The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of RedHat Enterprise Linux

vulnerability announce CVE-2016-8666

Linux kernel: denial of service via GRO

Synthesis of the vulnerability

An attacker can send malicious GRO packets to the Linux kernel, in order to trigger a denial of service.
Impacted products: Blue Coat CAS, Linux, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: user shell.
Creation date: 17/10/2016.
Identifiers: CERTFR-2016-AVI-402, CERTFR-2017-AVI-016, CVE-2016-8666, openSUSE-SU-2016:2584-1, openSUSE-SU-2016:3050-1, RHSA-2017:0004-01, SA134, SUSE-SU-2016:2912-1, SUSE-SU-2017:0181-1, VIGILANCE-VUL-20882.

Description of the vulnerability

The Linux kernel can be configured with CONFIG_VLAN_8021Q or CONFIG_VXLAN, with the support of Transparent Ethernet Bridging (TEB) GRO.

However, when a malicious GRO packet is received, a large recursion error occurs.

An attacker can therefore send malicious GRO packets to the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2016-8669

QEMU: denial of service via serial_update_parameters

Synthesis of the vulnerability

An attacker, inside a guest system, can generate a fatal error via serial_update_parameters of QEMU, in order to trigger a denial of service on the host system.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, QEMU, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: privileged shell.
Creation date: 14/10/2016.
Identifiers: CVE-2016-8669, DLA-1497-1, DLA-678-1, DLA-679-1, FEDORA-2016-0d1a8ee35b, FEDORA-2016-da6b1d277b, FEDORA-2017-12394e2cc7, FEDORA-2017-b953d4d3a4, openSUSE-SU-2016:3103-1, openSUSE-SU-2016:3134-1, openSUSE-SU-2016:3237-1, openSUSE-SU-2017:0007-1, openSUSE-SU-2017:0008-1, RHSA-2017:2392-01, SUSE-SU-2016:2902-1, SUSE-SU-2016:2936-1, SUSE-SU-2016:2988-1, SUSE-SU-2016:3044-1, SUSE-SU-2016:3067-1, SUSE-SU-2016:3083-1, SUSE-SU-2016:3156-1, SUSE-SU-2016:3174-1, SUSE-SU-2016:3273-1, USN-3261-1, VIGILANCE-VUL-20877.

Description of the vulnerability

An attacker, inside a guest system, can generate a fatal error via serial_update_parameters of QEMU, in order to trigger a denial of service on the host system.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-7042

Linux kernel: buffer overflow via proc_keys_show

Synthesis of the vulnerability

An attacker can generate a buffer overflow via proc_keys_show() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Android OS, QRadar SIEM, Linux, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server.
Provenance: user shell.
Creation date: 14/10/2016.
Identifiers: 1373499, 2011746, CERTFR-2016-AVI-378, CERTFR-2016-AVI-426, CERTFR-2017-AVI-001, CERTFR-2017-AVI-016, CERTFR-2017-AVI-034, CERTFR-2017-AVI-053, CERTFR-2017-AVI-054, CERTFR-2017-AVI-131, CERTFR-2017-AVI-287, CVE-2016-7042, DLA-670-1, DSA-3696-1, openSUSE-SU-2016:3021-1, openSUSE-SU-2016:3050-1, openSUSE-SU-2016:3058-1, openSUSE-SU-2016:3061-1, RHSA-2017:0817-01, RHSA-2017:1842-01, RHSA-2017:2077-01, RHSA-2017:2669-01, SUSE-SU-2016:2912-1, SUSE-SU-2016:2976-1, SUSE-SU-2016:3304-1, SUSE-SU-2017:0181-1, SUSE-SU-2017:0333-1, SUSE-SU-2017:0471-1, SUSE-SU-2017:0494-1, SUSE-SU-2017:1102-1, USN-3126-1, USN-3126-2, USN-3127-1, USN-3127-2, USN-3128-1, USN-3128-2, USN-3128-3, USN-3129-1, USN-3129-2, USN-3161-1, USN-3161-2, USN-3161-3, USN-3161-4, VIGILANCE-VUL-20868.

Description of the vulnerability

The Linux kernel provides the /proc/keys interface to access to cryptographic keys.

However, if the size of data is greater than the size of the storage array, an overflow occurs in proc_keys_show().

An attacker can therefore generate a buffer overflow via proc_keys_show() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-5181 CVE-2016-5182 CVE-2016-5183

Chrome: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Chrome.
Impacted products: Debian, Fedora, Chrome, openSUSE, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 4/4.
Consequences: user access/rights, client access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 14.
Creation date: 13/10/2016.
Identifiers: CERTFR-2016-AVI-345, CVE-2016-5181, CVE-2016-5182, CVE-2016-5183, CVE-2016-5184, CVE-2016-5185, CVE-2016-5186, CVE-2016-5187, CVE-2016-5188, CVE-2016-5189, CVE-2016-5190, CVE-2016-5191, CVE-2016-5192, CVE-2016-5193, CVE-2016-5194, DSA-3731-1, FEDORA-2016-012de4c97e, FEDORA-2016-c671aae490, FEDORA-2017-98bed96d12, FEDORA-2017-ae1fde5fb8, openSUSE-SU-2016:2597-1, openSUSE-SU-2016:2783-1, openSUSE-SU-2016:2783-2, RHSA-2016:2067-01, SUSE-SU-2016:2598-1, USN-3113-1, VIGILANCE-VUL-20866.

Description of the vulnerability

Several vulnerabilities were announced in Chrome.

An attacker can trigger a Cross Site Scripting via Blink, in order to run JavaScript code in the context of the web site. [severity:3/4; CVE-2016-5181]

An attacker can generate a buffer overflow via Blink, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-5182]

An attacker can force the usage of a freed memory area via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-5183]

An attacker can force the usage of a freed memory area via PDFium, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-5184]

An attacker can force the usage of a freed memory area via Blink, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-5185]

An attacker can alter displayed information via URL, in order to deceive the victim. [severity:2/4; CVE-2016-5187]

An attacker can alter displayed information via UI, in order to deceive the victim. [severity:2/4; CVE-2016-5188]

An attacker can bypass security features via Blink, in order to escalate his privileges. [severity:2/4; CVE-2016-5192]

An attacker can alter displayed information via URL, in order to deceive the victim. [severity:2/4; CVE-2016-5189]

An attacker can force a read at an invalid address via DevTools, in order to trigger a denial of service, or to obtain sensitive information. [severity:2/4; CVE-2016-5186]

An attacker can trigger a Cross Site Scripting via Bookmarks, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2016-5191]

An attacker can force the usage of a freed memory area via Internals, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-5190]

An attacker can bypass security features via Scheme Bypass, in order to escalate his privileges. [severity:2/4; CVE-2016-5193]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-5194]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-8602

Ghostscript: denial of service via sethalftone5

Synthesis of the vulnerability

An attacker can generate a fatal error via sethalftone5 of Ghostscript, in order to trigger a denial of service.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, RHEL, Ubuntu.
Severity: 1/4.
Consequences: denial of service on client.
Provenance: document.
Creation date: 12/10/2016.
Identifiers: CERTFR-2016-AVI-342, CVE-2016-8602, DLA-674-1, DLA-674-2, DSA-3691-1, DSA-3691-2, FEDORA-2016-15d4c05a19, FEDORA-2016-3dad5dfd03, openSUSE-SU-2016:2648-1, openSUSE-SU-2016:2710-1, RHSA-2017:0013-01, RHSA-2017:0014-01, USN-3148-1, VIGILANCE-VUL-20850.

Description of the vulnerability

An attacker can generate a fatal error via sethalftone5 of Ghostscript, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-7977

Ghostscript: privilege escalation via libfile

Synthesis of the vulnerability

An attacker can bypass restrictions via libfile of Ghostscript, in order to escalate his privileges.
Impacted products: Debian, Fedora, Oracle Communications, Solaris, RHEL, Ubuntu.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: document.
Creation date: 12/10/2016.
Identifiers: bulletinjul2018, cpujan2018, CVE-2016-7977, DLA-674-1, DLA-674-2, DSA-3691-1, DSA-3691-2, FEDORA-2016-1c13825502, FEDORA-2016-53e8aa35f6, RHSA-2017:0013-01, RHSA-2017:0014-01, USN-3148-1, VIGILANCE-VUL-20849.

Description of the vulnerability

An attacker can bypass restrictions via libfile of Ghostscript, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-7979

Ghostscript: code execution via initialize_dsc_parser

Synthesis of the vulnerability

An attacker can use a vulnerability via initialize_dsc_parser of Ghostscript, in order to run code.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 12/10/2016.
Identifiers: bulletinjul2018, CVE-2016-7979, DLA-674-1, DLA-674-2, DSA-3691-1, DSA-3691-2, FEDORA-2016-1c13825502, FEDORA-2016-53e8aa35f6, openSUSE-SU-2016:2574-1, openSUSE-SU-2016:2648-1, openSUSE-SU-2016:2855-1, RHSA-2017:0013-01, RHSA-2017:0014-01, SUSE-SU-2016:2492-1, SUSE-SU-2016:2493-1, USN-3148-1, VIGILANCE-VUL-20840.

Description of the vulnerability

An attacker can use a vulnerability via initialize_dsc_parser of Ghostscript, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2016-7978

Ghostscript: use after free via setdevice

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via setdevice of Ghostscript, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 12/10/2016.
Identifiers: CVE-2016-7978, DLA-674-1, DLA-674-2, DSA-3691-1, DSA-3691-2, FEDORA-2016-1c13825502, FEDORA-2016-53e8aa35f6, openSUSE-SU-2016:2574-1, openSUSE-SU-2016:2648-1, openSUSE-SU-2016:2855-1, RHSA-2017:0013-01, SUSE-SU-2016:2492-1, SUSE-SU-2016:2493-1, USN-3148-1, VIGILANCE-VUL-20839.

Description of the vulnerability

An attacker can force the usage of a freed memory area via setdevice of Ghostscript, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2013-5653

Ghostscript: information disclosure via dsafer

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via dsafer of Ghostscript, in order to obtain sensitive information.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 12/10/2016.
Identifiers: CVE-2013-5653, DLA-674-1, DLA-674-2, DSA-3691-1, DSA-3691-2, FEDORA-2016-1c13825502, FEDORA-2016-53e8aa35f6, openSUSE-SU-2016:2574-1, openSUSE-SU-2016:2648-1, openSUSE-SU-2016:2855-1, RHSA-2017:0013-01, RHSA-2017:0014-01, SUSE-SU-2016:2492-1, SUSE-SU-2016:2493-1, USN-3148-1, VIGILANCE-VUL-20838.

Description of the vulnerability

An attacker can bypass access restrictions to data via dsafer of Ghostscript, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-4273 CVE-2016-4286 CVE-2016-6981

Adobe Flash Player: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Flash Player.
Impacted products: Flash Player, Edge, IE, Windows 10, Windows 2012, Windows 8, Windows RT, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 4/4.
Consequences: user access/rights, data reading, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 12.
Creation date: 12/10/2016.
Identifiers: 3194343, APSB16-32, CERTFR-2016-AVI-336, COSIG-2016-35, CVE-2016-4273, CVE-2016-4286, CVE-2016-6981, CVE-2016-6982, CVE-2016-6983, CVE-2016-6984, CVE-2016-6985, CVE-2016-6986, CVE-2016-6987, CVE-2016-6989, CVE-2016-6990, CVE-2016-6992, MS16-127, openSUSE-SU-2016:2517-1, openSUSE-SU-2016:2519-1, RHSA-2016:2057-01, SUSE-SU-2016:2512-1, VIGILANCE-VUL-20825, ZDI-16-568, ZDI-16-569.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Flash Player.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6992]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6981]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6987, ZDI-16-569]

An attacker can bypass security features, in order to escalate his privileges. [severity:3/4; CVE-2016-4286]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-4273]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6982]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6983]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6984]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6985]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6986, ZDI-16-568]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6989]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-6990]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about RedHat Enterprise Linux: