The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of RedHat Enterprise Linux

vulnerability announce CVE-2016-1978

Mozilla NSS: use after free via Low Memory

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area in Mozilla NSS, in order to trigger a denial of service, and possibly to run code.
Impacted products: Blue Coat CAS, Debian, Firefox, NSS, SeaMonkey, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 14/03/2016.
Identifiers: CVE-2016-1978, DLA-480-1, DSA-3688-1, MFSA-2016-15, RHSA-2016:0591-01, RHSA-2016:0684-01, RHSA-2016:0685-01, SA124, SUSE-SU-2016:0727-1, SUSE-SU-2016:0777-1, SUSE-SU-2016:0820-1, SUSE-SU-2016:0909-1, USN-2973-1, VIGILANCE-VUL-19162.

Description of the vulnerability

The Mozilla NSS library processes SSL DHE and ECDHE handshakes.

However, in low memory conditions, the ssl3_HandleECDHServerKeyExchange() function frees a memory area before reusing it.

An attacker can therefore force the usage of a freed memory area in Mozilla NSS, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2016-0960 CVE-2016-0961 CVE-2016-0962

Adobe Flash Player: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Flash Player.
Impacted products: Flash Player, Windows 10, Windows 2012, Windows 8, Windows RT, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 4/4.
Creation date: 10/03/2016.
Identifiers: 3144756, 716, APSB16-08, CERTFR-2016-AVI-094, CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0963, CVE-2016-0986, CVE-2016-0987, CVE-2016-0988, CVE-2016-0989, CVE-2016-0990, CVE-2016-0991, CVE-2016-0992, CVE-2016-0993, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, CVE-2016-1000, CVE-2016-1001, CVE-2016-1002, CVE-2016-1005, CVE-2016-1010, MS16-036, openSUSE-SU-2016:0719-1, openSUSE-SU-2016:0734-1, RHSA-2016:0438-01, SUSE-SU-2016:0715-1, SUSE-SU-2016:0716-1, VIGILANCE-VUL-19156, ZDI-16-192, ZDI-16-193, ZDI-16-194.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Flash Player.

An attacker can generate an integer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0963]

An attacker can generate an integer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0993]

An attacker can generate an integer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-1010]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0987]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0988]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0990]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0991]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0994, ZDI-16-194]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0995]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0996, ZDI-16-193]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0997]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0998]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0999]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-1000]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-1001]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0960]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0961]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0962]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0986]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0989]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-0992]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-1002]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-1005, ZDI-16-192]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2016-3115

OpenSSH: injection of xauth commands

Synthesis of the vulnerability

An attacker, who has an account with OpenSSH, but which is restricted and without a shell access, can transmit xauth commands via OpenSSH, in order to read/write a file with his own privileges.
Impacted products: Blue Coat CAS, Debian, Unisphere EMC, BIG-IP Hardware, TMOS, Fedora, FreeBSD, AIX, Copssh, NSM Central Manager, NSMXpress, Data ONTAP, OpenBSD, OpenSSH, openSUSE Leap, Solaris, RHEL, Slackware, Ubuntu.
Severity: 1/4.
Creation date: 10/03/2016.
Identifiers: 000008913, 499797, bulletinapr2016, CERTFR-2016-AVI-097, CERTFR-2017-AVI-012, CERTFR-2017-AVI-022, CVE-2016-3115, DLA-1500-1, DLA-1500-2, ESA-2017-025, FEDORA-2016-188267b485, FEDORA-2016-bb59db3c86, FEDORA-2016-d339d610c1, FEDORA-2016-fc1cc33e05, FreeBSD-SA-16:14.openssh, JSA10774, K93532943, NTAP-20160519-0001, openSUSE-SU-2016:1455-1, RHSA-2016:0465-01, RHSA-2016:0466-01, SA121, SA126, SOL93532943, SSA:2016-070-01, USN-2966-1, VIGILANCE-VUL-19152.

Description of the vulnerability

The xauth utility manages credentials of the user to access to X11.

When X11Forwarding is enabled in sshd_config, the OpenSSH daemon transmits credentials to xauth. However, OpenSSH does not filter line feeds contained in these credentials. So xauth commands can thus be transmitted to xauth. These commands can read/write a file with user's privileges, or to connect to a port.

An attacker, who has an account with OpenSSH, but which is restricted and without a shell access, can therefore transmit xauth commands via OpenSSH, in order to read/write a file with his own privileges.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2016-3134 CVE-2016-3135

Linux kernel: memory corruption via IPT_SO_SET_REPLACE

Synthesis of the vulnerability

A local attacker with CONFIG_USER_NS can generate a memory corruption via the IPT_SO_SET_REPLACE option of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Android OS, Linux, netfilter, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 10/03/2016.
Identifiers: CERTFR-2016-AVI-099, CERTFR-2016-AVI-267, CERTFR-2016-AVI-278, CVE-2016-3134, CVE-2016-3135, DLA-516-1, DSA-3607-1, FEDORA-2016-02ed08bf15, FEDORA-2016-3a57b19360, openSUSE-SU-2016:1641-1, openSUSE-SU-2016:2144-1, openSUSE-SU-2016:2290-1, openSUSE-SU-2016:2649-1, RHSA-2016:1847-01, RHSA-2016:1875-01, RHSA-2016:1883-01, SUSE-SU-2016:1672-1, SUSE-SU-2016:1690-1, SUSE-SU-2016:1696-1, SUSE-SU-2016:1764-1, SUSE-SU-2016:1985-1, SUSE-SU-2016:2074-1, SUSE-SU-2016:2245-1, USN-2929-1, USN-2929-2, USN-2930-1, USN-2930-2, USN-2930-3, USN-2931-1, USN-2932-1, USN-3049-1, USN-3050-1, USN-3051-1, USN-3052-1, USN-3053-1, USN-3054-1, USN-3055-1, USN-3056-1, USN-3057-1, VIGILANCE-VUL-19150.

Description of the vulnerability

The Linux kernel implements the IPT_SO_SET_REPLACE option of setsockopt() which alters a rule of netfilter iptables. The usage of this option requires no privileges when CONFIG_USER_NS=y.

However, an attacker can create an ipt_entry structure with a next_offset field too large, which leads to a memory corruption.

A local attacker with CONFIG_USER_NS can therefore generate a memory corruption via the IPT_SO_SET_REPLACE option of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2016-2097 CVE-2016-2098

Rails: two vulnerabilities of Action Pack

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Action Pack of Rails.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, RHEL.
Severity: 2/4.
Creation date: 10/03/2016.
Identifiers: CVE-2016-2097, CVE-2016-2098, DLA-604-1, DSA-3509-1, FEDORA-2016-3954061e32, FEDORA-2016-f6af14570f, openSUSE-SU-2016:0790-1, openSUSE-SU-2016:0835-1, RHSA-2016:0454-01, RHSA-2016:0455-01, RHSA-2016:0456-01, VIGILANCE-VUL-19146.

Description of the vulnerability

Several vulnerabilities were announced in Rails.

An attacker can traverse directories in Action View, in order to read a file outside the root path. [severity:2/4; CVE-2016-2097]

An attacker can use a vulnerability in Render Method, in order to run code. [severity:2/4; CVE-2016-2098]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2016-1285 CVE-2016-1286 CVE-2016-2088

ISC BIND: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of ISC BIND.
Impacted products: Debian, BIG-IP Hardware, TMOS, Fedora, FreeBSD, HP-UX, AIX, BIND, McAfee Email Gateway, openSUSE, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Creation date: 10/03/2016.
Identifiers: bulletinjan2016, c05087821, CVE-2016-1285, CVE-2016-1286, CVE-2016-2088, DSA-3511-1, FEDORA-2016-161b73fc2c, FEDORA-2016-364c0a9df4, FEDORA-2016-5047abe4a9, FEDORA-2016-b593e84223, FreeBSD-SA-16:13.bind, HPSBUX03583, openSUSE-SU-2016:0827-1, openSUSE-SU-2016:0830-1, openSUSE-SU-2016:0834-1, openSUSE-SU-2016:0859-1, RHSA-2016:0458-01, RHSA-2016:0459-01, RHSA-2016:0562-01, RHSA-2016:0601-01, SB10214, SOL62012529, SSA:2016-069-01, SSRT110084, SUSE-SU-2016:0759-1, SUSE-SU-2016:0780-1, SUSE-SU-2016:0825-1, USN-2925-1, VIGILANCE-VUL-19144.

Description of the vulnerability

Several vulnerabilities were announced in ISC BIND.

An attacker can force an assertion error via rndc, in order to trigger a denial of service. [severity:2/4; CVE-2016-1285]

An attacker can force an assertion error via DNAME, in order to trigger a denial of service. [severity:3/4; CVE-2016-1286]

An attacker can force an assertion error via DNS Cookies, in order to trigger a denial of service. [severity:3/4; CVE-2016-2088]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2016-3139

Linux kernel: NULL pointer dereference via wacom

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced in the wacom driver of the Linux kernel, in order to trigger a denial of service.
Impacted products: openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Creation date: 09/03/2016.
Identifiers: 1316993, CVE-2016-3139, openSUSE-SU-2016:2144-1, openSUSE-SU-2016:2649-1, OS-S 2016-11, SUSE-SU-2016:1019-1, SUSE-SU-2016:1203-1, SUSE-SU-2016:1672-1, SUSE-SU-2016:1690-1, SUSE-SU-2016:1707-1, SUSE-SU-2016:1764-1, SUSE-SU-2016:2074-1, VIGILANCE-VUL-19141.

Description of the vulnerability

The Linux kernel uses various drivers to manage USB devices.

However, if a malicious USB device is plugged, the wacom driver does not check if a pointer is NULL, before using it.

An attacker can therefore force a NULL pointer to be dereferenced in the wacom driver of the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2016-1643 CVE-2016-1644 CVE-2016-1645

Google Chrome: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Google Chrome.
Impacted products: Debian, Chrome, openSUSE, openSUSE Leap, Opera, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Creation date: 09/03/2016.
Identifiers: CERTFR-2016-AVI-092, CVE-2016-1643, CVE-2016-1644, CVE-2016-1645, DSA-3513-1, openSUSE-SU-2016:0817-1, openSUSE-SU-2016:0818-1, openSUSE-SU-2016:0828-1, RHSA-2016:0429-01, USN-2920-1, VIGILANCE-VUL-19137, ZDI-16-197.

Description of the vulnerability

Several vulnerabilities were announced in Google Chrome.

An attacker can generate a memory corruption in Blink, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1643]

An attacker can force the usage of a freed memory area in Blink, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1644]

An attacker can generate a buffer overflow in PDFium, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1645, ZDI-16-197]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2016-1950 CVE-2016-1952 CVE-2016-1953

Firefox, Thunderbird: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Firefox/Thunderbird.
Impacted products: Debian, Fedora, Firefox, SeaMonkey, Thunderbird, openSUSE, openSUSE Leap, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 4/4.
Creation date: 09/03/2016.
Identifiers: bulletinjul2018, CERTFR-2016-AVI-086, CVE-2016-1950, CVE-2016-1952, CVE-2016-1953, CVE-2016-1954, CVE-2016-1955, CVE-2016-1956, CVE-2016-1957, CVE-2016-1958, CVE-2016-1959, CVE-2016-1960, CVE-2016-1961, CVE-2016-1962, CVE-2016-1963, CVE-2016-1964, CVE-2016-1965, CVE-2016-1966, CVE-2016-1967, CVE-2016-1968, CVE-2016-1969, CVE-2016-1970, CVE-2016-1971, CVE-2016-1972, CVE-2016-1973, CVE-2016-1974, CVE-2016-1975, CVE-2016-1976, CVE-2016-1977, CVE-2016-1979, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802, DSA-3510-1, DSA-3515-1, DSA-3520-1, FEDORA-2016-5b2c402bb1, FEDORA-2016-be6d3fff4a, FEDORA-2016-c1bad2b755, FEDORA-2016-d5c26081f3, FEDORA-2016-ddc8c5c950, FEDORA-2016-eacfc58fb9, MFSA-2016-16, MFSA-2016-17, MFSA-2016-18, MFSA-2016-19, MFSA-2016-20, MFSA-2016-21, MFSA-2016-22, MFSA-2016-23, MFSA-2016-24, MFSA-2016-25, MFSA-2016-26, MFSA-2016-27, MFSA-2016-28, MFSA-2016-29, MFSA-2016-30, MFSA-2016-31, MFSA-2016-32, MFSA-2016-33, MFSA-2016-34, MFSA-2016-35, MFSA-2016-36, MFSA-2016-37, MFSA-2016-38, openSUSE-SU-2016:0731-1, openSUSE-SU-2016:0733-1, openSUSE-SU-2016:0876-1, openSUSE-SU-2016:0894-1, openSUSE-SU-2016:1767-1, openSUSE-SU-2016:1769-1, openSUSE-SU-2016:1778-1, RHSA-2016:0373-01, RHSA-2016:0460-01, SSA:2016-068-01, SSA:2016-075-02, SSA:2016-106-01, SUSE-SU-2016:0727-1, SUSE-SU-2016:0777-1, SUSE-SU-2016:0820-1, SUSE-SU-2016:0909-1, SUSE-SU-2017:1175-1, SUSE-SU-2017:1248-1, USN-2917-1, USN-2917-2, USN-2917-3, USN-2934-1, VIGILANCE-VUL-19135, ZDI-16-198, ZDI-16-199.

Description of the vulnerability

Several vulnerabilities were announced in Firefox/Thunderbird.

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-1952, CVE-2016-1953, MFSA-2016-16]

An attacker can bypass security features in CSP Reports, in order to escalate his privileges. [severity:3/4; CVE-2016-1954, MFSA-2016-17]

An attacker can bypass security features in CSP Reports, in order to obtain sensitive information. [severity:2/4; CVE-2016-1955, MFSA-2016-18]

An attacker can trigger a fatal error in Linux Video Memory, in order to trigger a denial of service. [severity:2/4; CVE-2016-1956, MFSA-2016-19]

An attacker can read a memory fragment of libstagefright, in order to obtain sensitive information. [severity:1/4; CVE-2016-1957, MFSA-2016-20]

An attacker can change the displayed url, in order to deceive the user. [severity:2/4; CVE-2016-1958, MFSA-2016-21]

An attacker can force a read at an invalid address in Service Worker Manager, in order to trigger a denial of service. [severity:3/4; CVE-2016-1959, MFSA-2016-22]

An attacker can force the usage of a freed memory area in HTML5 String Parser, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-1960, MFSA-2016-23, ZDI-16-198]

An attacker can force the usage of a freed memory area in SetBody, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-1961, MFSA-2016-24, ZDI-16-199]

An attacker can force the usage of a freed memory area in WebRTC Data Channels, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-1962, MFSA-2016-25]

An attacker can generate a memory corruption in FileReader, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-1963, MFSA-2016-26]

An attacker can force the usage of a freed memory area in XML Transformations, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-1964, MFSA-2016-27]

An attacker can change the address bar, in order to deceive the user. [severity:2/4; CVE-2016-1965, MFSA-2016-28]

An attacker can bypass security features in performance.getEntries, in order to escalate his privileges. [severity:3/4; CVE-2016-1967, MFSA-2016-29]

An attacker can generate a buffer overflow in Brotli Decompression, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1968, MFSA-2016-30]

An attacker can generate a memory corruption in NPAPI Plugin, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1966, MFSA-2016-31]

An unknown vulnerability was announced in WebRTC/LibVPX. [severity:2/4; CVE-2016-1970, CVE-2016-1971, CVE-2016-1972, CVE-2016-1975, CVE-2016-1976, MFSA-2016-32]

An attacker can force the usage of a freed memory area in WebRTC GetStaticInstance, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1973, MFSA-2016-33]

An attacker can force a read at an invalid address in HTML Parser, in order to trigger a denial of service. [severity:3/4; CVE-2016-1974, MFSA-2016-34]

An attacker can generate a buffer overflow in ASN1 Certificate Parsing, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-1950, MFSA-2016-35]

An attacker can force the usage of a freed memory area in PK11_ImportDERPrivateKeyInfoAndReturnKey(), in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1979, MFSA-2016-36]

An attacker can use several vulnerabilities in Graphite 2, in order to run code (VIGILANCE-VUL-19166). [severity:4/4; CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802, MFSA-2016-37]

An attacker can generate a memory corruption in Graphite, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-1969, MFSA-2016-38]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2016-1950 CVE-2016-1979

Mozilla NSS: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Mozilla NSS.
Impacted products: Blue Coat CAS, Debian, BIG-IP Hardware, TMOS, Firefox, NSS, openSUSE, openSUSE Leap, Oracle Communications, Oracle Directory Server, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle iPlanet Web Proxy Server, Oracle iPlanet Web Server, Oracle OIT, Tuxedo, Oracle Virtual Directory, WebLogic, Oracle Web Tier, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 4/4.
Creation date: 09/03/2016.
Identifiers: cpujul2017, cpuoct2016, cpuoct2017, CVE-2016-1950, CVE-2016-1979, DLA-480-1, DSA-3688-1, K20145801, K91100352, MFSA-2016-35, MFSA-2016-36, openSUSE-SU-2016:0731-1, openSUSE-SU-2016:0733-1, RHSA-2016:0370-01, RHSA-2016:0371-01, RHSA-2016:0495-01, RHSA-2016:0591-01, RHSA-2016:0684-01, RHSA-2016:0685-01, SA119, SOL20145801, SOL91100352, SSA:2016-069-02, SUSE-SU-2016:0727-1, SUSE-SU-2016:0777-1, SUSE-SU-2016:0820-1, SUSE-SU-2016:0909-1, SUSE-SU-2017:1175-1, SUSE-SU-2017:1248-1, USN-2924-1, VIGILANCE-VUL-19134.

Description of the vulnerability

Several vulnerabilities were announced in Mozilla NSS.

An attacker can generate a buffer overflow in ASN1 Certificate Parsing, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2016-1950, MFSA-2016-35]

An attacker can force the usage of a freed memory area in PK11_ImportDERPrivateKeyInfoAndReturnKey(), in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-1979, MFSA-2016-36]
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about RedHat Enterprise Linux: