The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of RedHat Fedora

security bulletin CVE-2017-2616

util-linux: denial of service via su PAM SIGKILL

Synthesis of the vulnerability

An attacker can generate a fatal error via su PAM SIGKILL of util-linux, in order to trigger a denial of service.
Severity: 1/4.
Creation date: 23/02/2017.
Identifiers: CVE-2017-2616, DLA-838-1, DSA-3793-1, DSA-3793-2, FEDORA-2017-20710607f5, FEDORA-2017-b11b460865, openSUSE-SU-2017:0589-1, openSUSE-SU-2017:0590-1, RHSA-2017:0654-01, RHSA-2017:0907-01, SUSE-SU-2017:0553-1, SUSE-SU-2017:0554-1, SUSE-SU-2017:0555-1, SUSE-SU-2018:0866-1, USN-3276-1, USN-3276-2, VIGILANCE-VUL-21951.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via su PAM SIGKILL of util-linux, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-5006 CVE-2017-5007 CVE-2017-5008

Google Chrome: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Google Chrome.
Severity: 4/4.
Number of vulnerabilities in this bulletin: 22.
Creation date: 26/01/2017.
Revision date: 23/02/2017.
Identifiers: 1024, CERTFR-2017-AVI-030, CVE-2017-5006, CVE-2017-5007, CVE-2017-5008, CVE-2017-5009, CVE-2017-5010, CVE-2017-5011, CVE-2017-5012, CVE-2017-5013, CVE-2017-5014, CVE-2017-5015, CVE-2017-5016, CVE-2017-5017, CVE-2017-5018, CVE-2017-5019, CVE-2017-5020, CVE-2017-5021, CVE-2017-5022, CVE-2017-5023, CVE-2017-5024, CVE-2017-5025, CVE-2017-5026, CVE-2017-5027, DSA-3776-1, FEDORA-2017-58cde32413, openSUSE-SU-2017:0434-1, openSUSE-SU-2017:0499-1, openSUSE-SU-2017:0563-1, openSUSE-SU-2017:0565-1, RHSA-2017:0206-01, USN-3180-1, VIGILANCE-VUL-21686.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of Google Chrome.
Full Vigil@nce bulletin... (Free trial)

threat CVE-2017-6004

PCRE: out-of-bounds memory reading via compile_bracket_matchingpath

Synthesis of the vulnerability

An attacker can force a read at an invalid address via compile_bracket_matchingpath() of PCRE, in order to trigger a denial of service, or to obtain sensitive information.
Severity: 2/4.
Creation date: 23/02/2017.
Identifiers: CERTFR-2018-AVI-288, CVE-2017-6004, FEDORA-2017-a8dc348834, TNS-2018-08, VIGILANCE-VUL-21944.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a read at an invalid address via compile_bracket_matchingpath() of PCRE, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

weakness alert 21943

KDE Plasma Desktop: code execution via Desktop Files

Synthesis of the vulnerability

An attacker can use a vulnerability via Desktop Files of KDE Plasma Desktop, in order to run code.
Severity: 1/4.
Creation date: 23/02/2017.
Identifiers: FEDORA-2017-13b5cb36c3, FEDORA-2017-c1cd67adc1, VIGILANCE-VUL-21943.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability via Desktop Files of KDE Plasma Desktop, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer threat bulletin CVE-2017-0359

diffoscope: write access

Synthesis of the vulnerability

An attacker can bypass access restrictions of diffoscope, in order to create files.
Severity: 2/4.
Creation date: 23/02/2017.
Identifiers: CVE-2017-0359, FEDORA-2017-101722eb25, FEDORA-2017-33cb46c6b0, openSUSE-SU-2018:0060-1, VIGILANCE-VUL-21942.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions of diffoscope, in order to create files.
Full Vigil@nce bulletin... (Free trial)

computer threat note 21940

Drupal Views: information disclosure

Synthesis of the vulnerability

An attacker can bypass access restrictions to data of Drupal Views, in order to obtain sensitive information.
Severity: 3/4.
Creation date: 23/02/2017.
Identifiers: DRUPAL-SA-CONTRIB-2017-022, FEDORA-2017-82ce4661d6, FEDORA-2017-bcab179007, VIGILANCE-VUL-21940.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data of Drupal Views, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-2620

QEMU: buffer overflow via cirrus_bitblt_cputovideo

Synthesis of the vulnerability

An attacker, inside a guest system, can generate a buffer overflow via cirrus_bitblt_cputovideo of QEMU, in order to trigger a denial of service, and possibly to run code on the host system.
Severity: 2/4.
Creation date: 21/02/2017.
Identifiers: CERTFR-2017-AVI-056, CERTFR-2017-AVI-057, CTX220771, CVE-2017-2620, DLA-1270-1, DLA-1497-1, DLA-842-1, DLA-845-1, FEDORA-2017-1607a3a78e, FEDORA-2017-266ab882cd, FEDORA-2017-31b976672b, FEDORA-2017-62ac1230f7, openSUSE-SU-2017:0665-1, openSUSE-SU-2017:0707-1, openSUSE-SU-2017:1312-1, RHSA-2017:0352-01, RHSA-2017:0396-01, RHSA-2017:0454-01, SUSE-SU-2017:0570-1, SUSE-SU-2017:0571-1, SUSE-SU-2017:0582-1, SUSE-SU-2017:0625-1, SUSE-SU-2017:0647-1, SUSE-SU-2017:0661-1, SUSE-SU-2017:0718-1, SUSE-SU-2017:1135-1, SUSE-SU-2017:1241-1, SUSE-SU-2017:3084-1, USN-3261-1, VIGILANCE-VUL-21923, XSA-209.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker, inside a guest system, can generate a buffer overflow via cirrus_bitblt_cputovideo of QEMU, in order to trigger a denial of service, and possibly to run code on the host system.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-5841

GStreamer: out-of-bounds memory reading via gst_avi_demux_parse_ncdt

Synthesis of the vulnerability

An attacker can force a read at an invalid address via gst_avi_demux_parse_ncdt() of GStreamer, in order to trigger a denial of service, or to obtain sensitive information.
Severity: 2/4.
Creation date: 21/02/2017.
Identifiers: CVE-2017-5841, DSA-3820-1, FEDORA-2017-1fc4026d15, openSUSE-SU-2017:1066-1, openSUSE-SU-2017:1076-1, RHSA-2017:2060-01, USN-3245-1, VIGILANCE-VUL-21919.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a read at an invalid address via gst_avi_demux_parse_ncdt() of GStreamer, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer weakness alert CVE-2017-5845

GStreamer: out-of-bounds memory reading via gst_avi_demux_parse_ncdt

Synthesis of the vulnerability

An attacker can force a read at an invalid address via gst_avi_demux_parse_ncdt() of GStreamer, in order to trigger a denial of service, or to obtain sensitive information.
Severity: 2/4.
Creation date: 21/02/2017.
Identifiers: CVE-2017-5845, DSA-3820-1, FEDORA-2017-1fc4026d15, openSUSE-SU-2017:1066-1, openSUSE-SU-2017:1076-1, RHSA-2017:2060-01, USN-3245-1, VIGILANCE-VUL-21918.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a read at an invalid address via gst_avi_demux_parse_ncdt() of GStreamer, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer weakness bulletin CVE-2016-10199

GStreamer: out-of-bounds memory reading via qtdemux_tag_add_str_full

Synthesis of the vulnerability

An attacker can force a read at an invalid address via qtdemux_tag_add_str_full() of GStreamer, in order to trigger a denial of service, or to obtain sensitive information.
Severity: 2/4.
Creation date: 21/02/2017.
Identifiers: CVE-2016-10199, DSA-3820-1, FEDORA-2017-1fc4026d15, openSUSE-SU-2017:1066-1, openSUSE-SU-2017:1076-1, RHSA-2017:2060-01, USN-3245-1, VIGILANCE-VUL-21917.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can force a read at an invalid address via qtdemux_tag_add_str_full() of GStreamer, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about RedHat Fedora: