflow of cupsRasterReadPixels

Synthesis of the vulnerability

An attacker can generate a buffer overflow in the cupsRasterReadPixels() function of CUPS, in order to trigger a denial of service, and possibly to execute code.
Impacted products: CUPS, Debian, Fedora, MBS, openSUSE, Solaris, RHEL, Ubuntu.
Severity: 2/4.
Creation date: 10/02/2015.
Identifiers: bulletinapr2016, CVE-2014-9679, DSA-3172-1, FEDORA-2015-2127, FEDORA-2015-2152, MDVSA-2015:049, MDVSA-2015:108, openSUSE-SU-2015:0381-1, RHSA-2015:1123-01, USN-2520-1, VIGILANCE-VUL-16157.

Description of the vulnerability

The CUPS product offers the libcupsimage library, which provides functions to manipulate raster images.

The cupsRasterReadPixels() function reads a pixel from a raster image. However, if the size of data is greater than the size of the storage array, an overflow occurs.

An attacker can therefore generate a buffer overflow in the cupsRasterReadPixels() function of CUPS, in order to trigger a denial of service, and possibly to execute code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2015-0226 CVE-2015-0227

Apache WSS4J: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Apache WSS4J.
Impacted products: WSS4J, WebSphere AS Traditional, RHEL, JBoss EAP by Red Hat.
Severity: 2/4.
Creation date: 10/02/2015.
Identifiers: 1959083, CVE-2015-0226, CVE-2015-0227, RHSA-2015:0773-01, RHSA-2015:0846-01, RHSA-2015:0847-01, RHSA-2015:0848-01, RHSA-2015:0849-01, RHSA-2015:1176-01, RHSA-2015:1177-01, VIGILANCE-VUL-16144.

Description of the vulnerability

Several vulnerabilities were announced in Apache WSS4J.

An attacker can analyze decryption errors of XML Encryption with PKCS#1 v1.5 Key Transport Algorithm, in order to perform a Bleichenbacher attack. [severity:2/4; CVE-2015-0226]

An attacker can bypass the requireSignedEncryptedDataElements directive, in order to ignore the signature. [severity:2/4; CVE-2015-0227]
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about RedHat Enterprise Linux: