The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of RedHat Enterprise Linux

vulnerability note CVE-2015-8213

Django: information disclosure via Date Template Filter

Synthesis of the vulnerability

An attacker can bypass access restrictions to data in Date Template Filter of Django, in order to obtain sensitive information.
Impacted products: Debian, Fedora, openSUSE, Solaris, RHEL, Ubuntu.
Severity: 1/4.
Creation date: 25/11/2015.
Identifiers: bulletinjan2018, CVE-2015-8213, DSA-3404-1, FEDORA-2015-323274d412, FEDORA-2015-a8c8f60fbd, openSUSE-SU-2015:2199-1, openSUSE-SU-2015:2202-1, RHSA-2016:0129-01, RHSA-2016:0156-01, RHSA-2016:0157-01, RHSA-2016:0158-01, RHSA-2016:0360-01, USN-2816-1, VIGILANCE-VUL-18374.

Description of the vulnerability

The Django product offers a date filter.

However, an attacker can bypass access restrictions to data using the SECRET_KEY value.

An attacker can therefore use a vulnerability in the Date Template Filter of Django, in order to obtain sensitive information.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2015-5312 CVE-2015-7497 CVE-2015-7498

libxml2: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of libxml2.
Impacted products: Debian, Fedora, libxml, openSUSE, openSUSE Leap, RHEL, Nessus, Ubuntu.
Severity: 3/4.
Creation date: 23/11/2015.
Identifiers: CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500, DSA-3430-1, FEDORA-2015-037f844d3e, FEDORA-2015-c24af963a2, openSUSE-SU-2015:2372-1, openSUSE-SU-2016:0106-1, RHSA-2015:2549-01, RHSA-2015:2550-01, RHSA-2016:1087-01, RHSA-2016:1088-01, RHSA-2016:1089-01, TNS-2017-03, USN-2834-1, USN-2875-1, VIGILANCE-VUL-18354.

Description of the vulnerability

Several vulnerabilities were announced in libxml2.

An attacker can force a read at an invalid address in Entities Boundaries, in order to trigger a denial of service. [severity:1/4; CVE-2015-7500]

An attacker can generate an infinite loop in xmlHaltParser, in order to trigger a denial of service. [severity:1/4; CVE-2015-7499]

An unknown vulnerability was announced in Entity Expansion. [severity:1/4; CVE-2015-5312]

An attacker can generate a buffer overflow in xmlDictComputeFastQKey(), in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-7497]

An unknown vulnerability was announced in Encoding Conversion. [severity:2/4; CVE-2015-7498]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2015-8317

libxml2: unreachable memory reading via xmlParseXMLDecl

Synthesis of the vulnerability

An attacker can create a malformed XML/HTML file, in order to generate a denial of service in applications linked to libxml2.
Impacted products: Debian, libxml, openSUSE, openSUSE Leap, RHEL, Nessus, Ubuntu.
Severity: 1/4.
Creation date: 23/11/2015.
Identifiers: CVE-2015-8317, DSA-3430-1, openSUSE-SU-2015:2372-1, openSUSE-SU-2016:0106-1, RHSA-2015:2549-01, RHSA-2015:2550-01, RHSA-2016:1087-01, RHSA-2016:1088-01, RHSA-2016:1089-01, TNS-2017-03, USN-2834-1, VIGILANCE-VUL-18353.

Description of the vulnerability

The libxml2 library implements an XML parser.

However, the xmlParseXMLDecl() function tries to read an unreachable memory area, which triggers a fatal error.

An attacker can therefore create a malformed XML/HTML file, in order to generate a denial of service in applications linked to libxml2.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2014-8240 CVE-2014-8241

TigerVNC: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of TigerVNC.
Impacted products: Solaris, RHEL.
Severity: 2/4.
Creation date: 20/11/2015.
Identifiers: bulletinoct2015, CVE-2014-8240, CVE-2014-8241, RHSA-2015:2233-03, VIGILANCE-VUL-18350.

Description of the vulnerability

Several vulnerabilities were announced in TigerVNC.

An attacker can generate an integer overflow via Screen Size, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2014-8240]

An attacker can force a NULL pointer to be dereferenced in XRegion, in order to trigger a denial of service. [severity:1/4; CVE-2014-8241]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2015-3276

OpenLDAP: incorrect algorithm choice for TLS in multi-keyword

Synthesis of the vulnerability

An attacker can force the TLS session of OpenLDAP to choose a weaker algorithm if the configured cipherstring contains several keywords, in order to more easily attack this session.
Impacted products: Fedora, OpenLDAP, RHEL.
Severity: 1/4.
Creation date: 20/11/2015.
Identifiers: 1238322, CVE-2015-3276, FEDORA-2017-ceb1b8659e, RHSA-2015:2131-03, VIGILANCE-VUL-18342.

Description of the vulnerability

The TLS configuration of OpenLDAP can use a cipherstring containing several keywords. For example "ECDH+SHA".

However, the logic implemented by the nss_parse_ciphers() function of libldap/tls_m.c uses a logical OR instead of an AND when there are several keywords. For example, "DES-CBC-SHA" is selected because it contains SHA, but it does not contain ECDH.

An attacker can therefore force the TLS session of OpenLDAP to choose a weaker algorithm if the configured cipherstring contains several keywords, in order to more easily attack this session.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2015-8242

libxml2: unreachable memory reading via xmlSAX2TextNode

Synthesis of the vulnerability

An attacker can create a malformed XML/HTML file, in order to generate a denial of service in applications linked to libxml2.
Impacted products: Fedora, libxml, openSUSE, openSUSE Leap, RHEL, Nessus, Ubuntu.
Severity: 1/4.
Creation date: 19/11/2015.
Identifiers: 756372, CVE-2015-8242, FEDORA-2015-037f844d3e, FEDORA-2015-c24af963a2, openSUSE-SU-2015:2372-1, openSUSE-SU-2016:0106-1, RHSA-2015:2549-01, RHSA-2015:2550-01, RHSA-2016:1087-01, RHSA-2016:1088-01, RHSA-2016:1089-01, TNS-2017-03, USN-2834-1, VIGILANCE-VUL-18334.

Description of the vulnerability

The libxml2 library implements an XML parser.

However, the xmlSAX2TextNode()/htmlParseTryOrFinish() function tries to read an unreachable memory area, which triggers a fatal error.

An attacker can therefore create a malformed XML/HTML file, in order to generate a denial of service in applications linked to libxml2.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2015-8241

libxml2: unreachable memory reading via xmlParseMarkupDecl

Synthesis of the vulnerability

An attacker can create a malformed XML file, in order to generate a denial of service in applications linked to libxml2.
Impacted products: Debian, AIX, libxml, openSUSE, openSUSE Leap, RHEL, Nessus, Ubuntu.
Severity: 1/4.
Creation date: 17/11/2015.
Identifiers: 756263, CVE-2015-8241, DSA-3430-1, openSUSE-SU-2015:2372-1, openSUSE-SU-2016:0106-1, RHSA-2015:2549-01, RHSA-2015:2550-01, RHSA-2016:1087-01, RHSA-2016:1088-01, RHSA-2016:1089-01, TNS-2017-03, USN-2834-1, VIGILANCE-VUL-18321.

Description of the vulnerability

The libxml2 library implements an XML parser.

However, the xmlParseMarkupDecl() function tries to read an unreachable memory area, which triggers a fatal error.

An attacker can therefore create a malformed XML file, in order to generate a denial of service in applications linked to libxml2.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2015-0272 CVE-2015-8215

Linux kernel, NetworkManager: denial of service via IPv6 RA MTU

Synthesis of the vulnerability

An attacker can send an IPv6 RA packet with a malicious MTU, which is accepted by NetworkManager and by the Linux kernel, in order to trigger a denial of service.
Impacted products: Debian, Linux, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Creation date: 22/09/2015.
Revision date: 17/11/2015.
Identifiers: 1192132, CERTFR-2015-AVI-435, CERTFR-2015-AVI-436, CERTFR-2015-AVI-508, CERTFR-2015-AVI-563, CERTFR-2016-AVI-050, CERTFR-2016-AVI-073, CVE-2015-0272, CVE-2015-8215, DSA-3364-1, openSUSE-SU-2015:1842-1, openSUSE-SU-2016:0301-1, openSUSE-SU-2016:0318-1, openSUSE-SU-2016:2649-1, RHSA-2015:2315-01, RHSA-2016:0855-01, SUSE-SU-2015:2108-1, SUSE-SU-2015:2194-1, SUSE-SU-2015:2292-1, SUSE-SU-2015:2339-1, SUSE-SU-2015:2350-1, SUSE-SU-2016:0354-1, SUSE-SU-2016:0585-1, SUSE-SU-2016:2074-1, USN-2775-1, USN-2776-1, USN-2778-1, USN-2779-1, USN-2792-1, USN-2796-1, USN-2797-1, VIGILANCE-VUL-17946.

Description of the vulnerability

On a local network, IPv6 routers send the ICMPv6 Router Advertisement message to announce their presence and propose a MTU.

However, neither NetworkManager (CVE-2015-0272), nor the Linux kernel (CVE-2015-8215), check if the offered MTU is in the range IPV6_MIN_MTU to InterfaceMTU.

An attacker can therefore send an IPv6 RA packet with a malicious MTU, which is accepted by NetworkManager and by the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2015-8126

libpng: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of libpng.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, libpng, Domino, Notes, ePO, openSUSE, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu, VLC.
Severity: 3/4.
Creation date: 12/11/2015.
Identifiers: 1975365, 1976200, 1976262, 1977405, bulletinjul2016, CERTFR-2015-AVI-488, CVE-2015-8126, DSA-3399-1, FEDORA-2015-13668fff74, FEDORA-2015-1d87313b7c, FEDORA-2015-233750b6ab, FEDORA-2015-39499d9af8, FEDORA-2015-4ad4998d00, FEDORA-2015-501493d853, FEDORA-2015-5e52306c9c, FEDORA-2015-8a1243db75, FEDORA-2015-97fc1797fa, FEDORA-2015-ac8100927a, FEDORA-2015-c80ec85542, FEDORA-2015-ec2ddd15d7, FEDORA-2016-43735c33a7, FEDORA-2016-9a1c707b10, openSUSE-SU-2015:2099-1, openSUSE-SU-2015:2100-1, openSUSE-SU-2015:2135-1, openSUSE-SU-2015:2136-1, openSUSE-SU-2016:0103-1, openSUSE-SU-2016:0104-1, openSUSE-SU-2016:0105-1, openSUSE-SU-2016:0263-1, openSUSE-SU-2016:0268-1, openSUSE-SU-2016:0270-1, openSUSE-SU-2016:0272-1, openSUSE-SU-2016:0279-1, RHSA-2015:2594-01, RHSA-2015:2595-01, RHSA-2015:2596-01, SB10148, SOL76930736, SSA:2015-337-01, SUSE-SU-2016:0256-1, SUSE-SU-2016:0265-1, SUSE-SU-2016:0269-1, SUSE-SU-2016:0390-1, SUSE-SU-2016:0399-1, SUSE-SU-2016:0401-1, SUSE-SU-2016:0428-1, SUSE-SU-2016:0431-1, SUSE-SU-2016:0433-1, SUSE-SU-2016:0636-1, SUSE-SU-2016:0770-1, SUSE-SU-2016:0776-1, USN-2815-1, VIGILANCE-VUL-18301.

Description of the vulnerability

Several vulnerabilities were announced in libpng.

An attacker can force a read at an invalid address in png_set_tIME, in order to trigger a denial of service. [severity:1/4]

An attacker can generate a buffer overflow in png_get_PLTE, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-8126]

An attacker can generate a buffer overflow in png_set_PLTE, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2015-8126]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2015-4852 CVE-2015-6420 CVE-2015-6934

Apache Commons Collections: code execution via InvokerTransformer

Synthesis of the vulnerability

An attacker can send a malicious serialized Gadget Chain object to a Java application using Apache Commons Collections, in order to run shell code.
Impacted products: CAS Server, Blue Coat CAS, SGOS by Blue Coat, Brocade Network Advisor, Brocade vTM, ASA, AsyncOS, Cisco ESA, Cisco Prime Access Registrar, Prime Infrastructure, Cisco Prime LMS, Cisco PRSM, Secure ACS, Cisco CUCM, Cisco Unified CCX, Cisco MeetingPlace, Cisco Unity ~ precise, Debian, BIG-IP Hardware, TMOS, HPE BSM, HPE NNMi, HP Operations, DB2 UDB, IRAD, QRadar SIEM, SPSS Modeler, Tivoli Storage Manager, Tivoli Workload Scheduler, WebSphere AS Traditional, JBoss AS OpenSource, Junos Space, Domino, Notes, ePO, Mule ESB, Snap Creator Framework, SnapManager, NetIQ Sentinel, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Proxy Server, Oracle iPlanet Web Server, Oracle OIT, Solaris, Tuxedo, Oracle Virtual Directory, WebLogic, Oracle Web Tier, RHEL, JBoss EAP by Red Hat, SAS Add-in for Microsoft Office, SAS Analytics Pro, Base SAS Software, SAS Enterprise BI Server, SAS Enterprise Guide, SAS Grid Manager, SAS Management Console, SAS OLAP Server, SAS SAS/ACCESS, SAS SAS/AF, SAS SAS/CONNECT, SAS SAS/EIS, SAS SAS/ETS, SAS SAS/FSP, SAS SAS/GRAPH, SAS SAS/IML, SAS SAS/OR, SAS SAS/STAT, SAS SAS/Web Report Studio, Unix (platform) ~ not comprehensive, vCenter Server.
Severity: 3/4.
Creation date: 12/11/2015.
Identifiers: 1610582, 1970575, 1971370, 1971531, 1971533, 1971751, 1972261, 1972373, 1972565, 1972794, 1972839, 2011281, 7014463, 7022958, 9010052, BSA-2016-004, bulletinjul2016, c04953244, c05050545, c05206507, c05325823, c05327447, CERTFR-2015-AVI-484, CERTFR-2015-AVI-555, cisco-sa-20151209-java-deserialization, COLLECTIONS-580, cpuapr2017, cpuapr2018, cpujan2017, cpujan2018, cpujul2017, cpuoct2016, cpuoct2017, CVE-2015-4852, CVE-2015-6420, CVE-2015-6934, CVE-2015-7420-ERROR, CVE-2015-7450, CVE-2015-7501, CVE-2015-8545, CVE-2015-8765, CVE-2016-1985, CVE-2016-1997, CVE-2016-4373, CVE-2016-4398, DSA-3403-1, HPSBGN03542, HPSBGN03560, HPSBGN03630, HPSBGN03656, HPSBGN03670, JSA10838, NTAP-20151123-0001, RHSA-2015:2500-01, RHSA-2015:2501-01, RHSA-2015:2502-01, RHSA-2015:2516-01, RHSA-2015:2517-01, RHSA-2015:2521-01, RHSA-2015:2522-01, RHSA-2015:2523-01, RHSA-2015:2524-01, RHSA-2015:2534-01, RHSA-2015:2535-01, RHSA-2015:2536-01, RHSA-2015:2537-01, RHSA-2015:2538-01, RHSA-2015:2539-01, RHSA-2015:2540-01, RHSA-2015:2541-01, RHSA-2015:2542-01, RHSA-2015:2547-01, RHSA-2015:2548-01, RHSA-2015:2556-01, RHSA-2015:2557-01, RHSA-2015:2559-01, RHSA-2015:2560-01, RHSA-2015:2578-01, RHSA-2015:2579-01, RHSA-2015:2670-01, RHSA-2015:2671-01, RHSA-2016:0040-01, RHSA-2016:0118-01, SA110, SB10144, SOL30518307, VIGILANCE-VUL-18294, VMSA-2015-0009, VMSA-2015-0009.1, VMSA-2015-0009.2, VMSA-2015-0009.3, VMSA-2015-0009.4, VU#576313.

Description of the vulnerability

The Apache Commons Collections library is used by several Java applications.

A Java Gadgets ("gadget chains") object can contain Transformers, with an "exec" string containing a shell command which is run with the Java.lang.Runtime.exec() method. When raw data are unserialized, the readObject() method is thus called to rebuild the Gadgets object, and it uses InvokerTransformer, which runs the indicated shell command.

It can be noted that other classes (CloneTransformer, ForClosure, InstantiateFactory, InstantiateTransformer, PrototypeCloneFactory, PrototypeSerializationFactory, WhileClosure) also execute a shell command from raw data to deserialize.

However, several applications publicly expose (before authentication) the Java unserialization feature.

An attacker can therefore send a malicious serialized Gadget Chain object to a Java application using Apache Commons Collections, in order to run shell code.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about RedHat Enterprise Linux: