The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of RedHat Fedora

vulnerability alert CVE-2015-5589 CVE-2015-5590 CVE-2015-8838

PHP: six vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of PHP.
Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, pfSense, PHP, RHEL, SUSE Linux Enterprise Desktop, SLES, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Confidence: confirmed by the editor (5/5).
Creation date: 10/07/2015.
Revisions dates: 10/07/2015, 22/04/2016.
Identifiers: 69669, 69768, 69923, 69958, 69970, 69972, CVE-2015-5589, CVE-2015-5590, CVE-2015-8838, DSA-3344-1, FEDORA-2015-11581, openSUSE-SU-2015:1351-1, openSUSE-SU-2016:1167-1, openSUSE-SU-2016:1173-1, RHSA-2016:0457-01, SUSE-SU-2016:1145-1, SUSE-SU-2016:1166-1, SUSE-SU-2016:1581-1, SUSE-SU-2016:1638-1, USN-2758-1, USN-2952-1, USN-2952-2, VIGILANCE-VUL-17341.

Description of the vulnerability

Several vulnerabilities were announced in PHP.

An unknown vulnerability was announced in the functions escapeshell*. This may be related to an incomplete fix for CVE-2015-4642 mentioned in VIGILANCE-VUL-17113. [severity:2/4; 69768]

An attacker can generate a buffer overflow in Phar::convertToDat, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; 69958, CVE-2015-5589]

An attacker can generate a buffer overflow in phar_fix_filepath, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; 69923, CVE-2015-5590]

An attacker can force the usage of a freed memory area in spl_recursive_it_move_forward_ex(), in order to trigger a denial of service, and possibly to execute code. [severity:2/4; 69970]

An attacker can force the usage of a freed memory area in sqlite3SafetyCheckSickOrOk(), in order to trigger a denial of service, and possibly to execute code. [severity:2/4; 69972]

An attacker can act as a Man-in-the-Middle when the mysqlnd client asks for a TLS session, in order to read or alter exchanged data (idem VIGILANCE-VUL-16761 which has the identifier CVE-2015-3152 for MySQL, but CVE-2015-8838 for PHP). [severity:2/4; 69669, CVE-2015-8838]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2016-4008

libtasn1: infinite loop of DER Certificates

Synthesis of the vulnerability

Impacted products: Debian, Fedora, openSUSE, openSUSE Leap, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 22/04/2016.
Identifiers: CVE-2016-4008, DLA-495-1, DSA-3568-1, FEDORA-2016-383b8250e6, FEDORA-2016-96bfd9e873, openSUSE-SU-2016:1567-1, openSUSE-SU-2016:1674-1, USN-2957-1, USN-2957-2, VIGILANCE-VUL-19438.

Description of the vulnerability

An attacker can generate an infinite loop in DER Certificates of libtasn1, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce 19437

GLPI: SQL injection of ajax/getDropdownConnect.php

Synthesis of the vulnerability

An attacker can use a SQL injection in ajax/getDropdownConnect.php of GLPI, in order to read or alter data.
Impacted products: Fedora.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: internet client.
Confidence: confirmed by the editor (5/5).
Creation date: 22/04/2016.
Identifiers: FEDORA-2016-657a4a658e, FEDORA-2016-a099d11840, VIGILANCE-VUL-19437.

Description of the vulnerability

The GLPI product uses a database.

However, user's data are directly inserted in a SQL query.

An attacker can therefore use a SQL injection in ajax/getDropdownConnect.php of GLPI, in order to read or alter data.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2016-4051 CVE-2016-4052 CVE-2016-4053

Squid: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Squid.
Impacted products: Debian, Fedora, openSUSE Leap, RHEL, Squid, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, denial of service on service.
Provenance: intranet client.
Confidence: confirmed by the editor (5/5).
Creation date: 20/04/2016.
Identifiers: CERTFR-2016-AVI-141, CVE-2016-4051, CVE-2016-4052, CVE-2016-4053, CVE-2016-4054, DLA-478-1, DLA-556-1, DSA-3625-1, FEDORA-2016-95edf19d8a, FEDORA-2016-b3b9407940, openSUSE-SU-2016:2081-1, RHSA-2016:1138-01, RHSA-2016:1139-01, RHSA-2016:1140-01, SQUID-2016:5, SQUID-2016:6, SUSE-SU-2016:1996-1, SUSE-SU-2016:2089-1, USN-2995-1, VIGILANCE-VUL-19423.

Description of the vulnerability

Several vulnerabilities were announced in Squid.

An attacker can generate a buffer overflow in cachemgr.cgi, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4051, SQUID-2016:5]

An attacker can generate a buffer overflow in Squid ESI, in order to trigger a denial of service, and possibly to run code. [severity:3/4; CVE-2016-4052, CVE-2016-4053, CVE-2016-4054, SQUID-2016:6]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2015-8853

Perl: infinite loop of UTF-8 Continuation

Synthesis of the vulnerability

An attacker can send malformed UTF-8 data to a Perl application, to generate an infinite loop, in order to trigger a denial of service.
Impacted products: Fedora, openSUSE Leap, Solaris, Perl Core, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Confidence: confirmed by the editor (5/5).
Creation date: 20/04/2016.
Identifiers: 123562, bulletinapr2016, CVE-2015-8853, FEDORA-2016-5a9313e4b4, openSUSE-SU-2016:2313-1, USN-3625-1, USN-3625-2, VIGILANCE-VUL-19420.

Description of the vulnerability

The Perl product can perform a regular expression on UTF-8 data.

However, if the 0x80 character is located at the end of the UTF-8 string, a loop occurs in the regexec.c file.

An attacker can therefore send malformed UTF-8 data to a Perl application, to generate an infinite loop, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2015-3194 CVE-2016-0639 CVE-2016-0640

MySQL: multiple vulnerabilities of April 2016

Synthesis of the vulnerability

An attacker can use several vulnerabilities of MySQL.
Impacted products: Mac OS X, Debian, BIG-IP Hardware, TMOS, Fedora, MariaDB ~ precise, MySQL Community, MySQL Enterprise, openSUSE, openSUSE Leap, Percona Server, XtraDB Cluster, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: privileged access/rights, data reading, data creation/edition, data deletion.
Provenance: user account.
Confidence: confirmed by the editor (5/5).
Creation date: 12/04/2016.
Revision date: 20/04/2016.
Identifiers: 2014202, CERTFR-2016-AVI-138, cpuapr2016, CVE-2015-3194, CVE-2016-0639, CVE-2016-0640, CVE-2016-0641, CVE-2016-0642, CVE-2016-0643, CVE-2016-0644, CVE-2016-0646, CVE-2016-0647, CVE-2016-0648, CVE-2016-0649, CVE-2016-0650, CVE-2016-0651, CVE-2016-0652, CVE-2016-0653, CVE-2016-0654, CVE-2016-0655, CVE-2016-0656, CVE-2016-0657, CVE-2016-0658, CVE-2016-0659, CVE-2016-0661, CVE-2016-0662, CVE-2016-0663, CVE-2016-0665, CVE-2016-0666, CVE-2016-0667, CVE-2016-0668, CVE-2016-0705, CVE-2016-2047, CVE-2016-3461, DLA-447-1, DSA-3557-1, DSA-3595-1, FEDORA-2016-1aaf308de4, FEDORA-2016-7c48036d73, FEDORA-2016-dfa325d31b, HT209139, openSUSE-SU-2016:1332-1, openSUSE-SU-2016:1664-1, openSUSE-SU-2016:1686-1, RHSA-2016:0705-01, RHSA-2016:1132-01, RHSA-2016:1480-01, RHSA-2016:1481-01, SOL01409145, SUSE-SU-2016:1279-1, SUSE-SU-2016:1619-1, SUSE-SU-2016:1620-1, USN-2953-1, USN-2954-1, VIGILANCE-VUL-19342.

Description of the vulnerability

An attacker can use several vulnerabilities of MySQL.

An attacker can use a vulnerability of Server: Packaging, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-0705]

An attacker can use a vulnerability of Server: Pluggable Authentication, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-0639]

An attacker can use a vulnerability of Server: Security: Encryption, in order to trigger a denial of service. [severity:3/4; CVE-2015-3194]

An attacker can use a vulnerability of Monitoring: Server, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3461]

An attacker can use a vulnerability of Server: DML, in order to alter information, or to trigger a denial of service. [severity:2/4; CVE-2016-0640]

An attacker can use a vulnerability of Server: Connection Handling, in order to alter information. [severity:2/4; CVE-2016-2047]

An attacker can use a vulnerability of Server: DDL, in order to trigger a denial of service. [severity:2/4; CVE-2016-0644]

An attacker can use a vulnerability of Server: DML, in order to trigger a denial of service. [severity:2/4; CVE-2016-0646]

An attacker can use a vulnerability of Server: DML, in order to trigger a denial of service. [severity:2/4; CVE-2016-0652]

An attacker can use a vulnerability of Server: FTS, in order to trigger a denial of service. [severity:2/4; CVE-2016-0647]

An attacker can use a vulnerability of Server: FTS, in order to trigger a denial of service. [severity:2/4; CVE-2016-0653]

An attacker can use a vulnerability of Server: InnoDB, in order to trigger a denial of service. [severity:2/4; CVE-2016-0654]

An attacker can use a vulnerability of Server: InnoDB, in order to trigger a denial of service. [severity:2/4; CVE-2016-0656]

An attacker can use a vulnerability of Server: JSON, in order to obtain information. [severity:2/4; CVE-2016-0657]

An attacker can use a vulnerability of Server: Optimizer, in order to trigger a denial of service. [severity:2/4; CVE-2016-0658]

An attacker can use a vulnerability of Server: Optimizer, in order to trigger a denial of service. [severity:2/4; CVE-2016-0651]

An attacker can use a vulnerability of Server: Optimizer, in order to trigger a denial of service. [severity:2/4; CVE-2016-0659]

An attacker can use a vulnerability of Server: PS, in order to trigger a denial of service. [severity:2/4; CVE-2016-0648]

An attacker can use a vulnerability of Server: PS, in order to trigger a denial of service. [severity:2/4; CVE-2016-0649]

An attacker can use a vulnerability of Server: Partition, in order to trigger a denial of service. [severity:2/4; CVE-2016-0662]

An attacker can use a vulnerability of Server: Replication, in order to trigger a denial of service. [severity:2/4; CVE-2016-0650]

An attacker can use a vulnerability of Server: Security: Encryption, in order to trigger a denial of service. [severity:2/4; CVE-2016-0665]

An attacker can use a vulnerability of Security, in order to trigger a denial of service. [severity:2/4; CVE-2016-0666]

An attacker can use a vulnerability of Server: MyISAM, in order to obtain information, or to trigger a denial of service. [severity:2/4; CVE-2016-0641]

An attacker can use a vulnerability of Server: Federated, in order to alter information, or to trigger a denial of service. [severity:2/4; CVE-2016-0642]

An attacker can use a vulnerability of Server: InnoDB, in order to trigger a denial of service. [severity:2/4; CVE-2016-0655]

An attacker can use a vulnerability of Server: Options, in order to trigger a denial of service. [severity:2/4; CVE-2016-0661]

An attacker can use a vulnerability of Server: Performance Schema, in order to trigger a denial of service. [severity:2/4; CVE-2016-0663]

An attacker can use a vulnerability of Server: Locking, in order to trigger a denial of service. [severity:2/4; CVE-2016-0667]

An attacker can use a vulnerability of Server: InnoDB, in order to trigger a denial of service. [severity:2/4; CVE-2016-0668]

An attacker can use a vulnerability of Server: DML, in order to obtain information. [severity:1/4; CVE-2016-0643]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2016-0686 CVE-2016-0687 CVE-2016-0695

Oracle Java: multiple vulnerabilities of April 2016

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle Java.
Impacted products: Debian, Avamar, VNX Operating Environment, VNX Series, BIG-IP Hardware, TMOS, Fedora, AIX, Domino, Notes, QRadar SIEM, Tivoli Storage Manager, WebSphere AS Traditional, WebSphere MQ, JAXP, ePO, Java OpenJDK, openSUSE, openSUSE Leap, Java Oracle, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion, denial of service on service, denial of service on client.
Provenance: user account.
Confidence: confirmed by the editor (5/5).
Creation date: 20/04/2016.
Identifiers: 1982223, 1982566, 1984075, 1984678, 1985466, 1985875, 1987778, 484398, 486953, bulletinjan2017, CERTFR-2016-AVI-135, cpuapr2016, CVE-2016-0686, CVE-2016-0687, CVE-2016-0695, CVE-2016-3422, CVE-2016-3425, CVE-2016-3426, CVE-2016-3427, CVE-2016-3443, CVE-2016-3449, DLA-451-1, DSA-3558-1, ESA-2016-052, ESA-2016-099, FEDORA-2016-33ccc205e7, openSUSE-SU-2016:1222-1, openSUSE-SU-2016:1230-1, openSUSE-SU-2016:1235-1, openSUSE-SU-2016:1262-1, openSUSE-SU-2016:1265-1, RHSA-2016:0650-01, RHSA-2016:0651-01, RHSA-2016:0675-01, RHSA-2016:0676-01, RHSA-2016:0677-01, RHSA-2016:0678-01, RHSA-2016:0679-01, RHSA-2016:0701-01, RHSA-2016:0702-01, RHSA-2016:0708-01, RHSA-2016:0716-01, RHSA-2016:0723-01, RHSA-2016:1039-01, SB10159, SOL33285044, SOL73112451, SOL81223200, SUSE-SU-2016:1248-1, SUSE-SU-2016:1250-1, SUSE-SU-2016:1299-1, SUSE-SU-2016:1300-1, SUSE-SU-2016:1303-1, SUSE-SU-2016:1378-1, SUSE-SU-2016:1379-1, SUSE-SU-2016:1388-1, SUSE-SU-2016:1458-1, SUSE-SU-2016:1475-1, USN-2963-1, USN-2964-1, USN-2972-1, VIGILANCE-VUL-19416, ZDI-16-376.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Java.

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3443, ZDI-16-376]

An attacker can use a vulnerability of Hotspot, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-0687]

An attacker can use a vulnerability of Serialization, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-0686]

An attacker can use a vulnerability of JMX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3427]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2016-3449]

An attacker can use a vulnerability of Security, in order to obtain information. [severity:2/4; CVE-2016-0695]

An attacker can use a vulnerability of JAXP, in order to trigger a denial of service. [severity:2/4; CVE-2016-3425]

An attacker can use a vulnerability of 2D, in order to trigger a denial of service. [severity:2/4; CVE-2016-3422]

An attacker can use a vulnerability of JCE, in order to obtain information. [severity:1/4; CVE-2016-3426]
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin CVE-2015-8839

Linux kernel: file corruption via ext4 Punch Hole

Synthesis of the vulnerability

A local attacker can manipulate data on ext4 on the Linux kernel, in order to alter a file.
Impacted products: Fedora, Android OS, QRadar SIEM, Linux, RHEL, Ubuntu.
Severity: 1/4.
Consequences: data creation/edition.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 20/04/2016.
Identifiers: 2011746, CERTFR-2016-AVI-199, CERTFR-2017-AVI-287, CVE-2015-8839, FEDORA-2016-373c063e79, FEDORA-2016-8e858f96b8, RHSA-2017:1842-01, RHSA-2017:2077-01, RHSA-2017:2669-01, USN-3005-1, USN-3006-1, USN-3007-1, VIGILANCE-VUL-19413.

Description of the vulnerability

The Linux kernel uses the ext4 filesystem.

However, when it reassembles file fragments, a computation error leads to file corruptions.

A local attacker can therefore manipulate data on ext4 on the Linux kernel, in order to alter a file.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note CVE-2016-3955

Linux kernel: buffer overflow of usbip_recv_xbuff

Synthesis of the vulnerability

An attacker can generate a buffer overflow in usbip_recv_xbuff() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server, denial of service on service.
Provenance: intranet client.
Confidence: confirmed by the editor (5/5).
Creation date: 19/04/2016.
Identifiers: CERTFR-2016-AVI-156, CERTFR-2016-AVI-186, CERTFR-2016-AVI-199, CVE-2016-3955, DLA-516-1, DSA-3607-1, FEDORA-2016-373c063e79, FEDORA-2016-8a1f49149e, openSUSE-SU-2016:1641-1, SUSE-SU-2016:1203-1, SUSE-SU-2016:2245-1, USN-2965-1, USN-2965-2, USN-2965-3, USN-2965-4, USN-2989-1, USN-2996-1, USN-2997-1, USN-2998-1, USN-3000-1, USN-3001-1, USN-3002-1, USN-3003-1, USN-3004-1, VIGILANCE-VUL-19404.

Description of the vulnerability

The Linux kernel uses the usbip driver, to share an USB device over IP.

However, if the size of data is greater than the size of the storage array, an overflow occurs in the usbip_recv_xbuff() function.

An attacker can therefore generate a buffer overflow in usbip_recv_xbuff() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2016-3960

Xen: NULL pointer dereference via Shadow Pagetables

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced in Shadow Pagetables of Xen, in order to trigger a denial of service.
Impacted products: XenServer, Debian, Fedora, openSUSE, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Xen.
Severity: 1/4.
Consequences: denial of service on server, denial of service on service.
Provenance: user shell.
Confidence: confirmed by the editor (5/5).
Creation date: 18/04/2016.
Identifiers: CERTFR-2016-AVI-132, CERTFR-2016-AVI-133, CTX209443, CVE-2016-3960, DLA-571-1, DSA-3554-1, FEDORA-2016-35d7b09908, FEDORA-2016-75063477ca, openSUSE-SU-2016:2494-1, openSUSE-SU-2016:2497-1, SUSE-SU-2016:2093-1, SUSE-SU-2016:2100-1, SUSE-SU-2016:2528-1, SUSE-SU-2016:2533-1, SUSE-SU-2016:2725-1, VIGILANCE-VUL-19401, XSA-173.

Description of the vulnerability

The Xen product supports the x86 Shadow Pagetable mode.

However, if an address is superior to 2^44, Xen does not check if a pointer is NULL, before using it.

An attacker can therefore force a NULL pointer to be dereferenced in Shadow Pagetables of Xen, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about RedHat Fedora: